MD5: 31974746ec5e116739526c406051a7cb
SHA1: 9e20e0b4afde1192e708a949a0948c161afdb470
SHA256: bcd2e6675375f5e4dd5c8ef57a9032a6a49df8721e08c56a2cfa68235dcf260a
SSDeep: 24576:GRukYpieOpk35XMgxC8G8xUobApY1cpEkziEmibU/SxSBlukKWy6eW8OXxiJQWJ :GKie8EXSpmrgS3umBiOWJFnooDah5Bjb
Size: 2000112 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 1992-06-20 01:22:17
Analyzed on: WindowsXP SP3 32-bit

Summary:

Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Payload

No specific payload has been found.

Process activity

The Malware creates the following process(es):

UnityWebPlayer.exe:808
%original file name%.exe:1756
MailRuUpdater.exe:908
MailRuUpdater.exe:496
MailRuUpdater.exe:1660
amigo.exe:1748
AmigoDistrib.exe:500
setup.exe:1372

The Malware injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process UnityWebPlayer.exe:808 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsu4.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp (67936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu4.tmp\UserInfo.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\info.plist (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe (6078 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu4.tmp\UAC.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\UnityWebPlayerUpdate.exe (19592 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\UnityBugReporter.exe (25112 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPlayerNP.map (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (32784 bytes)

The Malware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsu4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu4.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu4.tmp\UserInfo.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu4.tmp\UAC.dll (0 bytes)

The process %original file name%.exe:1756 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\752FA5C2-95FA-462F-A94B-C996CDFB715F\AmigoDistrib.exe (370096 bytes)

The process MailRuUpdater.exe:908 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files%\Mail.Ru\MailRuUpdater\MailRuUpdater.exe (39945 bytes)
%Documents and Settings%\%current user%\Application Data\MailProducts\Id (38 bytes)
%Documents and Settings%\All Users\Application Data\Mail.Ru\Id (38 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe (39945 bytes)

The process MailRuUpdater.exe:496 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%System%\GroupPolicy\gpt.ini (29 bytes)

The Malware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\E119EF3354894A89A9886EA713B49A34.html (0 bytes)

The process MailRuUpdater.exe:1660 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%System%\GroupPolicy\User\Registry.pol (8 bytes)
%System%\GroupPolicy\gpt.ini (98 bytes)
%System%\GroupPolicy\Machine\Registry.pol (8 bytes)

The process amigo.exe:1748 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\User Data\1.tmp (935 bytes)

The process AmigoDistrib.exe:500 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CR_97FA0.tmp\SETUP.EX_ (1659 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_97FA0.tmp\setup.exe (17080 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_97FA0.tmp\CHROME.PACKED.7Z (366388 bytes)

The Malware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CR_97FA0.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_97FA0.tmp\SETUP.EX_ (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_97FA0.tmp\setup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_97FA0.tmp\CHROME.PACKED.7Z (0 bytes)

The process setup.exe:1372 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ru.pak (1675 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ko.pak (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\VisualElements\smalllogo.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\mg.exe (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Вконтакте.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\VisualElements\splash-620x300.png (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\wow_helper.exe (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ms.pak (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\vi.pak (287 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\ok.exe (142 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ml.pak (3735 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\vk.exe (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Extensions\external_extensions.json (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amigo_FFA3C3E0-B3B6-4D8C-928C-75AA59A806A0\MailRuUpdater.exe (39945 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk (2 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Одноклассники.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\sw.pak (236 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\mm.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\secondarytile.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\mailruupdater.exe (38588 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\d3dcompiler_47.dll (22433 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Вконтакте.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\libegl.dll (81 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\PepperFlash\pepflashplayer.dll (122658 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\uk.pak (1689 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ar.pak (1629 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\resources.pak (142877 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\hu.pak (272 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\en-US.pak (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\fa.pak (1648 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\pt-PT.pak (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\te.pak (1863 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\mg.exe (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\da.pak (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\snapshot_blob.bin (1717 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\vk.exe (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\gu.pak (1796 bytes)
%Documents and Settings%\%current user%\Desktop\Вконтакте.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\chrome_100_percent.pak (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\fi.pak (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (972 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\it.pak (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ca.pak (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\sl.pak (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\sv.pak (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\44.4.2403.3.manifest (248 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\amigo_FFA3C3E0-B3B6-4D8C-928C-75AA59A806A0\UnityWebPlayer.exe (7433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\th.pak (1789 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\44.4.2403.3\Installer\setup.exe (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\pl.pak (253 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\sk.pak (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\sr.pak (1670 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Интернет.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\et.pak (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ro.pak (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\natives_blob.bin (1677 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\id.pak (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\kn.pak (3669 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\libexif.dll (310 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\bg.pak (1705 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\mm.exe (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\ok.exe (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\nacl64.exe (12289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KL13PLTK\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\amigo_resources.pak (28502 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\fil.pak (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\zh-CN.pak (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\hr.pak (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\metro_driver.dll (1763 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YTYIT4VT\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Desktop\Интернет.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\he.pak (296 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\en-GB.pak (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\hi.pak (1810 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\PepperFlash\manifest.json (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\zh-TW.pak (214 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\amigo_cr.exe (1615 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\el.pak (1747 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GFYZSZQX\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\nacl_irt_x86_32.nexe (17629 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\chrome_child.dll (307964 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\amigo.exe (3765 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\lt.pak (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\bn.pak (1830 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\chrome_elf.dll (132 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ta.pak (3682 bytes)
%Documents and Settings%\%current user%\Desktop\Одноклассники.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\cs.pak (258 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\VisualElements\logo.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\VisualElementsManifest.xml (396 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Интернет.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\chrome_200_percent.pak (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\icudtl.dat (75554 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\tr.pak (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\de.pak (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\delegate_execute.exe (3707 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\nb.pak (233 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\es-419.pak (259 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\fr.pak (276 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\lv.pak (262 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\libglesv2.dll (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\xinput1_3.dll (81 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\chrome_watcher.dll (1636 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ja.pak (308 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\nacl_irt_x86_64.nexe (22433 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\es.pak (263 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\nl.pak (247 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\unitywebplayer.exe (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5IPUSTB\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\chrome.7z (1266233 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\am.pak (1639 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\mr.pak (1801 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\pt-BR.pak (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\chrome.dll (237340 bytes)

The Malware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5IPUSTB\callback[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\amigo.exe (0 bytes)

Registry activity

The process UnityWebPlayer.exe:808 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Classes\UnityWebPlayer.UnityWebPlayer.1]
"(Default)" = "UnityWebPlayer Control"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0]
"Version" = "5.0.3f2"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}]
"(Default)" = "UnityWebPlayer Control"

[HKCU\Software\Classes\UnityWebPlayer.UnityWebPlayer\CurVer]
"(Default)" = "UnityWebPlayer.UnityWebPlayer.1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
"DisplayName" = "Unity Web Player"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\Suffixes]
"unity3d" = ""

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}]
"AppID" = "{F008CD3D-7044-4CD4-BE14-BF3FCCF144F9}"

[HKCU\Software\Classes\AppID\{F008CD3D-7044-4CD4-BE14-BF3FCCF144F9}]
"(Default)" = "UnityWebPlayer"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\Version]
"(Default)" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
"DisplayVersion" = "5.0.3f2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Unity\WebPlayer]
"UnityWebPlayerDevelopment" = "no"

[HKCU\Software\Classes\UnityWebPlayer.UnityWebPlayer.1\CLSID]
"(Default)" = "{444785F1-DE89-4295-863A-D46C3A781394}"

[HKCU\Software\Classes\TypeLib\{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}\1.0\0\win32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx"

[HKCU\Software\Classes\UnityWebPlayer.UnityWebPlayer]
"(Default)" = "UnityWebPlayer Control"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\TypeLib]
"(Default)" = "{75A564FE-95D1-41a9-B1D9-10D1E3CB502B}"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\MiscStatus]
"(Default)" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0]
"Description" = "Unity Player 5.0.3f2"

[HKCU\Software\Unity\WebPlayer]
"un.Directory" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\MiscStatus\1]
"(Default)" = "131473"

[HKCU\Software\Classes\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0]
"vendor" = "Unity Technologies ApS"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Classes\TypeLib\{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}\1.0\FLAGS]
"(Default)" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
"NoRepair" = "1"
"HelpLink" = "http://unity3d.com/"

[HKCU\Software\Classes\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\TypeLib]
"(Default)" = "{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}"

[HKCU\Software\Classes\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}]
"(Default)" = "_DUnityWebPlayerAX"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0]
"ProductName" = "Unity Web Player"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\MimeTypes\application/vnd.unity]
"Description" = "Unity Player datafile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{444785F1-DE89-4295-863A-D46C3A781394}]
"(Default)" = ""

[HKCU\Software\Classes\UnityWebPlayer.UnityWebPlayer\CLSID]
"(Default)" = "{444785F1-DE89-4295-863A-D46C3A781394}"

[HKCU\Software\Classes\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Classes\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}]
"(Default)" = "_DUnityWebPlayerAXEvents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
"QuietUninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe /S /CurrentUser"
"EstimatedSize" = "12288"

[HKCU\Software\Unity\WebPlayer]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\MimeTypes\application/vnd.unity]
"Suffixes" = "unity3d"

[HKCU\Software\Classes\TypeLib\{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}\1.0\HELPDIR]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader"

[HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll"

[HKCU\Software\Classes\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Unity\WebPlayer]
"UnityWebPlayerReleaseChannel" = "Stable"

[HKCU\Software\Classes\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "70 70 66 C7 FA D4 EA 2B DA 47 EE EE A2 23 95 E5"

[HKCU\Software\Classes\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe /CurrentUser"
"NoModify" = "1"
"URLInfoAbout" = "http://unity3d.com/unitywebplayer.html"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\AppID\UnityWebPluginAX.ocx]
"AppID" = "{F008CD3D-7044-4CD4-BE14-BF3FCCF144F9}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\VersionIndependentProgID]
"(Default)" = "UnityWebPlayer.UnityWebPlayer"

[HKCU\Software\Classes\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}\TypeLib]
"(Default)" = "{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}"

[HKCU\Software\Classes\TypeLib\{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}\1.0]
"(Default)" = "UnityWebPlayerAXLib"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
"DisplayIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe"

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\ProgID]
"(Default)" = "UnityWebPlayer.UnityWebPlayer.1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{444785F1-DE89-4295-863A-D46C3A781394}\iexplore\AllowedDomains\*]
"(Default)" = ""

[HKCU\Software\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\ToolboxBitmap32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx, 102"

[HKCU\Software\Classes\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer]
"Publisher" = "Unity Technologies ApS"

The process %original file name%.exe:1756 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

"CategoryCount" = "16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKCU\Software\IM]
"1470" = "16-04-01 2:40:50"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "50 95 55 B4 A3 EB A5 A3 32 46 03 CC D7 49 9B E2"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\31974746ec5e116739526c406051a7cb\DEBUG]
"Trace Level" = ""

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\752FA5C2-95FA-462F-A94B-C996CDFB715F]
"AmigoDistrib.exe" = "Amigo Installer"

The Malware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Malware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Malware modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\31974746ec5e116739526c406051a7cb\DEBUG]
"Trace Level"

The process MailRuUpdater.exe:908 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
"Publisher" = "Mail.Ru"
"InstallLocation" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe uninstall"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
"DisplayName" = "Служба автоматического обновления программ"

[HKCU\Software\Mail.Ru\IE_Bar\Settings]
"Guid" = "{C6F34933-94A8-4E06-9901-4A0EAF0842E1}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Mail.Ru\Updater]
"Guid" = "{C6F34933-94A8-4E06-9901-4A0EAF0842E1}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
"VersionMinor" = "17"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]
"VersionMajor" = "1"
"DisplayIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru]
"MailRuUpdater.exe" = "Mail.Ru updater"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BA C9 8C B8 89 31 31 CF C1 85 60 50 92 FF 32 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

The Malware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"MailRuUpdater" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe"

The Malware modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Malware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Malware deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MailRuUpdater]

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application]
"amigo.exe"

The Malware disables automatic startup of the application by deleting the following autorun value:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"MailRuUpdater"

The process MailRuUpdater.exe:496 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 E3 3B 0F C7 15 7E 15 AD F6 96 3B 9D 62 71 E3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The Malware deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{822E2280-26F1-40DB-BA8A-8CE5EBA5A6DC}User]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{822E2280-26F1-40DB-BA8A-8CE5EBA5A6DC}Machine]

The process MailRuUpdater.exe:1660 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Mail.Ru\Tech\ptls\{4519D3B5-465C-4AE2-A905-960CA7D5385C}\ch]
"gdup" = "LlybSVbttQqpAxIsKaevGioKg0tb/axI90ISNjitsCYFLPctM4jIaMdjKQwLmY97RzqlYn6a0mjPbCJRSMjiN3RK2RVA8uxI6FUNXA=="

[HKCU\Software\Mail.Ru\Tech\ptls\{0ED2394C-62B6-4A80-A342-C2CA0B2A4E82}]
"finished_time" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Mail.Ru\Tech\ptls\{8DC7BF6A-58F3-4740-B600-34E37FFADC21}]
"finished_time" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = ""
"Desktop" = ""

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Mail.Ru\Tech\ptls\{F581DE96-9AA1-45C8-8335-B7445525371A}]
"ie" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Mail.Ru\Tech\ptls\{603A8599-628C-4F00-A940-A09F1583A23E}]
"RUNID" = "10"

[HKCU\Software\Mail.Ru\Tech\ptls\{4C1D0C36-25B2-4774-80E8-DAE1E7898A1A}\ch]
"gdup" = "LlybSVbttQqpAxIsKaevGioKg0tb/axI90ISNjitsCYFLPctM4jIaMdjKQwLmY97RzqlYn6a0mjPbCJRSMjiN3RK2RVA8uxI6FUNXA=="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Mail.Ru\Tech\ptls\{4C1D0C36-25B2-4774-80E8-DAE1E7898A1A}]
"RUNID" = "12"

[HKCU\Software\Mail.Ru\Tech\ptls\{4947360E-E26B-4CC9-BB40-F4A30EDCA39E}]
"RUNID" = "10"

[HKCU\Software\Mail.Ru\Tech\ptls\{66CD85E0-6D8E-444E-9D71-AED8BA171A26}]
"RUNID" = "16"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Mail.Ru\Tech\ptls\{F581DE96-9AA1-45C8-8335-B7445525371A}]
"CH" = "1"

[HKCU\Software\Mail.Ru\Tech\ptls\{66CD85E0-6D8E-444E-9D71-AED8BA171A26}\ch]
"gdup" = "LlybSVbttQqpAxIsKaevGioKg0tb/axI90ISNjitsCYFLPctM4jIaMdjKQwLmY97RzqlYn6a0mjPbCJRSMjiN3RK2RVA8uxI6FUNXA=="

[HKCU\Software\Mail.Ru]
"SicSettings" = "22 serialization::archive 11 0 0 1 0 0 0 0 0 20 0 0 1 0 0 0 0 24 0 0 0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "55 5C 36 C0 27 61 94 2A DC A7 C8 8B F3 B0 86 6B"

[HKCU\Software\Mail.Ru\Tech\ptls\{0E26AC42-4B6E-4C84-8291-A0CAC999E70D}]
"finished_time" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Mail.Ru\Tech\ptls\{E60E6A0E-4092-4965-85BB-AA1ED8EBBC8E}\ch]
"gdup" = "LlybSVbttQqpAxIsKaevGioKg0tb/axI90ISNjitsCYFLPctM4jIaMdjKQwLmY97RzqlYn6a0mjPbCJRSMjiN3RK2RVA8uxI6FUNXA=="

[HKCU\Software\Mail.Ru\Tech\ptls\{F581DE96-9AA1-45C8-8335-B7445525371A}]
"finished_time" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Mail.Ru\Tech\ptls\{3CE4F0C3-2143-491F-8F20-27792166C41F}]
"RUNID" = "10"

[HKCU\Software\Mail.Ru\Tech\ptls\{F581DE96-9AA1-45C8-8335-B7445525371A}]
"ff" = "1"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"

[HKCU\Software\Mail.Ru\Tech\ptls\{4519D3B5-465C-4AE2-A905-960CA7D5385C}]
"RUNID" = "10"

[HKCU\Software\Mail.Ru\Tech\ptls\{B63A6D16-4F50-47C2-9BF7-A5D6E79C9EFD}\ch]
"gdup" = "LlybSVbttQqpAxIsKaevGioKg0tb/axI90ISNjitsCYFLPctM4jIaMdjKQwLmY97RzqlYn6a0mjPbCJRSMjiN3RK2RVA8uxI6FUNXA=="

The Malware deletes the following registry key(s):

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects]
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{665108C1-304E-40C2-B1FF-A282700E1012}User]
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{665108C1-304E-40C2-B1FF-A282700E1012}Machine]

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Mail.Ru\Tech\ptls\{F581DE96-9AA1-45C8-8335-B7445525371A}]
"ch"
"ff"
"ie"

The process amigo.exe:1748 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Amigo\StabilityMetrics]
"user_experience_metrics.stability.exited_cleanly" = "1"

[HKCU\Software\Classes\https]
"URL Protocol" = ""

[HKCU\Software\Classes\.html]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"

[HKCU\Software\Classes\https\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"

[HKCU\Software\Amigo]
"metricsid" = "FF9E10D6-E9FF-4A1D-B404-656C91EA9279"

[HKCU\Software\Classes\ftp\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"

[HKCU\Software\Amigo]
"metricsid_installdate" = "0"

[HKCU\Software\Classes\.shtml]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Classes\http\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"

[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"

[HKCU\Software\Classes\http]
"URL Protocol" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"

[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe -- %1"

[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Classes\.xhtml]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe -- %1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"

[HKCU\Software\Amigo]
"metricsid_enableddate" = "1459467552"

[HKCU\Software\Classes\.htm]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CE F4 DC 3B A4 FC 55 E7 85 BF 63 D7 0F 48 D3 A3"

[HKCU\Software\Amigo]
"usagestats" = "1"

[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"

[HKCU\Software\Classes\ftp]
"URL Protocol" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"

[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"

[HKCU\Software\Clients\StartmenuInternet]
"(Default)" = "Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe -- %1"

[HKCU\Software\Classes\.xht]
"(Default)" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"

The process AmigoDistrib.exe:500 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE 4A DB 13 85 C4 01 1B 59 51 62 32 88 7C D6 52"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"RFR" = "789118"
"newrfr" = "789118"

The process setup.exe:1372 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Amigo]
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\44.4.2403.3\Installer\setup.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"https" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"DisplayIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"

[HKCR\.shtml\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\mailruupdater.exe,"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"tel" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Amigo\Commands\on-os-upgrade]
"CommandLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\44.4.2403.3\Installer\setup.exe --on-os-upgrade --verbose-logging"

[HKCR\.webp\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Amigo]
"FirstNotDefault" = "Type: REG_QWORD, Length: 8"

"ap" = "-stage:refreshing_policy"

[HKCU\Software\Amigo\Commands\on-os-upgrade]
"AutoRunOnOSUpgrade" = "1"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"AgentInstall" = "0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe"

[HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29161}]
"(Default)" = "CommandExecuteImpl Class"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".webp" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Amigo]
"pv" = "44.4.2403.3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"mailto" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationIcon" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"

[HKCU\Software\Amigo]
"Name" = "Интернет"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"urn" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"VersionMajor" = "2403"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".htm" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCR\.html\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\amigo.exe]
"Path" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"PrevDefault" = "%Program Files%\Internet Explorer\iexplore.exe -nohome"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"ftp" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Amigo]
"UninstallArguments" = " --uninstall"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"sms" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"ShowIconsCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --show-icons"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"FirstInstall" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"news" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCR\AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe -- %1"

[HKCR\AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ]
"(Default)" = "HTML Document"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"smsto" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".html" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationDescription" = "Amigo is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Amigo."

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"ReinstallCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --make-default-browser"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"DisplayVersion" = "44.4.2403.3"
"InstallLocation" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application"

[HKCR\AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe,0"

[HKCR\.xht\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".xht" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCR\.htm\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ]
"(Default)" = "Интернет"

[HKCU\Software\Amigo]
"InstallerSuccessLaunchCmdLine" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".shtml" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"http" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"UninstallString" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\44.4.2403.3\Installer\setup.exe --uninstall"

[HKCU\Software\Amigo]
"InstallerError" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E 11 CD 80 81 51 2C 8B 15 DD 59 87 80 0E EB 31"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"InstallDate" = "20160401"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"nntp" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29161}\LocalServer32]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\44.4.2403.3\delegate_execute.exe"
"ServerExecutable" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\44.4.2403.3\delegate_execute.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Amigo]
"oopcrashes" = "1"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"amigoext" = "eeecheimdlkopnpajfcdmacgkjlkcmji;diciddlabejpoaofdnmoamebeohoiobg;egohihcbmlmdokfdoecjpdiadnkjgmdd;kgkggmpkealihpbjpdmcblcplljamohl;hlnkhcccfccipjdgeddoifmlognfajdp;mbipmajmbfjakbcfnjdldckninlnmhoe;hfpahoblpjopcfnlokmndooidiinhiie;nhhefclnfbjmnbbkhjplpnciolbbbdkd"
"stage" = "1"

[HKCR\.xhtml\OpenWithProgids]
"AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"webcal" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"Publisher" = "Mail.Ru"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"Guid" = "{C14D3F14-BAD5-4AAA-AD3A-646154765CED}"

[HKCU\Software\Amigo]
"InstallerExtraCode1" = "9"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\amigo.exe]
"(Default)" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"NoModify" = "1"

[HKCU\Software\Amigo]
"InstallerResult" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"mms" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"DisplayName" = "Интернет"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\FileAssociations]
".xhtml" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"NoRepair" = "1"
"Version" = "44.4.2403.3"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"HideIconsCommand" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --hide-icons"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\Startmenu]
"StartMenuInternet" = "Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities]
"ApplicationName" = "Интернет"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"ua" = "CHANNEL_789118"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Amigo]
"lang" = "en"

[HKLM\SOFTWARE\RegisteredApplications]
"Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ" = "Software\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amigo]
"VersionMinor" = "3"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\Capabilities\URLAssociations]
"irc" = "AmigoHTML.QQL2B5ZRL54V5ERAM5WD2OE6LQ"

[HKLM\SOFTWARE\Clients\StartMenuInternet\Интернет.QQL2B5ZRL54V5ERAM5WD2OE6LQ\InstallInfo]
"IconsVisible" = "1"

To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"amigo" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --no-startup-window"

The Malware modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application]
"amigo.exe" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe:*:Enabled:Интернет"

The Malware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Malware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Amigo]
"ap"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"first_bookmark_bar"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"InstallResult"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Amigo]
"InstallerExtraCode1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\Mail.Ru\AmigoInstaller]
"first_nosidebar"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 15
17b5b9ae3076fb010c933f2f9e48a956
edc34fc4d7c1fedfb774f0d8efc2f759
7f3948e599059f5229c7e44916c6e032
f68a9e65abf4e168d73b3c5531c5023f
d7a3d4db85881c1f4f163b2cdc574a67
610c0043a47a23e3a6f2dfd877c505c5
c65f628250715de8abf31a2f5b2c99fe
772744bc51d3cde4bfe6429ceefbf829
4fc610372a36633e7d0d1b1ff68f2835
c65d681f6c863a2147914e7ec67610dd
2859522be053f1f6caa764855f683888
1d5a2473557f93e0acd3bb8c2d21e03a
6f88d8955f5655eeda4169ddc0a046c0
c851e6e37e2720860bafb1f6f19e8315
2456077d4c7178d46f9755cb469dd1ac

URLs

URL	IP
hxxp://cuidu.sevential.ru/api
hxxp://moscow.cdnmail.ru/AmigoDistrib.exe?rfr=789118
hxxp://fiak.theirry.ru/mailru/callback?type=mailru_amigo&zone=ua&guid={C14D3F14-BAD5-4AAA-AD3A-646154765CED}&ovr=0&aux=7134	5.149.254.183
hxxp://bs.amigo.mail.ru/update/2/version.txt?ver=44.4.2403.3&kind=amigo&ds=m&BID={C14D3F14-BAD5-4AAA-AD3A-646154765CED}&rfr=789118&type=install	217.69.139.252
hxxp://mrds.mail.ru/update/2/version.txt?type=mru_install&GUID={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&rfr=&masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=4&elapsed_time=0&mr_service=0&ovr=0&tool=mrupdater	217.69.139.245
hxxp://mrds.mail.ru/update/2/version.txt?type=mru_online&GUID={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&rfr=&tool=mrupdater&masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=4&elapsed_time=0&mr_service=0	217.69.139.245
hxxp://mrds.mail.ru/updater/version.xml?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=5&elapsed_time=0&mr_service=0	217.69.139.245
hxxp://mrds.mail.ru/update/2/version.txt?type=mru_online_service&GUID={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&rfr=&tool=mrupdater&masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=4&elapsed_time=0&mr_service=1	217.69.139.245
hxxp://mrds.mail.ru/amigo/version2.xml?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=5&elapsed_time=0&mr_service=0	217.69.139.245
hxxp://mrds.mail.ru/update/2/version.txt?type=mru_install_service&GUID={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&rfr=&tool=mrupdater&masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=6&elapsed_time=1&mr_service=0	217.69.139.245
hxxp://xml.binupdate.mail.ru/cache_policy.mrdj	217.69.139.247
hxxp://xml.binupdate.mail.ru/audit_config.mrdj	217.69.139.247
hxxp://xml.binupdate.mail.ru/tasks.mrdj?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=5&elapsed_time=0&mr_service=1	217.69.139.247
hxxp://xml.binupdate.mail.ru/tasks/shortcuts.mrdj?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=6&elapsed_time=1&mr_service=1	217.69.139.247
hxxp://mrds.mail.ru/update/2/version.txt?type=mruinfo&GUID={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&rfr=&masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=6&elapsed_time=0&mr_service=0&tool=mrupdater&amigo_conv=1&ovr_amigo=0&ovr_internet=0&ovr_chrome=0&ie_ver=6.0.2900.5512&iedse=&iehp=	217.69.139.245
hxxp://xml.binupdate.mail.ru/tasks/shortcuts.mrdj?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=7&elapsed_time=7&mr_service=1	217.69.139.247
hxxp://xml.binupdate.mail.ru/tasks/ext_settings.mrdj?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=8&elapsed_time=8&mr_service=1	217.69.139.247
hxxp://xml.binupdate.mail.ru/tasks/sg_settings.mrdj?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=8&elapsed_time=8&mr_service=1	217.69.139.247
hxxp://xml.binupdate.mail.ru/tasks.mrdj?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=8&elapsed_time=8&mr_service=0	217.69.139.247
hxxp://amigobin.cdnmail.ru/AmigoDistrib.exe?rfr=789118	94.100.180.110
hxxp://binupdate.mail.ru/amigo/version2.xml?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=5&elapsed_time=0&mr_service=0	217.69.139.245
hxxp://binupdate.mail.ru/updater/version.xml?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=5&elapsed_time=0&mr_service=0	217.69.139.245

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN Suspicious User-Agent (FULLSTUFF)

Traffic

POST /api HTTP/1.0

Connection: keep-alive

Content-Length: 159

Host: cuidu.sevential.ru

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: identity

User-Agent: Mozilla/3.0 (compatible; Indy Library)

....x.-....1.D..g..(..7-m.....&......o.....1....L.Q....r.&4*..$...3,!.CXw`....Vo..c....J...G..!3.$Cf.Bc.=...N.e....J.......Y...........(S.j3...Z&..c.4..>_.s5n
HTTP/1.1 200 OK

Server: nginx/1.4.2

Date: Thu, 31 Mar 2016 23:38:49 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.17
7...x.3.401.025.J3347.L6..TKc.D.s.43.C..$3SC#c..j....."% %.Z.q.....

GET /tasks/sg_settings.mrdj?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=8&elapsed_time=8&mr_service=1 HTTP/1.1

Host: xml.binupdate.mail.ru

Accept: */*

User-Agent: RemoteConfigFetcher

Connection: close

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 31 Mar 2016 23:39:13 GMT

Content-Type: application/x-mrd

Connection: close

Content-Transfer-Encoding: 8bit

Content-Length: 43310
d.=<;:;[.dzyv0 0t.-, *)('&'Wd@ma\UqUHN...m?.............EGGEAW.I182
~wPyxwvutsrqpono?</,<j6$#&l"/.\Qv[ZYXWVUTSRQPM......F...J...B...
......................................................................
......................................................~kqh6i|yeu}:}we2
#.-, *)('&%$#"#y^SYYC.W]C..>[email protected]/u965uz_tsrqponm
lkjij='7%!-5!..P.....Y...Q^{PONMLKJIHGFEF..O..........................
......................................................................
................................?<usot|ode;ff0=./.-, *)('&%$!ldtXWY
.U_M..<.............[SGWP.VHC11s?47{t]vutsrqponmlkh=!$(*j -,bSt]\[Z
YXWVUTSRS....B.......J..CL............................................
......................................................................
.............lj|noi|yeu}:p}|2#.-, *)('&%$#"#gP.JYY[ULV.GA..;..........
...PV@R p*99;5,6x'!q~[ponmlkjihgfef4'#!...R..[T}VUTSRQPONMLKH[...K...C
L.....................................................................
..........................................................?>=<;:
9874cqaf~}!|x.'.)('&%$#"! ...[ZW\....FF..:..............JA1?1r4(>z{
\utsrqponmlkjk;3'70,4*!Q..^WpYXWVUTSRQPONO..[\F...FOhA@...............
......................................................................
..........................................?>=<;8oyd~8p|z~t!`hx)&
.('&%$#"! ....WOZSNEPUAQYU\.NCF..".........~}|y-0639"'>32~=;o`Ajihg
fedcba`_\.............^..O@aJIHGFEDCBA@...............................
..................................................................
<<< skipped >>>

GET /tasks.mrdj?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=5&elapsed_time=0&mr_service=1 HTTP/1.1

Host: xml.binupdate.mail.ru

Accept: */*

User-Agent: RemoteConfigFetcher

Connection: close

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 31 Mar 2016 23:39:06 GMT

Content-Type: application/x-mrd

Connection: close

Content-Transfer-Encoding: 8bit

Content-Length: 9681
d..>O{jsd4/4h...-uO:8K?L60(0E71-..~...{~..t.w.t..m.imnT...^.* (.:0&
lt;~az-*"3y^Z[Xr=;#%/[email protected].......=........
......................................................................
...................................................~wqnn4z|y{t}.<ce
 ibShb.jjYge`i/7E.7523D2>?H.9;8.T....n.j.....a....oq.cimzocd..f.z}u
y.7krg=OMJKc%.._F[....Z.}z{S.....IPIYWJomjkC..........................
......................................................................
................................ .1....:dsgbzqtO.|dcyc}q%<%pqwd,574
[email protected].."./,.`WRT03.=);4 ulu/Y[XYFl.$.)"."*$=axaquwtu.ppq.
Z.}zP.4,  ]R( E&$SUNVY&...............................................
......................................................................
........../'/1/#/-:. VQ?PQ>KI4NHKK?Cx&9"z.674.^TX...AFFW.:&'$.Y_GAC
......*VWT~(? .>50.# 8?='95ipi<53 hIKHI]....XCXU.......Mdde.Fcan
D.T&&SS...............................................................
................................................................=]hoou
tHvdty`0 0t..... KocfoGgmaF....001>K?=:O.:&'.W...i.........si.kjt.n
bey.bh.~{u..xz.:d.d8HHIv\...XCX...._xxyfL.....J]FTTOhhi...............
......................................................................
..........................................?/-0....5epfe{ruP~.edx`|~$?$
wpte.4452.MAGS....^^JZDAN.#!.[..* .[.....j.`z.mma.eh~.`u.s{e...rpuwx9H
HE.XCX.||}zP...LWL.....JomjkC.........................................
..................................................................
<<< skipped >>>

POST /api HTTP/1.0

Connection: keep-alive

Content-Length: 906

Host: cuidu.sevential.ru

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: identity

User-Agent: Mozilla/3.0 (compatible; Indy Library)

....x.}T[o.8.. ..:..l0...V....*j..J.....xj0k;....}.).j.U_....  ..E....b.!$.y.."-.:.yZR....I..O<.9.x.U ..-.U.<.Ny....9M..`50Q.VJ.....y...(...E.@..^.<#y..y.%.%!..y...b..w..)..}....A..T....=.i..W..| ..3.O...d.mr.....a.gX.z...m...v#v........=p^...I2O...... &..$e.(........Z:']P~]....].
.RZ.,g\...4.6Kx..'..y]..U........L9..D7..J..b.Ga;'.I!_{m........v.......8'..2...p..I

......zc....P......l.....2I.(..............k N...:mv.l.V.vprd..{..=..c[.V...7...A.q....f.y..h..L..l.;/m'=.......^!....3{..
.{.j.a..V>...g..-.Q..Q0.OJ.
._du........Z.D...5..v....<...`R....h)..D?.N.........'..?}#.D..(.C7Z.-..l.*`.hL%...
.d..1.-..r......(!..C.=oUu.a.Q.^..~$Nay..Q..,j....V#XU.'.:.*..$..$..B..7SV...N..GK-N..R...3....../.k`u.......,....dm|H..-L.._=....................[9.4"qY.\..../.A.!V...v....;...z.A...)8I0..N.'D4aK..{^..v.wg..(......`.s.E......AJ.f.,..Nt..c...&8/....I....Vk..0\..P........EU&...v.E.u#..

.......(~..A../
HTTP/1.1 200 OK

Server: nginx/1.4.2

Date: Thu, 31 Mar 2016 23:37:56 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.17
G...x..U...8..W..f_6,....Y.uOmu.V...r...q.B...I...~c.M.V.........3|3..
.x1..%.]?Ir.Dy...'I.....w..#....R..^...=...E. ........b7.......O|.....
do.m/.\..C.xW4.bu.....5k....B.....Gd..J.nIo....u...).f.D.....k.......{
..\.Q.x^.....a[...........].vJ.......a?..[/&..A.eE..x....e.l.........S
../...[h..O.O...K.J&....PR...,:.....xf%z.]........O4..p...C.....Gf.G.q
.F.b.ot..l...uA... .<.OP....IV.).u....eV%......s.9.3-`..S.mM....'..
..I..C.&........#V._..'.i.)n.. .>....I.}&.=......./.Fa`...........Y
[email protected]...\5...Q..)..h.zz/./sVl.4..Q.....n.H.6[..H...._.
?..'.....<c.>.<?........J...^...6c..?.Cl..0.}...-.d.u%T......
.V....C...GPJ4......E.t.Z.L1.h...([email protected]#..H.z...az.../.>.
\...J..A....w......}.9.#.....d."...s..!Z...4.5r.F.>..13.K=.zY.Wg...
....'..`.~. .....):._....8]..i.../c6`.S...E.F$."?$....].1..L..<..f=
J.vxX7.....]$......'|...H.rV. ./d[.X...iQT.....(U........XWj.E....H^..
e%J$....6.X....x..{*D...

GET /updater/version.xml?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=5&elapsed_time=0&mr_service=0 HTTP/1.1

Host: binupdate.mail.ru

Accept: */*

User-Agent: MailRuUpdater

Connection: close

HTTP/1.1 503 Service Temporarily Unavailable

Server: nginx

Date: Thu, 31 Mar 2016 23:39:06 GMT

Content-Type: text/html

Content-Length: 206

Connection: close
<html>..<head><title>503 Service Temporarily Unavail
able</title></head>..<body bgcolor="white">..<cen
ter><h1>503 Service Temporarily Unavailable</h1></ce
nter>..<hr><center>nginx</center>..</body>.
.</html>....

GET /amigo/version2.xml?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=5&elapsed_time=0&mr_service=0 HTTP/1.1

Host: binupdate.mail.ru

Accept: */*

User-Agent: MailRuUpdater

Connection: close

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 31 Mar 2016 23:39:06 GMT

Content-Type: text/xml; charset=utf-8

Connection: close

Content-Length: 282
<?xml version="1.0" encoding="utf-8" ?>.<xml>.<product_
name>Amigo</product_name>.<version>32.0.1725.115</ve
rsion>.<fetch_url>hXXp://amigo.cdnmail.ru/amigo_setup.exe<
/fetch_url>.<md5>116046f0563f48b6e6cf012b6cff3d75</md5>
.<cmd_line>.--silent --launch --tray-launch.</cmd_line>.&l
t;/xml>..

GET /update/2/version.txt?type=mru_install&GUID={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&rfr=&masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=4&elapsed_time=0&mr_service=0&ovr=0&tool=mrupdater HTTP/1.1

Host: mrds.mail.ru

Accept: */*

User-Agent: FULLSTUFF

Connection: close

HTTP/1.1 204 No Content

Server: nginx

Date: Thu, 31 Mar 2016 23:39:05 GMT

Connection: close

GET /update/2/version.txt?type=mruinfo&GUID={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&rfr=&masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=6&elapsed_time=0&mr_service=0&tool=mrupdater&amigo_conv=1&ovr_amigo=0&ovr_internet=0&ovr_chrome=0&ie_ver=6.0.2900.5512&iedse=&iehp= HTTP/1.1

Host: mrds.mail.ru

Accept: */*

User-Agent: FULLSTUFF

Connection: close

HTTP/1.1 204 No Content

Server: nginx

Date: Thu, 31 Mar 2016 23:39:06 GMT

Connection: close

GET /update/2/version.txt?ver=44.4.2403.3&kind=amigo&ds=m&BID={C14D3F14-BAD5-4AAA-AD3A-646154765CED}&rfr=789118&type=install HTTP/1.1

User-Agent: Amigo Setup

Host: bs.amigo.mail.ru

Cache-Control: no-cache

HTTP/1.1 204 No Content

Server: nginx

Date: Thu, 31 Mar 2016 23:39:02 GMT

Connection: keep-alive
HTTP/1.1 204 No Content..Server: nginx..Date: Thu, 31 Mar 2016 23:39:0
2 GMT..Connection: keep-alive..

GET /tasks/shortcuts.mrdj?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=6&elapsed_time=1&mr_service=1 HTTP/1.1

Host: xml.binupdate.mail.ru

Accept: */*

User-Agent: RemoteConfigFetcher

Connection: close

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 31 Mar 2016 23:39:06 GMT

Content-Type: application/x-mrd

Connection: close

Content-Transfer-Encoding: 8bit

Content-Length: 10483
d.=<;:;K.yg`pge@`bdor(3(|.%$#"! ...n^YV_Y_A]\\...U'..............0&
lt;>7?=zmv!&&7}Zonmlkjihgfeda.$!.1...XCX...._xQPONMLKJIHGFG)..%....
......................................................................
......................................................v{?0.:9876543210
/.-, (Kaigw}OmbaKWRRH...l<.......................,2;);4.>:0'v}.&
gt;; ?".>i.?6) 1'3o........Y...QxQPONMLKJIHGFEDCB<L.............
......................................................................
............................................l<'<@.9876543210/.-,
 *)('&'MmvdrQ[I.~BITXDPF.[TH_BB^Nvu.B^@..(...~}|{zyxwvutsr.|Enmlkjihgf
edcba`_\4...5.......!.......KRG=oDCBA@................................
.....j....d1...a/....z.....t........n....S....d.......................
....................5Q...1w~s?85.76543210/.-, *)('&%$!^].cb..gf.dk..]h
W..ruU..wrX..xHxM...,.9.....x7.2...;..b./....=....%.. XYVsXWVUTSRQPONM
LKJIHGFEF...................@:...Z....W.....P.....j.......b....|)...x.
...............................................'C...#t...<l....7X..
..1.CA@5A|..KNl..LKj..Q/(%.'&%$#"! .............BC_H\LR..@FSCWJ]..I.;.
...!....$...<.!...8.-.....l.%.. '...%,....VS\eNMLKJIHGFEDCBA@......
................Y=...U....n>....i.....c.......{....w ...q..........
...................................."D...<i...9g....2_BlFy..DDK8wOr
..M{RQ"Po..Z]}.._Ze..`...3......................KzE....#....&...>.?
...>./.....j!. ..#. 'T"...(/...-4...6NKbGFEDCBA@...................
..................................................................
<<< skipped >>>

POST /api HTTP/1.0

Connection: keep-alive

Content-Length: 900

Host: cuidu.sevential.ru

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: identity

User-Agent: Mozilla/3.0 (compatible; Indy Library)

....x.}T.n.8....O)j......$@v7.#............$-;(...*....y...f.s...,.E..s.D5k.......M....<.E#."n.?.@.....^HPh..7 ;..Y. .5.r........YI..#..uB)0$....u.!~Rm....J..K..g...|.(c...([email protected]{:go3.D.....G7.h....9...e.<.<1Q..W.....bQ\.9.6C...k..._Wc.d....n1/.$O2.R.<..2..*a.K...m.'@3.v.T..Y...I...[.?. ..t.....z.
.........x.|Z.M......w;.. .Ab.g.^<m.....
.^[7.w..Rv/.....Pn...t>.......k#^'.QvJ....[.......{..=....<..o.o...A......f.<wF.....n6.....#.S.6.9....P.tz....^.W...#. .^.J8......2.....>.Yj...$.et...;U.K....d.y#..5..vM.0A8j.Bpp....d)...?...........'....Z8 ..(HBn..{..j.Hh.....#....[email protected]....@.....X..<*..'>.E...K0...faD...........-.88=.2.<...{.T..........'..6...j.d......(.$...d...............ty.^H...yY..$H....8...e.f.u...a.z.....4)d.vP..z.a...).P8S.N..E.~i..=/.x..3

x....x.$Q.g<
x....e..OH..(2..U8.3.....Xd."J..._r..I.ETT.$<...h.....s.........a........k........
HTTP/1.1 200 OK

Server: nginx/1.4.2

Date: Thu, 31 Mar 2016 23:37:54 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.17
'...x..T]O.0.. [email protected]/3..............................`..^.
.t..r.<..L......t.O}o..0...#.).$sB.. s.d9f.4...fy..q..p........EQ.l
......_.m...u.xU...l..%..Jl..K.v.%...J.f.&l.7.R.e=..z..j,;69....U.L...
....(.y^..EYA.7..m....A...}".U..y..j.i?..[/F.V.xI.Z#.aY7.r..g.0...:...
8.F.{s.Ce.A..W]..C..A.....69rX..>.k.... u..[....5.<&........0.42
k.GM..'e.^..}.....gF..J. b.ehi.-U.......w....b....zc...........T......
).......Y...'m..C........lOv..}4&...4\..s.....-...h..ht<...........
..k..P..R.,.. ..A&5.'8Q...=~.:).<.........._....l}..{.{.S...Q.....V
r..,.)X|J..7.g.q'.......=`Z[*H.|..Am...H......Gb..3.3..H>=.zn...\[&
[WF..:.Z...:...K.d.kP...-c'MS......q...y..0..K.......nh...yB..IX.a....
o.7.].B.s..]|g.... ......7.}.......... ........9..=.....(.h..(.._.....
.

GET /AmigoDistrib.exe?rfr=789118 HTTP/1.1

Host: amigobin.cdnmail.ru

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: identity

User-Agent: Opera/9.80 (Windows NT 6.1) Presto/2.12.388 Version/12.15

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 31 Mar 2016 23:38:28 GMT

Content-Type: application/octet-stream

Content-Length: 48920808

Connection: keep-alive

Last-Modified: Thu, 25 Feb 2016 17:19:26 GMT

ETag: "56cf379e-2ea78e8"

Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........D.^.*E^.*E
^.*E...E_.*ES..EI.*ES..EP.*ES..E>.*E.C.EY.*E^. E9.*E#..EY.*ES..E_.*
E^..E].*E#..E_.*ERich^.*E........PE..L...>EKV......................
[email protected]...............
[email protected]>...........V..."..........@..
[email protected]....................
........text............................... ..`.data..................
[email protected]......................@[email protected]>
...@...@..................@[email protected][email protected]
......................................................................
......................................................................
......................................................................
......................................................................
.....................................................................m
@.ku@...@.*.@..........~@...@...@.....................>EKV........^
...0O..0C......>EKV.............O...C..{.8.A.6.9.D.3.4.5.-.D.5.6.4.
-.4.6.3.c.-.A.F.F.1.-.A.6.9.D.9.E.5.3.0.F.9.6.}.....{.4.e.a.1.6.a.c.7.
-.f.d.5.a.-.4.7.c.3.-.8.7.5.b.-.d.b.f.4.a.2.0.0.8.c.2.0.}.....{.8.B.A.
9.8.6.D.A.-.5.1.0.0.-.4.0.5.E.-.A.A.3.5.-.8.6.F.3.4.A.0.2.A.C.B.F.}...
..{.4.D.C.8.B.4.C.A.-.1.B.D.A.-.4.8.3.e.-.B.5.F.A.-.D.3.C.1.2.E.1.5.B.
6.2.D.}.....-.-.c.h.r.o.m.e.-.s.x.s.....-.-.c.h.r.o.m.e.....-.-.c.
<<< skipped >>>

GET /update/2/version.txt?type=mru_online&GUID={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&rfr=&tool=mrupdater&masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=4&elapsed_time=0&mr_service=0 HTTP/1.1

Host: mrds.mail.ru

Accept: */*

User-Agent: FULLSTUFF

Connection: close

HTTP/1.1 204 No Content

Server: nginx

Date: Thu, 31 Mar 2016 23:39:06 GMT

Connection: close

GET /update/2/version.txt?type=mru_online_service&GUID={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&rfr=&tool=mrupdater&masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=4&elapsed_time=0&mr_service=1 HTTP/1.1

Host: mrds.mail.ru

Accept: */*

User-Agent: FULLSTUFF

Connection: close

HTTP/1.1 204 No Content

Server: nginx

Date: Thu, 31 Mar 2016 23:39:06 GMT

Connection: close

GET /cache_policy.mrdj HTTP/1.1

Host: xml.binupdate.mail.ru

Accept: */*

Connection: close

HTTP/1.1 503 Service Temporarily Unavailable

Server: nginx

Date: Thu, 31 Mar 2016 23:39:06 GMT

Content-Type: text/html

Content-Length: 206

Connection: close
<html>..<head><title>503 Service Temporarily Unavail
able</title></head>..<body bgcolor="white">..<cen
ter><h1>503 Service Temporarily Unavailable</h1></ce
nter>..<hr><center>nginx</center>..</body>.
.</html>....

GET /cache_policy.mrdj HTTP/1.1

Host: xml.binupdate.mail.ru

Accept: */*

Connection: close

HTTP/1.1 503 Service Temporarily Unavailable

Server: nginx

Date: Thu, 31 Mar 2016 23:39:06 GMT

Content-Type: text/html

Content-Length: 206

Connection: close
<html>..<head><title>503 Service Temporarily Unavail
able</title></head>..<body bgcolor="white">..<cen
ter><h1>503 Service Temporarily Unavailable</h1></ce
nter>..<hr><center>nginx</center>..</body>.
.</html>....

GET /update/2/version.txt?type=mru_install_service&GUID={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&rfr=&tool=mrupdater&masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=6&elapsed_time=1&mr_service=0 HTTP/1.1

Host: mrds.mail.ru

Accept: */*

User-Agent: FULLSTUFF

Connection: close

HTTP/1.1 204 No Content

Server: nginx

Date: Thu, 31 Mar 2016 23:39:06 GMT

Connection: close

GET /mailru/callback?type=mailru_amigo&zone=ua&guid={C14D3F14-BAD5-4AAA-AD3A-646154765CED}&ovr=0&aux=7134 HTTP/1.1

User-Agent: Amigo Setup

Host: fiak.theirry.ru

Cache-Control: no-cache

HTTP/1.1 200 OK

Server: nginx/1.4.2

Date: Thu, 31 Mar 2016 23:39:02 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.4.17
0..HTTP/1.1 200 OK..Server: nginx/1.4.2..Date: Thu, 31 Mar 2016 23:39:
02 GMT..Content-Type: text/html; charset=utf-8..Transfer-Encoding: chu
nked..Connection: keep-alive..X-Powered-By: PHP/5.4.17..0..

GET /tasks.mrdj?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=8&elapsed_time=8&mr_service=0 HTTP/1.1

Host: xml.binupdate.mail.ru

Accept: */*

User-Agent: RemoteConfigFetcher

Connection: close

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 31 Mar 2016 23:39:14 GMT

Content-Type: application/x-mrd

Connection: close

Content-Transfer-Encoding: 8bit

Content-Length: 9681
d..>O{jsd4/4h...-uO:8K?L60(0E71-..~...{~..t.w.t..m.imnT...^.* (.:0&
lt;~az-*"3y^Z[Xr=;#%/[email protected].......=........
......................................................................
...................................................~wqnn4z|y{t}.<ce
 ibShb.jjYge`i/7E.7523D2>?H.9;8.T....n.j.....a....oq.cimzocd..f.z}u
y.7krg=OMJKc%.._F[....Z.}z{S.....IPIYWJomjkC..........................
......................................................................
................................ .1....:dsgbzqtO.|dcyc}q%<%pqwd,574
[email protected].."./,.`WRT03.=);4 ulu/Y[XYFl.$.)"."*$=axaquwtu.ppq.
Z.}zP.4,  ]R( E&$SUNVY&...............................................
......................................................................
........../'/1/#/-:. VQ?PQ>KI4NHKK?Cx&9"z.674.^TX...AFFW.:&'$.Y_GAC
......*VWT~(? .>50.# 8?='95ipi<53 hIKHI]....XCXU.......Mdde.Fcan
D.T&&SS...............................................................
................................................................=]hoou
tHvdty`0 0t..... KocfoGgmaF....001>K?=:O.:&'.W...i.........si.kjt.n
bey.bh.~{u..xz.:d.d8HHIv\...XCX...._xxyfL.....J]FTTOhhi...............
......................................................................
..........................................?/-0....5epfe{ruP~.edx`|~$?$
wpte.4452.MAGS....^^JZDAN.#!.[..* .[.....j.`z.mma.eh~.`u.s{e...rpuwx9H
HE.XCX.||}zP...LWL.....JomjkC.........................................
..................................................................
<<< skipped >>>

GET /audit_config.mrdj HTTP/1.1

Host: xml.binupdate.mail.ru

Accept: */*

User-Agent: RemoteConfigFetcher

Connection: close

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 31 Mar 2016 23:39:06 GMT

Content-Type: application/x-mrd

Connection: close

Content-Transfer-Encoding: 8bit

Content-Length: 43
d.=<;:;[.sv.`Fx}jGcxnx.iku'$9"Z3........j<H..

GET /tasks/ext_settings.mrdj?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=8&elapsed_time=8&mr_service=1 HTTP/1.1

Host: xml.binupdate.mail.ru

Accept: */*

User-Agent: RemoteConfigFetcher

Connection: close

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 31 Mar 2016 23:39:13 GMT

Content-Type: application/x-mrd

Connection: close

Content-Transfer-Encoding: 8bit

Content-Length: 30559
d..>Zvu[.dzyzg|c-.7,p...%C}pAn`cTrTOO....m?=:;.RKCGMLNJXL@UAAC@F9.&
lt;:59>3;3<>29>rcDDEBh()&'$&  ,/......................KDmo
lmA...................................................................
...............................................................~rqlqs~
vyft|rba}lkg.'....$uhnnqb\TVLKJW[RPP[\\VYI@]EE@DM@@..) ()}46;4=;4?3829
6!8($) (:#),,!"& "$.\QvrspZ...........................................
......................................................................
..........................................9{xyv.wqt}yz`ain{mdxc`fokkik
VNZLY..2>?<.RSPQFFEBMDKFWDMTBEOM0.1,80;=3?88q~[YFGo-* (!../** 1,
...................NG``anD............................................
......................................................................
...................|t~v}}s}tprp{p|s-".... ifgdmsgmlR]ZTTU\USS^V[^VQ@GL
IIKD..,,-*.@A>?4,0842<7>=03!9&  -&-#$,' ! *cluwtuY...........
......................................................................
......................................................................
....<|}z{s.uqrwxvs|jo`mgijeahoebdfn[Y..1301.WTURXY\AFF\N@ELDI@HGGCI
8=<?343::ty^Z[Xr./,-!&  /-,"(-,'................MBgebcK............
......................................................................
......................................................rzp.t{ru{yzv{0=.
....jkhihabmsjnhTWUUY^R[Y^[[X_ZVBFCF..#!./.EBC@P0;>: 877?;?=889 &$.
"$$! /*-foHHIv\.......................................................
..................................................................
<<< skipped >>>

GET /tasks/shortcuts.mrdj?masterid={ED1F705B-FA08-45E9-A19B-A46D65D72674}&osver=xp&osbit=32&osvernum=5.1&ossp=ServicePack3&uac=0&admin=1&ver=1.17.0.150&tool=mrupdater&guid={C6F34933-94A8-4E06-9901-4A0EAF0842E1}&praetorian=0&qipguard=0&yabrman=0&360ant=0&mailru_guard=0&mailru_updater=1&comp_mem=511&tool_mem=7&elapsed_time=7&mr_service=1 HTTP/1.1

Host: xml.binupdate.mail.ru

Accept: */*

User-Agent: RemoteConfigFetcher

Connection: close

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 31 Mar 2016 23:39:13 GMT

Content-Type: application/x-mrd

Connection: close

Content-Transfer-Encoding: 8bit

Content-Length: 10483
d.=<;:;K.yg`pge@`bdor(3(|.%$#"! ...n^YV_Y_A]\\...U'..............0&
lt;>7?=zmv!&&7}Zonmlkjihgfeda.$!.1...XCX...._xQPONMLKJIHGFG)..%....
......................................................................
......................................................v{?0.:9876543210
/.-, (Kaigw}OmbaKWRRH...l<.......................,2;);4.>:0'v}.&
gt;; ?".>i.?6) 1'3o........Y...QxQPONMLKJIHGFEDCB<L.............
......................................................................
............................................l<'<@.9876543210/.-,
 *)('&'MmvdrQ[I.~BITXDPF.[TH_BB^Nvu.B^@..(...~}|{zyxwvutsr.|Enmlkjihgf
edcba`_\4...5.......!.......KRG=oDCBA@................................
.....j....d1...a/....z.....t........n....S....d.......................
....................5Q...1w~s?85.76543210/.-, *)('&%$!^].cb..gf.dk..]h
W..ruU..wrX..xHxM...,.9.....x7.2...;..b./....=....%.. XYVsXWVUTSRQPONM
LKJIHGFEF...................@:...Z....W.....P.....j.......b....|)...x.
...............................................'C...#t...<l....7X..
..1.CA@5A|..KNl..LKj..Q/(%.'&%$#"! .............BC_H\LR..@FSCWJ]..I.;.
...!....$...<.!...8.-.....l.%.. '...%,....VS\eNMLKJIHGFEDCBA@......
................Y=...U....n>....i.....c.......{....w ...q..........
...................................."D...<i...9g....2_BlFy..DDK8wOr
..M{RQ"Po..Z]}.._Ze..`...3......................KzE....#....&...>.?
...>./.....j!. ..#. 'T"...(/...-4...6NKbGFEDCBA@...................
..................................................................
<<< skipped >>>

POST /api HTTP/1.0

Connection: keep-alive

Content-Length: 187

Host: cuidu.sevential.ru

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: identity

User-Agent: Mozilla/3.0 (compatible; Indy Library)

....x.%..n.1..%g...8..A..."..l.......3.......2/.ZC.\....@w`r...]}.K?iI...<......}.../...P.\2(.*g..............pj.....!......M......7

U...etn....OXrds......y.c....u.6_.....G....`z..V.B.
HTTP/1.1 200 OK

Server: nginx/1.4.2

Date: Thu, 31 Mar 2016 23:37:58 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.17
7...x......0...^. ...n0..3|.{w.1.....U...K*..9....}.D.....$.~......

The Malware connects to the servers at the folowing location(s):

.text

`.rdata

@.data

.rsrc

@.reloc

SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>

SHA1 block transform for x86, CRYPTOGAMS by <[email protected]>

.EKSWU

DlSHA512 block transform for x86, CRYPTOGAMS by <[email protected]>

Montgomery Multiplication for x86, CRYPTOGAMS by <[email protected]>

FtPS

FTPG

FTPj

6-9'6-9'

$6.:$6.:

*?#1*?#1

>8$4,8$4,

AES for x86, CRYPTOGAMS by <[email protected]>

|$@3|$<3

Camellia for x86 by <[email protected]>

RC4 for x86, CRYPTOGAMS by <[email protected]>

<0|1<:}-

<0|9<:}5

w%s( 

8%u(j

uXj.hLj

ugj.hLj

gj.hdi

 FTPj

F\ FTP

<x%uY

><%uB

t.Jx 

;*u%C

Lj.hL

j.Yf;

_tcPVj@

.PjRW

f;F.se

?sqliu

 2 34 567

?%Y-%u

m-%du

?%H:%u

M:%Su

C:\desktop_apps\SputnikLib/log_ng.h

C:\desktop_apps\CommonFiles/url_params_common.hpp

mailru::url_params::formalize_common_params

mailru::url_params::AddWinVerInfo

mailru::url_params::AddChromeMetrics

mailru::url_params::AddToolVer

mailru::url_params::AddOtherProcessInfo

..\CommonFiles\audit\audit.cpp

..\CommonFiles\audit\audit_browsers_manager.cpp

c:\desktop_apps\commonfiles\audit\audit_browsers_manager.h

ReportTime

..\CommonFiles\audit\audit_browser_settings.cpp

mailru::AuditBrowserSettings::MakeReport

) report successfully done

Make report failed

mailru::AuditBrowserSettings::ScheduleReportCheck

mailru::AuditBrowserSettings::CollectReportInfo

mailru::AuditBrowserSettings::CheckReport

error report structer

..\CommonFiles\audit\audit_google_chrome.cpp

mailru::AuditGoogleChrome::CheckerHomepageCh::RestoreChild

mailru::AuditGoogleChrome::CheckerDefaultSearchCh::RestoreChild

mailru::AuditGoogleChrome::CheckerVbmCh::RestoreChild

:Incorrect key length

Unable to read chrome blocklist

Chrome blocklist file is not valid

chrome blocklist contains unsupported elements

..\CommonFiles\chrome-safe-browsing.cpp

mailru::chromium::ChromeSafeBrowsing::ReadSafeBrowsingFile

shard_header.add_prefix_count > kMaxAddSubChunksCount

Unable to open "%s" for writing

RegCreateKeyTransactedW

C:\desktop_apps\SputnikLib/reg_key.hpp

startup_urls

urls_to_restore_on_startup

..\commonfiles\chromiums.cpp

Chrome

RegOpenKeyTransactedW

RegDeleteKeyTransactedW

KERNEL32.DLL

boost::too_few_args: format-string referred to more arguments than were passed

boost::too_many_args: format-string referred to less arguments than were passed

%%%%-%%%%-%%%%-%%%%

C:\desktop_apps\CommonFiles/sql_lite_bind.hpp

..\CommonFiles\chromium_settings.cpp

hXXp://mail.ru

hXXp://VVV.mail.ru

browser.show_home_button

session.restore_on_startup

yandex\.ru. clid

mailru::chromium::settings::search_url

chrome_settings_overrides

search_url

template_url_data

mailru::chromium::settings::search_url_without_extensions

@MAIL.RU

suggestions_url

suggestions_url_post_params

windows-1251

keyword

mail.ru

D15371FE-C188-4E99-9841-A91F3BCBCCC3

search_terms_replacement_key

search_url_post_params

favicon_url

hXXp://go.mail.ru/favicon.ico

image_url

image_url_post_params

instant_url

instant_url_post_params

originating_url

alternate_urls

default_search_provider_data.template_url_data

suggest_url

default_search_provider.name

default_search_provider.search_url

go.mail.ru

keystore_encryption_bootstrap_token

chrome_url_overrides

chrome-extension://

extensions.settings.

hXXp://mail.ru/cnt/9824

mail.ru

mailru::chromium::settings::url_from_ext_id

extensions.known_disabled

error %s

update_url

.enabled

hXXp://xml.binupdate.mail.ru/amigo/check_policy.amg?

check_policy.amg not loaded

check_policy.amg NOT decoded

check_policy.amg NOT parsed

mailru::chromium::settings::InstallExtensionFromUrlNoThrow

Disabling dse in GPO failed: %s

Looking for local GPO failed: %s

yasearch.native_comps.hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.searchName

hXXp://VVV.mail.ru/cnt/7861

hXXp://agent.mail.ru/ru/download/agent_windows/download.html?sputnik=1

hXXp://img.imgsmail.ru/r/agent/favicon.ico

hXXp://mail.ru/cnt/10445

hXXp://VVV.mail.ru/

hXXp://go.mail.ru/search?fr=ntg&q={SearchTerms}

hXXp://go.mail.ru/search?fr=ntg&q=

hXXp://m.mail.ru/cgi-bin/splash?opera=1

hXXp://VVV.mail.ru/cnt/5090

hXXp://go.mail.ru/search?q=%s&fr=ntg

@mail.ru

hXXp://suggests.go.mail.ru/ff3?q={SearchTerm}

hXXp://go.mail.ru/search_images?utf8in=1&q=%s&fr=oprtb

hXXp://go.mail.ru/favicon_images.ico

hXXp://go.mail.ru/search_video?utf8in=1&q=%s&fr=oprtb

hXXp://go.mail.ru/favicon_video.ico

hXXp://VVV.mail.ru/cnt/5091

hXXp://redir.opera.com/speeddials/mail.ru

hXXp://redir.opera.com/bookmarks/mail.ru

hXXp://go.mail.ru/search?q=%s&fr=opr11

hXXp://go.mail.ru/search?q={SearchTerms}&fr=ntg

hXXp://suggests.go.mail.ru/ff3?q={searchTerms}

hXXp://mail.ru/cnt/10226

hXXp://go.mail.ru/?pin=1

mailru::default_browser::find_executable

..\CommonFiles\default_browser.cpp

C:\desktop_apps\SputnikLib/com_scope.h

SHORTCUTS PROSEED ERROR: std exception = %s

..\commonfiles\file_util.cpp

C:\desktop_apps\3party\ticpp/ticpp.h

..\CommonFiles\firefox_settings.cpp

mailru::firefox::settings::~settings

browser.startup.homepage

Profile%d

hXXp://go.mail.ru

browser.search.selectedEngine

browser.search.defaultenginename

browser.search.defaulturl

keyword.URL

extensions.enabledAddons

mailru::firefox::settings::is_yandex_elements_intsalled

[email protected]

mailru::firefox::settings::remove_media_viewer

browser.search.suggest.enabled

browser.search.useDBForOrder

Firefox

..\CommonFiles\Firefox_visual_bookmarks.cpp

mailru::firefox::visual_bookmarks::install

mailru::firefox::visual_bookmarks::download

urn:mozilla:item:

mailru::firefox::visual_bookmarks::localstore_rdf

chrome://browser/content/browser.xul#mailru_main_toolbar

(\s*app-profile\s \{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7\}\s rel%\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7\}\s \d )\s*.*

partner_new_url

partner_online_url

hXXps://xtnmailru.cdnmail.ru/go_ffvbm1_update.rdf

chrome://vbmail.ru/skin/vb-logo.png

extensions.autoDisableScopes

extensions.shownSelectionUI

mailru::firefox::enable_visual_bookmarks::PatchExtensionSqlite

mailru::firefox::enable_visual_bookmarks::PatchExtensionIni

mailru::firefox::enable_visual_bookmarks::PatchExtensionJson

updateURL

updateKey

optionsURL

aboutURL

iconURL

icon64URL

Mail.Ru

homepageURL

hXXp://sputnik.mail.ru/

{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

mailru::firefox::enable_visual_bookmarks::is_enabled

mailru::firefox::enable_visual_bookmarks::PatchFileTime

..\CommonFiles\GPOManager.cpp

GetRegistryKey for machine failed

GetRegistryKey for user failed

?mailru::sqlite_bind::column_int64

search_id() = %s

HKEY_USERS ie search url = %s

HKEY_LOCAL_MACHINE ie search url = %s

..\CommonFiles\ie_settings.cpp

Disabling GPO restrictions failed: %s

mailru::reg_keyT<0>::check

ntdll.dll

kernel32.dll

..\CommonFiles\Install_stat.cpp

..\CommonFiles\savestate.cpp

web_data_ver

save_google_state_task::do_task error : item_in_storage.file_serialize

..\CommonFiles\shortcut_check.cpp

c:\desktop_apps\commonfiles\tasks\TaskShortcuts.h

..\CommonFiles\Tasks\RemoteTaskExecuter.cpp

mailru::RemoteTasksExecuter::InitTasks

mailru::RemoteTasksExecuter::ExecuteTask

mailru::RemoteTasksExecuter::FetchTasks

Fetching tasks.mrdj...

Fetching url =

google chrome sync_enabled

..\CommonFiles\Tasks\TaskEmulateWebStoreInstallation.cpp

ERROR google_blocked_mailru_extensions_base::ProceedExtensions std::exception %s !!!

..\CommonFiles\Tasks\TaskGoogleBlockedMailruSettings.cpp

ChromeVbmId

ChromeVbmArchive

..\CommonFiles\Tasks\TaskInstallUpdater.cpp

..\CommonFiles\Tasks\TaskInterface.cpp

..\CommonFiles\Tasks\TaskInstallUpdaterAsService.cpp

cmd_line =

..\CommonFiles\Tasks\TaskPeriodicDisableGPO.cpp

14000000000000000

..\CommonFiles\Tasks\TaskPreventSRT.cpp

mailru::TaskPreventSRT::SendReporterMetric

software_reporter

ReporterLogPattern

invalid map<K, T> key

ERROR: chrome_value is empty

..\CommonFiles\Tasks\TaskRemovePornExtensions.cpp

..\CommonFiles\Tasks\TaskRestoreFFDse.cpp

..\CommonFiles\Tasks\TaskStartGroupBlackList.cpp

mailru::TaskStartGroupBlackList::ProceedGoogleChrome

ProceedGoogleChrome patch prepared

ProceedGoogleChrome start patching

google_chrome object constructed

Google Chrome settings are synced

Google Chrome extensions are synced

TaskStartGroupBlackList::ProceedGoogleChrome failed, error =

ProceedGoogleChrome patch_util.set_was_patch(true);

mailru::TaskStartGroupBlackList::CleanUpChromeStartPages

mailru::TaskStartGroupBlackList::ProceedFirefox

ProceedFirefox is running

hXXp://go.mail.ru/?ffverfix=1&fr=ffverfix_sg

TaskStartGroupBlackList::ProceedGoogleChrome failed, er =

TaskStartGroupBlackList::ProceedGoogleChrome failed

hXXp://go.mail.ru/?ieverfix=1&fr=ieverfix_sg

..\CommonFiles\tasks\task_amigo_remove_pinned_tabs.cpp

..\CommonFiles\Tasks\task_change_sic_settings.cpp

..\CommonFiles\tasks\task_user_preferences.cpp

mailru::TaskUserPreferences::AnalyzeFirefox

hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml

hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox

Error reading yandex plugin config: %s

Error changing yandex smartbar config: %s

Error disabling yandex smartbox plugin: %s

..\CommonFiles\yandex_elements.cpp

class Json::Value *__thiscall mailru::YandexElements::FindSettingInStateConfig(class Json::Value &,const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &,const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &) const

Error reading yandex config setting "%s": %s

browser.uiCustomization.state

Error enabling standard search panel: %s

guid_manager.cpp

installer.cpp

mailru::reg_keyT<0>::throw_on_error

main.cpp

Started with cmd line

c:\desktop_apps\mailruupdater\concrete_update_task.hpp

self_update_task.cpp

SendBrowsersStatistic.cpp

c:\desktop_apps\mailruupdater\SendBrowsersStatistic.h

updater::SendBrowsersStastic::BrowserData<class mailru::chromium::settings_amigo>::getDSEurl

updater::SendBrowsersStastic::BrowserData<class mailru::chromium::settings_mail>::getDSEurl

updater::SendBrowsersStastic::BrowserData<class mailru::chromium::settings_google>::getDSEurl

service.cpp

asio.misc

asio.misc error

C:\desktop_apps\3party\boost_1_56_0\boost/exception/detail/exception_ptr.hpp

update_info.cpp

fetch_url

Program fetch url

md5 fetch url

cmd_line

util.cpp

updater::Util::SaveChromeStateTask

SHA-256 part of OpenSSL 1.0.0g 18 Jan 2012

len>=0 && len<=(int)sizeof(ctx->key)

j <= (int)sizeof(ctx->key)

SHA1 part of OpenSSL 1.0.0g 18 Jan 2012

SHA-512 part of OpenSSL 1.0.0g 18 Jan 2012

ssl_sess_cert

ssl_cert

evp_pkey

x509_pkey

%s(%d): OpenSSL internal error, assertion failed: %s

RSA part of OpenSSL 1.0.0g 18 Jan 2012

supportedAlgorithms

crossCertificatePair

certificateRevocationList

cACertificate

userCertificate

userPassword

supportedApplicationContext

Microsoft Local Key set

LocalKeySet

id-Gost28147-89-None-KeyMeshing

id-Gost28147-89-CryptoPro-KeyMeshing

password based MAC

id-PasswordBasedMAC

X509v3 Certificate Issuer

certificateIssuer

certicom-arc

Proxy Certificate Information

proxyCertInfo

Microsoft Smartcardlogin

msSmartcardLogin

joint-iso-itu-t

JOINT-ISO-ITU-T

set-rootKeyThumb

setAttr-Cert

setCext-cCertRequired

setCext-certType

setct-CertResTBE

setct-CertReqTBEX

setct-CertReqTBE

setct-AcqCardCodeMsgTBE

setct-CertInqReqTBS

setct-CertResData

setct-CertReqTBS

setct-CertReqData

setct-PCertResTBS

setct-PCertReqData

setct-AcqCardCodeMsg

certificate extensions

set-certExt

set-msgExt

id-ecPublicKey

id-cmc-confirmCertAcceptance

id-cmc-getCert

id-regInfo-certReq

id-regCtrl-protocolEncrKey

id-regCtrl-oldCertID

id-it-revPassphrase

id-it-keyPairParamRep

id-it-keyPairParamReq

id-it-unsupportedOIDs

id-it-caKeyUpdateInfo

id-it-encKeyPairTypes

id-it-signKeyPairTypes

id-it-caProtEncCert

id-mod-attribute-cert

id-mod-qualified-cert-93

id-mod-qualified-cert-88

id-smime-aa-ets-certCRLTimestamp

id-smime-aa-ets-certValues

id-smime-aa-ets-CertificateRefs

id-smime-aa-ets-otherSigCert

id-smime-aa-smimeEncryptCerts

id-smime-aa-signingCertificate

id-smime-aa-encrypKeyPref

id-smime-aa-msgSigDigest

id-smime-ct-publishCert

id-smime-mod-msg-v3

sdsiCertificate

x509Certificate

localKeyID

certBag

pkcs8ShroudedKeyBag

keyBag

pbeWithSHA1And2-KeyTripleDES-CBC

pbeWithSHA1And3-KeyTripleDES-CBC

TLS Web Client Authentication

TLS Web Server Authentication

X509v3 Extended Key Usage

extendedKeyUsage

X509v3 Authority Key Identifier

authorityKeyIdentifier

X509v3 Certificate Policies

certificatePolicies

X509v3 Private Key Usage Period

privateKeyUsagePeriod

X509v3 Key Usage

keyUsage

X509v3 Subject Key Identifier

subjectKeyIdentifier

Netscape Certificate Sequence

nsCertSequence

Netscape CA Policy Url

nsCaPolicyUrl

Netscape Renewal Url

nsRenewalUrl

Netscape CA Revocation Url

nsCaRevocationUrl

Netscape Revocation Url

nsRevocationUrl

Netscape Base Url

nsBaseUrl

Netscape Cert Type

nsCertType

Netscape Certificate Extension

nsCertExt

extendedCertificateAttributes

challengePassword

dhKeyAgreement

passed a null parameter

DSO support routines

x509 certificate routines

error:lX:%s:%s:%s

Stack part of OpenSSL 1.0.0g 18 Jan 2012

Big Number part of OpenSSL 1.0.0g 18 Jan 2012

lhash part of OpenSSL 1.0.0g 18 Jan 2012

ASN.1 part of OpenSSL 1.0.0g 18 Jan 2012

hexkey

rsa_keygen_pubexp

rsa_keygen_bits

RAND part of OpenSSL 1.0.0g 18 Jan 2012

You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html

keylen <= sizeof key

EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)

%d.%d.%d.%d

EC part of OpenSSL 1.0.0g 18 Jan 2012

ECDSA part of OpenSSL 1.0.0g 18 Jan 2012

.\crypto\ec\ec_key.c

DSA part of OpenSSL 1.0.0g 18 Jan 2012

Diffie-Hellman part of OpenSSL 1.0.0g 18 Jan 2012

.\crypto\dh\dh_key.c

value.single

value.set

USER32.DLL

NETAPI32.DLL

ADVAPI32.DLL

keylength

keyfunc

EVP part of OpenSSL 1.0.0g 18 Jan 2012

.\crypto\pkcs12\p12_key.c

d.registeredID

d.iPAddress

d.uniformResourceIdentifier

d.ediPartyName

d.directoryName

d.dNSName

d.rfc822Name

d.otherName

ECDH part of OpenSSL 1.0.0g 18 Jan 2012

priv_key

pub_key

%'%1$=%C%K%O%s%

.%.-.3.7.9.?.W.[.o.y.

C%C'C3C7C9COCWCiC

%s: (%d bit)

Public-Key

Private-Key

recommended-private-length: %d bits

public-key:

private-key:

PKCS#3 DH Public-Key

PKCS#3 DH Private-Key

Public-Key: (%d bit)

Private-Key: (%d bit)

<unsupported>

IP Address:%d.%d.%d.%d

URI:%s

DNS:%s

email:%s

EdiPartyName:<unsupported>

X400Name:<unsupported>

othername:<unsupported>

/usr/local/ssl/certs

/usr/local/ssl/cert.pem

SSL_CERT_DIR

SSL_CERT_FILE

CONF part of OpenSSL 1.0.0g 18 Jan 2012

X509_PUBKEY

public_key

.\crypto\asn1\x_pubkey.c

name.relativename

name.fullname

certificateHold

Certificate Hold

cessationOfOperation

Cessation Of Operation

keyCompromise

Key Compromise

%*s%s:

%*sOnly Attribute Certificates

%*sOnly CA Certificates

%*sOnly User Certificates

%d.%d.%d.%d/%d.%d.%d.%d

%*sPolicy Text: %s

%*scrlUrl:

EXTENDED_KEY_USAGE

%*sZone: %s, User:

keyid

.\crypto\x509v3\v3_akey.c

d.usernotice

d.cpsuri

d.other

CERTIFICATEPOLICIES

%*sExplicit Text: %s

%*sNumber%s:

%*sOrganization: %s

%*sCPS: %s

PKEY_USAGE_PERIOD

keyCertSign

Certificate Sign

keyAgreement

Key Agreement

keyEncipherment

Key Encipherment

.\crypto\x509v3\v3_skey.c

pubkey

EC_PRIVATEKEY

publicKey

privateKey

value.implicitlyCA

value.parameters

value.named_curve

p.char_two

p.prime

p.ppBasis

p.tpBasis

p.onBasis

p.other

PKCS8_PRIV_KEY_INFO

pkey

pkeyalg

x%s

Basis Type: %s

Field Type: %s

ASN1 OID: %s

%s %s%lu (%s0x%lx)

value.bag

value.safes

value.shkeybag

value.keybag

value.sdsicert

value.x509cert

value.other

cert_info

\X

'() ,-./:=?

CONF_def part of OpenSSL 1.0.0g 18 Jan 2012

[[%s]]

[%s] %s=%s

MD5 part of OpenSSL 1.0.0g 18 Jan 2012

PROXY_CERT_INFO_EXTENSION

crlUrl

certStatus

certId

OCSP_CERTSTATUS

value.unknown

value.revoked

value.good

value.byKey

value.byName

reqCert

OCSP_CERTID

issuerKeyHash

certs

%s - d:d:d%.*s %d%s

AUTHORITY_KEYID

enc_key

key_enc_algor

cert

d.encrypted

d.digest

d.signed_and_enveloped

d.enveloped

d.sign

d.data

.\crypto\evp\evp_pkey.c

d.receiptList

d.allOrFirstTier

d.compressedData

d.authenticatedData

d.encryptedData

d.digestedData

d.envelopedData

d.signedData

d.ori

d.pwri

d.kekri

d.kari

d.ktri

CMS_PasswordRecipientInfo

keyDerivationAlgorithm

keyIdentifier

CMS_KeyAgreeRecipientInfo

recipientEncryptedKeys

CMS_OriginatorIdentifierOrKey

d.originatorKey

CMS_OriginatorPublicKey

CMS_RecipientEncryptedKey

CMS_KeyAgreeRecipientIdentifier

d.rKeyId

CMS_RecipientKeyIdentifier

CMS_OtherKeyAttribute

keyAttr

keyAttrId

CMS_KeyTransRecipientInfo

encryptedKey

keyEncryptionAlgorithm

certificates

d.crl

d.subjectKeyIdentifier

d.issuerAndSerialNumber

CMS_CertificateChoices

d.v2AttrCert

d.v1AttrCert

d.extendedCertificate

d.certificate

CMS_OtherCertificateFormat

otherCert

otherCertFormat

X.509 part of OpenSSL 1.0.0g 18 Jan 2012

OPENSSL_ALLOW_PROXY_CERTS

X509_CERT_PAIR

X509_CERT_AUX

%s.dll

%lu:%s:%s:%d:%s

ddddddZ

ddddddZ

PEM part of OpenSSL 1.0.0g 18 Jan 2012

phrase is too short, needs to be at least %d chars

Enter PEM pass phrase:

TRUSTED CERTIFICATE

CERTIFICATE REQUEST

NEW CERTIFICATE REQUEST

CERTIFICATE

X509 CERTIFICATE

PRIVATE KEY

ENCRYPTED PRIVATE KEY

ANY PRIVATE KEY

.\crypto\evp\evp_key.c

nkey <= EVP_MAX_KEY_LENGTH

?456789:;<=

!"#$%&'()* ,-./0123

Verifying - %s

D:\Libs\opencv\sources\modules\core\include\opencv2/core/mat.inl.hpp

D:\Libs\opencv\sources\modules\imgproc\src\templmatch.cpp

img.dims <= 2 && templ.dims <= 2 && corr.dims <= 2

corrsize.height <= img.rows   templ.rows - 1 && corrsize.width <= img.cols   templ.cols - 1

(depth == CV_8U || depth == CV_32F) && type == _templ.type() && _img.dims() <= 2

_img.size().height <= _templ.size().height && _img.size().width <= _templ.size().width

D:\Libs\opencv\sources\modules\imgproc\src\sumpixels.cpp

D:\Libs\opencv\sources\modules\core\src\alloc.cpp

D:\Libs\opencv\sources\modules\core\src\matrix.cpp

m.dims >= 2

0 <= _rowRange.start && _rowRange.start <= _rowRange.end && _rowRange.end <= m.rows

0 <= _colRange.start && _colRange.start <= _colRange.end && _colRange.end <= m.cols

m.dims <= 2

0 <= roi.x && 0 <= roi.width && roi.x   roi.width <= m.cols && 0 <= roi.y && 0 <= roi.height && roi.y   roi.height <= m.rows

r == Range::all() || (0 <= r.start && r.start < r.end && r.end <= m.size[i])

COI is not supported by the function

0 <= i && i < (int)vv.size()

0 <= i && i < (int)v.size()

Unknown/unsupported array type

i < (int)vv.size()

(size_t)i < vv.size()

!fixedSize() || ((Mat*)obj)->size.operator()() == _sz

!fixedSize() || ((UMat*)obj)->size.operator()() == _sz

!fixedSize() || ((Mat*)obj)->size.operator()() == Size(_cols, _rows)

!fixedSize() || ((UMat*)obj)->size.operator()() == Size(_cols, _rows)

CV_MAT_TYPE(mtype) == m.type()

m.dims == d

m.size[j] == sizes[j]

d == 2 && ((sizes[0] == sz.height && sizes[1] == sz.width) || (allowTransposed && sizes[0] == sz.width && sizes[1] == sz.height))

!fixedSize() || len == vv.size()

Vectors with element size %d are not supported. Please, modify OutputArray::create()

v[j].empty()

i < (int)v.size()

checkScalar(value, type(), arr.kind(), _InputArray::CUDA_GPU_MAT)

_m.dims() <= 2

_src.dims() <= 2 && esz <= 32

src.size() == dst.size() && (src.cols == 1 || src.rows == 1)

dst.cols == dst.rows

m.dims <= 2 && m.rows == m.cols

_src.dims() <= 2

A.size == arrays[i0]->size

A.step[d-1] == A.elemSize()

%s:%d: error: (%d) %s in function %s

%s:%d: error: (%d) %s

OpenCV Error: %s (%s) in %s, file %s, line %d

Inplace operation is not supported

Input image depth is not supported by function

Unsupported format or combination of formats

Input COI is not supported

No CUDA support

No OpenGL support

Unknown %s code %d

D:\Libs\opencv\sources\modules\core\src\system.cpp

tlsKey != TLS_OUT_OF_INDEXES

cv::TLSContainerStorage::releaseKey

key_ >= 0

D:\Libs\opencv\sources\modules\core\src\convert.cpp

j < nsrcs && src[j].depth() == depth

i1 >= 0 && j < ndsts && dst[j].depth() == depth

D:\Libs\opencv\sources\modules\core\src\copy.cpp

mask.depth() == CV_8U && (mcn == 1 || mcn == cn)

size() == mask.size()

checkScalar(value, type(), _value.kind(), _InputArray::MAT )

mask.empty() || (mask.type() == CV_8U && size == mask.size)

Unknown/unsupported border type

src.depth() == dst.depth() && src.size == dst.size

(coi1 != 0 || src.channels() == 1) && (coi2 != 0 || dst.channels() == 1)

src.channels() == dst.channels()

D:\Libs\opencv\sources\modules\core\src\matop.cpp

CV_MAT_CN(_type) == e.a.channels()

Unknown operation

D:\Libs\opencv\sources\modules\core\src\arithm.cpp

The operation is neither 'array op array' (where arrays have the same size and type), nor 'array op scalar', nor 'scalar op array'

(mtype == CV_8U || mtype == CV_8S) && _mask.sameSize(*psrc1)

The operation is neither 'array op array' (where arrays have the same size and the same number of channels), nor 'array op scalar', nor 'scalar op array'

type2 == CV_64F && (sz2.height == 1 || sz2.height == 4)

(mtype == CV_8UC1 || mtype == CV_8SC1) && _mask.sameSize(*psrc1)

The operation is neither 'array op array' (where arrays have the same size and the same type), nor 'array op scalar', nor 'scalar op array'

D:\Libs\opencv\sources\modules\core\src\stat.cpp

mask.empty() || mask.type() == CV_8U

mask.empty() || mask.type() == CV_8UC1

dst.type() == CV_64F && dst.isContinuous() && (dst.cols == 1 || dst.rows == 1) && dcn >= cn

D:\Libs\opencv\sources\modules\core\src\mathfuncs.cpp

!)>D:\Libs\opencv\sources\modules\core\src\dxt.cpp

type == srcB.type() && srcA.size() == srcB.size()

D:\Libs\opencv\sources\modules\core\src\umatrix.cpp

D:\Libs\opencv\sources\modules\core\src\array.cpp

_dst.data == data0

NULL array pointer is passed

Unrecognized or unsupported array type

unrecognized or unsupported array type

Only continuous nD arrays are supported here

Unsupported format

rect.width >= 0 && rect.height >= 0 && rect.x < image->width && rect.y < image->height && rect.x   rect.width >= (int)(rect.width > 0) && rect.y   rect.height >= (int)(rect.height > 0)

D:\Libs\opencv\sources\modules\core\src\datastructs.cpp

D:\Libs\opencv\sources\modules\core\include\opencv2/core/private.cuda.hpp

The library is compiled without CUDA support

D:\Libs\opencv\sources\modules\core\src\opengl.cpp

The library is compiled without OpenGL support

OpenCL.dll

D:\Libs\opencv\sources\modules\core\src\matmul.cpp

type == B.type() && (type == CV_32FC1 || type == CV_64FC1 || type == CV_32FC2 || type == CV_64FC2)

a_size.width == len

a_size.height == len

C.type() == type && (((flags&GEMM_3_T) == 0 && C.rows == d_size.height && C.cols == d_size.width) || ((flags&GEMM_3_T) != 0 && C.rows == d_size.width && C.cols == d_size.height))

type == _src2.type()

src1.size == src2.size

src.channels() == 1

delta.channels() == 1 && (delta.rows == src.rows || delta.rows == 1) && (delta.cols == src.cols || delta.cols == 1)

D:\Libs\opencv\sources\modules\core\src\lapack.cpp

type == _src2.type() && (type == CV_32F || type == CV_64F)

(method != DECOMP_LU && method != DECOMP_CHOLESKY) || is_normal || src.rows == src.cols

src.rows == src.cols

w.type() == u.type() && u.type() == vt.type() && u.data && vt.data && w.data

u.cols >= nm && vt.rows >= nm && (w.size() == Size(nm, 1) || w.size() == Size(1, nm) || w.size() == Size(vt.rows, u.cols))

rhs.data == 0 || (rhs.type() == type && rhs.rows == m)

D:\Libs\opencv\sources\modules\core\src\persistence.cpp

-.Inf

An attempt to add element without a key to a map, or add element with key to sequence

The key is an empty

The key is too long

Key must start with a letter or _

Key names may only contain alphanumeric characters [a-zA-Z0-9], '-', '_' and ' '

Key should start with a letter or _

Key name may only contain alphanumeric characters [a-zA-Z0-9], '-' and '_'

elements with keys can not be written to sequence

Images with planar data layout are not supported

2if%s

ß%s

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

0123456789-

%b %d %H : %M : %S %Y

%m / %d / %y

%I : %M : %S %p

%d / %m / %y

The repeat operator "*" cannot start a regular expression.

The repeat operator "?" cannot start a regular expression.

The repeat operator " " cannot start a regular expression.

Found a closing repetition operator } with no corresponding {.

Can't terminate a sub-expression with an alternation operator |.

The \c and \C escape sequences are not supported by POSIX basic regular expressions: try the Perl syntax instead.

A regular expression can start with the alternation operator |.

Invalid alternation operators within (?...) block.

More than one alternation operator | was encountered inside a conditional expression.

Alternation operators are not allowed inside a DEFINE block.

A repetition operator cannot be applied to a zero-width assertion.

left-curly-bracket

right-curly-bracket

0123456789

Unmatched quantified repeat operator { or \{.

Invalid preceding regular expression prior to repetition operator.

boost::filesystem::directory_iterator::operator  

boost thread: trying joining itself

Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag

libs\log\src\code_conversion.cpp

libs\log\src\global_logger_storage.cpp

libs\log\src\attribute_name.cpp

[u-u-u u:u:u.u] [%s] %s %s

[u-u-u u:u:u.u] [%s] %s %ls

libs\log\src\thread_specific.cpp

Resource.cpp

%Y-%m-%d %H:%M:%S

en_US.UTF-8

log_ng.cpp

mailru::log_ng::ExecutionTimeLogger::~ExecutionTimeLogger

is_admin.cpp

c:\desktop_apps\sputniklib\auto_handle.hpp

process_enumerate.cpp

GetModuleFileNameEx succeed %s

Path.cpp

remote_config.cpp

string.cpp

version_info.cpp

AccountInfo.cpp

mailru::sqlite::database::database

sqlite.cpp

<>"#%{}|\^~[] ?&@=:,

hXXp://

hXXps://

process_util.cpp

unzip.cpp

filesystem_utils.cpp

mailru::firefox_js_core::load_prefs_js

firefox_js.cpp

!"#$%&'(

)* ,-./0123

encryption.cpp

testing_env.cpp

SessionsInfo.cpp

mailru::WaitForUserLogIn

Suggest URL

mailru::opera::searchini::save

opera_searchini.cpp

sync_objects.cpp

uninstall_manager.cpp

mailru::url_parser::init

url_parser.cpp

system_info\system_info_collector.cpp

crash_handler.cpp

shortcut.cpp

thread.entry_event

thread.exit_event

mailru::http::request_headers::get_header

C:\desktop_apps\SputnikLib/http_downloader.h

HTTP/1.1

^HTTP/1.1 (\d ) (. )

mailru::http::response_headers::response_headers

mailru::http::response_headers::get_file_time

http_downloader.cpp

mailru::http::downloader_impl::connection_data_file::~connection_data_file

mailru::http::downloader_impl::handle_read_headers

mailru::http::raw::downloader::fetch_file_attributes

HTTP error %2%: %3%

mailru::http::fetch_wstring_via_tempfile

system_info\system_info.cpp

s-sputnik.mail.ru

hXXps://VVV.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.pem

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

255.255.255.255

asio.ssl

asio.ssl error

add_certificate_authority

https

HTTP error:

caching_policy.cpp

task_scheduler.cpp

Line %d, Column %d

Visual C   CRT: Not enough memory to complete call to strerror.

%S#[k

?#%X.y

MaxPolicyElementKey

Operation not permitted

Inappropriate I/O control operation

Broken pipe

operator

GetProcessWindowStation

pExecutionResource

SQLite format 3

3.7.11

REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY

CREATE TABLE sqlite_master(

sql text

CREATE TEMP TABLE sqlite_temp_master(

foreign_keys

sqlite_rename_table

sqlite_rename_trigger

sqlite_rename_parent

sqlite_stat1

SQL logic error or missing database

unknown operation

large file support is disabled

RowKey

sqlite_detach

sqlite_attach

sqlite_version

sqlite_source_id

sqlite_log

sqlite_compileoption_used

sqlite_compileoption_get

SQLITE_

d-d-d d:d:d

d:d:d

d-d-d

failed to allocate %u bytes of memory

failed memory resize %u to %u bytes

922337203685477580

API call with %s database connection pointer

OsError 0x%x (%u)

os_win.c:%d: (%d) %s(%s) - %s

delayed %dms for lock/sharing conflict

%s-shm

%s\etilqs_

Recovered %d frames from WAL file %s

cannot limit WAL size: %s

invalid page number %d

2nd reference to page %d

Failed to read ptrmap key=%d

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

%d of %d pages missing from overflow list starting at %d

failed to get page %d

freelist leaf count too big on page %d

Page %d:

unable to get the page. error code=%d

btreeInitPage() returns error code %d

On tree page %d cell %d:

On page %d at right child:

Corruption detected in cell %d on page %d

Multiple uses for byte %d of page %d

Fragmentation of %d bytes reported as %d on page %d

Page %d is never used

Pointer map page %d is referenced

Outstanding page count goes from %d to %d during this analysis

unknown database %s

keyinfo(%d

%s(%d)

%s-mjXXXXXX9XXz

MJ delete: %s

MJ collide: %s

-mjX9X

foreign key constraint failed

unable to use function %s in the requested context

bind on a busy prepared statement: [%s]

zeroblob(%d)

abort at %d in [%s]: %s

constraint failed at %d in [%s]

cannot open savepoint - SQL statements in progress

no such savepoint: %s

cannot release savepoint - SQL statements in progress

cannot commit transaction - SQL statements in progress

sqlite_temp_master

sqlite_master

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid

cannot change %s wal mode from within a transaction

database table is locked: %s

statement aborts at %d: [%s] %s

cannot open value of type %s

cannot open virtual table: %s

cannot open view: %s

no such column: "%s"

foreign key

indexed

cannot open %s column for writing

misuse of aliased aggregate %s

%s: %s.%s.%s

%s: %s.%s

%s: %s

not authorized to use function: %s

%r %s BY term out of range - should be between 1 and %d

too many terms in %s BY clause

Expression tree is too large (maximum depth %d)

variable number must be between ?1 and ?%d

too many SQL variables

too many columns in %s

EXECUTE %s%s SUBQUERY %d

misuse of aggregate: %s()

%.*s"%w"%s

%s%.*s"%w"

%s OR name=%Q

type='trigger' AND (%s)

sqlite_

table %s may not be altered

there is already another table or index with this name: %s

view %s may not be altered

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

sqlite_sequence

UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

Cannot add a PRIMARY KEY column

UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q

sqlite_altertab_%s

CREATE TABLE %Q.%s(%s)

DELETE FROM %Q.%s WHERE %s=%Q

SELECT tbl,idx,stat FROM %Q.sqlite_stat1

invalid name: "%s"

too many attached databases - max %d

database %s is already in use

unable to open database: %s

no such database: %s

cannot detach database %s

database %s is locked

%s %T cannot reference objects in database %s

access to %s.%s.%s is prohibited

access to %s.%s is prohibited

object name reserved for internal use: %s

there is already an index named %s

too many columns on %s

duplicate column name: %s

default value of column [%s] is not constant

table "%s" has more than one primary key

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

no such collation sequence: %s

CREATE %s %.*s

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d

CREATE TABLE %Q.sqlite_sequence(name,seq)

view %s is circularly defined

UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d

sqlite_stat%d

DELETE FROM %Q.sqlite_sequence WHERE name=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

sqlite_stat

table %s may not be dropped

use DROP TABLE to delete table %s

use DROP VIEW to delete view %s

foreign key on %s should reference only one column of table %T

number of columns in foreign key does not match the number of columns in the referenced table

unknown column "%s" in foreign key definition

indexed columns are not unique

table %s may not be indexed

views may not be indexed

virtual tables may not be indexed

there is already a table named %s

index %s already exists

sqlite_autoindex_%s_%d

table %s has no column named %s

CREATE%s INDEX %.*s

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);

no such index: %S

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

DELETE FROM %Q.%s WHERE name=%Q AND type='index'

a JOIN clause is required before %s

unable to identify the object to be reindexed

table %s may not be modified

cannot modify %s because it is a view

foreign key mismatch

table %S has %d columns but %d values were supplied

%d values for %d columns

table %S has no column named %s

%s.%s may not be NULL

PRIMARY KEY must be unique

sqlite3_extension_init

unable to open shared library [%s]

no entry point [%s] in shared library [%s]

error during initialization: %s

automatic extension loading failed: %s

foreign_key_list

*** in database %s ***

unsupported encoding: %s

malformed database schema (%s)

%s - %s

unsupported file format

SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid

database schema is locked: %s

unknown or unsupported join type: %T %T%s%T

RIGHT and FULL OUTER JOINs are not currently supported

a NATURAL join may not have an ON or USING clause

cannot have both ON and USING clauses in the same join

cannot join using column %s - column not present in both tables

USE TEMP B-TREE FOR %s

COMPOUND SUBQUERIES %d AND %d %s(%s)

%s.%s

%s:%d

ORDER BY clause should come after %s not before

LIMIT clause should come after %s not before

SELECTs to the left and right of %s do not have the same number of result columns

no such index: %s

sqlite_subquery_%p_

no such table: %s

SCAN TABLE %s %s%s(~%d rows)

sqlite3_get_table() called with two or more incompatible queries

cannot create %s trigger on view: %S

cannot create INSTEAD OF trigger on table: %S

INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')

no such trigger: %S

-- TRIGGER %s

no such column: %s

cannot VACUUM - SQL statements in progress

PRAGMA vacuum_db.synchronous=OFF

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d

vtable constructor failed: %s

vtable constructor did not declare schema: %s

no such module: %s

table %s: xBestIndex returned an invalid plan

%s SUBQUERY %d

%s TABLE %s

%s AS %s

%s USING %s%sINDEX%s%s%s

%s USING INTEGER PRIMARY KEY

%s (rowid=?)

%s (rowid>? AND rowid<?)

%s (rowid>?)

%s (rowid<?)

%s VIRTUAL TABLE INDEX %d:%s

%s (~%lld rows)

at most %d tables in a join

cannot use index: %s

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

unable to close due to unfinished backup operation

unknown database: %s

no such %s mode: %s

%s mode not allowed: %s

no such vfs: %s

database corruption at line %d of [%.10s]

misuse at line %d of [%.10s]

cannot open file at line %d of [%.10s]

c:\desktop_apps\3party\ticpp\ticpp.h

ticpp.cpp

Type is unsupported

&#xX;

</%s>

%s="%s"

%s='%s'

<!--%s-->

<![CDATA[%s]]>

version="%s"

encoding="%s"

standalone="%s"

type="%s"

href="%s"

unsupported version

.UTF-8

.windows-

windows1250

windows1251

windows1252

windows1253

windows1254

windows1255

windows1256

windows1257

windows874

windows932

windows936

Invalid or unsupported charset:

1.2.5

<fd:%d>

deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler

inflate 1.2.5 Copyright 1995-2010 Mark Adler

RSA PRIVATE KEY

PUBLIC KEY

DSA PRIVATE KEY

EC PRIVATE KEY

NETSCAPE_CERT_SEQUENCE

RIPE-MD160 part of OpenSSL 1.0.0g 18 Jan 2012

SHA part of OpenSSL 1.0.0g 18 Jan 2012

MD4 part of OpenSSL 1.0.0g 18 Jan 2012

CAST part of OpenSSL 1.0.0g 18 Jan 2012

Blowfish part of OpenSSL 1.0.0g 18 Jan 2012

:RC2 part of OpenSSL 1.0.0g 18 Jan 2012

.pp@0

aEÐ

 (#EÚ

ÚE<<0

IDEA part of OpenSSL 1.0.0g 18 Jan 2012

libdes part of OpenSSL 1.0.0g 18 Jan 2012

DES part of OpenSSL 1.0.0g 18 Jan 2012

3OpenSSL 1.0.0g 18 Jan 2012

GOST signature length is %d

.\ssl\ssl_cert.c

%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s

EXPORT56

EXPORT40

EXPORT

wrong number of key bits

unsupported status type

unsupported ssl version

unsupported protocol

unsupported elliptic curve

unsupported digest type

unsupported compression algorithm

unsupported cipher

unknown pkey type

unknown key exchange type

unknown certificate type

unable to find public key parameters

unable to extract public key

unable to decode ecdh certs

unable to decode dh certs

tried to use unsupported cipher

tls peer did not respond with certificate list

tls client cert req with anon cipher

tlsv1 unsupported extension

tlsv1 certificate unobtainable

tlsv1 bad certificate status response

tlsv1 bad certificate hash value

tlsv1 alert export restriction

sslv3 alert unsupported certificate

sslv3 alert no certificate

sslv3 alert certificate unknown

sslv3 alert certificate revoked

sslv3 alert certificate expired

sslv3 alert bad certificate

signature for non signing certificate

reuse cert type not zero

reuse cert length not zero

public key not rsa

public key is not rsa

public key encrypt error

peer error unsupported certificate type

peer error no certificate

peer error certificate

peer did not return a certificate

null ssl method passed

no publickey

no private key assigned

no privatekey

Peer haven't sent GOST certificate, required for selected ciphersuite

no client cert received

no client cert method

no ciphers passed

no certificate specified

no certificate set

no certificate returned

no certificate assigned

no certificates returned

missing tmp rsa pkey

missing tmp rsa key

missing tmp ecdh key

missing tmp dh key

missing rsa signing cert

missing rsa encrypting cert

missing rsa certificate

missing export tmp rsa key

missing export tmp dh key

missing dsa signing cert

missing dh rsa cert

missing dh key

missing dh dsa cert

krb5 server rd_req (keytab perms?)

key arg too long

invalid ticket keys length

http request

https proxy request

error generating tmp rsa key

ecc cert should have sha1 signature

ecc cert should have rsa signature

ecc cert not for signing

ecc cert not for key agreement

cert length mismatch

certificate verify failed

bad ecc cert

bad dh pub key length

TLS1_SETUP_KEY_BLOCK

tls1_cert_verify_mac

SSL_VERIFY_CERT_CHAIN

SSL_use_RSAPrivateKey_file

SSL_use_RSAPrivateKey_ASN1

SSL_use_RSAPrivateKey

SSL_use_PrivateKey_file

SSL_use_PrivateKey_ASN1

SSL_use_PrivateKey

SSL_use_certificate_file

SSL_use_certificate_ASN1

SSL_use_certificate

SSL_SET_PKEY

SSL_SET_CERT

SSL_SESS_CERT_NEW

SSL_GET_SIGN_PKEY

SSL_GET_SERVER_SEND_CERT

SSL_CTX_use_RSAPrivateKey_file

SSL_CTX_use_RSAPrivateKey_ASN1

SSL_CTX_use_RSAPrivateKey

SSL_CTX_use_PrivateKey_file

SSL_CTX_use_PrivateKey_ASN1

SSL_CTX_use_PrivateKey

SSL_CTX_use_certificate_file

SSL_CTX_use_certificate_chain_file

SSL_CTX_use_certificate_ASN1

SSL_CTX_use_certificate

SSL_CTX_set_client_cert_engine

SSL_CTX_check_private_key

SSL_CHECK_SRVR_ECC_CERT_AND_ALG

SSL_check_private_key

SSL_CERT_NEW

SSL_CERT_INSTANTIATE

SSL_CERT_INST

SSL_CERT_DUP

SSL_add_file_cert_subjects_to_stack

SSL_add_dir_cert_subjects_to_stack

SSL3_SETUP_KEY_BLOCK

SSL3_SEND_SERVER_KEY_EXCHANGE

SSL3_SEND_SERVER_CERTIFICATE

SSL3_SEND_CLIENT_KEY_EXCHANGE

SSL3_SEND_CLIENT_CERTIFICATE

SSL3_SEND_CERTIFICATE_REQUEST

SSL3_OUTPUT_CERT_CHAIN

SSL3_GET_SERVER_CERTIFICATE

SSL3_GET_KEY_EXCHANGE

SSL3_GET_CLIENT_KEY_EXCHANGE

SSL3_GET_CLIENT_CERTIFICATE

SSL3_GET_CERT_VERIFY

SSL3_GET_CERT_STATUS

SSL3_GET_CERTIFICATE_REQUEST

SSL3_GENERATE_KEY_BLOCK

SSL3_CHECK_CERT_AND_ALGORITHM

SSL3_ADD_CERT_TO_BUF

SSL2_SET_CERTIFICATE

SSL2_GENERATE_KEY_MATERIAL

REQUEST_CERTIFICATE

GET_CLIENT_MASTER_KEY

DTLS1_SEND_SERVER_KEY_EXCHANGE

DTLS1_SEND_SERVER_CERTIFICATE

DTLS1_SEND_CLIENT_KEY_EXCHANGE

DTLS1_SEND_CLIENT_CERTIFICATE

DTLS1_SEND_CERTIFICATE_REQUEST

DTLS1_OUTPUT_CERT_CHAIN

DTLS1_ADD_CERT_TO_BUF

CLIENT_MASTER_KEY

CLIENT_CERTIFICATE

SSLv2 part of OpenSSL 1.0.0g 18 Jan 2012

s->session->master_key_length >= 0 && s->session->master_key_length < (int)sizeof(s->session->master_key)

c->iv_len <= (int)sizeof(s->session->key_arg)

s->s2->key_material_length <= sizeof s->s2->key_material

SSLv3 part of OpenSSL 1.0.0g 18 Jan 2012

TLSv1 part of OpenSSL 1.0.0g 18 Jan 2012

os.length <= (int)sizeof(ret->session_id)

DTLSv1 part of OpenSSL 1.0.0g 18 Jan 2012

key expansion

client write key

server write key

%s:%d: rec->data != rec->input

libs\log\src\text_file_backend.cpp

%H:%M:%S.%f

.\crypto\engine\eng_pkey.c

Load certs from files in a directory

%s%clx.%s%d

unsupported type

unsupported recpientinfo type

unsupported recipient type

unsupported kek algorithm

unsupported content type

signer certificate not found

private key does not match certificate

no public key

no private key

no msgsigdigest

no key or cert

no key

not supported for this key type

not key transport

msgsigdigest wrong length

msgsigdigest verification failure

msgsigdigest error

invalid key length

invalid encrypted key length

error setting key

error getting public key

certificate verify error

certificate has no keyid

certificate already present

CMS_SIGNERINFO_VERIFY_CERT

CMS_RecipientInfo_set0_pkey

CMS_RecipientInfo_set0_key

CMS_RecipientInfo_ktri_cert_cmp

cms_msgSigDigest_add1

CMS_GET0_CERTIFICATE_CHOICES

CMS_EncryptedData_set1_key

CMS_decrypt_set1_pkey

CMS_decrypt_set1_key

CMS_add1_recipient_cert

CMS_add0_recipient_key

CMS_add0_cert

unsupported requestorname type

no certificates in chain

error parsing url

PARSE_HTTP_LINE1

OCSP_parse_url

OCSP_cert_id_new

unimplemented public key method

invalid cmd number

invalid cmd name

failed loading public key

failed loading private key

cmd not executable

ENGINE_UNLOAD_KEY

ENGINE_load_ssl_client_cert

ENGINE_load_public_key

ENGINE_load_private_key

ENGINE_get_pkey_meth

ENGINE_get_pkey_asn1_meth

ENGINE_ctrl_cmd_string

ENGINE_ctrl_cmd

ENGINE_cmd_is_executable

unsupported md algorithm

invalid signer certificate purpose

ess signing certificate error

ess add signing cert error

TS_VERIFY_CERT

TS_TST_INFO_set_msg_imprint

TS_RESP_CTX_set_signer_cert

TS_RESP_CTX_set_certs

TS_REQ_set_msg_imprint

TS_MSG_IMPRINT_set_algo

TS_CHECK_SIGNING_CERTS

ESS_SIGNING_CERT_NEW_INIT

ESS_CERT_ID_NEW_INIT

ESS_ADD_SIGNING_CERT

functionality not supported

WIN32_JOINER

unsupported pkcs12 mode

key gen error

PKCS8_add_keyusage

PKCS12_PBE_keyivgen

PKCS12_newpass

PKCS12_MAKE_SHKEYBAG

PKCS12_MAKE_KEYBAG

PKCS12_key_gen_uni

PKCS12_key_gen_asc

PKCS12_add_localkeyid

unsupported option

unable to get issuer keyid

policy syntax not currently supported

operation not defined

no proxy cert policy language defined

no issuer certificate

extension setting not supported

V2I_EXTENDED_KEY_USAGE

V2I_AUTHORITY_KEYID

S2I_SKEY_ID

S2I_ASN1_SKEY_ID

R2I_CERTPOL

unsupported cipher type

unable to find certificate

signing not supported for this key type

operation not supported on this type

no recipient matches key

no recipient matches certificate

encryption not supported for this key type

decrypted key is wrong length

PKCS7_add_certificate

unsupported method

no port specified

no port defined

no accept port specified

BIO_get_port

ECDH_compute_key

data too large for key size

unsupported field

passed null parameter

not a supported NIST prime

missing private key

keys not set

invalid private key

PKEY_EC_SIGN

PKEY_EC_PARAMGEN

PKEY_EC_KEYGEN

PKEY_EC_DERIVE

PKEY_EC_CTRL_STR

PKEY_EC_CTRL

o2i_ECPublicKey

i2o_ECPublicKey

i2d_ECPrivateKey

EC_KEY_print_fp

EC_KEY_print

EC_KEY_new

EC_KEY_generate_key

EC_KEY_copy

EC_KEY_check_key

ECKEY_TYPE2PARAM

ECKEY_PUB_ENCODE

ECKEY_PUB_DECODE

ECKEY_PRIV_ENCODE

ECKEY_PRIV_DECODE

ECKEY_PARAM_DECODE

ECKEY_PARAM2TYPE

DO_EC_KEY_PRINT

d2i_ECPrivateKey

zlib not supported

wrong public key type

unsupported public key type

unsupported encryption algorithm

unsupported any defined by type

unknown public key type

unable to decode rsa private key

unable to decode rsa key

streaming not supported

private key header missing

digest and key type not supported

bad password read

X509_PKEY_new

i2d_RSA_PUBKEY

i2d_PublicKey

i2d_PrivateKey

i2d_EC_PUBKEY

i2d_DSA_PUBKEY

d2i_X509_PKEY

d2i_PublicKey

d2i_PrivateKey

d2i_AutoPrivateKey

unsupported algorithm

unknown key type

unable to get certs public key

public key encode error

public key decode error

no cert set for us to verify

method not supported

loading cert dir

key values mismatch

key type mismatch

cert already in hash table

cant check dh key

X509_verify_cert

X509_STORE_add_cert

X509_REQ_check_private_key

X509_PUBKEY_set

X509_PUBKEY_get

X509_load_cert_file

X509_load_cert_crl_file

X509_get_pubkey_parameters

X509_check_private_key

GET_CERT_BY_SUBJECT

ADD_CERT_DIR

PKEY_DSA_KEYGEN

PKEY_DSA_CTRL

unsupported key components

unsupported encryption

read key

public key no rsa

problems getting password

keyblob too short

keyblob header parse error

expecting public key blob

expecting private key blob

error converting private key

PEM_WRITE_PRIVATEKEY

PEM_READ_PRIVATEKEY

PEM_READ_BIO_PRIVATEKEY

PEM_PK8PKEY

PEM_F_PEM_WRITE_PKCS8PRIVATEKEY

DO_PK8PKEY_FP

DO_PK8PKEY

d2i_PKCS8PrivateKey_fp

d2i_PKCS8PrivateKey_bio

unsupported salt type

unsupported private key algorithm

unsupported prf

unsupported key size

unsupported key derivation function

unsupported keylength

unsuported number of rounds

private key encode error

private key decode error

operaton not initialized

operation not supported for this keytype

no operation set

no key set

keygen failure

invalid operation

expecting a ec key

expecting a ecdsa key

expecting a dsa key

expecting a dh key

expecting an rsa key

different key types

ctrl operation not implemented

command not supported

camellia key setup failed

bn pubkey error

bad key length

aes key setup failed

PKEY_SET_TYPE

PKCS5_v2_PBE_keyivgen

PKCS5_PBE_keyivgen

EVP_PKEY_verify_recover_init

EVP_PKEY_verify_recover

EVP_PKEY_verify_init

EVP_PKEY_verify

EVP_PKEY_sign_init

EVP_PKEY_sign

EVP_PKEY_paramgen_init

EVP_PKEY_paramgen

EVP_PKEY_new

EVP_PKEY_keygen_init

EVP_PKEY_keygen

EVP_PKEY_get1_RSA

EVP_PKEY_get1_EC_KEY

EVP_PKEY_GET1_ECDSA

EVP_PKEY_get1_DSA

EVP_PKEY_get1_DH

EVP_PKEY_encrypt_old

EVP_PKEY_encrypt_init

EVP_PKEY_encrypt

EVP_PKEY_derive_set_peer

EVP_PKEY_derive_init

EVP_PKEY_derive

EVP_PKEY_decrypt_old

EVP_PKEY_decrypt_init

EVP_PKEY_decrypt

EVP_PKEY_CTX_dup

EVP_PKEY_CTX_ctrl_str

EVP_PKEY_CTX_ctrl

EVP_PKEY_copy_parameters

EVP_PKEY2PKCS8_broken

EVP_PKCS82PKEY_BROKEN

EVP_PKCS82PKEY

EVP_CIPHER_CTX_set_key_length

ECKEY_PKEY2PKCS8

ECDSA_PKEY2PKCS8

DSA_PKEY2PKCS8

DSAPKEY2PKCS8

D2I_PKEY

CAMELLIA_INIT_KEY

AES_INIT_KEY

invalid public key

PKEY_DH_KEYGEN

PKEY_DH_DERIVE

GENERATE_KEY

COMPUTE_KEY

rsa operations not supported

key size too small

invalid keybits

illegal or unsupported padding mode

digest too big for rsa key

data too small for key size

RSA_generate_key

RSA_check_key

RSA_BUILTIN_KEYGEN

PKEY_RSA_VERIFYRECOVER

PKEY_RSA_SIGN

PKEY_RSA_CTRL_STR

PKEY_RSA_CTRL

.\crypto\asn1\x_pkey.c

C:\desktop_apps\_out\MailRuUpdater.pdb

MailRuUpdater.exe

??0?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@QAE@XZ

??0?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@QAE@XZ

??0?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@QAE@XZ

??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@XZ@51

??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@XZ@51

??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@XZ@51

??_B?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51

??_B?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ@51

?get_const_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@XZ

?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_const_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@XZ

?get_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@XZ

?get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@XZ

?get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@A

?instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@A

?instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@A

?instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@A

?instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@A

?instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@A

?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A

?instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@A

?instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@A

?instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@A

?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ

?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z

?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z

?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z

?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@detail@34@A

?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@detail@34@A

?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@detail@34@A

?t@?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A

?t@?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@634@A

GetProcessHeap

KERNEL32.dll

SetWindowsHookExW

UnhookWindowsHookEx

USER32.dll

GDI32.dll

RegCloseKey

RegCreateKeyExW

RegDeleteKeyW

RegEnumKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

ReportEventA

ADVAPI32.dll

FindExecutableW

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

SHLWAPI.dll

COMCTL32.dll

WS2_32.dll

PSAPI.DLL

USERENV.dll

WTSAPI32.dll

CRYPT32.dll

VERSION.dll

CreateIoCompletionPort

GetCPInfo

ShellExecuteExW

CoInternetParseUrl

urlmon.dll

PeekNamedPipe

-----BEGIN PUBLIC KEY-----

-----END PUBLIC KEY-----

zcÁ

.?AV?$_Ref_count_obj@VAuditGoogleChrome@mailru@@@std@@

.?AV?$_Ref_count_obj@VAuditFirefox@mailru@@@std@@

.?AVAuditFirefox@mailru@@

.?AVCheckerFirefox@AuditFirefox@mailru@@

.?AVCheckerHomepageFirefox@AuditFirefox@mailru@@

.?AVCheckerDefaultSearchFirefox@AuditFirefox@mailru@@

.?AVCheckerVbmFirefox@AuditFirefox@mailru@@

.?AV?$_Ref_count_obj@VCheckerHomepageFirefox@AuditFirefox@mailru@@@std@@

.?AV?$_Ref_count_obj@VCheckerDefaultSearchFirefox@AuditFirefox@mailru@@@std@@

.?AV?$_Ref_count_obj@VCheckerVbmFirefox@AuditFirefox@mailru@@@std@@

.?AVAuditGoogleChrome@mailru@@

.?AVCheckerCh@AuditGoogleChrome@mailru@@

.?AVCheckerHomepageCh@AuditGoogleChrome@mailru@@

.?AVCheckerDefaultSearchCh@AuditGoogleChrome@mailru@@

.?AVCheckerVbmCh@AuditGoogleChrome@mailru@@

.?AV?$_Ref_count_obj@VCheckerHomepageCh@AuditGoogleChrome@mailru@@@std@@

.?AV?$_Ref_count_obj@VCheckerDefaultSearchCh@AuditGoogleChrome@mailru@@@std@@

.?AV?$_Ref_count_obj@VCheckerVbmCh@AuditGoogleChrome@mailru@@@std@@

.?AV?$_Func_base@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_8b00b026c9439ae5ee123b07f29330c6>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_d67d694cf66593a3e1cbe5e0ac457329>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AVsettings@firefox@mailru@@

.?AVvisual_bookmarks@firefox@mailru@@

.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_852549d506963e7e0155e6efc072a19d>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_8f47c682880de3b4c07e24e1559f18fc>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AV?$thread_data@V?$bind_t@XV?$mf0@XVRemoteTasksExecuter@mailru@@@_mfi@boost@@V?$list1@V?$value@PAVRemoteTasksExecuter@mailru@@@_bi@boost@@@_bi@3@@_bi@boost@@@detail@boost@@

.?AV?$thread_data@V?$bind_t@XV?$mf1@XVRemoteTasksExecuter@mailru@@ABV?$shared_ptr@VTaskInterface@mailru@@@std@@@_mfi@boost@@V?$list2@V?$value@PAVRemoteTasksExecuter@mailru@@@_bi@boost@@V?$value@V?$shared_ptr@VTaskInterface@mailru@@@std@@@23@@_bi@3@@_bi@boost@@@detail@boost@@

.?AVTaskOneTimeWithChromeAutorunPatch@mailru@@

.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_36e85ead181c17858a3fd5b6f23c888c>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_d71f87b5d93256d8ef11999b81c97114>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_ff52a01b8c5e4b0628fdb56e2a8b3e6f>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AVwindows_file_codecvt@@

.PAUattribute_name_info_tag@v2s_mt_nt5@log@boost@@

.?AVexception@sqlite@mailru@@

.?AV?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@

.?AU?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@

.?AUProcessKey@sysinfo@mailru@@

.?AV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@

.?AV?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@

.?AV?$singleton_wrapper@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@detail@serialization@boost@@

.?AV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@

.?AV?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@

.?AV?$singleton_wrapper@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@detail@serialization@boost@@

.?AV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@

.?AV?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@

.?AV?$singleton_wrapper@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@detail@serialization@boost@@

.?AV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@

.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@

.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@

.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@

.?AV?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@

.?AV?$service_base@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@

.?AVconnection_data@downloader_impl@http@mailru@@

.?AVconnection_data_file@downloader_impl@http@mailru@@

.?AVconnection_data_string@downloader_impl@http@mailru@@

.?AV?$_Ref_count@V?$vector@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@V?$allocator@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@@std@@@std@@@std@@

.?AV?$sp_counted_impl_p@Vdownload_limitation@downloader_impl@http@mailru@@@detail@boost@@

.?AV?$sp_counted_impl_p@Vconnection_data_file@downloader_impl@http@mailru@@@detail@boost@@

.?AV?$sp_counted_impl_p@Vconnection_data_string@downloader_impl@http@mailru@@@detail@boost@@

.?AVinvalid_scheduler_policy_key@Concurrency@@

.?AVinvalid_operation@Concurrency@@

.?AVunsupported_os@Concurrency@@

.?AVinvalid_oversubscribe_operation@Concurrency@@

.?AUITopologyExecutionResource@Concurrency@@

.?AUIExecutionContext@Concurrency@@

.?AVExecutionResource@details@Concurrency@@

.?AUIExecutionResource@Concurrency@@

Inappropriate I/O control opera

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*' />

< <$<(<,<

0 0$0(0,0

313C3O3a3m3r3

0%0s0

343f3

8:X:#;i;n;};

8(8&:5:_:

;";';&<5<[<

9%9U9u9

3?4X4

8œ9h9

:&:;:@:{:

4"414&585

0"0)00090

3%3s3

2/2x2c3}3

9$9(9,90949

878<8[8`8

77R7c7o7v7

5#6-676\6

8 8%8*888

? ?$?(?,?0?4?8?

8 8$8(8,8&9

2%3u3z3

9 9$9(9,9

5 5$5(5,50545~5

6$6,666<6

2"2(22282*323

2#20262=2^2

5"=)=2=9=

708}8!:(:

7 7-787@7_7

1 1$1(1,1

0'0-020@0

3#323@3#525@5

: :$:(:,:0:4:

5,5054585<5@5

3 3$3(3,3034383<3

5 5$5(5,50545

4 4$4(4,484<4

6 6$6(6,6064686<6

8 8$8(8,8084888<8

9(9,90949|9

=@>\>`>|>

< <$<0<@<

> >$>(>,>0>4>8><>

8 8$8(8,808

? ?$?(?,?0?4?8?<?

1 1$1(1,101

6 6$6(6,6064686<6@6

8 8$8(8,8084888<8@8

1 1$1(1,1014181<1@1

6 6$6(6,6

2$2,282\2|2

7,787@7`7

2,282\2|2

3 3(343\3

7,787\7|7

:,:8:@:`:

?(?4?<?\?

>$>,>8>\>|>

;(;4;<;\;

1$1,181`1

0 0(040\0

1 1(1,1|1

2 202@2`2

> >$>(>,>0>|>

praetorian.exe

qipguard.exe

BrowserManager.exe

BrowserManagerGUI.exe

QHActiveDefense.exe

QHSafeTray.exe.exe

QHWatchdog.exe

GuardMailRu.exe

JMail.Ru\Sputnik\Report

hXXp://xml.binupdate.mail.ru/audit_config.mrdj

Start new check operation

o failed to parse. New report Created

restore mail.ru for:

operation_type

checker->Check failed, msg =

hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj

hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj successfully fetched

FFExtensions/FFVbm/Url

Hp/Url

Dse/Url

Vbm/Url

Google\Chrome\User Data\Safe Browsing Extension Blacklist

Advapi32.dll

MGoogle/Chrome/User Data

Google/Chrome/Application

Software\Policies\Google\Chrome

hXXp://xml.binupdate.mail.ru/ext_storage.mrdj

Google Chrome

Google/Chrome/User Data/Default

Google/Chrome/Application/chrome.exe

Software/Google/Chrome/BLBeacon

URLS

manifest.json

sqlite3_reset

sqlite3_exec

Web Data

chrome.exe

select k.url from meta m, keywords k where m.key='Default Search Provider ID' and m.value=k.id

select id, short_name from keywords where url like '%go.mail.ru%' COLLATE NOCASE

No go.mail.ru in chromium

SELECT id FROM keywords WHERE keyword = 'mail.ru' COLLATE NOCASE

DELETE FROM keywords WHERE short_name = '@MAIL.RU'

SELECT * FROM keywords

ALTER TABLE keywords ADD COLUMN alternate_urls VARCHAR DEFAULT ''

ALTER TABLE keywords ADD COLUMN search_terms_replacement_key VARCHAR DEFAULT ''

INSERT INTO keywords

id, short_name, keyword, favicon_url, url, show_in_default_list, safe_for_autoreplace, originating_url, date_created, usage_count, input_encodings, suggest_url, prepopulate_id, created_by_policy, instant_url, last_modified, sync_guid

@Mail.Ru','go.mail.ru','hXXp://go.mail.ru/favicon.ico','hXXp://go.mail.ru/search?q={searchTerms}&fr=ntg',1,1,'',1333701777,0,'windows-1251','hXXp://suggests.go.mail.ru/ff3?q={searchTerms}',%PREPOPULATE_ID%,0,'',0,'03095DE3-A6E7-4793-A20C-399A0F4A92E1'

UPDATE keywords SET short_name = '

@Mail.Ru', keyword = 'go.mail.ru', favicon_url = 'hXXp://go.mail.ru/favicon.ico', url = 'hXXp://go.mail.ru/search?q={searchTerms}&fr=ntg%RFR%',show_in_default_list = '1' WHERE id = '%ID%'

SELECT id , prepopulate_id FROM keywords WHERE keyword = 'go.mail.ru' COLLATE NOCASE

SELECT id , prepopulate_id FROM keywords WHERE keyword = 'mail.ru' COLLATE NOCASE

SELECT id, prepopulate_id FROM keywords

' WHERE key = 'Default Search Provider ID'

' WHERE key = 'Default Search Provider ID Backup'

SELECT value FROM meta WHERE key = 'version'

UPDATE keywords SET suggest_url = '%SUGGEST_URL%' WHERE keyword like '%mail.ru%'

%SUGGEST_URL%

^(chrome-extension://)?(\w{32})?/?

Software/Google/Chrome/Extensions

Sync Data Backup/SyncData.sqlite3

hXXps://clients2.google.com/service/update2/crx

hXXp://xml.binupdate.mail.ru/guard/mrids.mrdj?

Extension from url installed

DefaultSearchProviderSearchURL

DefaultSearchProviderKeyword

&%1$=%2%

mmail.ru

VVV.mail.ru

VVV.go.mail.ru

common_process.exe

{27116687-8CD6-4A82-BA83-5099C3A885BF}

{A12C4AB1-F4D0-4771-8C21-613E9D12491F}

{1079004F-E4EF-4A44-9D1F-7C9CE09CE258}

{901B414B-72A2-48C6-8DCD-29388B8B3E40}

{0ED2394C-62B6-4A80-A342-C2CA0B2A4E82}

{E60E6A0E-4092-4965-85BB-AA1ED8EBBC8E}

{ADAC3638-040C-498C-845A-F89B99705444}

{4519D3B5-465C-4AE2-A905-960CA7D5385C}

{F581DE96-9AA1-45C8-8335-B7445525371A}

{DCEF19BB-AB61-48F4-A7CB-6D677D90D1C2}

{B63A6D16-4F50-47C2-9BF7-A5D6E79C9EFD}

{11A1974E-9BEF-4B50-8E2F-9F25FC775BD1}

{3E57F3FE-4397-4DEA-A19A-760BFCD24242}

{603A8599-628C-4F00-A940-A09F1583A23E}

{D33EDE61-8E43-4C1F-9371-6A240B4DA5C9}

{C74622AC-AC0B-44E5-BDC2-EE39A5FD9EC9}

{ABCAA0D8-A892-481F-9492-ACC63768F659}

{8DC7BF6A-58F3-4740-B600-34E37FFADC21}

{4C1D0C36-25B2-4774-80E8-DAE1E7898A1A}

{96AF929E-B8EB-499E-99A8-095E4262BE26}

{027940D4-10B8-43B6-9707-A4EE47618E1D}

{45DA0BF7-F31B-4360-BF9A-8E7374A78916}

{5552B451-2086-4B64-82C6-732B18E41FCD}

{F9CC112D-19A0-455B-8D85-F5E9CB7D5914}

{0E26AC42-4B6E-4C84-8291-A0CAC999E70D}

{CFB9F60E-912D-43B3-91C9-9E06AE17ADE0}

{3CE4F0C3-2143-491F-8F20-27792166C41F}

{66CD85E0-6D8E-444E-9D71-AED8BA171A26}

{4947360E-E26B-4CC9-BB40-F4A30EDCA39E}

{14737ADB-9F88-47E8-A76F-D365509795AC}

chrome-extension://clpdgmdkdnijjbgmnajolnbnjejoeogm/visual-bookmarks.html

chrome-extension://hcncjpganfocbfoenaemagjjopkkindp/visual-bookmarks.html

chrome-extension://jaocgokledfmfebefgbeokdodbbdjhdd/visual-bookmarks.html

chrome-extension://dhngkpgdbpbkopndlpkicfaiffphdkbo/visual-bookmarks.html

)Software\AppDataLow\Software\Mail.Ru\IE_Bar

Software\Mail.Ru\IE_Bar

Software/Mail.Ru/Updater

Software\Mail.Ru\Flags

SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall

SOFTWARE/Microsoft/Windows/CurrentVersion/Run

SOFTWARE/Mail.Ru

@Mail.Ru

{09900DE8-1DCA-443F-9243-26FF581438AF}

{58810E75-E249-44C6-B989-11D227263E24}

{91397D20-1446-11D4-8AF4-0040CA1127B6}

{95289393-33EA-4F8D-B952-483415B9C955}

hXXp://mrds.mail.ru/update/2/

hXXp://suggests.go.mail.ru/ie8?q={SearchTerms}

{FFEBBF0A-C22C-4172-89FF-45215A135AC7}

Mail.Ru

iexplore.exe

{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}

{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}

firefox.exe

opera.exe

SOFTWARE/Google/Chrome/Extensions

amigo.exe

nichrome.exe

browser.exe

Yandex.Browser.New

Software/Mail.Ru/ChromeInstaller

hXXp://xml.binupdate.mail.ru/guard/update/version.xml

F777C640-57F8-4ECE-A40B-F571D25C2EFE

.html

opera

launcher.exe

SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Google Chrome

SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Bromium

Software/Microsoft/Windows/CurrentVersion/Uninstall/Xpom

Software/Microsoft/Windows/CurrentVersion/Uninstall/{1B89BC31-F539-4EBD-B94F-C24705C73433}

Software/Microsoft/Windows/CurrentVersion/Uninstall/YandexBrowser

xpom.exe

Software/Microsoft/Windows/CurrentVersion/Uninstall/xpom

Software/Microsoft/Windows/CurrentVersion/Uninstall/Amigo

google chrome

firefox

Microsoft/Windows/Start Menu

Microsoft/Windows/

tsearch-metadata.json

prefs.js

sessionstore.js

places.sqlite

cookies.sqlite

Mozilla\Firefox\profiles.ini

Mozilla\Firefox

Lsearch.json

Mozilla Firefox

mailru.xml

<SearchPlugin xmlns="hXXp://VVV.mozilla.org/2006/browser/search/" xmlns:os="hXXp://a9.com/-/spec/opensearch/1.1/">

@Mail.Ru</os:ShortName>

@Mail.Ru</os:Description>

<SearchForm>hXXp://VVV.mail.ru/</SearchForm>

<os:Url type="application/x-suggestions json" method="GET" template="hXXp://suggests.go.mail.ru/ff3?q={searchTerms}"></os:Url>

<os:Url type="text/html" method="GET" template="hXXp://go.mail.ru/search"><os:Param name="q" value="{searchTerms}"/>%PARAMS%%RFR%</os:Url>

extensions.ini

ini keys failed

extensions.json

extensions.json not parsed!

localstore.rdf

extensions.sqlite

PMail.Ru\Tmp\ffvisualbookmarks.7z

install.rdf

d.autoreg

extensions.rdf

extensions.cache

install_options.xml

@Mail.Ru

Mail.ru

Firefox

File: %s

SELECT last_visit_time FROM urls order by last_visit_time DESC LIMIT 1

couldn't create instance of IUrlHistoryStg2

EnumUrls failed

FaviconURLFallback

SuggestionsURL

ie.reg

[-HKEY_USERS\

import

reg.exe

*.dll

%1%version.txt?type=%2%&GUID=%3%&rfr=%4%

metric successfully send, url =

metric send failed, url =

Mail.Ru/Id

Software\Microsoft\Windows\CurrentVersion\Run

Software\Mail.ru\Tech\ptls

Software/Mail.Ru/Guard

R.delay

Mail.Ru/mrst

hXXp://xml.binupdate.mail.ru/tasks/shortcuts.mrdj?

url_argument

key_arg

^(http[s]?:\/\/)?(www\.)?([\w\.-] )([:\/].*)?$

Remote tasks execution started

hXXp://xml.binupdate.mail.ru/tasks.mrdj?

added task to executing task array

Software/Microsoft/Windows/CurrentVersion/Run

Syahoo.com

webalta.ru

yambler.net

yafinder.com

Found mail.ru extension of type

KhXXp://mailruupdater.cdnmail.ru/MailRuUpdater.exe

5Software\Mail.ru\Tech\ptls

SSoftware\Mail.Ru

Allow service process execute task

--uac-passed

mru_uac_passed

Guard@Mail\.ru

SwReporter

software_reporter_tool.log

Error parsing reporter logs:

dFailed to update SwReporter data:

since_last_exec

chrome

hXXp://xml.binupdate.mail.ru/tasks/ext_settings.mrdj?

Terminating update.exe

update.exe

hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj?

\bmail\.ru\b

K{61EB20A4-D4D5-4276-A2C9-DCCE8CE9F633}

{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}

qip.ru

Start proceed Google Chrome

Google Chrome is done

Google Chrome is not done

Start proceed Firefox

Firefox is done

Firefox is not done

hXXp://xml.binupdate.mail.ru/tasks/sg_settings.mrdj?

hXXp://go.mail.ru/?chverfix=1&fr=chverfix_sg

hXXp://go.mail.ru/search?q={SearchTerms}&ieverfix=1&fr=ieverfix_dse

hXXp://xml.binupdate.mail.ru/tasks/sg_settings.mrdj

hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj successfully fetching failed

Svk.com/audios

ok.ru/music

my.mail.ru/music

e.mail.ru/messages/inbox

vk.com/app

ok.ru/game

ok.ru/app

my.mail.ru/app

games.mail.ru

SELECT id, url, last_visit_time FROM urls where url like '%%%1%%%' order by last_visit_time DESC limit 1

SELECT url, last_visit_date FROM moz_places where url like '%%%1%%%' and guid != '' and guid notnull order by last_visit_date desc limit 1

\Toolbar\Custom\Packages\hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml\Components\smartbox

Yandex\Toolbar\state.json

yasearch-xb\plugins.json

Software\Mail.Ru\Updater

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

uac-passed

Kamigo_tmp.exe

hXXp://binupdate.mail.ru/amigo/version2.xml

internet_tmp.exe

hXXp://binupdate.mail.ru/chrome/version3.xml

internetupdater_tmp.exe

hXXp://binupdate.mail.ru/chrome/version2.xml

0.0.0.0

inttoam_tmp.exe

hXXp://binupdate.mail.ru/chrome/internet_to_amigo.xml

28.0.1501.430

hXXp://binupdate.mail.ru/updater/version.xml

mrutmp.exe

.mru_update_service

C:\logging

amsg

last_chrome

ovr_chrome

Google/Chrome/User Data/Default/History

hXXp://xml.binupdate.mail.ru/friends.mrdj

oUpdater.Mail.Ru

Mail.Ru Group

Updater.Mail.Ru exist

Updater.Mail.Ru: Error during coping file, rc =

Service::Update update operation is proceed

Updater.Mail.Ru: StartService: RegisterServiceCtrlHandler returned error

Updater.Mail.Ru: StartService: SetServiceStatus returned error

Updater.Mail.Ru: SERVICE_CONTROL_STOP

Updater.Mail.Ru: SERVICE_CONTROL_INTERROGATE

Updater.Mail.Ru: SERVICE_CONTROL_SHUTDOWN

%1% (%2%)

\StringFileInfo\xx

notepad.exe

SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System

0123456789 ,.

Software/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders

sqlite3_prepare16_v2

sqlite3_step

sqlite3

SQLite error %1% returned by %2%

SQLite error code %1%, file %2%

sAbsolutePath: <%s>

Incorrect firefox js file

stub.exe

hXXp://xml.binupdate.mail.ru/tenv.mrdj

filter.cfg

metrics.csv

http.csv

%Y%m%d

%Y-%m-%d

%H:%M:%S

%Y%m%dT%H%M%S%F%q

%Y-%m-%d %H:%M:%S%F%Q

%Y-%b-%d %H:%M:%S%F %z

%O:%M:%S%F

Invalid url

jMail.ru/ifrm

SOFTWARE/Mail.ru

Internet Explorer/iexplore.exe

Global\651CB287-2277-4F76-84C6-1D61E868304B

Mail.ru/CommonCache

HTTP code %1%

%Y-%b-%d

l%Y%m%d

SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders

asio-58CCDC44-6264-4842-90C2-F3C545CB8AA7-%u-%p

hXXp://xml.binupdate.mail.ru/cache_policy.mrdj

rCachingPolicy/Urls

mscoree.dll

madvapi32.dll

skernel32.dll

combase.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

888816666554443

6666554443

!6666554443

%5N.log

%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe

Mail.Ru updater

1.17.0.150

MailRuUpdater.exe_1660:

.text

`.rdata

@.data

.rsrc

@.reloc

SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>

SHA1 block transform for x86, CRYPTOGAMS by <[email protected]>

.EKSWU

DlSHA512 block transform for x86, CRYPTOGAMS by <[email protected]>

Montgomery Multiplication for x86, CRYPTOGAMS by <[email protected]>

FtPS

FTPG

FTPj

6-9'6-9'

$6.:$6.:

*?#1*?#1

>8$4,8$4,

AES for x86, CRYPTOGAMS by <[email protected]>

|$@3|$<3

Camellia for x86 by <[email protected]>

RC4 for x86, CRYPTOGAMS by <[email protected]>

<0|1<:}-

<0|9<:}5

w%s( 

8%u(j

uXj.hLj

ugj.hLj

gj.hdi

 FTPj

F\ FTP

<x%uY

><%uB

t.Jx 

;*u%C

Lj.hL

j.Yf;

_tcPVj@

.PjRW

f;F.se

?sqliu

 2 34 567

?%Y-%u

m-%du

?%H:%u

M:%Su

C:\desktop_apps\SputnikLib/log_ng.h

C:\desktop_apps\CommonFiles/url_params_common.hpp

mailru::url_params::formalize_common_params

mailru::url_params::AddWinVerInfo

mailru::url_params::AddChromeMetrics

mailru::url_params::AddToolVer

mailru::url_params::AddOtherProcessInfo

..\CommonFiles\audit\audit.cpp

..\CommonFiles\audit\audit_browsers_manager.cpp

c:\desktop_apps\commonfiles\audit\audit_browsers_manager.h

ReportTime

..\CommonFiles\audit\audit_browser_settings.cpp

mailru::AuditBrowserSettings::MakeReport

) report successfully done

Make report failed

mailru::AuditBrowserSettings::ScheduleReportCheck

mailru::AuditBrowserSettings::CollectReportInfo

mailru::AuditBrowserSettings::CheckReport

error report structer

..\CommonFiles\audit\audit_google_chrome.cpp

mailru::AuditGoogleChrome::CheckerHomepageCh::RestoreChild

mailru::AuditGoogleChrome::CheckerDefaultSearchCh::RestoreChild

mailru::AuditGoogleChrome::CheckerVbmCh::RestoreChild

:Incorrect key length

Unable to read chrome blocklist

Chrome blocklist file is not valid

chrome blocklist contains unsupported elements

..\CommonFiles\chrome-safe-browsing.cpp

mailru::chromium::ChromeSafeBrowsing::ReadSafeBrowsingFile

shard_header.add_prefix_count > kMaxAddSubChunksCount

Unable to open "%s" for writing

RegCreateKeyTransactedW

C:\desktop_apps\SputnikLib/reg_key.hpp

startup_urls

urls_to_restore_on_startup

..\commonfiles\chromiums.cpp

Chrome

RegOpenKeyTransactedW

RegDeleteKeyTransactedW

KERNEL32.DLL

boost::too_few_args: format-string referred to more arguments than were passed

boost::too_many_args: format-string referred to less arguments than were passed

%%%%-%%%%-%%%%-%%%%

C:\desktop_apps\CommonFiles/sql_lite_bind.hpp

..\CommonFiles\chromium_settings.cpp

hXXp://mail.ru

hXXp://VVV.mail.ru

browser.show_home_button

session.restore_on_startup

yandex\.ru. clid

mailru::chromium::settings::search_url

chrome_settings_overrides

search_url

template_url_data

mailru::chromium::settings::search_url_without_extensions

@MAIL.RU

suggestions_url

suggestions_url_post_params

windows-1251

keyword

mail.ru

D15371FE-C188-4E99-9841-A91F3BCBCCC3

search_terms_replacement_key

search_url_post_params

favicon_url

hXXp://go.mail.ru/favicon.ico

image_url

image_url_post_params

instant_url

instant_url_post_params

originating_url

alternate_urls

default_search_provider_data.template_url_data

suggest_url

default_search_provider.name

default_search_provider.search_url

go.mail.ru

keystore_encryption_bootstrap_token

chrome_url_overrides

chrome-extension://

extensions.settings.

hXXp://mail.ru/cnt/9824

mail.ru

mailru::chromium::settings::url_from_ext_id

extensions.known_disabled

error %s

update_url

.enabled

hXXp://xml.binupdate.mail.ru/amigo/check_policy.amg?

check_policy.amg not loaded

check_policy.amg NOT decoded

check_policy.amg NOT parsed

mailru::chromium::settings::InstallExtensionFromUrlNoThrow

Disabling dse in GPO failed: %s

Looking for local GPO failed: %s

yasearch.native_comps.hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox.all.settings.searchName

hXXp://VVV.mail.ru/cnt/7861

hXXp://agent.mail.ru/ru/download/agent_windows/download.html?sputnik=1

hXXp://img.imgsmail.ru/r/agent/favicon.ico

hXXp://mail.ru/cnt/10445

hXXp://VVV.mail.ru/

hXXp://go.mail.ru/search?fr=ntg&q={SearchTerms}

hXXp://go.mail.ru/search?fr=ntg&q=

hXXp://m.mail.ru/cgi-bin/splash?opera=1

hXXp://VVV.mail.ru/cnt/5090

hXXp://go.mail.ru/search?q=%s&fr=ntg

@mail.ru

hXXp://suggests.go.mail.ru/ff3?q={SearchTerm}

hXXp://go.mail.ru/search_images?utf8in=1&q=%s&fr=oprtb

hXXp://go.mail.ru/favicon_images.ico

hXXp://go.mail.ru/search_video?utf8in=1&q=%s&fr=oprtb

hXXp://go.mail.ru/favicon_video.ico

hXXp://VVV.mail.ru/cnt/5091

hXXp://redir.opera.com/speeddials/mail.ru

hXXp://redir.opera.com/bookmarks/mail.ru

hXXp://go.mail.ru/search?q=%s&fr=opr11

hXXp://go.mail.ru/search?q={SearchTerms}&fr=ntg

hXXp://suggests.go.mail.ru/ff3?q={searchTerms}

hXXp://mail.ru/cnt/10226

hXXp://go.mail.ru/?pin=1

mailru::default_browser::find_executable

..\CommonFiles\default_browser.cpp

C:\desktop_apps\SputnikLib/com_scope.h

SHORTCUTS PROSEED ERROR: std exception = %s

..\commonfiles\file_util.cpp

C:\desktop_apps\3party\ticpp/ticpp.h

..\CommonFiles\firefox_settings.cpp

mailru::firefox::settings::~settings

browser.startup.homepage

Profile%d

hXXp://go.mail.ru

browser.search.selectedEngine

browser.search.defaultenginename

browser.search.defaulturl

keyword.URL

extensions.enabledAddons

mailru::firefox::settings::is_yandex_elements_intsalled

[email protected]

mailru::firefox::settings::remove_media_viewer

browser.search.suggest.enabled

browser.search.useDBForOrder

Firefox

..\CommonFiles\Firefox_visual_bookmarks.cpp

mailru::firefox::visual_bookmarks::install

mailru::firefox::visual_bookmarks::download

urn:mozilla:item:

mailru::firefox::visual_bookmarks::localstore_rdf

chrome://browser/content/browser.xul#mailru_main_toolbar

(\s*app-profile\s \{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7\}\s rel%\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7\}\s \d )\s*.*

partner_new_url

partner_online_url

hXXps://xtnmailru.cdnmail.ru/go_ffvbm1_update.rdf

chrome://vbmail.ru/skin/vb-logo.png

extensions.autoDisableScopes

extensions.shownSelectionUI

mailru::firefox::enable_visual_bookmarks::PatchExtensionSqlite

mailru::firefox::enable_visual_bookmarks::PatchExtensionIni

mailru::firefox::enable_visual_bookmarks::PatchExtensionJson

updateURL

updateKey

optionsURL

aboutURL

iconURL

icon64URL

Mail.Ru

homepageURL

hXXp://sputnik.mail.ru/

{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

mailru::firefox::enable_visual_bookmarks::is_enabled

mailru::firefox::enable_visual_bookmarks::PatchFileTime

..\CommonFiles\GPOManager.cpp

GetRegistryKey for machine failed

GetRegistryKey for user failed

?mailru::sqlite_bind::column_int64

search_id() = %s

HKEY_USERS ie search url = %s

HKEY_LOCAL_MACHINE ie search url = %s

..\CommonFiles\ie_settings.cpp

Disabling GPO restrictions failed: %s

mailru::reg_keyT<0>::check

ntdll.dll

kernel32.dll

..\CommonFiles\Install_stat.cpp

..\CommonFiles\savestate.cpp

web_data_ver

save_google_state_task::do_task error : item_in_storage.file_serialize

..\CommonFiles\shortcut_check.cpp

c:\desktop_apps\commonfiles\tasks\TaskShortcuts.h

..\CommonFiles\Tasks\RemoteTaskExecuter.cpp

mailru::RemoteTasksExecuter::InitTasks

mailru::RemoteTasksExecuter::ExecuteTask

mailru::RemoteTasksExecuter::FetchTasks

Fetching tasks.mrdj...

Fetching url =

google chrome sync_enabled

..\CommonFiles\Tasks\TaskEmulateWebStoreInstallation.cpp

ERROR google_blocked_mailru_extensions_base::ProceedExtensions std::exception %s !!!

..\CommonFiles\Tasks\TaskGoogleBlockedMailruSettings.cpp

ChromeVbmId

ChromeVbmArchive

..\CommonFiles\Tasks\TaskInstallUpdater.cpp

..\CommonFiles\Tasks\TaskInterface.cpp

..\CommonFiles\Tasks\TaskInstallUpdaterAsService.cpp

cmd_line =

..\CommonFiles\Tasks\TaskPeriodicDisableGPO.cpp

14000000000000000

..\CommonFiles\Tasks\TaskPreventSRT.cpp

mailru::TaskPreventSRT::SendReporterMetric

software_reporter

ReporterLogPattern

invalid map<K, T> key

ERROR: chrome_value is empty

..\CommonFiles\Tasks\TaskRemovePornExtensions.cpp

..\CommonFiles\Tasks\TaskRestoreFFDse.cpp

..\CommonFiles\Tasks\TaskStartGroupBlackList.cpp

mailru::TaskStartGroupBlackList::ProceedGoogleChrome

ProceedGoogleChrome patch prepared

ProceedGoogleChrome start patching

google_chrome object constructed

Google Chrome settings are synced

Google Chrome extensions are synced

TaskStartGroupBlackList::ProceedGoogleChrome failed, error =

ProceedGoogleChrome patch_util.set_was_patch(true);

mailru::TaskStartGroupBlackList::CleanUpChromeStartPages

mailru::TaskStartGroupBlackList::ProceedFirefox

ProceedFirefox is running

hXXp://go.mail.ru/?ffverfix=1&fr=ffverfix_sg

TaskStartGroupBlackList::ProceedGoogleChrome failed, er =

TaskStartGroupBlackList::ProceedGoogleChrome failed

hXXp://go.mail.ru/?ieverfix=1&fr=ieverfix_sg

..\CommonFiles\tasks\task_amigo_remove_pinned_tabs.cpp

..\CommonFiles\Tasks\task_change_sic_settings.cpp

..\CommonFiles\tasks\task_user_preferences.cpp

mailru::TaskUserPreferences::AnalyzeFirefox

hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml

hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml#smartbox

Error reading yandex plugin config: %s

Error changing yandex smartbar config: %s

Error disabling yandex smartbox plugin: %s

..\CommonFiles\yandex_elements.cpp

class Json::Value *__thiscall mailru::YandexElements::FindSettingInStateConfig(class Json::Value &,const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &,const class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > &) const

Error reading yandex config setting "%s": %s

browser.uiCustomization.state

Error enabling standard search panel: %s

guid_manager.cpp

installer.cpp

mailru::reg_keyT<0>::throw_on_error

main.cpp

Started with cmd line

c:\desktop_apps\mailruupdater\concrete_update_task.hpp

self_update_task.cpp

SendBrowsersStatistic.cpp

c:\desktop_apps\mailruupdater\SendBrowsersStatistic.h

updater::SendBrowsersStastic::BrowserData<class mailru::chromium::settings_amigo>::getDSEurl

updater::SendBrowsersStastic::BrowserData<class mailru::chromium::settings_mail>::getDSEurl

updater::SendBrowsersStastic::BrowserData<class mailru::chromium::settings_google>::getDSEurl

service.cpp

asio.misc

asio.misc error

C:\desktop_apps\3party\boost_1_56_0\boost/exception/detail/exception_ptr.hpp

update_info.cpp

fetch_url

Program fetch url

md5 fetch url

cmd_line

util.cpp

updater::Util::SaveChromeStateTask

SHA-256 part of OpenSSL 1.0.0g 18 Jan 2012

len>=0 && len<=(int)sizeof(ctx->key)

j <= (int)sizeof(ctx->key)

SHA1 part of OpenSSL 1.0.0g 18 Jan 2012

SHA-512 part of OpenSSL 1.0.0g 18 Jan 2012

ssl_sess_cert

ssl_cert

evp_pkey

x509_pkey

%s(%d): OpenSSL internal error, assertion failed: %s

RSA part of OpenSSL 1.0.0g 18 Jan 2012

supportedAlgorithms

crossCertificatePair

certificateRevocationList

cACertificate

userCertificate

userPassword

supportedApplicationContext

Microsoft Local Key set

LocalKeySet

id-Gost28147-89-None-KeyMeshing

id-Gost28147-89-CryptoPro-KeyMeshing

password based MAC

id-PasswordBasedMAC

X509v3 Certificate Issuer

certificateIssuer

certicom-arc

Proxy Certificate Information

proxyCertInfo

Microsoft Smartcardlogin

msSmartcardLogin

joint-iso-itu-t

JOINT-ISO-ITU-T

set-rootKeyThumb

setAttr-Cert

setCext-cCertRequired

setCext-certType

setct-CertResTBE

setct-CertReqTBEX

setct-CertReqTBE

setct-AcqCardCodeMsgTBE

setct-CertInqReqTBS

setct-CertResData

setct-CertReqTBS

setct-CertReqData

setct-PCertResTBS

setct-PCertReqData

setct-AcqCardCodeMsg

certificate extensions

set-certExt

set-msgExt

id-ecPublicKey

id-cmc-confirmCertAcceptance

id-cmc-getCert

id-regInfo-certReq

id-regCtrl-protocolEncrKey

id-regCtrl-oldCertID

id-it-revPassphrase

id-it-keyPairParamRep

id-it-keyPairParamReq

id-it-unsupportedOIDs

id-it-caKeyUpdateInfo

id-it-encKeyPairTypes

id-it-signKeyPairTypes

id-it-caProtEncCert

id-mod-attribute-cert

id-mod-qualified-cert-93

id-mod-qualified-cert-88

id-smime-aa-ets-certCRLTimestamp

id-smime-aa-ets-certValues

id-smime-aa-ets-CertificateRefs

id-smime-aa-ets-otherSigCert

id-smime-aa-smimeEncryptCerts

id-smime-aa-signingCertificate

id-smime-aa-encrypKeyPref

id-smime-aa-msgSigDigest

id-smime-ct-publishCert

id-smime-mod-msg-v3

sdsiCertificate

x509Certificate

localKeyID

certBag

pkcs8ShroudedKeyBag

keyBag

pbeWithSHA1And2-KeyTripleDES-CBC

pbeWithSHA1And3-KeyTripleDES-CBC

TLS Web Client Authentication

TLS Web Server Authentication

X509v3 Extended Key Usage

extendedKeyUsage

X509v3 Authority Key Identifier

authorityKeyIdentifier

X509v3 Certificate Policies

certificatePolicies

X509v3 Private Key Usage Period

privateKeyUsagePeriod

X509v3 Key Usage

keyUsage

X509v3 Subject Key Identifier

subjectKeyIdentifier

Netscape Certificate Sequence

nsCertSequence

Netscape CA Policy Url

nsCaPolicyUrl

Netscape Renewal Url

nsRenewalUrl

Netscape CA Revocation Url

nsCaRevocationUrl

Netscape Revocation Url

nsRevocationUrl

Netscape Base Url

nsBaseUrl

Netscape Cert Type

nsCertType

Netscape Certificate Extension

nsCertExt

extendedCertificateAttributes

challengePassword

dhKeyAgreement

passed a null parameter

DSO support routines

x509 certificate routines

error:lX:%s:%s:%s

Stack part of OpenSSL 1.0.0g 18 Jan 2012

Big Number part of OpenSSL 1.0.0g 18 Jan 2012

lhash part of OpenSSL 1.0.0g 18 Jan 2012

ASN.1 part of OpenSSL 1.0.0g 18 Jan 2012

hexkey

rsa_keygen_pubexp

rsa_keygen_bits

RAND part of OpenSSL 1.0.0g 18 Jan 2012

You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html

keylen <= sizeof key

EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)

%d.%d.%d.%d

EC part of OpenSSL 1.0.0g 18 Jan 2012

ECDSA part of OpenSSL 1.0.0g 18 Jan 2012

.\crypto\ec\ec_key.c

DSA part of OpenSSL 1.0.0g 18 Jan 2012

Diffie-Hellman part of OpenSSL 1.0.0g 18 Jan 2012

.\crypto\dh\dh_key.c

value.single

value.set

USER32.DLL

NETAPI32.DLL

ADVAPI32.DLL

keylength

keyfunc

EVP part of OpenSSL 1.0.0g 18 Jan 2012

.\crypto\pkcs12\p12_key.c

d.registeredID

d.iPAddress

d.uniformResourceIdentifier

d.ediPartyName

d.directoryName

d.dNSName

d.rfc822Name

d.otherName

ECDH part of OpenSSL 1.0.0g 18 Jan 2012

priv_key

pub_key

%'%1$=%C%K%O%s%

.%.-.3.7.9.?.W.[.o.y.

C%C'C3C7C9COCWCiC

%s: (%d bit)

Public-Key

Private-Key

recommended-private-length: %d bits

public-key:

private-key:

PKCS#3 DH Public-Key

PKCS#3 DH Private-Key

Public-Key: (%d bit)

Private-Key: (%d bit)

<unsupported>

IP Address:%d.%d.%d.%d

URI:%s

DNS:%s

email:%s

EdiPartyName:<unsupported>

X400Name:<unsupported>

othername:<unsupported>

/usr/local/ssl/certs

/usr/local/ssl/cert.pem

SSL_CERT_DIR

SSL_CERT_FILE

CONF part of OpenSSL 1.0.0g 18 Jan 2012

X509_PUBKEY

public_key

.\crypto\asn1\x_pubkey.c

name.relativename

name.fullname

certificateHold

Certificate Hold

cessationOfOperation

Cessation Of Operation

keyCompromise

Key Compromise

%*s%s:

%*sOnly Attribute Certificates

%*sOnly CA Certificates

%*sOnly User Certificates

%d.%d.%d.%d/%d.%d.%d.%d

%*sPolicy Text: %s

%*scrlUrl:

EXTENDED_KEY_USAGE

%*sZone: %s, User:

keyid

.\crypto\x509v3\v3_akey.c

d.usernotice

d.cpsuri

d.other

CERTIFICATEPOLICIES

%*sExplicit Text: %s

%*sNumber%s:

%*sOrganization: %s

%*sCPS: %s

PKEY_USAGE_PERIOD

keyCertSign

Certificate Sign

keyAgreement

Key Agreement

keyEncipherment

Key Encipherment

.\crypto\x509v3\v3_skey.c

pubkey

EC_PRIVATEKEY

publicKey

privateKey

value.implicitlyCA

value.parameters

value.named_curve

p.char_two

p.prime

p.ppBasis

p.tpBasis

p.onBasis

p.other

PKCS8_PRIV_KEY_INFO

pkey

pkeyalg

x%s

Basis Type: %s

Field Type: %s

ASN1 OID: %s

%s %s%lu (%s0x%lx)

value.bag

value.safes

value.shkeybag

value.keybag

value.sdsicert

value.x509cert

value.other

cert_info

\X

'() ,-./:=?

CONF_def part of OpenSSL 1.0.0g 18 Jan 2012

[[%s]]

[%s] %s=%s

MD5 part of OpenSSL 1.0.0g 18 Jan 2012

PROXY_CERT_INFO_EXTENSION

crlUrl

certStatus

certId

OCSP_CERTSTATUS

value.unknown

value.revoked

value.good

value.byKey

value.byName

reqCert

OCSP_CERTID

issuerKeyHash

certs

%s - d:d:d%.*s %d%s

AUTHORITY_KEYID

enc_key

key_enc_algor

cert

d.encrypted

d.digest

d.signed_and_enveloped

d.enveloped

d.sign

d.data

.\crypto\evp\evp_pkey.c

d.receiptList

d.allOrFirstTier

d.compressedData

d.authenticatedData

d.encryptedData

d.digestedData

d.envelopedData

d.signedData

d.ori

d.pwri

d.kekri

d.kari

d.ktri

CMS_PasswordRecipientInfo

keyDerivationAlgorithm

keyIdentifier

CMS_KeyAgreeRecipientInfo

recipientEncryptedKeys

CMS_OriginatorIdentifierOrKey

d.originatorKey

CMS_OriginatorPublicKey

CMS_RecipientEncryptedKey

CMS_KeyAgreeRecipientIdentifier

d.rKeyId

CMS_RecipientKeyIdentifier

CMS_OtherKeyAttribute

keyAttr

keyAttrId

CMS_KeyTransRecipientInfo

encryptedKey

keyEncryptionAlgorithm

certificates

d.crl

d.subjectKeyIdentifier

d.issuerAndSerialNumber

CMS_CertificateChoices

d.v2AttrCert

d.v1AttrCert

d.extendedCertificate

d.certificate

CMS_OtherCertificateFormat

otherCert

otherCertFormat

X.509 part of OpenSSL 1.0.0g 18 Jan 2012

OPENSSL_ALLOW_PROXY_CERTS

X509_CERT_PAIR

X509_CERT_AUX

%s.dll

%lu:%s:%s:%d:%s

ddddddZ

ddddddZ

PEM part of OpenSSL 1.0.0g 18 Jan 2012

phrase is too short, needs to be at least %d chars

Enter PEM pass phrase:

TRUSTED CERTIFICATE

CERTIFICATE REQUEST

NEW CERTIFICATE REQUEST

CERTIFICATE

X509 CERTIFICATE

PRIVATE KEY

ENCRYPTED PRIVATE KEY

ANY PRIVATE KEY

.\crypto\evp\evp_key.c

nkey <= EVP_MAX_KEY_LENGTH

?456789:;<=

!"#$%&'()* ,-./0123

Verifying - %s

D:\Libs\opencv\sources\modules\core\include\opencv2/core/mat.inl.hpp

D:\Libs\opencv\sources\modules\imgproc\src\templmatch.cpp

img.dims <= 2 && templ.dims <= 2 && corr.dims <= 2

corrsize.height <= img.rows   templ.rows - 1 && corrsize.width <= img.cols   templ.cols - 1

(depth == CV_8U || depth == CV_32F) && type == _templ.type() && _img.dims() <= 2

_img.size().height <= _templ.size().height && _img.size().width <= _templ.size().width

D:\Libs\opencv\sources\modules\imgproc\src\sumpixels.cpp

D:\Libs\opencv\sources\modules\core\src\alloc.cpp

D:\Libs\opencv\sources\modules\core\src\matrix.cpp

m.dims >= 2

0 <= _rowRange.start && _rowRange.start <= _rowRange.end && _rowRange.end <= m.rows

0 <= _colRange.start && _colRange.start <= _colRange.end && _colRange.end <= m.cols

m.dims <= 2

0 <= roi.x && 0 <= roi.width && roi.x   roi.width <= m.cols && 0 <= roi.y && 0 <= roi.height && roi.y   roi.height <= m.rows

r == Range::all() || (0 <= r.start && r.start < r.end && r.end <= m.size[i])

COI is not supported by the function

0 <= i && i < (int)vv.size()

0 <= i && i < (int)v.size()

Unknown/unsupported array type

i < (int)vv.size()

(size_t)i < vv.size()

!fixedSize() || ((Mat*)obj)->size.operator()() == _sz

!fixedSize() || ((UMat*)obj)->size.operator()() == _sz

!fixedSize() || ((Mat*)obj)->size.operator()() == Size(_cols, _rows)

!fixedSize() || ((UMat*)obj)->size.operator()() == Size(_cols, _rows)

CV_MAT_TYPE(mtype) == m.type()

m.dims == d

m.size[j] == sizes[j]

d == 2 && ((sizes[0] == sz.height && sizes[1] == sz.width) || (allowTransposed && sizes[0] == sz.width && sizes[1] == sz.height))

!fixedSize() || len == vv.size()

Vectors with element size %d are not supported. Please, modify OutputArray::create()

v[j].empty()

i < (int)v.size()

checkScalar(value, type(), arr.kind(), _InputArray::CUDA_GPU_MAT)

_m.dims() <= 2

_src.dims() <= 2 && esz <= 32

src.size() == dst.size() && (src.cols == 1 || src.rows == 1)

dst.cols == dst.rows

m.dims <= 2 && m.rows == m.cols

_src.dims() <= 2

A.size == arrays[i0]->size

A.step[d-1] == A.elemSize()

%s:%d: error: (%d) %s in function %s

%s:%d: error: (%d) %s

OpenCV Error: %s (%s) in %s, file %s, line %d

Inplace operation is not supported

Input image depth is not supported by function

Unsupported format or combination of formats

Input COI is not supported

No CUDA support

No OpenGL support

Unknown %s code %d

D:\Libs\opencv\sources\modules\core\src\system.cpp

tlsKey != TLS_OUT_OF_INDEXES

cv::TLSContainerStorage::releaseKey

key_ >= 0

D:\Libs\opencv\sources\modules\core\src\convert.cpp

j < nsrcs && src[j].depth() == depth

i1 >= 0 && j < ndsts && dst[j].depth() == depth

D:\Libs\opencv\sources\modules\core\src\copy.cpp

mask.depth() == CV_8U && (mcn == 1 || mcn == cn)

size() == mask.size()

checkScalar(value, type(), _value.kind(), _InputArray::MAT )

mask.empty() || (mask.type() == CV_8U && size == mask.size)

Unknown/unsupported border type

src.depth() == dst.depth() && src.size == dst.size

(coi1 != 0 || src.channels() == 1) && (coi2 != 0 || dst.channels() == 1)

src.channels() == dst.channels()

D:\Libs\opencv\sources\modules\core\src\matop.cpp

CV_MAT_CN(_type) == e.a.channels()

Unknown operation

D:\Libs\opencv\sources\modules\core\src\arithm.cpp

The operation is neither 'array op array' (where arrays have the same size and type), nor 'array op scalar', nor 'scalar op array'

(mtype == CV_8U || mtype == CV_8S) && _mask.sameSize(*psrc1)

The operation is neither 'array op array' (where arrays have the same size and the same number of channels), nor 'array op scalar', nor 'scalar op array'

type2 == CV_64F && (sz2.height == 1 || sz2.height == 4)

(mtype == CV_8UC1 || mtype == CV_8SC1) && _mask.sameSize(*psrc1)

The operation is neither 'array op array' (where arrays have the same size and the same type), nor 'array op scalar', nor 'scalar op array'

D:\Libs\opencv\sources\modules\core\src\stat.cpp

mask.empty() || mask.type() == CV_8U

mask.empty() || mask.type() == CV_8UC1

dst.type() == CV_64F && dst.isContinuous() && (dst.cols == 1 || dst.rows == 1) && dcn >= cn

D:\Libs\opencv\sources\modules\core\src\mathfuncs.cpp

!)>D:\Libs\opencv\sources\modules\core\src\dxt.cpp

type == srcB.type() && srcA.size() == srcB.size()

D:\Libs\opencv\sources\modules\core\src\umatrix.cpp

D:\Libs\opencv\sources\modules\core\src\array.cpp

_dst.data == data0

NULL array pointer is passed

Unrecognized or unsupported array type

unrecognized or unsupported array type

Only continuous nD arrays are supported here

Unsupported format

rect.width >= 0 && rect.height >= 0 && rect.x < image->width && rect.y < image->height && rect.x   rect.width >= (int)(rect.width > 0) && rect.y   rect.height >= (int)(rect.height > 0)

D:\Libs\opencv\sources\modules\core\src\datastructs.cpp

D:\Libs\opencv\sources\modules\core\include\opencv2/core/private.cuda.hpp

The library is compiled without CUDA support

D:\Libs\opencv\sources\modules\core\src\opengl.cpp

The library is compiled without OpenGL support

OpenCL.dll

D:\Libs\opencv\sources\modules\core\src\matmul.cpp

type == B.type() && (type == CV_32FC1 || type == CV_64FC1 || type == CV_32FC2 || type == CV_64FC2)

a_size.width == len

a_size.height == len

C.type() == type && (((flags&GEMM_3_T) == 0 && C.rows == d_size.height && C.cols == d_size.width) || ((flags&GEMM_3_T) != 0 && C.rows == d_size.width && C.cols == d_size.height))

type == _src2.type()

src1.size == src2.size

src.channels() == 1

delta.channels() == 1 && (delta.rows == src.rows || delta.rows == 1) && (delta.cols == src.cols || delta.cols == 1)

D:\Libs\opencv\sources\modules\core\src\lapack.cpp

type == _src2.type() && (type == CV_32F || type == CV_64F)

(method != DECOMP_LU && method != DECOMP_CHOLESKY) || is_normal || src.rows == src.cols

src.rows == src.cols

w.type() == u.type() && u.type() == vt.type() && u.data && vt.data && w.data

u.cols >= nm && vt.rows >= nm && (w.size() == Size(nm, 1) || w.size() == Size(1, nm) || w.size() == Size(vt.rows, u.cols))

rhs.data == 0 || (rhs.type() == type && rhs.rows == m)

D:\Libs\opencv\sources\modules\core\src\persistence.cpp

-.Inf

An attempt to add element without a key to a map, or add element with key to sequence

The key is an empty

The key is too long

Key must start with a letter or _

Key names may only contain alphanumeric characters [a-zA-Z0-9], '-', '_' and ' '

Key should start with a letter or _

Key name may only contain alphanumeric characters [a-zA-Z0-9], '-' and '_'

elements with keys can not be written to sequence

Images with planar data layout are not supported

2if%s

ß%s

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

0123456789-

%b %d %H : %M : %S %Y

%m / %d / %y

%I : %M : %S %p

%d / %m / %y

The repeat operator "*" cannot start a regular expression.

The repeat operator "?" cannot start a regular expression.

The repeat operator " " cannot start a regular expression.

Found a closing repetition operator } with no corresponding {.

Can't terminate a sub-expression with an alternation operator |.

The \c and \C escape sequences are not supported by POSIX basic regular expressions: try the Perl syntax instead.

A regular expression can start with the alternation operator |.

Invalid alternation operators within (?...) block.

More than one alternation operator | was encountered inside a conditional expression.

Alternation operators are not allowed inside a DEFINE block.

A repetition operator cannot be applied to a zero-width assertion.

left-curly-bracket

right-curly-bracket

0123456789

Unmatched quantified repeat operator { or \{.

Invalid preceding regular expression prior to repetition operator.

boost::filesystem::directory_iterator::operator  

boost thread: trying joining itself

Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag

libs\log\src\code_conversion.cpp

libs\log\src\global_logger_storage.cpp

libs\log\src\attribute_name.cpp

[u-u-u u:u:u.u] [%s] %s %s

[u-u-u u:u:u.u] [%s] %s %ls

libs\log\src\thread_specific.cpp

Resource.cpp

%Y-%m-%d %H:%M:%S

en_US.UTF-8

log_ng.cpp

mailru::log_ng::ExecutionTimeLogger::~ExecutionTimeLogger

is_admin.cpp

c:\desktop_apps\sputniklib\auto_handle.hpp

process_enumerate.cpp

GetModuleFileNameEx succeed %s

Path.cpp

remote_config.cpp

string.cpp

version_info.cpp

AccountInfo.cpp

mailru::sqlite::database::database

sqlite.cpp

<>"#%{}|\^~[] ?&@=:,

hXXp://

hXXps://

process_util.cpp

unzip.cpp

filesystem_utils.cpp

mailru::firefox_js_core::load_prefs_js

firefox_js.cpp

!"#$%&'(

)* ,-./0123

encryption.cpp

testing_env.cpp

SessionsInfo.cpp

mailru::WaitForUserLogIn

Suggest URL

mailru::opera::searchini::save

opera_searchini.cpp

sync_objects.cpp

uninstall_manager.cpp

mailru::url_parser::init

url_parser.cpp

system_info\system_info_collector.cpp

crash_handler.cpp

shortcut.cpp

thread.entry_event

thread.exit_event

mailru::http::request_headers::get_header

C:\desktop_apps\SputnikLib/http_downloader.h

HTTP/1.1

^HTTP/1.1 (\d ) (. )

mailru::http::response_headers::response_headers

mailru::http::response_headers::get_file_time

http_downloader.cpp

mailru::http::downloader_impl::connection_data_file::~connection_data_file

mailru::http::downloader_impl::handle_read_headers

mailru::http::raw::downloader::fetch_file_attributes

HTTP error %2%: %3%

mailru::http::fetch_wstring_via_tempfile

system_info\system_info.cpp

s-sputnik.mail.ru

hXXps://VVV.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Certificate_Authority.pem

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

255.255.255.255

asio.ssl

asio.ssl error

add_certificate_authority

https

HTTP error:

caching_policy.cpp

task_scheduler.cpp

Line %d, Column %d

Visual C   CRT: Not enough memory to complete call to strerror.

%S#[k

?#%X.y

MaxPolicyElementKey

Operation not permitted

Inappropriate I/O control operation

Broken pipe

operator

GetProcessWindowStation

pExecutionResource

SQLite format 3

3.7.11

REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY

CREATE TABLE sqlite_master(

sql text

CREATE TEMP TABLE sqlite_temp_master(

foreign_keys

sqlite_rename_table

sqlite_rename_trigger

sqlite_rename_parent

sqlite_stat1

SQL logic error or missing database

unknown operation

large file support is disabled

RowKey

sqlite_detach

sqlite_attach

sqlite_version

sqlite_source_id

sqlite_log

sqlite_compileoption_used

sqlite_compileoption_get

SQLITE_

d-d-d d:d:d

d:d:d

d-d-d

failed to allocate %u bytes of memory

failed memory resize %u to %u bytes

922337203685477580

API call with %s database connection pointer

OsError 0x%x (%u)

os_win.c:%d: (%d) %s(%s) - %s

delayed %dms for lock/sharing conflict

%s-shm

%s\etilqs_

Recovered %d frames from WAL file %s

cannot limit WAL size: %s

invalid page number %d

2nd reference to page %d

Failed to read ptrmap key=%d

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

%d of %d pages missing from overflow list starting at %d

failed to get page %d

freelist leaf count too big on page %d

Page %d:

unable to get the page. error code=%d

btreeInitPage() returns error code %d

On tree page %d cell %d:

On page %d at right child:

Corruption detected in cell %d on page %d

Multiple uses for byte %d of page %d

Fragmentation of %d bytes reported as %d on page %d

Page %d is never used

Pointer map page %d is referenced

Outstanding page count goes from %d to %d during this analysis

unknown database %s

keyinfo(%d

%s(%d)

%s-mjXXXXXX9XXz

MJ delete: %s

MJ collide: %s

-mjX9X

foreign key constraint failed

unable to use function %s in the requested context

bind on a busy prepared statement: [%s]

zeroblob(%d)

abort at %d in [%s]: %s

constraint failed at %d in [%s]

cannot open savepoint - SQL statements in progress

no such savepoint: %s

cannot release savepoint - SQL statements in progress

cannot commit transaction - SQL statements in progress

sqlite_temp_master

sqlite_master

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid

cannot change %s wal mode from within a transaction

database table is locked: %s

statement aborts at %d: [%s] %s

cannot open value of type %s

cannot open virtual table: %s

cannot open view: %s

no such column: "%s"

foreign key

indexed

cannot open %s column for writing

misuse of aliased aggregate %s

%s: %s.%s.%s

%s: %s.%s

%s: %s

not authorized to use function: %s

%r %s BY term out of range - should be between 1 and %d

too many terms in %s BY clause

Expression tree is too large (maximum depth %d)

variable number must be between ?1 and ?%d

too many SQL variables

too many columns in %s

EXECUTE %s%s SUBQUERY %d

misuse of aggregate: %s()

%.*s"%w"%s

%s%.*s"%w"

%s OR name=%Q

type='trigger' AND (%s)

sqlite_

table %s may not be altered

there is already another table or index with this name: %s

view %s may not be altered

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

sqlite_sequence

UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

Cannot add a PRIMARY KEY column

UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q

sqlite_altertab_%s

CREATE TABLE %Q.%s(%s)

DELETE FROM %Q.%s WHERE %s=%Q

SELECT tbl,idx,stat FROM %Q.sqlite_stat1

invalid name: "%s"

too many attached databases - max %d

database %s is already in use

unable to open database: %s

no such database: %s

cannot detach database %s

database %s is locked

%s %T cannot reference objects in database %s

access to %s.%s.%s is prohibited

access to %s.%s is prohibited

object name reserved for internal use: %s

there is already an index named %s

too many columns on %s

duplicate column name: %s

default value of column [%s] is not constant

table "%s" has more than one primary key

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

no such collation sequence: %s

CREATE %s %.*s

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d

CREATE TABLE %Q.sqlite_sequence(name,seq)

view %s is circularly defined

UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d

sqlite_stat%d

DELETE FROM %Q.sqlite_sequence WHERE name=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

sqlite_stat

table %s may not be dropped

use DROP TABLE to delete table %s

use DROP VIEW to delete view %s

foreign key on %s should reference only one column of table %T

number of columns in foreign key does not match the number of columns in the referenced table

unknown column "%s" in foreign key definition

indexed columns are not unique

table %s may not be indexed

views may not be indexed

virtual tables may not be indexed

there is already a table named %s

index %s already exists

sqlite_autoindex_%s_%d

table %s has no column named %s

CREATE%s INDEX %.*s

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);

no such index: %S

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

DELETE FROM %Q.%s WHERE name=%Q AND type='index'

a JOIN clause is required before %s

unable to identify the object to be reindexed

table %s may not be modified

cannot modify %s because it is a view

foreign key mismatch

table %S has %d columns but %d values were supplied

%d values for %d columns

table %S has no column named %s

%s.%s may not be NULL

PRIMARY KEY must be unique

sqlite3_extension_init

unable to open shared library [%s]

no entry point [%s] in shared library [%s]

error during initialization: %s

automatic extension loading failed: %s

foreign_key_list

*** in database %s ***

unsupported encoding: %s

malformed database schema (%s)

%s - %s

unsupported file format

SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid

database schema is locked: %s

unknown or unsupported join type: %T %T%s%T

RIGHT and FULL OUTER JOINs are not currently supported

a NATURAL join may not have an ON or USING clause

cannot have both ON and USING clauses in the same join

cannot join using column %s - column not present in both tables

USE TEMP B-TREE FOR %s

COMPOUND SUBQUERIES %d AND %d %s(%s)

%s.%s

%s:%d

ORDER BY clause should come after %s not before

LIMIT clause should come after %s not before

SELECTs to the left and right of %s do not have the same number of result columns

no such index: %s

sqlite_subquery_%p_

no such table: %s

SCAN TABLE %s %s%s(~%d rows)

sqlite3_get_table() called with two or more incompatible queries

cannot create %s trigger on view: %S

cannot create INSTEAD OF trigger on table: %S

INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')

no such trigger: %S

-- TRIGGER %s

no such column: %s

cannot VACUUM - SQL statements in progress

PRAGMA vacuum_db.synchronous=OFF

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d

vtable constructor failed: %s

vtable constructor did not declare schema: %s

no such module: %s

table %s: xBestIndex returned an invalid plan

%s SUBQUERY %d

%s TABLE %s

%s AS %s

%s USING %s%sINDEX%s%s%s

%s USING INTEGER PRIMARY KEY

%s (rowid=?)

%s (rowid>? AND rowid<?)

%s (rowid>?)

%s (rowid<?)

%s VIRTUAL TABLE INDEX %d:%s

%s (~%lld rows)

at most %d tables in a join

cannot use index: %s

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

unable to close due to unfinished backup operation

unknown database: %s

no such %s mode: %s

%s mode not allowed: %s

no such vfs: %s

database corruption at line %d of [%.10s]

misuse at line %d of [%.10s]

cannot open file at line %d of [%.10s]

c:\desktop_apps\3party\ticpp\ticpp.h

ticpp.cpp

Type is unsupported

&#xX;

</%s>

%s="%s"

%s='%s'

<!--%s-->

<![CDATA[%s]]>

version="%s"

encoding="%s"

standalone="%s"

type="%s"

href="%s"

unsupported version

.UTF-8

.windows-

windows1250

windows1251

windows1252

windows1253

windows1254

windows1255

windows1256

windows1257

windows874

windows932

windows936

Invalid or unsupported charset:

1.2.5

<fd:%d>

deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler

inflate 1.2.5 Copyright 1995-2010 Mark Adler

RSA PRIVATE KEY

PUBLIC KEY

DSA PRIVATE KEY

EC PRIVATE KEY

NETSCAPE_CERT_SEQUENCE

RIPE-MD160 part of OpenSSL 1.0.0g 18 Jan 2012

SHA part of OpenSSL 1.0.0g 18 Jan 2012

MD4 part of OpenSSL 1.0.0g 18 Jan 2012

CAST part of OpenSSL 1.0.0g 18 Jan 2012

Blowfish part of OpenSSL 1.0.0g 18 Jan 2012

:RC2 part of OpenSSL 1.0.0g 18 Jan 2012

.pp@0

aEÐ

 (#EÚ

ÚE<<0

IDEA part of OpenSSL 1.0.0g 18 Jan 2012

libdes part of OpenSSL 1.0.0g 18 Jan 2012

DES part of OpenSSL 1.0.0g 18 Jan 2012

3OpenSSL 1.0.0g 18 Jan 2012

GOST signature length is %d

.\ssl\ssl_cert.c

%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s

EXPORT56

EXPORT40

EXPORT

wrong number of key bits

unsupported status type

unsupported ssl version

unsupported protocol

unsupported elliptic curve

unsupported digest type

unsupported compression algorithm

unsupported cipher

unknown pkey type

unknown key exchange type

unknown certificate type

unable to find public key parameters

unable to extract public key

unable to decode ecdh certs

unable to decode dh certs

tried to use unsupported cipher

tls peer did not respond with certificate list

tls client cert req with anon cipher

tlsv1 unsupported extension

tlsv1 certificate unobtainable

tlsv1 bad certificate status response

tlsv1 bad certificate hash value

tlsv1 alert export restriction

sslv3 alert unsupported certificate

sslv3 alert no certificate

sslv3 alert certificate unknown

sslv3 alert certificate revoked

sslv3 alert certificate expired

sslv3 alert bad certificate

signature for non signing certificate

reuse cert type not zero

reuse cert length not zero

public key not rsa

public key is not rsa

public key encrypt error

peer error unsupported certificate type

peer error no certificate

peer error certificate

peer did not return a certificate

null ssl method passed

no publickey

no private key assigned

no privatekey

Peer haven't sent GOST certificate, required for selected ciphersuite

no client cert received

no client cert method

no ciphers passed

no certificate specified

no certificate set

no certificate returned

no certificate assigned

no certificates returned

missing tmp rsa pkey

missing tmp rsa key

missing tmp ecdh key

missing tmp dh key

missing rsa signing cert

missing rsa encrypting cert

missing rsa certificate

missing export tmp rsa key

missing export tmp dh key

missing dsa signing cert

missing dh rsa cert

missing dh key

missing dh dsa cert

krb5 server rd_req (keytab perms?)

key arg too long

invalid ticket keys length

http request

https proxy request

error generating tmp rsa key

ecc cert should have sha1 signature

ecc cert should have rsa signature

ecc cert not for signing

ecc cert not for key agreement

cert length mismatch

certificate verify failed

bad ecc cert

bad dh pub key length

TLS1_SETUP_KEY_BLOCK

tls1_cert_verify_mac

SSL_VERIFY_CERT_CHAIN

SSL_use_RSAPrivateKey_file

SSL_use_RSAPrivateKey_ASN1

SSL_use_RSAPrivateKey

SSL_use_PrivateKey_file

SSL_use_PrivateKey_ASN1

SSL_use_PrivateKey

SSL_use_certificate_file

SSL_use_certificate_ASN1

SSL_use_certificate

SSL_SET_PKEY

SSL_SET_CERT

SSL_SESS_CERT_NEW

SSL_GET_SIGN_PKEY

SSL_GET_SERVER_SEND_CERT

SSL_CTX_use_RSAPrivateKey_file

SSL_CTX_use_RSAPrivateKey_ASN1

SSL_CTX_use_RSAPrivateKey

SSL_CTX_use_PrivateKey_file

SSL_CTX_use_PrivateKey_ASN1

SSL_CTX_use_PrivateKey

SSL_CTX_use_certificate_file

SSL_CTX_use_certificate_chain_file

SSL_CTX_use_certificate_ASN1

SSL_CTX_use_certificate

SSL_CTX_set_client_cert_engine

SSL_CTX_check_private_key

SSL_CHECK_SRVR_ECC_CERT_AND_ALG

SSL_check_private_key

SSL_CERT_NEW

SSL_CERT_INSTANTIATE

SSL_CERT_INST

SSL_CERT_DUP

SSL_add_file_cert_subjects_to_stack

SSL_add_dir_cert_subjects_to_stack

SSL3_SETUP_KEY_BLOCK

SSL3_SEND_SERVER_KEY_EXCHANGE

SSL3_SEND_SERVER_CERTIFICATE

SSL3_SEND_CLIENT_KEY_EXCHANGE

SSL3_SEND_CLIENT_CERTIFICATE

SSL3_SEND_CERTIFICATE_REQUEST

SSL3_OUTPUT_CERT_CHAIN

SSL3_GET_SERVER_CERTIFICATE

SSL3_GET_KEY_EXCHANGE

SSL3_GET_CLIENT_KEY_EXCHANGE

SSL3_GET_CLIENT_CERTIFICATE

SSL3_GET_CERT_VERIFY

SSL3_GET_CERT_STATUS

SSL3_GET_CERTIFICATE_REQUEST

SSL3_GENERATE_KEY_BLOCK

SSL3_CHECK_CERT_AND_ALGORITHM

SSL3_ADD_CERT_TO_BUF

SSL2_SET_CERTIFICATE

SSL2_GENERATE_KEY_MATERIAL

REQUEST_CERTIFICATE

GET_CLIENT_MASTER_KEY

DTLS1_SEND_SERVER_KEY_EXCHANGE

DTLS1_SEND_SERVER_CERTIFICATE

DTLS1_SEND_CLIENT_KEY_EXCHANGE

DTLS1_SEND_CLIENT_CERTIFICATE

DTLS1_SEND_CERTIFICATE_REQUEST

DTLS1_OUTPUT_CERT_CHAIN

DTLS1_ADD_CERT_TO_BUF

CLIENT_MASTER_KEY

CLIENT_CERTIFICATE

SSLv2 part of OpenSSL 1.0.0g 18 Jan 2012

s->session->master_key_length >= 0 && s->session->master_key_length < (int)sizeof(s->session->master_key)

c->iv_len <= (int)sizeof(s->session->key_arg)

s->s2->key_material_length <= sizeof s->s2->key_material

SSLv3 part of OpenSSL 1.0.0g 18 Jan 2012

TLSv1 part of OpenSSL 1.0.0g 18 Jan 2012

os.length <= (int)sizeof(ret->session_id)

DTLSv1 part of OpenSSL 1.0.0g 18 Jan 2012

key expansion

client write key

server write key

%s:%d: rec->data != rec->input

libs\log\src\text_file_backend.cpp

%H:%M:%S.%f

.\crypto\engine\eng_pkey.c

Load certs from files in a directory

%s%clx.%s%d

unsupported type

unsupported recpientinfo type

unsupported recipient type

unsupported kek algorithm

unsupported content type

signer certificate not found

private key does not match certificate

no public key

no private key

no msgsigdigest

no key or cert

no key

not supported for this key type

not key transport

msgsigdigest wrong length

msgsigdigest verification failure

msgsigdigest error

invalid key length

invalid encrypted key length

error setting key

error getting public key

certificate verify error

certificate has no keyid

certificate already present

CMS_SIGNERINFO_VERIFY_CERT

CMS_RecipientInfo_set0_pkey

CMS_RecipientInfo_set0_key

CMS_RecipientInfo_ktri_cert_cmp

cms_msgSigDigest_add1

CMS_GET0_CERTIFICATE_CHOICES

CMS_EncryptedData_set1_key

CMS_decrypt_set1_pkey

CMS_decrypt_set1_key

CMS_add1_recipient_cert

CMS_add0_recipient_key

CMS_add0_cert

unsupported requestorname type

no certificates in chain

error parsing url

PARSE_HTTP_LINE1

OCSP_parse_url

OCSP_cert_id_new

unimplemented public key method

invalid cmd number

invalid cmd name

failed loading public key

failed loading private key

cmd not executable

ENGINE_UNLOAD_KEY

ENGINE_load_ssl_client_cert

ENGINE_load_public_key

ENGINE_load_private_key

ENGINE_get_pkey_meth

ENGINE_get_pkey_asn1_meth

ENGINE_ctrl_cmd_string

ENGINE_ctrl_cmd

ENGINE_cmd_is_executable

unsupported md algorithm

invalid signer certificate purpose

ess signing certificate error

ess add signing cert error

TS_VERIFY_CERT

TS_TST_INFO_set_msg_imprint

TS_RESP_CTX_set_signer_cert

TS_RESP_CTX_set_certs

TS_REQ_set_msg_imprint

TS_MSG_IMPRINT_set_algo

TS_CHECK_SIGNING_CERTS

ESS_SIGNING_CERT_NEW_INIT

ESS_CERT_ID_NEW_INIT

ESS_ADD_SIGNING_CERT

functionality not supported

WIN32_JOINER

unsupported pkcs12 mode

key gen error

PKCS8_add_keyusage

PKCS12_PBE_keyivgen

PKCS12_newpass

PKCS12_MAKE_SHKEYBAG

PKCS12_MAKE_KEYBAG

PKCS12_key_gen_uni

PKCS12_key_gen_asc

PKCS12_add_localkeyid

unsupported option

unable to get issuer keyid

policy syntax not currently supported

operation not defined

no proxy cert policy language defined

no issuer certificate

extension setting not supported

V2I_EXTENDED_KEY_USAGE

V2I_AUTHORITY_KEYID

S2I_SKEY_ID

S2I_ASN1_SKEY_ID

R2I_CERTPOL

unsupported cipher type

unable to find certificate

signing not supported for this key type

operation not supported on this type

no recipient matches key

no recipient matches certificate

encryption not supported for this key type

decrypted key is wrong length

PKCS7_add_certificate

unsupported method

no port specified

no port defined

no accept port specified

BIO_get_port

ECDH_compute_key

data too large for key size

unsupported field

passed null parameter

not a supported NIST prime

missing private key

keys not set

invalid private key

PKEY_EC_SIGN

PKEY_EC_PARAMGEN

PKEY_EC_KEYGEN

PKEY_EC_DERIVE

PKEY_EC_CTRL_STR

PKEY_EC_CTRL

o2i_ECPublicKey

i2o_ECPublicKey

i2d_ECPrivateKey

EC_KEY_print_fp

EC_KEY_print

EC_KEY_new

EC_KEY_generate_key

EC_KEY_copy

EC_KEY_check_key

ECKEY_TYPE2PARAM

ECKEY_PUB_ENCODE

ECKEY_PUB_DECODE

ECKEY_PRIV_ENCODE

ECKEY_PRIV_DECODE

ECKEY_PARAM_DECODE

ECKEY_PARAM2TYPE

DO_EC_KEY_PRINT

d2i_ECPrivateKey

zlib not supported

wrong public key type

unsupported public key type

unsupported encryption algorithm

unsupported any defined by type

unknown public key type

unable to decode rsa private key

unable to decode rsa key

streaming not supported

private key header missing

digest and key type not supported

bad password read

X509_PKEY_new

i2d_RSA_PUBKEY

i2d_PublicKey

i2d_PrivateKey

i2d_EC_PUBKEY

i2d_DSA_PUBKEY

d2i_X509_PKEY

d2i_PublicKey

d2i_PrivateKey

d2i_AutoPrivateKey

unsupported algorithm

unknown key type

unable to get certs public key

public key encode error

public key decode error

no cert set for us to verify

method not supported

loading cert dir

key values mismatch

key type mismatch

cert already in hash table

cant check dh key

X509_verify_cert

X509_STORE_add_cert

X509_REQ_check_private_key

X509_PUBKEY_set

X509_PUBKEY_get

X509_load_cert_file

X509_load_cert_crl_file

X509_get_pubkey_parameters

X509_check_private_key

GET_CERT_BY_SUBJECT

ADD_CERT_DIR

PKEY_DSA_KEYGEN

PKEY_DSA_CTRL

unsupported key components

unsupported encryption

read key

public key no rsa

problems getting password

keyblob too short

keyblob header parse error

expecting public key blob

expecting private key blob

error converting private key

PEM_WRITE_PRIVATEKEY

PEM_READ_PRIVATEKEY

PEM_READ_BIO_PRIVATEKEY

PEM_PK8PKEY

PEM_F_PEM_WRITE_PKCS8PRIVATEKEY

DO_PK8PKEY_FP

DO_PK8PKEY

d2i_PKCS8PrivateKey_fp

d2i_PKCS8PrivateKey_bio

unsupported salt type

unsupported private key algorithm

unsupported prf

unsupported key size

unsupported key derivation function

unsupported keylength

unsuported number of rounds

private key encode error

private key decode error

operaton not initialized

operation not supported for this keytype

no operation set

no key set

keygen failure

invalid operation

expecting a ec key

expecting a ecdsa key

expecting a dsa key

expecting a dh key

expecting an rsa key

different key types

ctrl operation not implemented

command not supported

camellia key setup failed

bn pubkey error

bad key length

aes key setup failed

PKEY_SET_TYPE

PKCS5_v2_PBE_keyivgen

PKCS5_PBE_keyivgen

EVP_PKEY_verify_recover_init

EVP_PKEY_verify_recover

EVP_PKEY_verify_init

EVP_PKEY_verify

EVP_PKEY_sign_init

EVP_PKEY_sign

EVP_PKEY_paramgen_init

EVP_PKEY_paramgen

EVP_PKEY_new

EVP_PKEY_keygen_init

EVP_PKEY_keygen

EVP_PKEY_get1_RSA

EVP_PKEY_get1_EC_KEY

EVP_PKEY_GET1_ECDSA

EVP_PKEY_get1_DSA

EVP_PKEY_get1_DH

EVP_PKEY_encrypt_old

EVP_PKEY_encrypt_init

EVP_PKEY_encrypt

EVP_PKEY_derive_set_peer

EVP_PKEY_derive_init

EVP_PKEY_derive

EVP_PKEY_decrypt_old

EVP_PKEY_decrypt_init

EVP_PKEY_decrypt

EVP_PKEY_CTX_dup

EVP_PKEY_CTX_ctrl_str

EVP_PKEY_CTX_ctrl

EVP_PKEY_copy_parameters

EVP_PKEY2PKCS8_broken

EVP_PKCS82PKEY_BROKEN

EVP_PKCS82PKEY

EVP_CIPHER_CTX_set_key_length

ECKEY_PKEY2PKCS8

ECDSA_PKEY2PKCS8

DSA_PKEY2PKCS8

DSAPKEY2PKCS8

D2I_PKEY

CAMELLIA_INIT_KEY

AES_INIT_KEY

invalid public key

PKEY_DH_KEYGEN

PKEY_DH_DERIVE

GENERATE_KEY

COMPUTE_KEY

rsa operations not supported

key size too small

invalid keybits

illegal or unsupported padding mode

digest too big for rsa key

data too small for key size

RSA_generate_key

RSA_check_key

RSA_BUILTIN_KEYGEN

PKEY_RSA_VERIFYRECOVER

PKEY_RSA_SIGN

PKEY_RSA_CTRL_STR

PKEY_RSA_CTRL

.\crypto\asn1\x_pkey.c

C:\desktop_apps\_out\MailRuUpdater.pdb

MailRuUpdater.exe

??0?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@QAE@XZ

??0?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@QAE@XZ

??0?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@QAE@XZ

??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@XZ@51

??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@XZ@51

??_B?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@XZ@51

??_B?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51

??_B?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ@51

??_B?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ@51

?get_const_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@XZ

?get_const_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@SAABV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@XZ

?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_const_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ

?get_const_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@SAABV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@XZ

?get_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@XZ

?get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@XZ

?get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@XZ

?get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@XZ

?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ

?instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@23@A

?instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@23@A

?instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@0AAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@23@A

?instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@A

?instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@A

?instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@A

?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A

?instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@3@A

?instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@3@A

?instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@0AAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@3@A

?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ

?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z

?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z

?load_object_data@?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z

?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

?save_object_data@?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@detail@34@A

?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@detail@34@A

?t@?1??get_instance@?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@CAAAV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@34@XZ@4V?$singleton_wrapper@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@detail@34@A

?t@?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A

?t@?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@634@A

?t@?1??get_instance@?$singleton@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@serialization@boost@@CAAAV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@4@XZ@4V?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@634@A

GetProcessHeap

KERNEL32.dll

SetWindowsHookExW

UnhookWindowsHookEx

USER32.dll

GDI32.dll

RegCloseKey

RegCreateKeyExW

RegDeleteKeyW

RegEnumKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

ReportEventA

ADVAPI32.dll

FindExecutableW

ShellExecuteW

SHELL32.dll

ole32.dll

OLEAUT32.dll

SHLWAPI.dll

COMCTL32.dll

WS2_32.dll

PSAPI.DLL

USERENV.dll

WTSAPI32.dll

CRYPT32.dll

VERSION.dll

CreateIoCompletionPort

GetCPInfo

ShellExecuteExW

CoInternetParseUrl

urlmon.dll

PeekNamedPipe

-----BEGIN PUBLIC KEY-----

-----END PUBLIC KEY-----

zcÁ

.?AV?$_Ref_count_obj@VAuditGoogleChrome@mailru@@@std@@

.?AV?$_Ref_count_obj@VAuditFirefox@mailru@@@std@@

.?AVAuditFirefox@mailru@@

.?AVCheckerFirefox@AuditFirefox@mailru@@

.?AVCheckerHomepageFirefox@AuditFirefox@mailru@@

.?AVCheckerDefaultSearchFirefox@AuditFirefox@mailru@@

.?AVCheckerVbmFirefox@AuditFirefox@mailru@@

.?AV?$_Ref_count_obj@VCheckerHomepageFirefox@AuditFirefox@mailru@@@std@@

.?AV?$_Ref_count_obj@VCheckerDefaultSearchFirefox@AuditFirefox@mailru@@@std@@

.?AV?$_Ref_count_obj@VCheckerVbmFirefox@AuditFirefox@mailru@@@std@@

.?AVAuditGoogleChrome@mailru@@

.?AVCheckerCh@AuditGoogleChrome@mailru@@

.?AVCheckerHomepageCh@AuditGoogleChrome@mailru@@

.?AVCheckerDefaultSearchCh@AuditGoogleChrome@mailru@@

.?AVCheckerVbmCh@AuditGoogleChrome@mailru@@

.?AV?$_Ref_count_obj@VCheckerHomepageCh@AuditGoogleChrome@mailru@@@std@@

.?AV?$_Ref_count_obj@VCheckerDefaultSearchCh@AuditGoogleChrome@mailru@@@std@@

.?AV?$_Ref_count_obj@VCheckerVbmCh@AuditGoogleChrome@mailru@@@std@@

.?AV?$_Func_base@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_8b00b026c9439ae5ee123b07f29330c6>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_d67d694cf66593a3e1cbe5e0ac457329>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AVsettings@firefox@mailru@@

.?AVvisual_bookmarks@firefox@mailru@@

.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_852549d506963e7e0155e6efc072a19d>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_8f47c682880de3b4c07e24e1559f18fc>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AV?$thread_data@V?$bind_t@XV?$mf0@XVRemoteTasksExecuter@mailru@@@_mfi@boost@@V?$list1@V?$value@PAVRemoteTasksExecuter@mailru@@@_bi@boost@@@_bi@3@@_bi@boost@@@detail@boost@@

.?AV?$thread_data@V?$bind_t@XV?$mf1@XVRemoteTasksExecuter@mailru@@ABV?$shared_ptr@VTaskInterface@mailru@@@std@@@_mfi@boost@@V?$list2@V?$value@PAVRemoteTasksExecuter@mailru@@@_bi@boost@@V?$value@V?$shared_ptr@VTaskInterface@mailru@@@std@@@23@@_bi@3@@_bi@boost@@@detail@boost@@

.?AVTaskOneTimeWithChromeAutorunPatch@mailru@@

.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_36e85ead181c17858a3fd5b6f23c888c>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_d71f87b5d93256d8ef11999b81c97114>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AV?$_Func_impl@U?$_Callable_obj@V<lambda_ff52a01b8c5e4b0628fdb56e2a8b3e6f>@@$0A@@std@@V?$allocator@V?$_Func_class@XPAV?$reg_keyT@$00@mailru@@@std@@@2@XPAV?$reg_keyT@$00@mailru@@@std@@

.?AVwindows_file_codecvt@@

.PAUattribute_name_info_tag@v2s_mt_nt5@log@boost@@

.?AVexception@sqlite@mailru@@

.?AV?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@

.?AU?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@

.?AUProcessKey@sysinfo@mailru@@

.?AV?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@

.?AV?$singleton@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@serialization@boost@@

.?AV?$singleton_wrapper@V?$extended_type_info_typeid@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@serialization@boost@@@detail@serialization@boost@@

.?AV?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@V?$map@UProcessKey@sysinfo@mailru@@UProcessInfo@23@U?$less@UProcessKey@sysinfo@mailru@@@std@@V?$allocator@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@6@@std@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@

.?AV?$singleton@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@serialization@boost@@

.?AV?$singleton_wrapper@V?$extended_type_info_typeid@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@serialization@boost@@@detail@serialization@boost@@

.?AV?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@U?$pair@$$CBUProcessKey@sysinfo@mailru@@UProcessInfo@23@@std@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$oserializer@Vtext_woarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@

.?AV?$singleton@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@serialization@boost@@

.?AV?$singleton_wrapper@V?$extended_type_info_typeid@UProcessKey@sysinfo@mailru@@@serialization@boost@@@detail@serialization@boost@@

.?AV?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@

.?AV?$singleton_wrapper@V?$iserializer@Vtext_wiarchive@archive@boost@@UProcessKey@sysinfo@mailru@@@detail@archive@boost@@@detail@serialization@boost@@

.?AV?$typeid_wrapper@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@

.?AV?$typeid_wrapper@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@

.?AV?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@

.?AV?$service_base@V?$stream_socket_service@Vtcp@ip@asio@boost@@@asio@boost@@@detail@asio@boost@@

.?AV?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@

.?AV?$service_base@V?$resolver_service@Vtcp@ip@asio@boost@@@ip@asio@boost@@@detail@asio@boost@@

.?AVconnection_data@downloader_impl@http@mailru@@

.?AVconnection_data_file@downloader_impl@http@mailru@@

.?AVconnection_data_string@downloader_impl@http@mailru@@

.?AV?$_Ref_count@V?$vector@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@V?$allocator@V?$basic_resolver_entry@Vtcp@ip@asio@boost@@@ip@asio@boost@@@std@@@std@@@std@@

.?AV?$sp_counted_impl_p@Vdownload_limitation@downloader_impl@http@mailru@@@detail@boost@@

.?AV?$sp_counted_impl_p@Vconnection_data_file@downloader_impl@http@mailru@@@detail@boost@@

.?AV?$sp_counted_impl_p@Vconnection_data_string@downloader_impl@http@mailru@@@detail@boost@@

.?AVinvalid_scheduler_policy_key@Concurrency@@

.?AVinvalid_operation@Concurrency@@

.?AVunsupported_os@Concurrency@@

.?AVinvalid_oversubscribe_operation@Concurrency@@

.?AUITopologyExecutionResource@Concurrency@@

.?AUIExecutionContext@Concurrency@@

.?AVExecutionResource@details@Concurrency@@

.?AUIExecutionResource@Concurrency@@

Inappropriate I/O control opera

<requestedExecutionLevel level='asInvoker' uiAccess='false' />

<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*' />

< <$<(<,<

0 0$0(0,0

313C3O3a3m3r3

0%0s0

343f3

8:X:#;i;n;};

8(8&:5:_:

;";';&<5<[<

9%9U9u9

3?4X4

8œ9h9

:&:;:@:{:

4"414&585

0"0)00090

3%3s3

2/2x2c3}3

9$9(9,90949

878<8[8`8

77R7c7o7v7

5#6-676\6

8 8%8*888

? ?$?(?,?0?4?8?

8 8$8(8,8&9

2%3u3z3

9 9$9(9,9

5 5$5(5,50545~5

6$6,666<6

2"2(22282*323

2#20262=2^2

5"=)=2=9=

708}8!:(:

7 7-787@7_7

1 1$1(1,1

0'0-020@0

3#323@3#525@5

: :$:(:,:0:4:

5,5054585<5@5

3 3$3(3,3034383<3

5 5$5(5,50545

4 4$4(4,484<4

6 6$6(6,6064686<6

8 8$8(8,8084888<8

9(9,90949|9

=@>\>`>|>

< <$<0<@<

> >$>(>,>0>4>8><>

8 8$8(8,808

? ?$?(?,?0?4?8?<?

1 1$1(1,101

6 6$6(6,6064686<6@6

8 8$8(8,8084888<8@8

1 1$1(1,1014181<1@1

6 6$6(6,6

2$2,282\2|2

7,787@7`7

2,282\2|2

3 3(343\3

7,787\7|7

:,:8:@:`:

?(?4?<?\?

>$>,>8>\>|>

;(;4;<;\;

1$1,181`1

0 0(040\0

1 1(1,1|1

2 202@2`2

> >$>(>,>0>|>

praetorian.exe

qipguard.exe

BrowserManager.exe

BrowserManagerGUI.exe

QHActiveDefense.exe

QHSafeTray.exe.exe

QHWatchdog.exe

GuardMailRu.exe

JMail.Ru\Sputnik\Report

hXXp://xml.binupdate.mail.ru/audit_config.mrdj

Start new check operation

o failed to parse. New report Created

restore mail.ru for:

operation_type

checker->Check failed, msg =

hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj

hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj successfully fetched

FFExtensions/FFVbm/Url

Hp/Url

Dse/Url

Vbm/Url

Google\Chrome\User Data\Safe Browsing Extension Blacklist

Advapi32.dll

MGoogle/Chrome/User Data

Google/Chrome/Application

Software\Policies\Google\Chrome

hXXp://xml.binupdate.mail.ru/ext_storage.mrdj

Google Chrome

Google/Chrome/User Data/Default

Google/Chrome/Application/chrome.exe

Software/Google/Chrome/BLBeacon

URLS

manifest.json

sqlite3_reset

sqlite3_exec

Web Data

chrome.exe

select k.url from meta m, keywords k where m.key='Default Search Provider ID' and m.value=k.id

select id, short_name from keywords where url like '%go.mail.ru%' COLLATE NOCASE

No go.mail.ru in chromium

SELECT id FROM keywords WHERE keyword = 'mail.ru' COLLATE NOCASE

DELETE FROM keywords WHERE short_name = '@MAIL.RU'

SELECT * FROM keywords

ALTER TABLE keywords ADD COLUMN alternate_urls VARCHAR DEFAULT ''

ALTER TABLE keywords ADD COLUMN search_terms_replacement_key VARCHAR DEFAULT ''

INSERT INTO keywords

id, short_name, keyword, favicon_url, url, show_in_default_list, safe_for_autoreplace, originating_url, date_created, usage_count, input_encodings, suggest_url, prepopulate_id, created_by_policy, instant_url, last_modified, sync_guid

@Mail.Ru','go.mail.ru','hXXp://go.mail.ru/favicon.ico','hXXp://go.mail.ru/search?q={searchTerms}&fr=ntg',1,1,'',1333701777,0,'windows-1251','hXXp://suggests.go.mail.ru/ff3?q={searchTerms}',%PREPOPULATE_ID%,0,'',0,'03095DE3-A6E7-4793-A20C-399A0F4A92E1'

UPDATE keywords SET short_name = '

@Mail.Ru', keyword = 'go.mail.ru', favicon_url = 'hXXp://go.mail.ru/favicon.ico', url = 'hXXp://go.mail.ru/search?q={searchTerms}&fr=ntg%RFR%',show_in_default_list = '1' WHERE id = '%ID%'

SELECT id , prepopulate_id FROM keywords WHERE keyword = 'go.mail.ru' COLLATE NOCASE

SELECT id , prepopulate_id FROM keywords WHERE keyword = 'mail.ru' COLLATE NOCASE

SELECT id, prepopulate_id FROM keywords

' WHERE key = 'Default Search Provider ID'

' WHERE key = 'Default Search Provider ID Backup'

SELECT value FROM meta WHERE key = 'version'

UPDATE keywords SET suggest_url = '%SUGGEST_URL%' WHERE keyword like '%mail.ru%'

%SUGGEST_URL%

^(chrome-extension://)?(\w{32})?/?

Software/Google/Chrome/Extensions

Sync Data Backup/SyncData.sqlite3

hXXps://clients2.google.com/service/update2/crx

hXXp://xml.binupdate.mail.ru/guard/mrids.mrdj?

Extension from url installed

DefaultSearchProviderSearchURL

DefaultSearchProviderKeyword

&%1$=%2%

mmail.ru

VVV.mail.ru

VVV.go.mail.ru

common_process.exe

{27116687-8CD6-4A82-BA83-5099C3A885BF}

{A12C4AB1-F4D0-4771-8C21-613E9D12491F}

{1079004F-E4EF-4A44-9D1F-7C9CE09CE258}

{901B414B-72A2-48C6-8DCD-29388B8B3E40}

{0ED2394C-62B6-4A80-A342-C2CA0B2A4E82}

{E60E6A0E-4092-4965-85BB-AA1ED8EBBC8E}

{ADAC3638-040C-498C-845A-F89B99705444}

{4519D3B5-465C-4AE2-A905-960CA7D5385C}

{F581DE96-9AA1-45C8-8335-B7445525371A}

{DCEF19BB-AB61-48F4-A7CB-6D677D90D1C2}

{B63A6D16-4F50-47C2-9BF7-A5D6E79C9EFD}

{11A1974E-9BEF-4B50-8E2F-9F25FC775BD1}

{3E57F3FE-4397-4DEA-A19A-760BFCD24242}

{603A8599-628C-4F00-A940-A09F1583A23E}

{D33EDE61-8E43-4C1F-9371-6A240B4DA5C9}

{C74622AC-AC0B-44E5-BDC2-EE39A5FD9EC9}

{ABCAA0D8-A892-481F-9492-ACC63768F659}

{8DC7BF6A-58F3-4740-B600-34E37FFADC21}

{4C1D0C36-25B2-4774-80E8-DAE1E7898A1A}

{96AF929E-B8EB-499E-99A8-095E4262BE26}

{027940D4-10B8-43B6-9707-A4EE47618E1D}

{45DA0BF7-F31B-4360-BF9A-8E7374A78916}

{5552B451-2086-4B64-82C6-732B18E41FCD}

{F9CC112D-19A0-455B-8D85-F5E9CB7D5914}

{0E26AC42-4B6E-4C84-8291-A0CAC999E70D}

{CFB9F60E-912D-43B3-91C9-9E06AE17ADE0}

{3CE4F0C3-2143-491F-8F20-27792166C41F}

{66CD85E0-6D8E-444E-9D71-AED8BA171A26}

{4947360E-E26B-4CC9-BB40-F4A30EDCA39E}

{14737ADB-9F88-47E8-A76F-D365509795AC}

chrome-extension://clpdgmdkdnijjbgmnajolnbnjejoeogm/visual-bookmarks.html

chrome-extension://hcncjpganfocbfoenaemagjjopkkindp/visual-bookmarks.html

chrome-extension://jaocgokledfmfebefgbeokdodbbdjhdd/visual-bookmarks.html

chrome-extension://dhngkpgdbpbkopndlpkicfaiffphdkbo/visual-bookmarks.html

)Software\AppDataLow\Software\Mail.Ru\IE_Bar

Software\Mail.Ru\IE_Bar

Software/Mail.Ru/Updater

Software\Mail.Ru\Flags

SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall

SOFTWARE/Microsoft/Windows/CurrentVersion/Run

SOFTWARE/Mail.Ru

@Mail.Ru

{09900DE8-1DCA-443F-9243-26FF581438AF}

{58810E75-E249-44C6-B989-11D227263E24}

{91397D20-1446-11D4-8AF4-0040CA1127B6}

{95289393-33EA-4F8D-B952-483415B9C955}

hXXp://mrds.mail.ru/update/2/

hXXp://suggests.go.mail.ru/ie8?q={SearchTerms}

{FFEBBF0A-C22C-4172-89FF-45215A135AC7}

Mail.Ru

iexplore.exe

{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}

{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}

firefox.exe

opera.exe

SOFTWARE/Google/Chrome/Extensions

amigo.exe

nichrome.exe

browser.exe

Yandex.Browser.New

Software/Mail.Ru/ChromeInstaller

hXXp://xml.binupdate.mail.ru/guard/update/version.xml

F777C640-57F8-4ECE-A40B-F571D25C2EFE

.html

opera

launcher.exe

SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Google Chrome

SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/Bromium

Software/Microsoft/Windows/CurrentVersion/Uninstall/Xpom

Software/Microsoft/Windows/CurrentVersion/Uninstall/{1B89BC31-F539-4EBD-B94F-C24705C73433}

Software/Microsoft/Windows/CurrentVersion/Uninstall/YandexBrowser

xpom.exe

Software/Microsoft/Windows/CurrentVersion/Uninstall/xpom

Software/Microsoft/Windows/CurrentVersion/Uninstall/Amigo

google chrome

firefox

Microsoft/Windows/Start Menu

Microsoft/Windows/

tsearch-metadata.json

prefs.js

sessionstore.js

places.sqlite

cookies.sqlite

Mozilla\Firefox\profiles.ini

Mozilla\Firefox

Lsearch.json

Mozilla Firefox

mailru.xml

<SearchPlugin xmlns="hXXp://VVV.mozilla.org/2006/browser/search/" xmlns:os="hXXp://a9.com/-/spec/opensearch/1.1/">

@Mail.Ru</os:ShortName>

@Mail.Ru</os:Description>

<SearchForm>hXXp://VVV.mail.ru/</SearchForm>

<os:Url type="application/x-suggestions json" method="GET" template="hXXp://suggests.go.mail.ru/ff3?q={searchTerms}"></os:Url>

<os:Url type="text/html" method="GET" template="hXXp://go.mail.ru/search"><os:Param name="q" value="{searchTerms}"/>%PARAMS%%RFR%</os:Url>

extensions.ini

ini keys failed

extensions.json

extensions.json not parsed!

localstore.rdf

extensions.sqlite

PMail.Ru\Tmp\ffvisualbookmarks.7z

install.rdf

d.autoreg

extensions.rdf

extensions.cache

install_options.xml

@Mail.Ru

Mail.ru

Firefox

File: %s

SELECT last_visit_time FROM urls order by last_visit_time DESC LIMIT 1

couldn't create instance of IUrlHistoryStg2

EnumUrls failed

FaviconURLFallback

SuggestionsURL

ie.reg

[-HKEY_USERS\

import

reg.exe

*.dll

%1%version.txt?type=%2%&GUID=%3%&rfr=%4%

metric successfully send, url =

metric send failed, url =

Mail.Ru/Id

Software\Microsoft\Windows\CurrentVersion\Run

Software\Mail.ru\Tech\ptls

Software/Mail.Ru/Guard

R.delay

Mail.Ru/mrst

hXXp://xml.binupdate.mail.ru/tasks/shortcuts.mrdj?

url_argument

key_arg

^(http[s]?:\/\/)?(www\.)?([\w\.-] )([:\/].*)?$

Remote tasks execution started

hXXp://xml.binupdate.mail.ru/tasks.mrdj?

added task to executing task array

Software/Microsoft/Windows/CurrentVersion/Run

Syahoo.com

webalta.ru

yambler.net

yafinder.com

Found mail.ru extension of type

KhXXp://mailruupdater.cdnmail.ru/MailRuUpdater.exe

5Software\Mail.ru\Tech\ptls

SSoftware\Mail.Ru

Allow service process execute task

--uac-passed

mru_uac_passed

Guard@Mail\.ru

SwReporter

software_reporter_tool.log

Error parsing reporter logs:

dFailed to update SwReporter data:

since_last_exec

chrome

hXXp://xml.binupdate.mail.ru/tasks/ext_settings.mrdj?

Terminating update.exe

update.exe

hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj?

\bmail\.ru\b

K{61EB20A4-D4D5-4276-A2C9-DCCE8CE9F633}

{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}

qip.ru

Start proceed Google Chrome

Google Chrome is done

Google Chrome is not done

Start proceed Firefox

Firefox is done

Firefox is not done

hXXp://xml.binupdate.mail.ru/tasks/sg_settings.mrdj?

hXXp://go.mail.ru/?chverfix=1&fr=chverfix_sg

hXXp://go.mail.ru/search?q={SearchTerms}&ieverfix=1&fr=ieverfix_dse

hXXp://xml.binupdate.mail.ru/tasks/sg_settings.mrdj

hXXp://xml.binupdate.mail.ru/sputnik/spmrids.mrdj successfully fetching failed

Svk.com/audios

ok.ru/music

my.mail.ru/music

e.mail.ru/messages/inbox

vk.com/app

ok.ru/game

ok.ru/app

my.mail.ru/app

games.mail.ru

SELECT id, url, last_visit_time FROM urls where url like '%%%1%%%' order by last_visit_time DESC limit 1

SELECT url, last_visit_date FROM moz_places where url like '%%%1%%%' and guid != '' and guid notnull order by last_visit_date desc limit 1

\Toolbar\Custom\Packages\hXXp://bar-widgets.yandex.ru/packages/approved/176/manifest.xml\Components\smartbox

Yandex\Toolbar\state.json

yasearch-xb\plugins.json

Software\Mail.Ru\Updater

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

uac-passed

Kamigo_tmp.exe

hXXp://binupdate.mail.ru/amigo/version2.xml

internet_tmp.exe

hXXp://binupdate.mail.ru/chrome/version3.xml

internetupdater_tmp.exe

hXXp://binupdate.mail.ru/chrome/version2.xml

0.0.0.0

inttoam_tmp.exe

hXXp://binupdate.mail.ru/chrome/internet_to_amigo.xml

28.0.1501.430

hXXp://binupdate.mail.ru/updater/version.xml

mrutmp.exe

.mru_update_service

C:\logging

amsg

last_chrome

ovr_chrome

Google/Chrome/User Data/Default/History

hXXp://xml.binupdate.mail.ru/friends.mrdj

oUpdater.Mail.Ru

Mail.Ru Group

Updater.Mail.Ru exist

Updater.Mail.Ru: Error during coping file, rc =

Service::Update update operation is proceed

Updater.Mail.Ru: StartService: RegisterServiceCtrlHandler returned error

Updater.Mail.Ru: StartService: SetServiceStatus returned error

Updater.Mail.Ru: SERVICE_CONTROL_STOP

Updater.Mail.Ru: SERVICE_CONTROL_INTERROGATE

Updater.Mail.Ru: SERVICE_CONTROL_SHUTDOWN

%1% (%2%)

\StringFileInfo\xx

notepad.exe

SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System

0123456789 ,.

Software/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders

sqlite3_prepare16_v2

sqlite3_step

sqlite3

SQLite error %1% returned by %2%

SQLite error code %1%, file %2%

sAbsolutePath: <%s>

Incorrect firefox js file

stub.exe

hXXp://xml.binupdate.mail.ru/tenv.mrdj

filter.cfg

metrics.csv

http.csv

%Y%m%d

%Y-%m-%d

%H:%M:%S

%Y%m%dT%H%M%S%F%q

%Y-%m-%d %H:%M:%S%F%Q

%Y-%b-%d %H:%M:%S%F %z

%O:%M:%S%F

Invalid url

jMail.ru/ifrm

SOFTWARE/Mail.ru

Internet Explorer/iexplore.exe

Global\651CB287-2277-4F76-84C6-1D61E868304B

Mail.ru/CommonCache

HTTP code %1%

%Y-%b-%d

l%Y%m%d

SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/Shell Folders

asio-58CCDC44-6264-4842-90C2-F3C545CB8AA7-%u-%p

hXXp://xml.binupdate.mail.ru/cache_policy.mrdj

rCachingPolicy/Urls

mscoree.dll

madvapi32.dll

skernel32.dll

combase.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

888816666554443

6666554443

!6666554443

%5N.log

%Program Files%\Mail.Ru\MailRuUpdater\MailRuUpdater.exe

Mail.Ru updater

1.17.0.150

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   UnityWebPlayer.exe:808
   %original file name%.exe:1756
   MailRuUpdater.exe:908
   MailRuUpdater.exe:496
   MailRuUpdater.exe:1660
   amigo.exe:1748
   AmigoDistrib.exe:500
   setup.exe:1372

2. Delete the original Malware file.
   
3. Delete or disinfect the following files created/modified by the Malware:
   

   %Documents and Settings%\%current user%\Local Settings\Temp\nsu4.tmp\System.dll (11 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nse3.tmp (67936 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsu4.tmp\UserInfo.dll (4 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\info.plist (192 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (6360 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe (6078 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\nsu4.tmp\UAC.dll (784 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\UnityWebPlayerUpdate.exe (19592 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\UnityBugReporter.exe (25112 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPlayerNP.map (12536 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (32784 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\752FA5C2-95FA-462F-A94B-C996CDFB715F\AmigoDistrib.exe (370096 bytes)
   %Program Files%\Mail.Ru\MailRuUpdater\MailRuUpdater.exe (39945 bytes)
   %Documents and Settings%\%current user%\Application Data\MailProducts\Id (38 bytes)
   %Documents and Settings%\All Users\Application Data\Mail.Ru\Id (38 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe (39945 bytes)
   %System%\GroupPolicy\gpt.ini (29 bytes)
   %System%\GroupPolicy\User\Registry.pol (8 bytes)
   %System%\GroupPolicy\Machine\Registry.pol (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\User Data\1.tmp (935 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\CR_97FA0.tmp\SETUP.EX_ (1659 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\CR_97FA0.tmp\setup.exe (17080 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\CR_97FA0.tmp\CHROME.PACKED.7Z (366388 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ru.pak (1675 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ko.pak (263 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\VisualElements\smalllogo.png (6 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\mg.exe (1281 bytes)
   %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Вконтакте.lnk (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\VisualElements\splash-620x300.png (8 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\wow_helper.exe (73 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ms.pak (234 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\vi.pak (287 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\ok.exe (142 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ml.pak (3735 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\vk.exe (167 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Extensions\external_extensions.json (103 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\amigo_FFA3C3E0-B3B6-4D8C-928C-75AA59A806A0\MailRuUpdater.exe (39945 bytes)
   %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk (2 bytes)
   %Documents and Settings%\%current user%\Start Menu\Programs\Одноклассники.lnk (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\sw.pak (236 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe (4545 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\mm.exe (601 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\secondarytile.png (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\mailruupdater.exe (38588 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\d3dcompiler_47.dll (22433 bytes)
   %Documents and Settings%\%current user%\Start Menu\Programs\Вконтакте.lnk (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\libegl.dll (81 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\PepperFlash\pepflashplayer.dll (122658 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\uk.pak (1689 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ar.pak (1629 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\resources.pak (142877 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\hu.pak (272 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\en-US.pak (212 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\fa.pak (1648 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\pt-PT.pak (254 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\te.pak (1863 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\mg.exe (196 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\da.pak (234 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\snapshot_blob.bin (1717 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\vk.exe (673 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\gu.pak (1796 bytes)
   %Documents and Settings%\%current user%\Desktop\Вконтакте.lnk (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\chrome_100_percent.pak (5442 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\fi.pak (242 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (972 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\it.pak (252 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ca.pak (259 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\sl.pak (241 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\sv.pak (235 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\44.4.2403.3.manifest (248 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\amigo_FFA3C3E0-B3B6-4D8C-928C-75AA59A806A0\UnityWebPlayer.exe (7433 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\th.pak (1789 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\44.4.2403.3\Installer\setup.exe (7345 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\pl.pak (253 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\sk.pak (266 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\sr.pak (1670 bytes)
   %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Интернет.lnk (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\et.pak (228 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ro.pak (262 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\natives_blob.bin (1677 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\id.pak (228 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\kn.pak (3669 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\libexif.dll (310 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\bg.pak (1705 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\mm.exe (130 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\ok.exe (673 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\nacl64.exe (12289 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KL13PLTK\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\amigo_resources.pak (28502 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\fil.pak (262 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\zh-CN.pak (211 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\hr.pak (244 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\metro_driver.dll (1763 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YTYIT4VT\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Desktop\Интернет.lnk (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\he.pak (296 bytes)
   %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\en-GB.pak (212 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\hi.pak (1810 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\PepperFlash\manifest.json (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\zh-TW.pak (214 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\amigo_cr.exe (1615 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\el.pak (1747 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GFYZSZQX\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\nacl_irt_x86_32.nexe (17629 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\chrome_child.dll (307964 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\amigo.exe (3765 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\lt.pak (257 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\bn.pak (1830 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\chrome_elf.dll (132 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ta.pak (3682 bytes)
   %Documents and Settings%\%current user%\Desktop\Одноклассники.lnk (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\cs.pak (258 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\VisualElements\logo.png (6 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\VisualElementsManifest.xml (396 bytes)
   %Documents and Settings%\%current user%\Start Menu\Programs\Интернет.lnk (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\chrome_200_percent.pak (7972 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\icudtl.dat (75554 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\tr.pak (254 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\de.pak (256 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\delegate_execute.exe (3707 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\nb.pak (233 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\es-419.pak (259 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\fr.pak (276 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\lv.pak (262 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\libglesv2.dll (7972 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\xinput1_3.dll (81 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\chrome_watcher.dll (1636 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\ja.pak (308 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\nacl_irt_x86_64.nexe (22433 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\es.pak (263 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\nl.pak (247 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\unitywebplayer.exe (5442 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S5IPUSTB\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\chrome.7z (1266233 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\am.pak (1639 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\mr.pak (1801 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\Locales\pt-BR.pak (249 bytes)
   %Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Temp\source1372_20512\Chrome-bin\44.4.2403.3\chrome.dll (237340 bytes)

4. Delete the following value(s) in the autorun key (How to Work with System Registry):
   

   [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   "MailRuUpdater" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Mail.Ru\MailRuUpdater.exe"
   
   [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   "amigo" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Amigo\Application\amigo.exe --no-startup-window"

5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.