MD5: 44a259bb3fb54c4e18dc9be25dac54d9
SHA1: 9a2013df4c72f88ff8fbecf553809689e377073b
SHA256: 21ae92b0f8c35bd6a65c59299f7bfe8dcb58fc4c5ca94e5f76491f26758300b9
SSDeep: 12288:ZTHiFlkI9s6dRi7X4 C9rr5TLeqvkQCoSNOVt/B OLzlu8t:ZTHEkBORij4 yrrlL TOLfZuA
Size: 467776 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2013-11-12 11:47:15
Analyzed on: WindowsXPESX SP3 32-bit

Summary:

Worm. A program that is primarily replicating on networks or removable drives.

Payload

Process activity

The Worm creates the following process(es):

mscorsvw.exe:1912

The Worm injects its code into the following process(es):

%original file name%.exe:580
Explorer.EXE:840

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:580 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\f[1].txt (3928 bytes)
%WinDir%\system.ini (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winhqka.exe (741 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\market[1].js (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\fad58-8688a[2].css (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\gradientbg[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\eulastep-101727[1] (3470 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\fad58-8688a[1].css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[1].txt (21610 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CA0EWZZT.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\pubads_impl_56[2].js (4051 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@softonic[2].txt (301 bytes)
C:\autorun.inf (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\dorothy[1].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
C:\jwqutd.pif (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\teamspeak-2-11[1].jpg (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\sd_100861_41d97[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\sprite[1].png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\eulastep-101727[1].htm (1275 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@softonic[1].txt (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\loading[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\amzn_ads[1].js (1969 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\sd_101633_08ebf[1].jpg (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\5ca1e-31ef7[1].js (9052 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAHI7XHU.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAW5UNGL.gif (35 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@rubiconproject[1].txt (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\universaldownloader-prefetch[1].htm (2888 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CA9CT0X9.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\cc92a7d66e[1].setToken (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\dorothy[2].js (23 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\f[2].txt (6943 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (17340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CASVJF64.gif (35 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (272 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAWPA9DU.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\container[1].html (619 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CA6DU5G9.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\analytics[1].js (842 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\sd_101633_08ebf[1].jpg (261 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\container[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\sd_100861_41d97[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\market[2].js (1668 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\bid[1].pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077&cb=3030167 (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CA9KKN5H.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAEFS5IF.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAXCVYZN.gif (35 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (16395 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\sd_icon_100861_8a4a3[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAO7UL25.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\market[1].js (945 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (31812 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\pubads_impl_56[1].js (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\market[2].js (505 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)

The Worm deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winhqka.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\market[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CA9CT0X9.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\fad58-8688a[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CA6DU5G9.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013041720130418\index.dat (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@softonic[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\dorothy[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAWPA9DU.gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@softonic[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\pubads_impl_56[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAHI7XHU.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAW5UNGL.gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CASVJF64.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CA0EWZZT.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013041720130418 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CA9KKN5H.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAEFS5IF.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAXCVYZN.gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAO7UL25.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\market[1].js (0 bytes)

Registry activity

The process mscorsvw.exe:1912 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "2340000"

The process %original file name%.exe:580 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\Aas]
"a4_440" = "3154413240"
"a3_694" = "697136351"
"a2_348" = "2494853049"
"a2_349" = "2502017839"
"a2_346" = "2480518278"
"a2_347" = "2487685695"
"a2_344" = "2466183498"
"a2_345" = "2473352532"
"a2_342" = "2451833873"
"a2_343" = "2459000538"
"a2_340" = "2437499511"
"a2_341" = "2444668162"
"a2_180" = "1290437379"
"a2_181" = "1297604878"
"a2_182" = "1304773371"
"a2_183" = "1311957269"
"a2_184" = "1319123034"
"a2_185" = "1326289958"
"a2_186" = "1333448023"
"a2_187" = "1340623989"
"a2_188" = "1347791955"
"a2_189" = "1354958285"
"a4_444" = "3183089724"
"a3_789" = "1344615644"
"a3_788" = "1371246781"

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"

[HKCU\Software\Aas]
"a2_749" = "1074705194"
"a2_742" = "1024517311"
"a2_743" = "1031687197"
"a2_740" = "1010188277"
"a2_741" = "1017353678"
"a2_746" = "1053202821"
"a2_747" = "1060371885"
"a2_744" = "1038853950"
"a2_745" = "1046020518"
"a1_503" = "3203445549"
"a1_502" = "3586644066"
"a1_501" = "1165341326"
"a1_500" = "952271791"
"a1_507" = "2107575107"
"a1_506" = "4240526194"
"a1_505" = "344497256"
"a1_504" = "2557906993"
"a1_509" = "2909015808"
"a1_508" = "1920508965"
"a3_659" = "412749722"
"a3_658" = "405760891"
"a4_844" = "1755770828"
"a1_946" = "3723415296"
"a3_78" = "542637991"
"a3_79" = "549622726"
"a3_72" = "533156193"
"a3_73" = "506656128"
"a3_70" = "485103791"
"a3_71" = "525712590"
"a3_76" = "561686245"
"a3_77" = "568613636"
"a3_74" = "513568291"
"a3_75" = "554631746"
"a3_259" = "1873798154"
"a3_258" = "1866220523"
"a1_435" = "3362389127"
"a1_434" = "3487850031"
"a1_433" = "140884812"
"a1_432" = "3550645707"
"a1_431" = "2632832790"
"a1_430" = "992111442"
"a3_251" = "1782710578"
"a3_250" = "1809280147"
"a3_253" = "1830771188"
"a3_252" = "1789764949"
"a3_255" = "1844811446"
"a3_254" = "1837822487"
"a3_257" = "1825746760"
"a3_256" = "1818692393"
"a3_784" = "1308623673"
"a3_783" = "1335193222"
"a3_782" = "1328269927"
"a3_781" = "1287147972"
"a1_636" = "1381737351"
"a3_321" = "2284435336"
"a3_320" = "2310935401"
"a3_323" = "2332478538"
"a3_322" = "2291869739"
"a3_325" = "2346910988"
"a3_324" = "2339397869"
"a3_327" = "2327338446"
"a3_326" = "2320415151"
"a3_329" = "2375379584"
"a3_328" = "2368468577"
"a3_971" = "2682835394"
"a1_729" = "1564272009"
"a1_728" = "157088385"
"a3_439" = "3130280062"
"a3_438" = "3123369951"
"a3_435" = "3101883130"
"a3_434" = "3094824539"
"a3_437" = "3149870012"
"a3_436" = "3142426397"
"a3_431" = "3106444646"
"a3_430" = "3065901255"
"a3_433" = "3087376952"
"a3_432" = "3113879961"
"a4_818" = "1569373682"
"a4_819" = "1576542803"
"a4_810" = "1512020714"
"a4_811" = "1519189835"
"a4_812" = "1526358956"
"a4_813" = "1533528077"
"a4_814" = "1540697198"
"a4_815" = "1547866319"
"a4_816" = "1555035440"
"a4_817" = "1562204561"
"a1_670" = "270131080"
"a2_748" = "1067539512"
"a1_593" = "408812775"
"a3_94" = "690598327"
"a3_95" = "698045910"
"a3_96" = "671534665"
"a3_97" = "678453992"
"a3_90" = "662052915"
"a3_91" = "669107282"
"a3_92" = "643004661"
"a3_93" = "649993492"
"a3_98" = "685967115"
"a3_99" = "726580138"
"a4_605" = "42350909"
"a4_604" = "35181788"
"a4_607" = "56689151"
"a4_606" = "49520030"
"a4_601" = "13674425"
"a4_600" = "6505304"
"a4_603" = "28012667"
"a4_602" = "20843546"
"a4_979" = "2723602163"
"a4_978" = "2716433042"
"a4_609" = "71027393"
"a4_608" = "63858272"
"a1_987" = "44921012"
"a1_986" = "618529064"
"a1_985" = "3752617603"
"a1_984" = "547875852"
"a1_983" = "1589479332"
"a1_982" = "2105366444"
"a1_981" = "1695451372"
"a1_980" = "226301451"
"a1_988" = "154290499"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a1_855" = "1607194658"
"a3_655" = "383827462"
"a1_857" = "2075057157"
"a1_856" = "658638902"
"a1_851" = "85773236"
"a1_850" = "1812152157"
"a1_853" = "3217758075"
"a3_654" = "376767975"
"a1_859" = "3945582609"
"a3_657" = "431879896"
"a4_779" = "1289777963"
"a4_778" = "1282608842"
"a3_929" = "2381983272"
"a3_656" = "424825529"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"

[HKCU\Software\Aas]
"a4_771" = "1232424995"
"a3_651" = "388835458"
"a4_773" = "1246763237"
"a4_772" = "1239594116"
"a4_775" = "1261101479"
"a4_774" = "1253932358"
"a4_777" = "1275439721"
"a3_650" = "348370019"
"a3_653" = "369779012"
"a3_652" = "395889957"
"a4_151" = "1082537271"
"a4_150" = "1075368150"
"a4_153" = "1096875513"
"a4_152" = "1089706392"
"a4_155" = "1111213755"
"a4_154" = "1104044634"
"a4_157" = "1125551997"
"a4_156" = "1118382876"
"a4_159" = "1139890239"
"a4_158" = "1132721118"
"a1_185" = "1666048836"
"a1_184" = "2849919471"
"a1_183" = "1724016904"
"a1_182" = "3896798122"
"a1_181" = "1119191244"
"a1_180" = "3753028350"
"a1_963" = "2017533883"
"a4_559" = "4007538639"
"a4_558" = "4000369518"
"a4_555" = "3978862155"
"a4_554" = "3971693034"
"a4_557" = "3993200397"
"a4_556" = "3986031276"
"a4_551" = "3950185671"
"a4_550" = "3943016550"
"a4_553" = "3964523913"
"a4_552" = "3957354792"
"a1_753" = "1912730350"
"a1_801" = "1499798942"
"a4_824" = "1612388408"
"a4_393" = "2817464553"
"a4_392" = "2810295432"
"a4_391" = "2803126311"
"a4_390" = "2795957190"
"a4_397" = "2846141037"
"a4_396" = "2838971916"
"a4_395" = "2831802795"
"a4_394" = "2824633674"
"a4_399" = "2860479279"
"a4_398" = "2853310158"
"a4_865" = "1906322369"
"a4_864" = "1899153248"
"a4_867" = "1920660611"
"a1_932" = "4241416193"
"a4_866" = "1913491490"
"a1_933" = "3068416990"
"a4_861" = "1877645885"
"a3_758" = "1122262303"
"a4_860" = "1870476764"
"a1_931" = "3869970430"
"a4_863" = "1891984127"
"a1_936" = "2544439570"
"a4_862" = "1884815006"
"a1_937" = "3944000599"
"a2_405" = "2903495587"
"a2_404" = "2896326727"
"a2_407" = "2917830636"
"a2_406" = "2910661220"
"a2_401" = "2874810856"
"a2_400" = "2867644759"
"a2_403" = "2889162155"
"a2_402" = "2881992629"
"a1_935" = "3550523125"
"a2_409" = "2932163262"
"a2_408" = "2924993443"
"a2_975" = "2694928131"
"a2_974" = "2687759463"
"a2_977" = "2709261182"
"a2_976" = "2702093521"
"a2_971" = "2666241569"
"a2_970" = "2659074157"
"a2_973" = "2680591009"
"a4_896" = "2128565120"
"a2_979" = "2723610140"
"a2_978" = "2716429717"
"a1_222" = "3014506422"
"a1_223" = "3560250667"
"a1_220" = "405349907"
"a1_221" = "3316466425"
"a1_226" = "1926015080"
"a1_227" = "2636614972"
"a1_224" = "2425377455"
"a1_225" = "339277055"
"a1_228" = "1682339030"
"a1_229" = "3281799115"
"a2_579" = "4150923292"
"a2_578" = "4143759149"
"a2_571" = "4093573484"
"a2_570" = "4086393488"
"a2_573" = "4107908232"
"a2_572" = "4100746614"
"a2_575" = "4122236235"
"a2_574" = "4115074374"
"a2_577" = "4136575506"
"a2_576" = "4129407576"
"a2_351" = "2516367760"
"a2_350" = "2509188028"
"a2_353" = "2530705086"
"a2_352" = "2523536371"
"a2_355" = "2545034530"
"a2_354" = "2537870189"
"a2_357" = "2559370726"
"a2_356" = "2552205230"
"a2_359" = "2573720786"
"a2_358" = "2566538942"
"a3_906" = "2183550307"
"a3_622" = "147491207"
"a2_193" = "1383642839"
"a2_192" = "1376473637"
"a2_191" = "1369307320"
"a2_190" = "1362127170"
"a2_197" = "1412309934"
"a2_196" = "1405142950"
"a2_195" = "1397973673"
"a2_194" = "1390807966"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Aas]
"a3_624" = "195544665"
"a2_199" = "1426659639"
"a2_198" = "1419493019"
"a3_625" = "168917752"
"a2_759" = "1146388517"
"a3_626" = "175906587"
"a2_755" = "1117722516"
"a2_754" = "1110553125"
"a2_757" = "1132054732"
"a3_627" = "183481274"
"a2_751" = "1089039743"
"a2_750" = "1081881961"
"a2_753" = "1103387017"
"a2_752" = "1096205187"
"a1_536" = "564890466"
"a1_537" = "298596931"
"a1_534" = "3661569389"
"a1_535" = "3114600806"
"a1_89" = "1440555415"
"a1_88" = "205345638"
"a1_530" = "181074571"
"a1_531" = "3222388877"
"a1_85" = "104152931"
"a1_84" = "1358504833"
"a1_87" = "879514700"
"a1_86" = "168707265"
"a1_81" = "827760877"
"a1_80" = "1987744609"
"a1_83" = "3167800654"
"a1_82" = "1265175629"
"a3_914" = "2274560123"
"a2_898" = "2142899981"
"a1_896" = "1090370388"
"a1_890" = "1982838148"
"a2_899" = "2150079107"
"a1_67" = "358558393"
"a1_66" = "1596004615"
"a1_65" = "2228310974"
"a3_133" = "970345548"
"a1_63" = "3992027018"
"a3_135" = "950830350"
"a3_136" = "991836577"
"a1_60" = "24072052"
"a3_138" = "1006335587"
"a3_139" = "979823234"
"a3_684" = "625694981"
"a1_438" = "3596461119"
"a3_682" = "577634371"
"a3_683" = "584688866"
"a1_69" = "630532476"
"a1_68" = "3714804415"
"a3_228" = "1617824845"
"a3_229" = "1624875244"
"a3_224" = "1588903625"
"a3_225" = "1629901672"
"a3_226" = "1636956043"
"a3_227" = "1610836010"
"a3_220" = "1593911669"
"a3_221" = "1600966036"
"a3_222" = "1608410679"
"a3_223" = "1581849174"
"a1_408" = "13124597"
"a1_409" = "97118112"
"a1_402" = "2107682715"
"a1_403" = "1446502007"
"a1_400" = "2559793498"
"a1_401" = "907428542"
"a1_406" = "1239149586"
"a1_407" = "1765747593"
"a1_404" = "1672078248"
"a1_405" = "2254146360"
"a2_823" = "1605217722"
"a2_822" = "1598050452"
"a2_821" = "1590862012"
"a3_354" = "2521277451"
"a3_355" = "2528204970"
"a3_356" = "2568813773"
"a3_357" = "2576322924"
"a3_350" = "2492225207"
"a3_351" = "2499791574"
"a3_352" = "2540269385"
"a3_353" = "2547254248"
"a2_827" = "1633903953"
"a1_628" = "2357852634"
"a3_358" = "2583246223"
"a3_359" = "2556735022"
"a1_854" = "3519215323"
"a2_826" = "1626719019"
"a2_825" = "1619552102"
"a1_718" = "1433086033"
"a1_719" = "1055643377"
"a1_716" = "451446686"
"a1_717" = "2699533587"
"a1_714" = "4210963605"
"a1_715" = "2757404245"
"a1_712" = "4208655873"
"a1_713" = "2890754784"
"a1_710" = "1330812879"
"a1_711" = "3977903202"
"a4_809" = "1504851593"
"a4_808" = "1497682472"
"a4_803" = "1461836867"
"a1_629" = "765298155"
"a4_801" = "1447498625"
"a4_800" = "1440329504"
"a4_807" = "1490513351"
"a4_806" = "1483344230"
"a4_805" = "1476175109"
"a4_804" = "1469005988"
"a4_37" = "265257477"
"a4_36" = "258088356"
"a4_35" = "250919235"
"a4_34" = "243750114"
"a4_33" = "236580993"
"a4_32" = "229411872"
"a4_31" = "222242751"
"a4_30" = "215073630"
"a4_144" = "1032353424"
"a4_39" = "279595719"
"a4_38" = "272426598"
"a3_915" = "2281614490"
"a4_843" = "1748601707"
"a3_142" = "1034864615"
"a4_946" = "2487021170"
"a4_947" = "2494190291"
"a4_944" = "2472682928"
"a4_945" = "2479852049"
"a4_942" = "2458344686"
"a4_943" = "2465513807"
"a4_940" = "2444006444"
"a4_941" = "2451175565"
"a4_948" = "2501359412"

[HKCU\Software\Aas\695404737]
"28676484" = "35"

[HKCU\Software\Aas]
"a4_498" = "3570222258"
"a4_499" = "3577391379"
"a4_494" = "3541545774"
"a4_495" = "3548714895"
"a4_496" = "3555884016"
"a4_497" = "3563053137"
"a4_490" = "3512869290"
"a4_491" = "3520038411"
"a4_492" = "3527207532"
"a4_493" = "3534376653"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015011920150120]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012015011920150120\"

[HKCU\Software\Aas]
"a3_448" = "3194799081"
"a3_449" = "3202245640"
"a2_941" = "2451169290"
"a4_708" = "780770372"
"a4_709" = "787939493"
"a3_918" = "2303105535"
"a3_919" = "2310025758"
"a4_704" = "752093888"
"a4_705" = "759263009"
"a4_706" = "766432130"
"a4_707" = "773601251"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_701" = "730586525"
"a4_702" = "737755646"
"a4_703" = "744924767"
"a1_888" = "1412519510"
"a1_889" = "517626723"
"a1_886" = "1248348911"
"a1_887" = "1494461352"
"a1_884" = "3283735211"
"a1_885" = "41334507"
"a1_882" = "3361098993"
"a1_883" = "384410294"
"a1_880" = "1411365659"
"a1_881" = "1966738601"
"a4_124" = "888971004"
"a4_125" = "896140125"
"a4_126" = "903309246"
"a4_127" = "910478367"
"a4_120" = "860294520"
"a4_121" = "867463641"
"a4_122" = "874632762"
"a4_123" = "881801883"
"a4_128" = "917647488"
"a4_129" = "924816609"
"a2_593" = "4251292286"
"a3_444" = "3166269973"
"a3_445" = "3206813364"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Aas]
"a1_831" = "717292194"
"a2_592" = "4244127221"
"a1_930" = "4164462101"
"a1_948" = "3713642093"
"a4_238" = "1706250798"
"a4_239" = "1713419919"
"a4_230" = "1648897830"
"a4_231" = "1656066951"
"a4_232" = "1663236072"
"a4_233" = "1670405193"
"a4_234" = "1677574314"
"a4_235" = "1684743435"
"a4_236" = "1691912556"
"a4_237" = "1699081677"
"a1_480" = "1218963422"
"a1_723" = "2106846285"
"a1_722" = "131817391"
"a1_721" = "1883291182"
"a1_720" = "3115081423"
"a1_768" = "2805261087"
"a1_727" = "95345854"
"a1_726" = "808788815"
"a2_643" = "314784988"
"a2_790" = "1368644300"
"a1_725" = "782283878"
"a2_642" = "307604946"
"a1_724" = "2283848938"
"a2_641" = "300447024"
"a2_640" = "293267607"
"a2_647" = "343452356"
"a2_646" = "336287324"
"a1_158" = "3522083438"
"a1_159" = "1780328067"
"a2_645" = "329120579"
"a1_150" = "2513558637"
"a1_151" = "3531435517"
"a1_152" = "904151116"
"a1_153" = "2014944437"
"a1_154" = "1790308836"
"a1_155" = "4056558605"
"a1_156" = "1286926926"
"a1_157" = "1856044478"
"a1_235" = "2255389406"
"a1_234" = "916326932"
"a1_237" = "1072840313"
"a1_236" = "1523833302"
"a1_231" = "941072705"
"a1_230" = "2001340994"
"a1_233" = "1865242215"
"a1_232" = "3312239932"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Aas]
"a1_239" = "2436418240"
"a1_238" = "3180231162"
"a2_210" = "1505512949"
"a2_211" = "1512678929"
"a2_212" = "1519861203"
"a2_213" = "1527029578"
"a2_214" = "1534194687"
"a2_215" = "1541362925"
"a2_216" = "1548521993"
"a2_217" = "1555697594"
"a2_218" = "1562864909"
"a2_219" = "1570030200"
"a1_966" = "1229198010"
"a2_508" = "3641911711"
"a2_509" = "3649058396"
"a2_504" = "3613230946"
"a2_505" = "3620411554"
"a2_506" = "3627581197"
"a2_507" = "3634752808"
"a2_500" = "3584569179"
"a2_501" = "3591726762"
"a2_502" = "3598906651"
"a2_503" = "3606059077"
"a2_791" = "1375813035"
"a2_698" = "709078291"
"a2_699" = "716245636"
"a2_694" = "680396250"
"a2_695" = "687578196"
"a2_696" = "694732725"
"a2_697" = "701913222"
"a2_690" = "651726992"
"a2_691" = "658887705"
"a2_692" = "666062799"
"a2_693" = "673225028"
"a2_324" = "2322798202"
"a2_325" = "2329966288"
"a2_326" = "2337131241"
"a2_327" = "2344300229"
"a2_320" = "2294110867"
"a2_321" = "2301280846"
"a2_322" = "2308463189"
"a2_323" = "2315617508"
"a1_521" = "73775378"
"a1_520" = "3225287606"
"a1_523" = "2858190949"
"a1_522" = "413690267"
"a2_328" = "2351465297"
"a2_329" = "2358647311"
"a1_527" = "1269982402"
"a1_526" = "4053218385"
"a2_799" = "1433163554"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Aas]
"a2_798" = "1425997227"
"a4_962" = "2601727106"
"a1_98" = "1073700933"
"a1_99" = "2941455322"
"a1_92" = "248010648"
"a1_93" = "2122564942"
"a1_90" = "1219232164"
"a1_91" = "3412361535"
"a1_96" = "3061872965"
"a1_97" = "2293963386"
"a1_94" = "2997040932"
"a1_95" = "336054593"
"a1_74" = "756404406"
"a1_75" = "2788921015"
"a1_76" = "1065972639"
"a1_77" = "2772272871"
"a1_70" = "2263858160"
"a1_71" = "4165310906"
"a1_72" = "1425414161"
"a1_73" = "3311343798"
"a3_699" = "733118194"
"a3_698" = "725670483"
"a3_129" = "907869896"
"a3_128" = "934369961"
"a1_78" = "3449121311"
"a1_79" = "2784370483"
"a3_239" = "1730403494"
"a3_238" = "1689270279"
"a3_237" = "1682343908"
"a3_236" = "1708909381"
"a3_235" = "1701334818"
"a3_234" = "1660856963"
"a3_233" = "1653814880"
"a3_232" = "1646370241"
"a3_231" = "1672935854"
"a3_230" = "1665877263"
"a1_419" = "3913240228"
"a1_418" = "1015478843"
"a3_953" = "2520368944"
"a1_415" = "299362671"
"a1_414" = "1994718106"
"a1_417" = "2684568660"
"a1_416" = "945864962"
"a1_411" = "191654604"
"a1_410" = "1695485156"
"a1_413" = "3001976872"
"a1_412" = "1456048135"
"a3_939" = "2419869154"
"a3_347" = "2504287570"
"a3_346" = "2463809843"
"a3_345" = "2456759440"
"a3_344" = "2482866289"
"a3_343" = "2475825118"
"a3_342" = "2468836287"
"a3_341" = "2427838236"
"a3_340" = "2420783869"
"a3_349" = "2485301780"
"a3_348" = "2511804917"
"a1_701" = "840123330"
"a1_700" = "3076509167"
"a1_703" = "607186206"
"a1_702" = "1597704496"
"a1_705" = "251214998"
"a1_704" = "470494661"
"a1_707" = "1106817424"
"a1_706" = "1887638588"
"a1_709" = "599619068"
"a1_708" = "2762527738"
"a2_360" = "2580889478"
"a4_838" = "1712756102"
"a2_361" = "2588056424"
"a4_836" = "1698417860"
"a4_837" = "1705586981"
"a4_834" = "1684079618"
"a4_835" = "1691248739"
"a4_832" = "1669741376"
"a2_362" = "2595220609"
"a4_830" = "1655403134"
"a4_831" = "1662572255"
"a4_24" = "172058904"
"a4_25" = "179228025"
"a4_26" = "186397146"
"a4_27" = "193566267"
"a4_20" = "143382420"
"a4_21" = "150551541"
"a4_22" = "157720662"
"a4_23" = "164889783"
"a4_951" = "2522866775"
"a2_364" = "2609553652"
"a4_953" = "2537205017"
"a4_952" = "2530035896"
"a4_28" = "200735388"
"a4_29" = "207904509"
"a4_957" = "2565881501"
"a2_365" = "2616723416"
"a2_366" = "2623901714"
"a2_367" = "2631070024"
"a1_743" = "174430646"
"a2_168" = "1204405518"
"a2_169" = "1211585224"
"a4_847" = "1777278191"
"a4_489" = "3505700169"
"a4_488" = "3498531048"
"a4_487" = "3491361927"
"a4_486" = "3484192806"
"a4_485" = "3477023685"
"a4_484" = "3469854564"
"a4_483" = "3462685443"
"a4_482" = "3455516322"
"a4_481" = "3448347201"
"a4_480" = "3441178080"
"a2_160" = "1147053909"
"a4_973" = "2680587437"
"a2_161" = "1154234678"
"a4_977" = "2709263921"
"a4_972" = "2673418316"
"a4_971" = "2666249195"
"a3_901" = "2147558220"
"a3_900" = "2174193453"
"a3_903" = "2162063374"
"a3_902" = "2154612719"
"a3_905" = "2209657024"
"a3_904" = "2202606753"
"a4_719" = "859630703"
"a4_718" = "852461582"
"a4_717" = "845292461"
"a4_716" = "838123340"
"a4_715" = "830954219"
"a4_714" = "823785098"
"a4_713" = "816615977"
"a4_712" = "809446856"
"a4_711" = "802277735"
"a4_710" = "795108614"
"a1_891" = "3264058026"
"a3_776" = "1251683361"
"a1_893" = "2513067016"
"a1_892" = "1628570083"
"a1_895" = "1889642159"
"a1_894" = "2321390599"
"a1_897" = "512525247"
"a3_777" = "1292288064"
"a1_899" = "1964372478"
"a1_898" = "1068855579"
"a4_974" = "2687756558"
"a3_774" = "1270749039"
"a4_137" = "982169577"
"a4_136" = "975000456"
"a4_135" = "967831335"
"a4_134" = "960662214"
"a4_133" = "953493093"
"a4_132" = "946323972"
"a4_131" = "939154851"
"a4_130" = "931985730"
"a3_772" = "1222762157"
"a4_139" = "996507819"
"a4_138" = "989338698"
"a4_975" = "2694925679"
"a3_770" = "1208254955"
"a3_771" = "1215707658"
"a2_455" = "3261952362"
"a1_617" = "647683303"

[HKCU\Software\Softonic\Universal Downloader]
"uuid" = "ED284C48-BEE8-43E5-ADF1-A8C43C9909D3"

[HKCU\Software\Aas]
"a4_229" = "1641728709"
"a4_228" = "1634559588"
"a4_223" = "1598713983"
"a4_222" = "1591544862"
"a4_221" = "1584375741"
"a4_220" = "1577206620"
"a4_227" = "1627390467"
"a4_226" = "1620221346"
"a4_225" = "1613052225"
"a4_224" = "1605883104"
"a1_615" = "3799022525"
"a2_459" = "3290621852"
"a3_678" = "548713167"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015011920150120]
"CachePrefix" = ":2015011920150120:"

[HKCU\Software\Aas]
"a1_614" = "2738725622"
"a1_820" = "3543268578"
"a1_821" = "2149979468"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Aas]
"a1_822" = "1344896621"

"a1_149" = "259343148"
"a1_148" = "80761054"
"a1_143" = "3881493139"
"a1_142" = "1835305408"
"a1_141" = "2879624116"
"a1_140" = "3013979314"
"a1_147" = "3475947273"
"a1_146" = "579283099"
"a1_145" = "2698178853"
"a1_144" = "3678532585"
"a1_826" = "2314011974"
"a1_827" = "569020385"
"a2_203" = "1455329098"
"a2_202" = "1448159581"
"a2_201" = "1440991730"
"a2_200" = "1433825813"
"a2_207" = "1484012643"
"a2_206" = "1476844524"
"a2_205" = "1469675991"
"a2_204" = "1462495963"
"a2_209" = "1498344107"
"a2_208" = "1491178943"
"a2_519" = "3720780475"
"a2_518" = "3713613675"
"a2_517" = "3706430095"
"a2_516" = "3699265393"
"a2_515" = "3692099016"
"a2_514" = "3684933089"
"a2_513" = "3677765093"
"a2_512" = "3670596384"
"a2_511" = "3663413889"
"a2_510" = "3656247213"
"a2_689" = "644560770"
"a2_688" = "637391844"
"a2_687" = "630226931"
"a2_686" = "623043673"
"a2_685" = "615878488"
"a2_684" = "608709655"
"a2_683" = "601517604"
"a2_682" = "594366232"
"a2_681" = "587207166"
"a2_680" = "580027295"
"a2_337" = "2415985186"
"a2_336" = "2408819437"
"a2_335" = "2401651886"
"a2_334" = "2394482733"
"a2_333" = "2387313697"
"a2_332" = "2380148782"
"a2_331" = "2372984450"
"a2_330" = "2365816163"
"a1_554" = "3988121925"
"a1_555" = "3805544697"
"a1_556" = "45216727"
"a1_557" = "455842649"
"a3_242" = "1718323611"
"a1_551" = "1154714125"
"a2_339" = "2430333475"
"a2_338" = "2423165065"
"a4_673" = "529851137"
"a1_918" = "2894956672"
"a1_919" = "550442633"
"a3_243" = "1725243962"
"a1_852" = "419000986"
"a1_914" = "1606816783"
"a1_398" = "338918547"
"a1_399" = "2086880401"
"a4_679" = "572865863"
"a1_392" = "3179889972"
"a1_393" = "4252851773"
"a1_390" = "4045475992"
"a1_391" = "3684209506"
"a1_396" = "2274139441"
"a1_397" = "2013061653"
"a1_394" = "1561442719"
"a1_395" = "4159937021"
"a1_858" = "4137191621"
"a3_116" = "814879197"
"a3_117" = "821922428"
"a3_114" = "834001179"
"a3_115" = "807894458"
"a3_112" = "785940569"
"a3_113" = "826942712"
"a3_110" = "771902343"
"a3_111" = "778955814"
"a1_49" = "2035923604"
"a1_48" = "620542350"
"a3_554" = "3988280259"
"a3_118" = "862924447"
"a3_119" = "869974846"
"a3_202" = "1465015971"
"a3_203" = "1472066242"
"a3_200" = "1416954337"
"a3_201" = "1424013824"
"a3_206" = "1493543975"
"a3_207" = "1500987462"
"a3_204" = "1445500773"
"a3_205" = "1452936068"
"a1_197" = "2081863676"
"a3_759" = "1163391422"
"a3_208" = "1508041977"
"a3_209" = "1481480472"
"a3_592" = "4261104249"
"a3_593" = "4234604184"
"a3_590" = "4246617511"
"a3_591" = "4253667782"
"a3_596" = "4289649661"
"a3_597" = "4263017500"
"a3_594" = "4241589051"
"a3_595" = "4282591066"
"a3_598" = "4270526655"
"a3_599" = "4277581022"
"a4_848" = "1784447312"
"a3_578" = "4160735531"
"a3_579" = "4134104394"
"a4_770" = "1225255874"
"a3_570" = "4069660115"
"a3_571" = "4076703346"
"a3_572" = "4117701269"
"a3_573" = "4124755764"
"a3_574" = "4098128727"
"a3_575" = "4105641974"
"a3_576" = "4146245737"
"a3_577" = "4153169032"
"a1_774" = "154183291"
"a1_775" = "1094961918"
"a1_776" = "329627493"
"a1_777" = "3288455476"
"a1_191" = "1165667823"
"a1_771" = "2307139929"
"a1_772" = "2783317073"
"a1_773" = "1867192719"
"a1_953" = "719458370"
"a3_927" = "2367492374"
"a1_778" = "2920290707"
"a1_779" = "3990986978"
"a3_926" = "2326953207"
"a2_17" = "121876868"
"a2_16" = "114708990"
"a2_15" = "107542671"
"a2_14" = "100360141"
"a2_13" = "93193784"
"a2_12" = "86027631"
"a2_11" = "78860045"
"a2_10" = "71684041"
"a4_829" = "1648234013"
"a4_828" = "1641064892"
"a4_776" = "1268270600"
"a1_592" = "862837118"
"a2_19" = "136211058"
"a2_18" = "129045809"
"a4_11" = "78860331"
"a4_10" = "71691210"
"a4_13" = "93198573"
"a4_12" = "86029452"
"a4_15" = "107536815"
"a4_14" = "100367694"
"a4_17" = "121875057"
"a4_16" = "114705936"
"a4_19" = "136213299"
"a4_18" = "129044178"
"a4_926" = "2343638750"
"a4_927" = "2350807871"
"a1_878" = "1042384049"
"a4_921" = "2307793145"
"a4_922" = "2314962266"
"a1_595" = "1805848777"
"a1_596" = "3952274030"
"a4_987" = "2780955131"
"a1_597" = "3407296810"
"a1_608" = "1550060110"
"a1_609" = "886680944"
"a3_378" = "2693094675"
"a3_379" = "2700145074"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Aas]
"a4_846" = "1770109070"
"a3_372" = "2683746013"
"a3_373" = "2657102716"
"a3_370" = "2669182491"
"a3_371" = "2676691642"
"a3_376" = "2712142929"
"a3_377" = "2686171376"
"a3_374" = "2664681375"
"a3_375" = "2705154110"
"a1_759" = "3899446746"
"a3_488" = "3515101889"
"a3_489" = "3522680672"
"a4_841" = "1734263465"
"a4_840" = "1727094344"
"a1_950" = "1561392809"
"a3_484" = "3486690637"
"a1_952" = "463480214"
"a2_925" = "2336468886"
"a1_954" = "3783550773"
"a1_955" = "3010105209"
"a1_956" = "4044319585"
"a3_485" = "3460055532"
"a1_958" = "909601999"
"a2_922" = "2314967061"
"a1_750" = "1736655078"
"a1_751" = "1603281620"
"a1_756" = "3250419206"
"a1_757" = "2173083275"
"a4_722" = "881138066"
"a4_723" = "888307187"
"a4_720" = "866799824"
"a1_661" = "3984261932"
"a4_726" = "909814550"
"a4_727" = "916983671"
"a4_724" = "895476308"
"a4_725" = "902645429"
"a4_728" = "924152792"
"a4_729" = "931321913"
"a3_978" = "2699694267"
"a3_979" = "2740303066"
"a3_127" = "927442486"
"a1_189" = "3547030694"
"a4_903" = "2178748967"
"a1_188" = "3458361734"
"a4_900" = "2157241604"
"a1_187" = "2064349799"
"a4_901" = "2164410725"
"a1_186" = "4268885801"
"a2_929" = "2365152792"
"a4_905" = "2193087209"
"a4_586" = "4201104906"
"a4_587" = "4208274027"
"a4_584" = "4186766664"
"a4_585" = "4193935785"
"a4_582" = "4172428422"
"a4_583" = "4179597543"
"a4_580" = "4158090180"
"a4_581" = "4165259301"
"a3_800" = "1423623433"
"a3_801" = "1464105384"
"a3_802" = "1471618507"
"a3_803" = "1445115498"
"a3_804" = "1452026509"
"a3_805" = "1459605292"
"a4_588" = "4215443148"
"a4_589" = "4222612269"
"a3_645" = "312377932"
"a4_909" = "2221763693"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"

[HKCU\Software\Aas]
"a4_966" = "2630403590"
"a4_218" = "1562868378"
"a4_219" = "1570037499"
"a4_216" = "1548530136"
"a4_217" = "1555699257"
"a4_214" = "1534191894"
"a4_215" = "1541361015"
"a4_212" = "1519853652"
"a4_213" = "1527022773"
"a4_210" = "1505515410"
"a4_211" = "1512684531"
"a4_458" = "3283457418"
"a4_459" = "3290626539"
"a4_108" = "774265068"
"a4_109" = "781434189"
"a1_843" = "12703964"
"a4_102" = "731250342"
"a4_103" = "738419463"
"a4_100" = "716912100"
"a4_101" = "724081221"
"a4_106" = "759926826"
"a4_107" = "767095947"
"a4_104" = "745588584"
"a4_105" = "752757705"
"a1_605" = "2278125709"
"a1_558" = "1976651041"
"a1_559" = "337686276"
"a1_606" = "4143255857"
"a3_925" = "2319505492"
"a1_178" = "149887163"
"a1_179" = "1501720584"
"a1_176" = "1139203045"
"a1_177" = "2467015571"
"a1_174" = "3288903637"
"a1_175" = "3191120657"
"a1_172" = "2540064626"
"a1_173" = "1665024763"
"a1_170" = "2982213127"
"a1_171" = "3568873107"
"a1_550" = "3656263491"
"a2_236" = "1691914423"
"a2_237" = "1699083352"
"a2_234" = "1677580652"
"a2_235" = "1684748717"
"a2_232" = "1663230485"
"a2_233" = "1670399134"
"a2_230" = "1648899385"
"a2_231" = "1656064864"
"a1_553" = "2249354298"
"a2_238" = "1706248395"
"a2_239" = "1713418057"
"a2_522" = "3742283741"
"a2_523" = "3749448684"
"a2_520" = "3727935357"
"a2_521" = "3735120150"
"a2_526" = "3770950372"
"a2_527" = "3778132096"
"a2_524" = "3756616355"
"a2_525" = "3763796185"
"a2_838" = "1712751281"
"a2_839" = "1719920567"
"a2_528" = "3785298850"
"a2_529" = "3792466422"
"a3_688" = "620670617"
"a1_626" = "550491419"
"a1_627" = "2548618390"
"a1_624" = "353980455"
"a1_549" = "2533829194"
"a1_548" = "622981373"
"a1_547" = "1764622614"
"a1_546" = "4243771484"
"a1_545" = "2869717832"
"a1_544" = "3720270462"
"a1_543" = "2955116545"
"a1_542" = "3512227315"
"a1_541" = "335244867"
"a1_540" = "1893290985"
"a2_658" = "422321140"
"a2_659" = "429488397"
"a2_308" = "2208098197"
"a2_309" = "2215250722"
"a2_302" = "2165077176"
"a2_303" = "2172246918"
"a2_300" = "2150728806"
"a2_301" = "2157913946"
"a2_306" = "2193741877"
"a2_307" = "2200904360"
"a2_304" = "2179409660"
"a2_305" = "2186578680"
"a2_786" = "1339959629"
"a2_787" = "1347128728"
"a2_784" = "1325626099"
"a2_785" = "1332793498"
"a2_782" = "1311291758"
"a2_783" = "1318463131"
"a2_780" = "1296941798"
"a2_781" = "1304109773"
"a2_788" = "1354293823"
"a2_789" = "1361476415"
"a1_389" = "549318107"
"a1_388" = "737723864"
"a1_385" = "3127769013"
"a1_384" = "2360557389"
"a1_387" = "1185165446"
"a1_386" = "3521310483"
"a1_381" = "1960122386"
"a1_380" = "2968464977"
"a1_383" = "2088552361"
"a1_382" = "3588319695"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Aas]
"a1_58" = "2489977764"
"a1_59" = "179788263"
"a1_56" = "2402126980"
"a1_57" = "1260902225"
"a1_54" = "1377764143"
"a1_55" = "3988406687"
"a1_52" = "2124199322"
"a1_53" = "3895852867"
"a1_50" = "974197664"
"a1_51" = "2894962461"
"a3_215" = "1524377438"
"a3_214" = "1517454143"
"a3_217" = "1572437008"
"a3_216" = "1565514737"
"a3_211" = "1529532890"
"a3_210" = "1488928187"
"a3_213" = "1510469276"
"a3_212" = "1536445053"
"a1_616" = "348095252"
"a3_748" = "1050812741"
"a3_219" = "1553446098"
"a3_218" = "1545867443"
"a3_585" = "4177070976"
"a3_584" = "4170159969"
"a3_587" = "4225122370"
"a3_586" = "4217678883"
"a3_581" = "4182227468"
"a3_580" = "4141089261"
"a3_583" = "4162646734"
"a3_582" = "4189150895"
"a3_589" = "4205615364"
"a3_588" = "4198622437"
"a3_893" = "2090093684"
"a3_569" = "4062671280"
"a3_568" = "4088782097"
"a3_563" = "4052790138"
"a3_562" = "4045747931"
"a3_561" = "4005270200"
"a3_560" = "3997761049"
"a3_567" = "4081727742"
"a3_566" = "4040721503"
"a3_565" = "4033732668"
"a3_564" = "4026683293"
"a3_109" = "798021476"
"a3_108" = "790966981"
"a1_765" = "337964899"
"a1_764" = "3622222117"

"a1_762" = "2973735437"
"a1_761" = "1602621462"
"a3_724" = "878479485"
"a3_101" = "707522668"
"a3_100" = "733503437"
"a3_103" = "754977070"
"a3_102" = "714511503"
"a3_105" = "769475040"
"a3_104" = "762555713"
"a3_107" = "750493346"
"a3_106" = "742980099"
"a4_854" = "1827462038"
"a4_855" = "1834631159"
"a4_856" = "1841800280"
"a3_726" = "926531903"
"a4_850" = "1798785554"
"a4_851" = "1805954675"
"a4_852" = "1813123796"
"a4_853" = "1820292917"
"a3_721" = "890560280"
"a2_914" = "2257614709"
"a4_858" = "1856138522"
"a1_586" = "853610587"
"a1_789" = "3404293227"
"a3_720" = "849951481"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a3_898" = "2126083691"
"a3_723" = "904992730"
"a4_939" = "2436837323"
"a4_938" = "2429668202"
"a4_937" = "2422499081"
"a4_936" = "2415329960"
"a4_935" = "2408160839"
"a3_722" = "898003899"
"a4_933" = "2393822597"
"a4_932" = "2386653476"
"a4_931" = "2379484355"
"a4_930" = "2372315234"
"a3_955" = "2568364018"
"a1_788" = "2507578074"
"a1_619" = "1225887662"
"a1_618" = "691824502"
"a3_369" = "2628699640"
"a3_368" = "2621645145"
"a3_365" = "2600170596"
"a3_364" = "2592723909"
"a3_367" = "2647756070"
"a3_366" = "2640767111"
"a3_361" = "2604787424"
"a3_360" = "2564178497"
"a3_363" = "2585673634"
"a3_362" = "2611780355"
"a4_520" = "3727942920"
"a4_521" = "3735112041"
"a1_584" = "2387585939"
"a4_522" = "3742281162"
"a2_62" = "444485970"
"a4_523" = "3749450283"
"a2_63" = "451651368"
"a4_524" = "3756619404"
"a1_971" = "1333308978"
"a2_60" = "430151916"
"a4_525" = "3763788525"
"a1_943" = "3330817074"
"a1_942" = "3872288192"
"a1_941" = "2832542020"
"a2_61" = "437321146"
"a1_947" = "1365665869"
"a4_526" = "3770957646"
"a1_945" = "4140025422"
"a1_944" = "774602616"
"a2_66" = "473154095"
"a1_949" = "1157377422"
"a4_527" = "3778126767"
"a2_67" = "480337913"
"a2_64" = "458818671"
"a2_65" = "465984565"
"a4_735" = "974336639"
"a4_734" = "967167518"
"a4_737" = "988674881"
"a4_736" = "981505760"
"a4_731" = "945660155"
"a4_730" = "938491034"
"a4_733" = "959998397"
"a4_732" = "952829276"
"a4_739" = "1003013123"
"a4_738" = "995844002"
"a3_969" = "2668861696"
"a3_968" = "2627790049"
"a4_599" = "4294303479"
"a4_598" = "4287134358"
"a1_782" = "3407824530"
"a4_591" = "4236950511"
"a4_590" = "4229781390"
"a4_593" = "4251288753"
"a4_592" = "4244119632"
"a4_595" = "4265626995"
"a4_594" = "4258457874"
"a4_597" = "4279965237"
"a4_596" = "4272796116"
"a1_786" = "2100620279"
"a1_41" = "1340960735"
"a1_40" = "986688422"
"a1_43" = "3696863492"
"a3_819" = "1559971962"
"a1_42" = "2295151541"
"a3_813" = "1516544548"
"a1_45" = "2765510006"
"a3_811" = "1536136546"
"a3_810" = "1528623299"
"a3_817" = "1545483192"
"a3_816" = "1571594009"
"a3_815" = "1564605158"
"a1_44" = "1216098801"
"a1_47" = "37389310"
"a1_46" = "3137532983"
"a4_201" = "1440993321"
"a4_200" = "1433824200"
"a4_203" = "1455331563"
"a4_202" = "1448162442"
"a4_205" = "1469669805"
"a4_204" = "1462500684"
"a4_207" = "1484008047"
"a4_206" = "1476838926"
"a4_209" = "1498346289"
"a4_208" = "1491177168"
"a4_823" = "1605219287"
"a4_449" = "3218935329"
"a4_448" = "3211766208"
"a4_119" = "853125399"
"a4_118" = "845956278"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Aas]
"a4_115" = "824448915"
"a4_114" = "817279794"
"a4_117" = "838787157"
"a4_116" = "831618036"
"a4_111" = "795772431"
"a4_110" = "788603310"
"a4_113" = "810110673"
"a4_112" = "802941552"
"a4_924" = "2329300508"
"a4_565" = "4050553365"
"a3_750" = "1098874375"
"a3_751" = "1105859238"
"a3_752" = "1079359193"
"a3_753" = "1086794616"
"a4_566" = "4057722486"
"a3_921" = "2290961104"
"a3_754" = "1127403419"
"a4_879" = "2006690063"
"a3_725" = "885927068"
"a3_755" = "1134321722"
"a3_756" = "1108280413"
"a1_783" = "2875452155"
"a3_757" = "1115339004"
"a1_959" = "4217331970"
"a2_907" = "2207429642"
"a1_161" = "3368685144"
"a1_160" = "2112783350"
"a1_163" = "3959676823"
"a1_162" = "3220501311"
"a1_165" = "3156633932"
"a1_164" = "676094218"
"a1_167" = "2531554958"
"a1_166" = "3724316730"
"a1_169" = "417882807"
"a1_168" = "2872552693"
"a3_727" = "933979486"
"a2_535" = "3835485595"
"a2_534" = "3828317136"
"a2_537" = "3849826290"
"a2_536" = "3842653525"
"a2_531" = "3806798189"
"a2_530" = "3799633045"
"a2_533" = "3821135852"
"a2_532" = "3813966587"
"a2_829" = "1648235286"
"a2_828" = "1641068203"
"a2_539" = "3864165142"
"a2_538" = "3856978913"
"a4_447" = "3204597087"
"a1_572" = "212284270"
"a1_573" = "2680144259"
"a1_570" = "1374001734"
"a1_571" = "2614912021"
"a1_576" = "1952894717"
"a1_577" = "2562479607"
"a1_574" = "3621482504"
"a1_575" = "1407598613"
"a1_578" = "3200996693"
"a1_579" = "3725983169"
"a2_649" = "357787346"
"a2_648" = "350621151"
"a2_319" = "2286946612"
"a2_318" = "2279777714"
"a2_315" = "2258279766"
"a2_314" = "2251096798"
"a2_317" = "2272612832"
"a2_316" = "2265447635"
"a2_311" = "2229596039"
"a2_310" = "2222429357"
"a2_313" = "2243931419"
"a2_312" = "2236763045"
"a2_229" = "1641736366"
"a2_228" = "1634565389"
"a2_221" = "1584378406"
"a2_220" = "1577212779"
"a2_223" = "1598712157"
"a2_222" = "1591548217"
"a2_225" = "1613046462"
"a2_224" = "1605878880"
"a2_227" = "1627396014"
"a2_226" = "1620213963"
"a1_370" = "3832467871"
"a1_371" = "1490931138"
"a1_372" = "3736613219"
"a1_373" = "262175007"
"a1_374" = "650015471"
"a1_375" = "2716629592"
"a1_376" = "3665370149"
"a1_377" = "417811228"
"a1_378" = "2894079203"
"a1_379" = "4264985383"
"a2_793" = "1390145430"
"a2_792" = "1382978946"
"a2_795" = "1404481479"
"a2_794" = "1397322766"
"a2_797" = "1418829560"
"a2_796" = "1411646529"
"a3_36" = "241268621"
"a3_37" = "248309804"
"a3_183" = "1328655230"
"a1_29" = "3160732807"
"a1_28" = "388163416"
"a1_590" = "521843123"
"a1_23" = "4177723916"
"a1_22" = "4209808514"
"a1_21" = "2881998396"
"a1_20" = "2886386725"
"a1_27" = "1356178931"
"a1_26" = "2471383188"
"a1_25" = "3401512759"
"a1_24" = "2472158293"
"a1_284" = "2959989193"
"a1_285" = "4073278783"
"a1_286" = "2168954177"
"a1_287" = "1079100173"
"a1_280" = "619814990"
"a1_281" = "3137450056"
"a1_282" = "3114512808"
"a1_283" = "435404933"
"a3_31" = "205278614"
"a1_288" = "1455469466"
"a1_289" = "2527931095"
"a3_778" = "1299211491"
"a3_779" = "1306728706"
"a2_903" = "2178746508"
"a1_591" = "2285152853"
"a3_32" = "212854281"
"a2_972" = "2673425579"
"a3_558" = "4017332551"
"a3_559" = "4024255974"
"a3_556" = "3969214597"
"a3_557" = "4009757988"
"a1_552" = "2854255951"
"a3_555" = "3962303586"
"a3_552" = "3940752129"
"a3_553" = "3981361056"
"a3_550" = "3926311503"
"a3_551" = "3933234926"
"a1_598" = "1792547808"
"a1_599" = "2075793324"
"a3_178" = "1292673371"
"a3_179" = "1300121082"
"a3_174" = "1264145351"
"a3_175" = "1271198822"
"a3_176" = "1245079705"
"a3_177" = "1252068664"
"a3_170" = "1235731011"
"a3_171" = "1209100002"
"a3_172" = "1216092933"
"a3_173" = "1223671716"
"a2_31" = "222234220"
"a2_30" = "215079233"
"a2_33" = "236580302"
"a2_32" = "229413713"
"a2_35" = "250916819"
"a2_34" = "243758149"
"a2_37" = "265263340"
"a2_36" = "258082039"
"a2_39" = "279604994"
"a2_38" = "272431211"
"a3_486" = "3467639311"
"a3_487" = "3508182702"
"a3_480" = "3424608201"
"a3_481" = "3431657576"
"a3_482" = "3438646411"
"a3_483" = "3479636266"
"a4_902" = "2171579846"
"a2_584" = "4186759481"
"a4_79" = "566360559"
"a4_78" = "559191438"
"a4_906" = "2200256330"
"a4_907" = "2207425451"
"a4_904" = "2185918088"
"a2_585" = "4193940734"
"a4_73" = "523345833"
"a4_72" = "516176712"
"a4_71" = "509007591"
"a4_70" = "501838470"
"a4_77" = "552022317"
"a4_76" = "544853196"
"a4_75" = "537684075"
"a4_74" = "530514954"
"a3_642" = "324456811"
"a3_390" = "2812641775"
"a3_391" = "2786540046"
"a3_392" = "2793594529"
"a3_393" = "2800513728"
"a3_394" = "2841581411"
"a3_395" = "2848623490"
"a3_396" = "2821991461"
"a3_397" = "2829566020"
"a3_398" = "2870043879"
"a3_399" = "2877036806"
"a1_529" = "2450563108"
"a1_625" = "2195481228"
"a1_622" = "2226211041"
"a1_623" = "3988759481"
"a1_620" = "739185907"
"a1_621" = "3622292087"
"a3_643" = "331380106"

[HKCU\Software\Aas\695404737]
"7169121" = "218"

[HKCU\Software\Aas]
"a3_958" = "2556348631"
"a3_959" = "2563272054"
"a1_528" = "2199692716"
"a2_588" = "4215445360"
"a3_950" = "2498827743"
"a3_951" = "2539425406"
"a3_956" = "2575413269"
"a3_957" = "2582860980"
"a3_954" = "2527820627"
"a2_589" = "4222610251"
"a1_976" = "3021008993"
"a1_977" = "67970847"
"a1_974" = "201025575"
"a1_975" = "2992833759"
"a1_972" = "4096195825"
"a1_973" = "326363267"
"a1_970" = "3660752920"
"a3_827" = "1616916338"
"a1_770" = "718399197"
"a1_978" = "3074237480"
"a1_979" = "4217154735"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Aas]
"a4_199" = "1426655079"
"a3_505" = "3603458416"
"a3_504" = "3596547281"
"a2_363" = "2602387887"
"a3_507" = "3651577394"
"a3_506" = "3644525971"
"a3_501" = "3608550396"
"a3_500" = "3568002909"
"a3_503" = "3623047358"
"a3_502" = "3615603743"
"a4_821" = "1590881045"
"a4_698" = "709079162"
"a4_699" = "716248283"
"a4_820" = "1583711924"
"a4_692" = "666064436"
"a4_693" = "673233557"
"a4_690" = "651726194"
"a4_691" = "658895315"
"a4_696" = "694740920"
"a4_697" = "701910041"
"a4_694" = "680402678"
"a4_695" = "687571799"
"a4_822" = "1598050166"
"a3_828" = "1624490901"
"a3_829" = "1664967732"
"a3_826" = "1643547347"
"a4_825" = "1619557529"
"a3_824" = "1628992017"
"a3_825" = "1636505264"
"a3_822" = "1581458783"
"a3_823" = "1588517374"
"a3_820" = "1600580765"
"a3_821" = "1607565628"
"a2_900" = "2157246977"
"a1_746" = "594609535"
"a4_827" = "1633895771"
"a2_901" = "2164413002"
"a3_644" = "305393197"
"a4_826" = "1626726650"
"a2_902" = "2171581082"
"a4_274" = "1964339154"
"a4_275" = "1971508275"
"a4_276" = "1978677396"
"a4_277" = "1985846517"
"a4_270" = "1935662670"
"a4_271" = "1942831791"
"a4_272" = "1950000912"
"a4_273" = "1957170033"
"a2_904" = "2185915631"
"a4_278" = "1993015638"
"a4_279" = "2000184759"
"a2_905" = "2193081572"
"a2_906" = "2200249973"
"a4_478" = "3426839838"
"a4_479" = "3434008959"
"a4_476" = "3412501596"
"a4_477" = "3419670717"
"a4_474" = "3398163354"
"a4_475" = "3405332475"
"a4_472" = "3383825112"
"a4_473" = "3390994233"
"a4_470" = "3369486870"
"a4_471" = "3376655991"
"a4_308" = "2208089268"
"a4_309" = "2215258389"
"a4_300" = "2150736300"
"a4_301" = "2157905421"
"a4_302" = "2165074542"
"a4_303" = "2172243663"
"a4_304" = "2179412784"
"a4_305" = "2186581905"
"a4_306" = "2193751026"
"a4_307" = "2200920147"
"a1_114" = "2037238537"
"a1_115" = "213663434"
"a1_116" = "1201778138"
"a1_117" = "4275822091"
"a1_110" = "1539916646"
"a1_111" = "3447323200"
"a1_112" = "1777205285"
"a1_113" = "1627258764"
"a1_824" = "3165637482"
"a1_118" = "2266799027"
"a1_119" = "3885057152"
"a4_576" = "4129413696"
"a4_920" = "2300624024"
"a3_732" = "969437045"
"a2_498" = "3570229373"
"a2_499" = "3577393470"
"a2_492" = "3527209093"
"a2_493" = "3534378466"
"a2_490" = "3512876308"
"a2_491" = "3520041104"
"a2_496" = "3555877356"
"a2_497" = "3563045841"
"a2_494" = "3541544799"
"a2_495" = "3548712034"
"a2_816" = "1555034006"
"a2_817" = "1562199026"
"a2_814" = "1540698123"
"a2_815" = "1547864008"
"a2_812" = "1526365739"
"a3_740" = "1026900557"
"a2_810" = "1512015505"
"a2_811" = "1519180954"
"a3_733" = "943391636"
"a4_570" = "4086398970"
"a2_818" = "1569366881"
"a2_819" = "1576548534"
"a1_565" = "32506458"
"a1_564" = "752289734"
"a1_567" = "2685658760"
"a1_566" = "3255771082"
"a1_561" = "1653349965"
"a1_560" = "4178855417"
"a1_563" = "3030224109"
"a1_562" = "4101360092"
"a1_569" = "1649240517"
"a1_568" = "3675139869"
"a1_525" = "3469445813"
"a2_678" = "565690921"
"a2_679" = "572857506"
"a2_676" = "551356649"
"a2_677" = "558524660"
"a2_674" = "537022477"
"a2_675" = "544180481"
"a2_672" = "522674431"
"a2_673" = "529842220"
"a2_670" = "508338281"
"a2_671" = "515507296"
"a3_982" = "2728158783"
"a2_258" = "1849638597"
"a2_259" = "1856810520"
"a2_254" = "1820966388"
"a2_255" = "1828116821"
"a2_256" = "1835302870"
"a2_257" = "1842472426"
"a2_250" = "1792286301"
"a2_251" = "1799441148"
"a2_252" = "1806622199"
"a2_253" = "1813785562"
"a1_363" = "2453103781"
"a1_362" = "1385295460"
"a1_361" = "4163552633"
"a1_360" = "759994989"
"a1_367" = "300914258"
"a1_366" = "1775447826"
"a1_365" = "2034711539"
"a1_364" = "1746792389"
"a1_369" = "3675217828"
"a1_368" = "2424982081"
"a3_977" = "2692709400"
"a3_924" = "2346001461"
"a1_38" = "3071160392"
"a1_39" = "2968809850"
"a1_30" = "3047118704"
"a1_31" = "952923592"
"a1_32" = "2561318905"
"a1_33" = "4078212831"
"a1_34" = "1075063080"
"a1_35" = "341432340"
"a1_36" = "3671399384"
"a1_37" = "1554569278"
"a1_297" = "1546556471"
"a1_296" = "3581475484"
"a1_295" = "46719866"
"a1_294" = "1947270440"
"a1_293" = "1027506373"
"a1_292" = "2462927864"
"a1_291" = "2544593676"
"a1_290" = "1947915692"
"a1_299" = "2892777211"
"a1_298" = "937911892"
"a3_769" = "1234824520"
"a1_600" = "3324385557"
"a2_668" = "494009211"
"a1_601" = "4145895691"
"a3_761" = "1143737968"
"a3_760" = "1170380241"
"a3_763" = "1191790386"
"a4_286" = "2050368606"
"a3_765" = "1206362100"
"a1_602" = "3351726440"
"a3_767" = "1186780342"
"a3_766" = "1179725847"
"a2_108" = "774273900"
"a2_109" = "781427234"
"a4_878" = "1999520942"
"a1_603" = "3615246029"
"a2_100" = "716907184"
"a2_101" = "724075541"
"a2_102" = "731244154"
"a2_103" = "738425127"
"a2_104" = "745594447"
"a2_105" = "752758907"
"a2_106" = "759925321"
"a2_107" = "767094644"
"a3_541" = "3861793492"
"a3_540" = "3887912629"
"a3_543" = "3909387158"
"a3_542" = "3868847991"
"a3_545" = "3923892392"
"a3_544" = "3916833801"
"a3_547" = "3904770410"
"a3_546" = "3897785547"
"a3_549" = "3952815660"
"a3_548" = "3945379213"
"a1_607" = "2688765874"
"a1_589" = "1698630161"
"a1_588" = "2718998173"
"a3_169" = "1228156448"
"a3_168" = "1187689857"
"a3_167" = "1180635502"
"a3_166" = "1206680783"
"a3_165" = "1199757484"
"a3_164" = "1192698893"
"a3_163" = "1151697898"
"a3_162" = "1144713035"
"a3_161" = "1171213096"
"a3_160" = "1163777673"
"a1_749" = "4022506835"
"a1_748" = "3511064741"
"a2_28" = "200730395"
"a2_29" = "207912892"
"a2_26" = "186395040"
"a2_27" = "193574331"
"a2_24" = "172063760"
"a2_25" = "179228778"
"a2_22" = "157727115"
"a2_23" = "164898714"
"a2_20" = "143379007"
"a2_21" = "150548078"
"a4_68" = "487500228"
"a4_69" = "494669349"
"a4_917" = "2279116661"
"a4_916" = "2271947540"
"a4_911" = "2236101935"
"a4_910" = "2228932814"
"a4_913" = "2250440177"
"a4_912" = "2243271056"
"a4_60" = "430147260"
"a4_61" = "437316381"
"a4_62" = "444485502"
"a4_63" = "451654623"
"a4_64" = "458823744"
"a4_65" = "465992865"
"a4_66" = "473161986"
"a4_67" = "480331107"
"a4_833" = "1676910497"
"a4_959" = "2580219743"
"a2_758" = "1139221180"
"a2_7" = "50176052"
"a2_6" = "43022925"
"a2_5" = "35836201"
"a2_4" = "28685139"
"a2_3" = "21508340"
"a2_2" = "14341947"
"a2_1" = "7175798"
"a2_0" = "7015"
"a1_639" = "395932486"
"a1_638" = "92148943"
"a3_389" = "2805656908"
"a3_388" = "2765048109"
"a2_9" = "64528111"
"a2_8" = "57357824"
"a4_5" = "35845605"
"a4_4" = "28676484"
"a4_7" = "50183847"
"a4_6" = "43014726"
"a4_1" = "7169121"
"a4_0" = "0"
"a4_3" = "21507363"
"a4_2" = "14338242"
"a4_9" = "64522089"
"a4_8" = "57352968"
"a2_756" = "1124888791"
"a3_949" = "2491838908"
"a3_948" = "2484395293"
"a3_945" = "2462900280"
"a3_944" = "2455850905"
"a3_947" = "2510895354"
"a3_946" = "2503967835"
"a3_941" = "2467992228"
"a3_940" = "2427452933"
"a3_943" = "2482482022"
"a3_942" = "2474915527"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Aas]
"a3_875" = "1961196962"
"a1_532" = "2590776543"
"a1_533" = "3172774734"
"a4_845" = "1762939949"
"a2_853" = "1820289598"
"a3_708" = "797636205"
"a4_923" = "2322131387"
"a3_970" = "2675785123"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB EB 89 9A 2E 75 D6 15 47 15 86 B2 CA E3 A7 56"

[HKCU\Software\Aas]
"a1_968" = "2336618645"
"a4_689" = "644557073"
"a4_688" = "637387952"
"a1_951" = "3726237165"
"a4_685" = "615880589"
"a4_684" = "608711468"
"a4_687" = "630218831"
"a4_686" = "623049710"
"a4_681" = "587204105"
"a4_680" = "580034984"
"a4_683" = "601542347"
"a4_682" = "594373226"
"a3_831" = "1645985014"
"a3_830" = "1671960663"
"a3_833" = "1659958664"
"a3_832" = "1652904297"
"a3_835" = "1707934282"
"a1_538" = "2081786879"
"a3_837" = "1688886028"
"a3_836" = "1681434349"
"a3_839" = "1736479694"
"a3_838" = "1729494959"
"a1_539" = "3898840705"
"a2_911" = "2236099502"
"a1_957" = "692717729"
"a4_267" = "1914155307"
"a4_266" = "1906986186"
"a4_265" = "1899817065"
"a4_264" = "1892647944"
"a4_263" = "1885478823"
"a4_262" = "1878309702"
"a4_261" = "1871140581"
"a4_260" = "1863971460"

[HKCU\Software\Aas\695404737]
"43014726" = "0A00687474703A2F2F63616465732E636F6D2E61722F696D616765732F6C6F676F2E67696600687474703A2F2F636576697A74762E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F746861692D736B796C696768742E636F6D2F627574746F6E2E67696600687474703A2F2F636F726573646162616869612E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F736D6F6B696E2D74722E636F6D2F6173736574732F696D616765732F6C6F676F2E67696600687474703A2F2F7777772E62756572676572666573742D6772616566656E626572672E64652F6C6F676F2E67696600687474703A2F2F77696E676D616B657273686F70652E7A612E706C2F696D616765732F627574746F6E2E67696600687474703A2F2F77656C6C73736D616C6C2E636F6D2F696D616765732F6C6F676F2E67696600687474703A2F2F7777772E75656873692E64652F6C6F676F2E67696600687474703A2F2F686F74656C697370622E686F702E72752F696D6167652F6C6F676F2E676966"

[HKCU\Software\Aas]
"a4_269" = "1928493549"
"a4_268" = "1921324428"
"a4_461" = "3304964781"
"a4_460" = "3297795660"
"a4_463" = "3319303023"
"a4_462" = "3312133902"
"a4_465" = "3333641265"
"a4_464" = "3326472144"
"a4_467" = "3347979507"
"a4_466" = "3340810386"
"a4_469" = "3362317749"
"a4_468" = "3355148628"
"a4_897" = "2135734241"
"a4_898" = "2142903362"
"a4_899" = "2150072483"
"a2_560" = "4014703379"
"a4_319" = "2286949599"
"a4_318" = "2279780478"
"a1_840" = "663813114"
"a4_313" = "2243934873"
"a4_312" = "2236765752"
"a4_311" = "2229596631"
"a4_310" = "2222427510"
"a4_317" = "2272611357"
"a4_316" = "2265442236"
"a4_315" = "2258273115"
"a4_314" = "2251103994"

"a3_130" = "915379051"
"a1_923" = "851378031"
"a3_131" = "922302346"
"a3_132" = "962897965"
"a2_880" = "2013867464"
"a1_107" = "2852619007"
"a1_106" = "3501513624"
"a1_105" = "605852325"
"a1_104" = "728272944"
"a1_103" = "389288283"
"a1_102" = "1218040249"
"a1_101" = "2194006544"
"a1_100" = "1837785787"
"a3_134" = "943841519"
"a1_109" = "2302044692"
"a1_62" = "184865837"
"a1_61" = "1551017431"
"a3_137" = "998890944"
"a2_883" = "2035361526"
"a3_686" = "606179783"
"a2_489" = "3505695374"
"a2_488" = "3498525530"
"a3_687" = "613616230"
"a2_485" = "3477014760"
"a2_484" = "3469859802"
"a2_487" = "3491357256"
"a2_486" = "3484191774"
"a2_481" = "3448342354"
"a2_480" = "3441169861"
"a2_483" = "3462692564"
"a2_482" = "3455508163"
"a3_974" = "2704311079"
"a3_685" = "632749476"
"a3_975" = "2711758662"
"a2_882" = "2028195559"
"a3_976" = "2685262841"
"a2_809" = "1504843254"
"a2_808" = "1497681794"
"a4_721" = "873968945"
"a3_680" = "596757377"
"a2_801" = "1447506000"
"a2_800" = "1440321221"
"a2_803" = "1461830163"
"a3_681" = "570649632"
"a2_805" = "1476181848"
"a2_804" = "1469014745"
"a2_807" = "1490515112"
"a2_806" = "1483346758"
"a3_145" = "1022800088"
"a3_972" = "2656717413"
"a3_144" = "1015749817"
"a2_885" = "2049709162"
"a3_973" = "2663771780"
"a3_147" = "1070844314"
"a2_661" = "443824612"
"a2_660" = "436654649"
"a2_663" = "458157093"
"a3_146" = "1063277947"
"a2_665" = "472489582"
"a2_664" = "465323570"
"a2_667" = "486842169"
"a2_666" = "479659324"
"a2_669" = "501182702"
"a3_141" = "1027810116"
"a3_140" = "986812197"
"a2_881" = "2021025343"
"a3_143" = "1008236550"
"a2_249" = "1785116150"
"a2_248" = "1777932338"
"a2_247" = "1770781370"
"a2_246" = "1763602320"
"a2_245" = "1756433923"
"a2_244" = "1749268937"
"a2_243" = "1742098739"
"a2_242" = "1734918761"
"a2_241" = "1727748763"
"a2_240" = "1720597243"
"a1_356" = "1896011945"
"a1_357" = "3752393263"
"a1_354" = "164844632"
"a1_355" = "1498859325"
"a1_352" = "3274509951"
"a1_353" = "3070230679"
"a1_350" = "3897214882"
"a1_351" = "2268174945"
"a2_855" = "1834623760"
"a3_639" = "269411382"
"a1_358" = "3578688511"
"a1_359" = "1256659234"
"a3_638" = "295912343"
"a2_887" = "2064045691"
"a2_886" = "2056878373"
"a3_795" = "1387647762"
"a3_718" = "869065255"
"a3_719" = "843023942"
"a3_714" = "807050403"
"a3_715" = "813969602"
"a3_716" = "821548389"
"a3_717" = "862013828"
"a3_710" = "778506031"
"a3_711" = "785556302"
"a3_712" = "826034145"
"a3_713" = "833615872"
"a2_820" = "1583715595"
"a2_119" = "853128024"
"a2_118" = "845963001"
"a4_869" = "1934998853"
"a4_868" = "1927829732"
"a2_113" = "810111733"
"a2_112" = "802944707"
"a2_111" = "795778443"
"a2_110" = "788607629"
"a2_117" = "838794840"
"a2_116" = "831614716"
"a2_115" = "824443132"
"a2_114" = "817276036"
"a3_534" = "3844868223"
"a3_535" = "3852446878"
"a3_536" = "3825811761"
"a3_537" = "3832866128"
"a3_530" = "3816471291"
"a3_531" = "3823394586"
"a3_532" = "3797414845"
"a3_533" = "3804403676"
"a3_538" = "3840383475"
"a3_539" = "3880858130"
"a2_813" = "1533531260"
"a3_152" = "1106310065"
"a3_153" = "1080268752"
"a3_150" = "1092336383"
"a3_151" = "1099259678"
"a3_156" = "1135231285"
"a3_157" = "1108731220"
"a3_154" = "1087178867"
"a3_155" = "1127787666"
"a3_628" = "223959005"
"a3_629" = "231000188"
"a3_158" = "1115724279"
"a3_159" = "1123168790"
"a2_59" = "422985552"
"a2_58" = "415802479"
"a2_53" = "379966635"
"a2_52" = "372786147"
"a2_51" = "365618480"
"a2_50" = "358449405"
"a2_57" = "408633412"
"a2_56" = "401462579"
"a2_55" = "394300408"
"a2_54" = "387134999"
"a4_842" = "1741432586"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Aas]
"a4_55" = "394301655"
"a4_54" = "387132534"
"a4_57" = "408639897"
"a4_56" = "401470776"
"a4_51" = "365625171"
"a4_50" = "358456050"
"a4_53" = "379963413"
"a4_52" = "372794292"
"a3_440" = "3171413137"
"a3_441" = "3178398000"
"a3_442" = "3185321299"
"a3_443" = "3159349746"
"a4_59" = "422978139"
"a4_58" = "415809018"
"a3_446" = "3214379735"
"a3_447" = "3187748726"
"a1_644" = "1580944549"
"a1_645" = "4286788305"
"a1_646" = "3894487929"
"a1_647" = "395890800"
"a1_640" = "216317392"
"a1_641" = "1213173212"
"a1_642" = "350618006"
"a1_643" = "2425924713"
"a1_648" = "1738244561"
"a1_649" = "2417207129"

[HKCU\Software\Aas\695404737]
"21507363" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a2_953" = "2537206049"
"a3_459" = "3307312066"
"a3_458" = "3266772899"
"a4_784" = "1325623568"
"a4_785" = "1332792689"
"a4_786" = "1339961810"
"a4_787" = "1347130931"
"a4_780" = "1296947084"
"a4_781" = "1304116205"
"a4_782" = "1311285326"
"a4_783" = "1318454447"
"a1_828" = "901247879"
"a1_829" = "1735753024"
"a4_788" = "1354300052"
"a3_451" = "3249847498"
"a4_670" = "508343774"
"a4_671" = "515512895"
"a4_672" = "522682016"
"a3_450" = "3242793131"
"a4_674" = "537020258"
"a4_675" = "544189379"
"a4_676" = "551358500"
"a4_677" = "558527621"
"a4_678" = "565696742"
"a1_604" = "485090178"
"a1_916" = "251759151"
"a1_917" = "440694475"
"a1_910" = "2682497691"
"a1_911" = "4039798421"
"a1_912" = "2463486413"
"a1_913" = "3567235882"
"a3_844" = "1772455397"
"a3_845" = "1746353668"
"a3_846" = "1753404071"
"a3_847" = "1760327366"
"a3_840" = "1743926369"
"a3_841" = "1717414016"
"a3_842" = "1724861731"
"a3_843" = "1765466434"
"a3_848" = "1801448313"
"a3_849" = "1808437144"
"a3_702" = "721038295"
"a4_874" = "1970844458"
"a1_654" = "1803232894"
"a4_961" = "2594557985"
"a4_414" = "2968016094"
"a4_415" = "2975185215"
"a4_416" = "2982354336"
"a4_417" = "2989523457"
"a4_410" = "2939339610"
"a4_411" = "2946508731"
"a4_412" = "2953677852"
"a4_413" = "2960846973"
"a4_418" = "2996692578"
"a4_419" = "3003861699"
"a3_806" = "1500078927"
"a3_807" = "1507067886"
"a1_138" = "2216929012"
"a1_139" = "3105224725"
"a3_907" = "2190592386"
"a1_132" = "700621747"
"a1_133" = "3772283615"
"a1_130" = "1740874634"
"a1_131" = "4205213175"
"a1_136" = "1220224474"
"a1_137" = "4264661335"
"a1_134" = "1148187767"
"a1_135" = "2293607062"
"a3_768" = "1227770153"
"a4_328" = "2351471688"
"a4_329" = "2358640809"
"a4_326" = "2337133446"
"a4_327" = "2344302567"
"a4_324" = "2322795204"
"a4_325" = "2329964325"
"a4_322" = "2308456962"
"a4_323" = "2315626083"
"a4_320" = "2294118720"
"a4_321" = "2301287841"
"a4_528" = "3785295888"
"a4_529" = "3792465009"
"a4_258" = "1849633218"
"a4_259" = "1856802339"
"a4_252" = "1806618492"
"a4_253" = "1813787613"
"a4_250" = "1792280250"
"a4_251" = "1799449371"
"a4_256" = "1835294976"
"a4_257" = "1842464097"
"a4_254" = "1820956734"
"a4_255" = "1828125855"
"a3_909" = "2238580292"
"a2_470" = "3369489447"
"a2_471" = "3376658263"
"a2_472" = "3383823204"
"a2_473" = "3390991474"
"a2_474" = "3398156389"
"a2_475" = "3405325040"
"a2_476" = "3412507511"
"a2_477" = "3419674187"
"a2_478" = "3426842365"
"a2_479" = "3434006155"
"a4_880" = "2013859184"
"a3_908" = "2231591461"
"a1_797" = "2544913479"
"a2_878" = "1999527629"
"a2_879" = "2006695108"
"a2_874" = "1970840591"
"a2_875" = "1978010819"
"a2_876" = "1985179168"
"a2_877" = "1992344525"
"a2_870" = "1942173728"
"a2_871" = "1949343740"
"a2_872" = "1956508450"
"a2_873" = "1963677673"
"a1_349" = "3980034024"
"a1_348" = "1055802098"
"a2_586" = "4201113476"
"a2_587" = "4208276212"
"a2_580" = "4158092162"
"a2_581" = "4165258634"
"a2_582" = "4172425613"
"a2_583" = "4179591946"
"a1_341" = "2989481578"
"a1_340" = "1807228569"
"a1_343" = "2760017197"
"a1_342" = "3905220426"
"a1_345" = "2514162378"
"a1_344" = "2178579514"
"a1_347" = "210318821"
"a1_346" = "836654764"
"a2_614" = "106878252"
"a2_615" = "114048146"
"a2_616" = "121212959"
"a2_617" = "128382306"
"a2_610" = "78198521"
"a2_611" = "85362981"
"a2_612" = "92525215"
"a2_613" = "99698226"
"a2_618" = "135546238"
"a2_619" = "142712986"
"a2_272" = "1950006056"
"a2_273" = "1957172508"
"a2_270" = "1935656121"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Aas]
"a2_276" = "1978672218"
"a2_277" = "1985839440"
"a2_274" = "1964341433"
"a2_275" = "1971504005"
"a2_908" = "2214603741"
"a2_909" = "2221764690"
"a2_278" = "1993021905"
"a2_279" = "2000190050"
"a1_842" = "46824368"
"a2_298" = "2136406193"
"a2_299" = "2143591772"
"a1_841" = "181066971"
"a2_290" = "2079041589"
"a2_291" = "2086208068"
"a2_292" = "2093378367"
"a2_293" = "2100558776"
"a2_294" = "2107726595"
"a2_295" = "2114891893"
"a2_296" = "2122059384"
"a2_297" = "2129226335"
"a2_728" = "924149365"
"a2_729" = "931316131"
"a2_720" = "866797898"
"a2_721" = "873965833"
"a2_722" = "881134861"
"a2_723" = "888297058"
"a2_724" = "895482884"
"a2_725" = "902652799"
"a2_726" = "909817280"
"a2_727" = "916985585"
"a1_594" = "657095177"
"a4_450" = "3226104450"
"a3_791" = "1392659870"
"a3_709" = "804547212"
"a4_451" = "3233273571"
"a3_707" = "790584778"
"a3_706" = "749582763"
"a3_705" = "742524168"
"a3_704" = "769089769"
"a3_703" = "761646198"
"a4_452" = "3240442692"
"a3_701" = "713602996"
"a3_700" = "706548501"
"a4_890" = "2085550394"
"a4_891" = "2092719515"
"a4_892" = "2099888636"
"a4_453" = "3247611813"
"a4_894" = "2114226878"
"a4_895" = "2121395999"
"a2_128" = "917645779"
"a2_129" = "924814948"
"a2_126" = "903314980"
"a2_127" = "910483090"
"a2_124" = "888963650"
"a2_125" = "896145738"
"a2_122" = "874631072"
"a2_123" = "881796842"
"a2_120" = "860302639"
"a2_121" = "867456388"
"a3_35" = "267899754"
"a3_526" = "3787937127"
"a3_525" = "3780489412"
"a3_524" = "3739884709"
"a3_523" = "3732895746"
"a4_456" = "3269119176"
"a3_521" = "3751945024"
"a3_520" = "3744501537"
"a2_824" = "1612382811"
"a4_457" = "3276288297"
"a3_529" = "3809412696"
"a3_528" = "3768345145"
"a1_12" = "1273440466"
"a1_13" = "3467690165"
"a1_10" = "2011544983"
"a1_11" = "1351788054"
"a1_16" = "1019706992"
"a1_17" = "1239484647"
"a1_14" = "3567705379"
"a1_15" = "398461051"
"a1_18" = "2927604579"
"a1_19" = "1312098662"
"a3_149" = "1051199068"
"a3_148" = "1044210237"
"a2_896" = "2128560185"
"a2_48" = "344113899"
"a2_49" = "351283759"
"a1_846" = "1335416794"
"a2_40" = "286766813"
"a2_41" = "293932420"
"a2_42" = "301099865"
"a2_43" = "308264975"
"a2_44" = "315448203"
"a2_45" = "322616522"
"a2_46" = "329785209"
"a2_47" = "336939954"
"a2_897" = "2135728309"
"a4_42" = "301103082"
"a4_43" = "308272203"
"a4_40" = "286764840"
"a4_41" = "293933961"
"a4_46" = "329779566"
"a4_47" = "336948687"
"a4_44" = "315441324"
"a4_45" = "322610445"
"a3_453" = "3230791052"
"a3_452" = "3223736685"
"a4_48" = "344117808"
"a4_49" = "351286929"
"a3_457" = "3259718400"
"a3_456" = "3285821153"
"a3_455" = "3278766670"
"a3_454" = "3271781935"
"a1_657" = "2315477583"
"a1_656" = "1604285230"
"a1_655" = "2378562934"
"a1_632" = "3243512901"
"a1_653" = "3745316154"
"a1_652" = "1660781500"
"a1_651" = "715650325"
"a1_650" = "2532653206"
"a3_796" = "1428649909"
"a1_659" = "1695886318"
"a1_658" = "3695981580"
"a3_797" = "1435691988"
"a3_18" = "112354555"
"a3_19" = "152901914"
"a3_14" = "83367783"
"a3_15" = "124488582"
"a3_16" = "131411001"
"a3_17" = "104906840"
"a3_10" = "88506851"
"a3_11" = "95435266"
"a3_12" = "69459621"
"a3_13" = "76378820"
"a3_240" = "1737322713"
"a4_886" = "2056873910"
"a3_793" = "1406704208"
"a3_809" = "1488018592"
"a3_798" = "1442679927"
"a3_799" = "1416568982"
"a3_248" = "1761236945"
"a2_172" = "1233086283"
"a4_797" = "1418822141"
"a4_796" = "1411653020"
"a4_795" = "1404483899"
"a4_794" = "1397314778"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Aas]
"a4_792" = "1382976536"
"a4_791" = "1375807415"
"a4_790" = "1368638294"
"a1_839" = "2716631898"
"a1_838" = "202075471"
"a4_799" = "1433160383"
"a4_798" = "1425991262"
"a4_663" = "458159927"
"a4_662" = "450990806"
"a4_661" = "443821685"
"a4_660" = "436652564"
"a4_667" = "486836411"
"a4_666" = "479667290"
"a4_665" = "472498169"
"a4_664" = "465329048"
"a1_907" = "3253833458"
"a1_906" = "2646191185"
"a4_669" = "501174653"
"a4_668" = "494005532"
"a1_903" = "3077957482"
"a1_902" = "1624889532"
"a1_901" = "126857787"
"a1_900" = "1037684297"
"a3_857" = "1865835152"
"a3_856" = "1824837233"
"a3_855" = "1817794014"
"a3_854" = "1844425151"
"a3_853" = "1836850460"
"a3_852" = "1829861629"
"a3_851" = "1789379674"
"a3_850" = "1781801019"
"a1_635" = "1690578889"
"a4_949" = "2508528533"
"a3_859" = "1846328146"
"a3_858" = "1872824115"
"a1_734" = "3496574546"
"a2_644" = "321950334"
"a4_976" = "2702094800"
"a4_454" = "3254780934"
"a1_524" = "1522310050"
"a4_407" = "2917832247"
"a4_406" = "2910663126"
"a4_405" = "2903494005"
"a4_404" = "2896324884"
"a4_403" = "2889155763"
"a4_402" = "2881986642"
"a4_401" = "2874817521"
"a4_400" = "2867648400"
"a1_825" = "604350372"
"a1_879" = "3814151576"
"a3_640" = "276404393"
"a4_409" = "2932170489"
"a4_408" = "2925001368"
"a3_641" = "283851976"
"a3_646" = "352855791"
"a3_647" = "360438542"
"a4_789" = "1361469173"
"a1_129" = "553995861"
"a1_128" = "1411400762"
"a1_125" = "1663194373"
"a1_124" = "3617682607"
"a1_127" = "709656640"
"a1_126" = "114417387"
"a1_121" = "4271784183"
"a1_120" = "4129343174"
"a1_123" = "248841297"
"a1_122" = "2401291398"
"a4_331" = "2372979051"
"a4_330" = "2365809930"
"a4_333" = "2387317293"
"a4_332" = "2380148172"
"a4_335" = "2401655535"
"a4_334" = "2394486414"
"a4_337" = "2415993777"
"a4_336" = "2408824656"
"a4_339" = "2430332019"
"a4_338" = "2423162898"
"a1_833" = "1870739987"
"a4_539" = "3864156219"
"a4_538" = "3856987098"
"a4_249" = "1785111129"
"a4_248" = "1777942008"
"a1_832" = "4096036126"
"a4_245" = "1756434645"
"a4_244" = "1749265524"
"a4_247" = "1770772887"
"a4_246" = "1763603766"
"a4_241" = "1727758161"
"a4_240" = "1720589040"
"a4_243" = "1742096403"
"a4_242" = "1734927282"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Aas]
"a1_830" = "1795652302"
"a4_793" = "1390145657"
"a1_836" = "942204138"
"a1_835" = "3551925416"
"a1_754" = "1618616942"
"a1_834" = "1313425852"
"a1_634" = "3699127686"
"a2_463" = "3319307288"
"a2_462" = "3312139361"
"a2_461" = "3304969320"
"a2_460" = "3297789008"
"a2_467" = "3347972535"
"a2_466" = "3340807794"
"a2_465" = "3333638228"
"a2_464" = "3326474415"
"a2_469" = "3362322829"
"a2_468" = "3355156835"
"a1_934" = "3427103163"
"a4_802" = "1454667746"
"a4_872" = "1956506216"
"a2_869" = "1934992200"
"a2_868" = "1927825076"
"a2_867" = "1920658344"
"a2_866" = "1913488873"
"a2_865" = "1906324059"
"a2_864" = "1899159477"
"a2_863" = "1891990056"
"a1_791" = "1720714990"
"a2_861" = "1877653743"
"a2_860" = "1870473657"
"a2_597" = "4279959898"
"a2_596" = "4272793665"
"a2_595" = "4265635090"
"a2_594" = "4258461636"
"a1_338" = "3965517637"
"a1_339" = "2592435661"
"a2_591" = "4236944831"
"a2_590" = "4229778555"
"a1_334" = "1333684944"
"a1_335" = "663290322"
"a1_336" = "2450782596"
"a1_337" = "1903874573"
"a1_330" = "1071257431"
"a1_331" = "2165772978"
"a1_332" = "2208336822"
"a1_333" = "1176733560"
"a2_607" = "56695616"
"a2_606" = "49528499"
"a3_30" = "231909751"
"a2_604" = "35178594"
"a1_64" = "2710842702"
"a2_602" = "20852377"
"a2_601" = "13665384"
"a2_600" = "6511611"
"a4_875" = "1978013579"
"a2_609" = "71028942"
"a2_608" = "63864349"
"a2_265" = "1899819172"
"a2_264" = "1892656980"
"a2_267" = "1914153297"
"a2_266" = "1906987719"
"a2_261" = "1871137915"
"a2_260" = "1863970072"
"a2_263" = "1885471178"
"a2_262" = "1878303891"
"a2_919" = "2293450197"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Aas]
"a2_269" = "1928487994"
"a2_268" = "1921321948"
"a1_905" = "3402259253"
"a2_884" = "2042529035"
"a1_482" = "815312924"
"a1_483" = "3588633427"
"a2_289" = "2071873898"
"a2_288" = "2064710218"
"a1_486" = "1597201572"
"a1_487" = "1669583838"
"a1_484" = "3656632794"
"a1_485" = "3260753370"
"a2_283" = "2028857707"
"a2_282" = "2021691229"
"a2_281" = "2014517086"
"a2_280" = "2007357118"
"a2_287" = "2057546696"
"a2_286" = "2050371892"
"a2_285" = "2043193716"
"a2_284" = "2036038611"
"a2_739" = "1003016998"
"a2_738" = "995838101"
"a3_522" = "3725445091"
"a2_733" = "959990416"
"a2_732" = "952835903"
"a2_731" = "945666964"
"a2_730" = "938484426"
"a2_737" = "988668635"
"a2_736" = "981503707"
"a2_735" = "974333250"
"a2_734" = "967175124"
"a4_446" = "3197427966"
"a1_637" = "170879531"
"a3_912" = "2226582457"
"a1_240" = "1942991599"
"a1_241" = "2236470591"
"a1_242" = "2743580428"
"a1_243" = "3772886735"
"a1_244" = "312393678"
"a1_245" = "2892494441"
"a1_246" = "3097756779"
"a1_247" = "4109407018"
"a1_248" = "2260024745"
"a1_249" = "335331330"
"a3_738" = "978859403"
"a3_739" = "986426922"
"a4_445" = "3190258845"
"a2_131" = "939148206"
"a2_130" = "931980437"
"a2_133" = "953499024"
"a2_132" = "946333646"
"a2_135" = "967834159"
"a2_134" = "960666753"
"a2_137" = "982166610"
"a2_136" = "974996951"
"a2_139" = "996515196"
"a2_138" = "989331629"
"a4_889" = "2078381273"
"a4_888" = "2071212152"
"a2_79" = "566354127"
"a2_78" = "559189673"
"a3_916" = "2254979389"
"a3_288" = "2048100105"
"a3_289" = "2055027624"
"a3_184" = "1336102801"
"a3_917" = "2262558044"
"a3_282" = "2038692083"
"a3_283" = "2045680914"
"a3_280" = "1990631473"
"a3_281" = "2031109200"
"a3_286" = "2067091063"
"a3_287" = "2074141334"
"a3_284" = "2019045813"
"a3_285" = "2026624468"
"a3_606" = "66123703"
"a3_607" = "40004566"
"a3_604" = "52150005"
"a3_605" = "59069204"
"a3_602" = "4023859"
"a3_603" = "11016786"
"a3_600" = "23079281"
"a3_601" = "30657936"
"a4_700" = "723417404"
"a3_608" = "46992457"
"a3_609" = "87597288"
"a1_796" = "701304963"
"a1_583" = "2892195226"
"a1_794" = "1064157940"
"a1_795" = "1126538825"
"a1_792" = "2149924941"
"a1_793" = "3282504411"
"a1_790" = "1266224231"
"a1_582" = "151420635"
"a3_635" = "240424626"
"a3_911" = "2219532038"
"a1_581" = "458901743"
"a1_798" = "637648868"
"a1_799" = "1727609826"
"a1_580" = "3527135262"
"a3_198" = "1436076335"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"

[HKCU\Software\Aas]
"a3_196" = "1388556397"
"a3_197" = "1429034124"
"a3_194" = "1407548331"
"a3_195" = "1380982730"
"a3_192" = "1393042153"
"a3_193" = "1400620808"
"a3_190" = "1345525207"
"a3_191" = "1352568438"
"a2_981" = "2737945350"
"a1_585" = "4010383627"
"a3_468" = "3338201981"
"a3_469" = "3379269532"
"a3_466" = "3324236475"
"a3_467" = "3331159770"
"a3_464" = "3343287801"
"a3_465" = "3350216216"
"a3_462" = "3295169831"
"a3_463" = "3302744390"
"a3_460" = "3314758757"
"a3_461" = "3321800836"
"a1_468" = "726579602"
"a1_469" = "4191197957"
"a3_518" = "3696916079"
"a3_519" = "3703958158"
"a1_460" = "941568610"
"a1_461" = "2666893338"
"a1_462" = "2126355803"
"a1_463" = "2462180153"
"a1_464" = "2907447218"
"a1_465" = "2541192952"
"a1_466" = "4010952585"
"a1_467" = "682746600"
"a3_29" = "224867540"
"a3_28" = "183865525"
"a1_668" = "92769618"
"a1_669" = "1888963009"
"a3_21" = "167399900"
"a3_20" = "159956413"
"a3_23" = "148336286"
"a3_22" = "140888703"
"a3_25" = "195929936"
"a3_24" = "188875569"
"a3_27" = "176880658"
"a3_26" = "169827315"
"a2_830" = "1655399722"
"a3_499" = "3560555322"
"a2_831" = "1662580641"
"a3_498" = "3587059355"
"a2_832" = "1669735125"
"a3_497" = "3579611768"
"a2_833" = "1676905555"
"a3_496" = "3539014105"
"a2_834" = "1684088045"
"a3_495" = "3532029350"
"a2_835" = "1691251978"
"a4_955" = "2551543259"
"a3_494" = "3524581639"
"a2_836" = "1698419151"
"a3_493" = "3551077604"
"a2_837" = "1705586018"
"a3_492" = "3544154181"
"a3_491" = "3503090722"
"a1_837" = "786431899"
"a3_527" = "3761424774"
"a3_490" = "3496037251"
"a3_775" = "1244236686"
"a4_915" = "2264778419"
"a3_868" = "1944793805"
"a3_869" = "1918293868"
"a4_914" = "2257609298"
"a3_862" = "1901368503"
"a3_863" = "1908803798"
"a3_860" = "1853775861"
"a3_861" = "1860825108"
"a3_866" = "1930361355"
"a3_867" = "1937350314"
"a3_864" = "1882303817"
"a3_865" = "1889747432"
"a1_806" = "2045722331"
"a1_807" = "3102083482"
"a1_804" = "2211265778"
"a1_805" = "1806282266"
"a1_802" = "2141128621"
"a1_803" = "243179775"
"a1_800" = "3141834897"

"a1_808" = "3041037166"
"a1_809" = "2587150388"
"a4_656" = "407976080"
"a4_657" = "415145201"
"a4_654" = "393637838"
"a4_655" = "400806959"
"a4_652" = "379299596"
"a4_653" = "386468717"
"a4_650" = "364961354"
"a4_651" = "372130475"
"a1_938" = "2646973494"
"a1_939" = "1179982231"
"a4_658" = "422314322"
"a4_659" = "429483443"
"a3_773" = "1263760076"
"a4_849" = "1791616433"
"a4_919" = "2293454903"
"a4_918" = "2286285782"
"a2_656" = "407973675"
"a1_875" = "742752320"
"a4_925" = "2336469629"
"a3_762" = "1151312531"
"a1_684" = "82620318"
"a4_438" = "3140074998"
"a4_439" = "3147244119"
"a1_874" = "38442900"
"a4_432" = "3097060272"
"a4_433" = "3104229393"
"a4_430" = "3082722030"
"a4_431" = "3089891151"
"a4_436" = "3125736756"
"a4_437" = "3132905877"
"a4_434" = "3111398514"
"a4_435" = "3118567635"
"a3_928" = "2374546825"
"a4_344" = "2466177624"
"a4_345" = "2473346745"
"a4_346" = "2480515866"
"a4_347" = "2487684987"
"a4_340" = "2437501140"
"a4_341" = "2444670261"
"a4_342" = "2451839382"
"a4_343" = "2459008503"
"a3_764" = "1198848853"
"a4_348" = "2494854108"
"a4_349" = "2502023229"
"a4_508" = "3641913468"
"a4_509" = "3649082589"
"a4_506" = "3627575226"
"a4_507" = "3634744347"
"a4_504" = "3613236984"
"a4_505" = "3620406105"
"a4_502" = "3598898742"
"a4_503" = "3606067863"
"a4_500" = "3584560500"
"a4_501" = "3591729621"
"a3_383" = "2729068342"
"a3_382" = "2721620631"
"a4_882" = "2028197426"
"a3_381" = "2748124788"
"a2_456" = "3269121488"
"a2_457" = "3276280406"
"a2_454" = "3254786433"
"a3_380" = "2741212629"
"a2_452" = "3240430071"
"a2_453" = "3247604122"
"a2_450" = "3226096047"
"a2_451" = "3233271588"
"a3_387" = "2757612682"
"a3_633" = "259938800"
"a2_458" = "3283455653"
"a3_386" = "2784112747"
"a3_385" = "2776670152"
"a4_881" = "2021028305"
"a3_384" = "2769681321"
"a1_735" = "2368830514"
"a2_852" = "1813120862"
"a1_730" = "2136551204"
"a2_850" = "1798793837"
"a2_851" = "1805945785"
"a2_856" = "1841805832"
"a2_857" = "1848978280"
"a2_854" = "1827458797"
"a1_731" = "84665930"
"a3_632" = "252486993"
"a2_858" = "1856139495"
"a2_859" = "1863305108"
"a1_732" = "1890804754"
"a1_733" = "3945027270"
"a1_329" = "1540858614"
"a1_328" = "3275214598"
"a1_327" = "2737166939"
"a1_326" = "2851577817"
"a1_325" = "3618718588"
"a1_324" = "249278598"
"a1_323" = "131719901"
"a1_322" = "2148445142"
"a1_321" = "1131451651"
"a1_320" = "1245475397"
"a2_650" = "364955498"
"a1_436" = "3766410976"
"a1_736" = "2912208357"
"a3_631" = "211878206"
"a1_737" = "2293535125"
"a2_652" = "379305031"
"a3_923" = "2339079058"
"a2_926" = "2343646953"
"a2_927" = "2350802287"
"a2_924" = "2329303943"
"a2_653" = "386473479"
"a4_887" = "2064043031"
"a2_923" = "2322136661"
"a2_920" = "2300617082"
"a2_921" = "2307799606"
"a2_654" = "393638957"
"a2_928" = "2357984397"
"a2_655" = "400805722"
"a1_908" = "2415064766"
"a3_630" = "204893343"
"a2_657" = "415138861"
"a3_922" = "2298015603"
"a1_495" = "147613693"
"a1_494" = "2493225079"
"a1_497" = "1179686809"
"a1_496" = "2752689486"
"a1_491" = "1201141853"
"a1_490" = "1562691350"
"a1_493" = "2042652387"
"a1_492" = "4058496304"
"a1_499" = "2452659279"
"a1_498" = "209467119"
"a3_637" = "288468852"
"a2_708" = "780763232"
"a2_709" = "787945780"
"a2_706" = "766431142"
"a2_707" = "773597493"
"a2_704" = "752096894"
"a2_705" = "759254788"
"a2_702" = "737761185"
"a2_703" = "744930672"
"a2_700" = "723405129"
"a2_701" = "730595050"
"a4_885" = "2049704789"
"a2_638" = "278924489"
"a2_639" = "286103512"
"a3_808" = "1481095169"
"a2_632" = "235918982"
"a2_633" = "243077470"
"a2_630" = "221591759"
"a2_631" = "228752960"
"a2_636" = "264600467"
"a2_637" = "271769374"
"a2_634" = "250249545"
"a2_635" = "257418244"
"a1_253" = "1097555955"
"a1_252" = "2162691277"
"a1_251" = "564204406"
"a1_250" = "1287827665"
"a1_257" = "3644352221"
"a1_256" = "2550978927"
"a1_255" = "2166532844"
"a1_254" = "985410404"
"a3_920" = "2284050097"
"a1_259" = "2949375349"
"a1_258" = "1555945598"
"a3_729" = "914469392"
"a3_728" = "907418097"
"a4_884" = "2042535668"
"a2_144" = "1032350032"
"a2_145" = "1039530472"
"a2_146" = "1046686315"
"a2_147" = "1053852402"
"a2_140" = "1003669025"
"a2_141" = "1010855192"
"a2_142" = "1018007118"
"a2_143" = "1025180883"
"a1_781" = "3482246449"
"a1_780" = "765036854"
"a2_68" = "487503435"
"a2_69" = "494671613"
"a2_148" = "1061035780"
"a2_149" = "1068200568"
"a1_787" = "169524586"
"a4_455" = "3261950055"
"a3_299" = "2126993250"
"a3_298" = "2119545539"
"a3_295" = "2131608046"
"a3_294" = "2091003215"
"a3_297" = "2146049696"
"a3_296" = "2139060737"
"a3_291" = "2103079018"
"a3_290" = "2062081995"
"a3_293" = "2083555628"
"a3_292" = "2110067853"
"a2_987" = "2780961356"
"a1_904" = "1525096901"
"a3_634" = "266990099"
"a3_619" = "159571106"
"a3_618" = "152516611"
"a3_611" = "68549034"
"a3_610" = "95044875"
"a3_613" = "82982508"
"a3_612" = "75537869"
"a3_615" = "131026734"
"a3_614" = "123579023"
"a3_617" = "111511520"
"a3_616" = "104522561"
"a3_181" = "1280611004"
"a3_180" = "1307180573"
"a3_34" = "260325067"
"a3_182" = "1288058591"
"a3_185" = "1309597744"
"a3_33" = "253401768"
"a3_187" = "1324038386"
"a3_186" = "1316586579"
"a3_189" = "1371566516"
"a3_188" = "1364647189"
"a3_38" = "289377359"
"a3_39" = "296296686"
"a3_471" = "3359687774"
"a3_470" = "3386187839"
"a3_473" = "3407682832"
"a3_472" = "3367139569"
"a3_475" = "3422180818"
"a3_474" = "3414733235"
"a3_477" = "3403113108"
"a4_282" = "2021692122"
"a3_479" = "3450714966"
"a3_478" = "3443656503"
"a1_479" = "278217316"
"a1_478" = "3009943371"
"a3_509" = "3632529140"
"a3_508" = "3624950357"
"a1_473" = "2035556"
"a1_472" = "1839593094"
"a1_471" = "1098139819"
"a1_470" = "1154869600"
"a1_477" = "3113791484"
"a1_476" = "1032617225"
"a1_475" = "1306629796"
"a1_474" = "4208653492"
"a4_533" = "3821141493"
"a1_679" = "2719434771"
"a1_678" = "573951831"
"a4_532" = "3813972372"
"a1_675" = "1626470423"
"a1_674" = "560083245"
"a1_677" = "2675115936"
"a1_676" = "2571526042"
"a1_671" = "1802277217"
"a4_531" = "3806803251"
"a1_673" = "2709404785"
"a1_672" = "4253244190"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_530" = "3799634130"
"a4_537" = "3849817977"
"a4_536" = "3842648856"
"a1_868" = "2753304154"
"a4_535" = "3835479735"
"a3_981" = "2721238428"
"a3_980" = "2747738493"
"a3_983" = "2769230430"
"a4_534" = "3828310614"
"a3_985" = "2783204112"
"a3_984" = "2776284913"
"a3_987" = "2764139474"
"a3_986" = "2757228467"
"a2_151" = "1082529602"
"a2_150" = "1075365681"
"a1_869" = "2359624479"
"a2_271" = "1942836550"
"a3_879" = "1989722918"
"a3_878" = "1982672519"
"a1_823" = "1485965561"
"a3_874" = "1954273539"
"a3_877" = "2009303652"
"a3_876" = "2001736133"
"a3_871" = "1966337070"
"a3_870" = "1925204879"
"a3_873" = "1946690784"
"a3_872" = "1973321793"
"a2_159" = "1139884592"
"a4_758" = "1139226422"
"a2_158" = "1132717549"
"a1_925" = "3539439804"
"a1_924" = "594340017"
"a1_927" = "2336042724"
"a1_926" = "2729014558"
"a1_921" = "1426758583"
"a1_920" = "1754325794"
"a3_787" = "1363737626"
"a1_922" = "2305883919"
"a3_80" = "590099577"
"a1_929" = "2802408806"
"a1_928" = "4020586382"
"a4_649" = "357792233"
"a4_648" = "350623112"
"a4_641" = "300439265"
"a4_640" = "293270144"
"a4_643" = "314777507"
"a4_642" = "307608386"
"a4_645" = "329115749"
"a4_644" = "321946628"
"a4_647" = "343453991"
"a4_646" = "336284870"
"a3_786" = "1323129851"
"a1_819" = "3115415069"
"a1_818" = "3608821303"
"a3_785" = "1316202328"
"a3_746" = "1069934723"
"a1_811" = "3329208582"
"a1_810" = "979669403"
"a1_813" = "3586269012"
"a1_812" = "791117481"
"a1_815" = "4190740426"
"a1_814" = "3915960349"
"a1_817" = "3994229444"
"a1_816" = "103642252"
"a4_963" = "2608896227"
"a4_429" = "3075552909"
"a4_428" = "3068383788"
"a4_425" = "3046876425"
"a4_424" = "3039707304"
"a4_427" = "3061214667"
"a4_426" = "3054045546"
"a4_421" = "3018199941"
"a4_420" = "3011030820"
"a4_423" = "3032538183"
"a4_422" = "3025369062"
"a3_743" = "1014841262"
"a3_745" = "1062892640"
"a3_742" = "1007917839"
"a4_967" = "2637572711"
"a3_741" = "1033955052"
"a2_802" = "1454663805"
"a4_357" = "2559376197"
"a4_356" = "2552207076"
"a4_355" = "2545037955"
"a4_354" = "2537868834"
"a4_353" = "2530699713"
"a4_352" = "2523530592"
"a4_351" = "2516361471"
"a4_350" = "2509192350"
"a3_747" = "1043369250"
"a4_359" = "2573714439"
"a4_358" = "2566545318"
"a4_511" = "3663420831"
"a4_510" = "3656251710"
"a4_513" = "3677759073"
"a4_512" = "3670589952"
"a4_515" = "3692097315"
"a4_514" = "3684928194"
"a4_517" = "3706435557"
"a4_516" = "3699266436"
"a4_519" = "3720773799"
"a4_518" = "3713604678"
"a3_744" = "1021891521"
"a3_749" = "1091421668"

[HKCU\Software\Aas\695404737]
"50183847" = "6CB4F357E15540EBCF387CD502BE18BB83B2095EA6EE884B0D059449A5342D68E3B2D27FB714B9250509608EC3DEB7EEA20A33E26D97C5486AA270018FFA46A16EE0AF4EE22779AE1BD1BBA23B356C014518440564740352676BB249C23112961C700B388C12E7360016EE2DAFC09E2689A619CC82C6AA0421112571C15FFB27"

[HKCU\Software\Aas]
"a2_845" = "1762935566"
"a2_844" = "1755771557"
"a2_847" = "1777279974"
"a2_846" = "1770103225"
"a2_841" = "1734235582"
"a2_840" = "1727087911"
"a2_843" = "1748604349"
"a2_842" = "1741437274"
"a3_780" = "1280228773"
"a4_928" = "2357976992"
"a2_849" = "1791622647"
"a2_848" = "1784455103"
"a1_312" = "3819871366"
"a1_313" = "2786066666"
"a1_310" = "3040310021"
"a1_311" = "2927681890"
"a1_316" = "2846395282"
"a1_317" = "2851048304"
"a1_314" = "3528122027"
"a1_315" = "1004600672"
"a3_620" = "166490309"
"a1_318" = "3734636480"
"a1_319" = "1983360650"
"a4_929" = "2365146113"
"a4_982" = "2745109526"
"a2_449" = "3218937964"
"a2_448" = "3211757963"
"a3_621" = "140449124"
"a2_441" = "3161534247"
"a2_440" = "3154415999"
"a2_443" = "3175915884"
"a2_442" = "3168752445"
"a2_445" = "3190252478"
"a2_444" = "3183083755"
"a2_447" = "3204602964"
"a2_446" = "3197434905"
"a2_939" = "2436839468"
"a2_938" = "2429673184"
"a4_893" = "2107057757"
"a2_931" = "2379486943"
"a2_930" = "2372318900"
"a2_933" = "2393819338"
"a2_932" = "2386646254"
"a2_935" = "2408153891"
"a2_934" = "2400986519"
"a2_937" = "2422504878"
"a2_936" = "2415336696"
"a3_818" = "1552537563"
"a2_711" = "802280408"
"a2_710" = "795113485"
"a2_713" = "816612675"
"a2_712" = "809450247"
"a2_715" = "830948209"
"a2_714" = "823776679"
"a2_717" = "845283898"
"a2_716" = "838117002"
"a2_719" = "859632975"
"a2_718" = "852463669"
"a1_587" = "4067339710"
"a3_623" = "187965990"
"a2_629" = "214414490"
"a2_628" = "207234630"
"a2_625" = "185730622"
"a2_624" = "178555322"
"a2_627" = "200065727"
"a2_626" = "192894163"
"a2_621" = "157050854"
"a2_620" = "149882631"
"a2_623" = "171398812"
"a2_622" = "164230159"
"a1_266" = "111022338"
"a1_267" = "3448001145"
"a1_264" = "381936214"
"a1_265" = "3528663725"
"a1_262" = "3900622840"
"a1_263" = "2010963452"
"a1_260" = "2489818314"
"a1_261" = "202775387"
"a1_268" = "2682259513"
"a1_269" = "2491248933"
"a2_157" = "1125553938"
"a2_156" = "1118384998"
"a2_155" = "1111220092"
"a2_154" = "1104051287"
"a2_153" = "1096865843"
"a2_152" = "1089703823"
"a2_99" = "709742245"
"a2_98" = "702574728"
"a2_97" = "695408273"
"a2_96" = "688241775"
"a2_95" = "681059681"
"a2_94" = "673891006"
"a2_93" = "666719794"
"a2_92" = "659556167"
"a2_91" = "652392476"
"a2_90" = "645222588"
"a3_260" = "1847236781"
"a3_261" = "1854160076"
"a3_262" = "1861734767"
"a3_263" = "1902212494"
"a3_264" = "1909255713"
"a3_265" = "1883210304"
"a3_266" = "1890133731"
"a3_267" = "1930746626"
"a3_268" = "1938194341"
"a3_269" = "1945179076"
"a1_915" = "3870699722"
"a1_847" = "3320548042"
"a3_404" = "2913010493"
"a1_844" = "3124320206"
"a3_405" = "2886510428"
"a1_845" = "2335223057"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Aas]
"a2_862" = "1884809029"
"a4_983" = "2752278647"
"a1_961" = "2436978658"
"a3_668" = "477267765"
"a3_669" = "484195156"
"a1_960" = "3709616148"
"a3_664" = "448737713"
"a3_665" = "489346512"
"a3_666" = "496258675"
"a3_667" = "470278802"
"a3_660" = "453353533"
"a3_661" = "460801116"
"a3_662" = "467859711"
"a3_663" = "441294110"
"a3_43" = "324843106"
"a3_42" = "284237251"
"a3_41" = "277248416"
"a3_40" = "269796609"
"a3_47" = "353765350"
"a3_46" = "313221959"
"a3_45" = "305778468"
"a3_44" = "332278405"
"a1_965" = "2489849739"
"a3_49" = "368270520"
"a3_48" = "360822809"
"a1_964" = "2784722794"
"a4_99" = "709742979"
"a4_98" = "702573858"
"a3_406" = "2893962239"
"a3_407" = "2901015582"
"a3_400" = "2884615609"
"a3_401" = "2857980376"
"a3_402" = "2865023611"
"a3_403" = "2906025626"
"a4_91" = "652390011"
"a4_90" = "645220890"
"a4_93" = "666728253"
"a4_92" = "659559132"
"a4_95" = "681066495"
"a4_94" = "673897374"
"a4_97" = "695404737"
"a4_96" = "688235616"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"

[HKCU\Software\Aas]
"a1_448" = "2003452791"
"a1_449" = "1303049744"
"a1_446" = "1238044738"
"a3_408" = "2941554865"
"a1_444" = "3454396334"
"a1_445" = "3077017137"
"a1_442" = "3915032418"
"a1_443" = "2429165952"
"a1_440" = "943996141"
"a3_409" = "2949002448"
"a1_680" = "3041285910"
"a1_681" = "3847065471"
"a1_682" = "702873560"
"a1_683" = "2017415829"
"a2_561" = "4021871025"
"a1_685" = "1778508968"
"a1_686" = "2513697269"
"a1_687" = "1030797078"
"a1_688" = "3557789165"
"a1_689" = "3032221795"

"a3_834" = "1700949547"
"a3_988" = "2804681845"
"a1_767" = "372725481"
"a1_766" = "4200567118"
"a3_318" = "2262948439"
"a3_319" = "2303950582"
"a2_599" = "4294297656"
"a3_310" = "2239031135"
"a3_311" = "2246548478"
"a3_312" = "2219916305"
"a3_313" = "2226966704"
"a3_314" = "2267968723"
"a3_315" = "2275010930"
"a3_316" = "2248445333"
"a3_317" = "2255889972"
"a3_933" = "2410528684"
"a3_934" = "2384417743"
"a1_760" = "3613710918"
"a2_605" = "42345804"
"a3_935" = "2391471214"
"a3_476" = "3395669621"
"a1_447" = "2114957291"
"a2_603" = "28010347"
"a3_880" = "2030724953"
"a3_881" = "2037718008"
"a3_882" = "2044771355"
"a3_883" = "2018660538"
"a3_884" = "2025714909"
"a3_885" = "2066704764"
"a3_886" = "2073693599"
"a1_745" = "3270420727"
"a3_888" = "2054642257"
"a3_889" = "2061696752"
"a1_769" = "3284740514"
"a1_441" = "3508482003"
"a4_964" = "2616065348"
"a1_744" = "531890365"
"a4_988" = "2788124252"
"a4_857" = "1848969401"
"a4_638" = "278931902"
"a4_639" = "286101023"
"a4_634" = "250255418"
"a4_635" = "257424539"
"a4_636" = "264593660"
"a4_637" = "271762781"
"a4_630" = "221578934"
"a4_631" = "228748055"
"a4_632" = "235917176"
"a4_633" = "243086297"
"a2_913" = "2250434618"
"a1_747" = "4192727822"
"a2_912" = "2243279047"

"a2_651" = "372139467"
"a2_910" = "2228940953"
"a3_794" = "1380597491"

[HKCU\Software\Aas\695404737]
"35845605" = "392"

[HKCU\Software\Aas]
"a2_917" = "2279118185"
"a4_883" = "2035366547"
"a2_916" = "2271949513"
"a4_740" = "1010182244"
"a4_741" = "1017351365"
"a4_742" = "1024520486"
"a4_743" = "1031689607"
"a4_744" = "1038858728"
"a4_745" = "1046027849"
"a4_746" = "1053196970"
"a4_747" = "1060366091"
"a4_748" = "1067535212"
"a4_749" = "1074704333"
"a1_866" = "125715980"
"a1_867" = "233769529"
"a1_860" = "3968243808"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Aas]
"a1_862" = "1011691308"
"a4_859" = "1863307643"
"a4_182" = "1304780022"

[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_180" = "1290441780"
"a4_181" = "1297610901"
"a4_186" = "1333456506"
"a4_187" = "1340625627"
"a4_184" = "1319118264"
"a4_185" = "1326287385"
"a4_188" = "1347794748"
"a4_189" = "1354963869"
"a1_741" = "1673045916"
"a2_918" = "2286283069"
"a4_168" = "1204412328"
"a1_194" = "2836346583"
"a1_195" = "1821925306"
"a4_160" = "1147059360"
"a4_161" = "1154228481"
"a4_162" = "1161397602"
"a4_163" = "1168566723"
"a4_164" = "1175735844"
"a4_165" = "1182904965"
"a4_166" = "1190074086"
"a4_167" = "1197243207"
"a4_296" = "2122059816"
"a4_297" = "2129228937"
"a4_294" = "2107721574"
"a4_295" = "2114890695"
"a4_292" = "2093383332"
"a4_293" = "2100552453"
"a4_290" = "2079045090"
"a4_291" = "2086214211"
"a4_142" = "1018015182"
"a3_952" = "2546868881"
"a4_568" = "4072060728"
"a4_569" = "4079229849"
"a4_298" = "2136398058"
"a4_299" = "2143567179"
"a2_598" = "4287129550"
"a1_192" = "280442480"
"a1_193" = "3416450193"
"a1_969" = "3321725286"
"a4_934" = "2400991718"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Aas]
"a3_790" = "1351657855"
"a4_958" = "2573050622"
"a1_742" = "3356220031"
"a4_368" = "2638236528"
"a4_369" = "2645405649"
"a4_362" = "2595221802"
"a4_363" = "2602390923"
"a4_360" = "2580883560"
"a4_361" = "2588052681"
"a4_366" = "2623898286"
"a4_367" = "2631067407"
"a4_364" = "2609560044"
"a4_365" = "2616729165"
"a1_305" = "2230354836"
"a1_304" = "3740212271"
"a1_307" = "628174094"
"a1_306" = "875251388"
"a1_301" = "4148314555"
"a1_300" = "1600133596"
"a1_303" = "3729187222"
"a1_302" = "2731034335"
"a3_792" = "1399711281"
"a1_309" = "2141754304"
"a1_308" = "247478898"
"a2_540" = "3871319680"
"a2_541" = "3878500711"
"a2_542" = "3885671803"
"a1_481" = "2306915864"
"a2_544" = "3900005035"
"a2_545" = "3907162520"
"a2_546" = "3914337625"
"a2_547" = "3921506299"
"a2_548" = "3928672355"
"a2_549" = "3935854680"
"a2_894" = "2114230257"
"a2_895" = "2121387716"
"a2_892" = "2099895535"
"a2_893" = "2107061210"
"a2_890" = "2085547143"
"a2_891" = "2092714948"
"a2_438" = "3140067025"
"a2_439" = "3147249612"
"a2_434" = "3111402469"
"a2_435" = "3118565705"
"a2_436" = "3125731983"
"a2_437" = "3132902620"
"a2_430" = "3082718761"
"a2_431" = "3089885733"
"a2_432" = "3097066026"
"a2_433" = "3104232631"
"a4_986" = "2773786010"
"a2_948" = "2501356571"
"a2_949" = "2508523071"
"a4_908" = "2214594572"
"a2_944" = "2472686263"
"a2_945" = "2479860720"
"a2_946" = "2487022284"
"a2_947" = "2494188529"
"a2_940" = "2443981387"
"a1_488" = "2682390149"
"a2_942" = "2458338107"
"a2_943" = "2465520290"
"a1_279" = "1935651083"
"a1_278" = "849036429"
"a1_489" = "3841684883"
"a1_271" = "3370829170"
"a1_270" = "1081057523"
"a1_273" = "3726631589"
"a1_272" = "1263535045"
"a1_275" = "2967339549"
"a1_274" = "214419085"
"a1_277" = "1179446956"
"a1_276" = "2988592622"
"a2_764" = "1182238881"
"a2_765" = "1189407629"
"a2_766" = "1196572824"
"a2_767" = "1203743096"
"a2_760" = "1153558308"
"a2_761" = "1160740473"
"a2_762" = "1167905084"
"a2_763" = "1175075652"
"a2_768" = "1210924709"
"a2_769" = "1218091206"
"a2_382" = "2738612793"
"a2_383" = "2745775840"
"a2_380" = "2724259296"
"a2_381" = "2731438871"
"a2_386" = "2767274350"
"a2_387" = "2774444176"
"a2_384" = "2752938096"
"a2_385" = "2760108962"
"a2_388" = "2781624868"
"a2_389" = "2788791114"
"a1_613" = "2760849028"
"a1_612" = "2249742229"
"a1_611" = "4277263933"
"a2_368" = "2638245562"
"a2_369" = "2645406414"
"a1_610" = "2650642588"
"a2_88" = "630888845"
"a2_89" = "638043752"
"a2_84" = "602207885"
"a2_85" = "609370691"
"a2_86" = "616538265"
"a2_87" = "623706461"
"a2_80" = "573522566"
"a2_81" = "580703258"
"a2_82" = "587873395"
"a2_83" = "595044724"
"a3_273" = "1974165848"
"a3_272" = "1966722361"
"a3_271" = "1926113414"
"a3_270" = "1918678119"
"a3_277" = "2002712284"
"a3_276" = "1962103485"
"a3_275" = "1954659866"
"a3_274" = "1947600379"
"a2_162" = "1161400527"
"a2_163" = "1168571996"
"a3_279" = "1983582110"
"a3_278" = "2009623423"
"a2_166" = "1190068560"
"a2_167" = "1197237342"
"a2_164" = "1175738421"
"a2_165" = "1182901511"
"a3_690" = "668723035"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Aas]
"a3_679" = "589715310"
"a1_666" = "3086481043"
"a3_677" = "541662892"
"a3_676" = "568228365"
"a3_675" = "560775658"
"a3_674" = "553725259"
"a3_673" = "513247528"
"a3_672" = "505681033"
"a3_671" = "532246550"
"a3_670" = "525328375"
"a3_50" = "341766363"
"a3_51" = "348755322"
"a3_52" = "389745053"
"a3_53" = "396796476"
"a3_54" = "370165343"
"a3_55" = "377748222"
"a3_56" = "384737041"
"a3_57" = "425210800"
"a3_58" = "432789459"
"a3_59" = "406145138"
"a3_417" = "3006523432"
"a3_416" = "2965403529"
"a3_415" = "2958480150"
"a3_414" = "2984984311"
"a3_413" = "2977536596"
"a3_412" = "2970543669"
"a3_411" = "2929937810"
"a3_410" = "2922490227"
"a3_419" = "2986877162"
"a3_418" = "3013512267"
"a1_451" = "1085254316"
"a1_450" = "2466095414"
"a1_453" = "2958022675"
"a1_452" = "2535312120"
"a1_455" = "2196288346"
"a1_454" = "1506674205"
"a1_457" = "2791275894"
"a1_456" = "1071586164"
"a1_459" = "1209984410"
"a1_458" = "3565546295"
"a1_693" = "3176184366"
"a1_692" = "1156189511"
"a1_691" = "565776225"
"a1_690" = "1826269644"
"a1_697" = "2210684331"
"a1_696" = "4243275720"
"a1_695" = "3133335595"
"a1_694" = "1306517389"
"a1_699" = "1275703970"
"a1_698" = "3181596360"
"a3_896" = "2145139113"
"a3_695" = "704178558"
"a1_962" = "2288962635"
"a3_309" = "2231976764"
"a3_308" = "2191503005"
"a3_303" = "2155521254"
"a3_302" = "2148466759"
"a3_301" = "2174512164"
"a3_300" = "2167589765"
"a3_307" = "2183924346"
"a3_306" = "2210566619"
"a3_305" = "2203581880"
"a3_304" = "2162448665"
"a4_86" = "616544406"
"a4_87" = "623713527"
"a4_84" = "602206164"
"a4_85" = "609375285"
"a4_82" = "587867922"
"a4_83" = "595037043"
"a4_80" = "573529680"
"a4_81" = "580698801"
"a3_887" = "2047190590"
"a3_730" = "921917107"
"a4_88" = "630882648"
"a4_89" = "638051769"
"a3_731" = "962513618"
"a4_954" = "2544374138"

[HKCU\Software\Aas\695404737]
"14338242" = "0"

[HKCU\Software\Aas]
"a3_913" = "2267125720"
"a3_736" = "998505673"
"a1_740" = "1899125561"
"a3_737" = "1005490536"
"a3_697" = "685057584"
"a3_892" = "2083171285"
"a3_891" = "2109683634"
"a3_890" = "2102235923"
"a3_897" = "2119163336"
"a3_734" = "950445111"
"a3_895" = "2138211638"
"a3_894" = "2131222679"
"a3_899" = "2166680202"
"a3_735" = "990926934"
"a3_696" = "678137233"
"a1_967" = "2220260816"
"a4_387" = "2774449827"
"a1_940" = "11233397"
"a1_752" = "1287001678"
"a4_629" = "214409813"
"a4_628" = "207240692"
"a4_627" = "200071571"
"a4_626" = "192902450"
"a4_625" = "185733329"
"a4_624" = "178564208"
"a4_623" = "171395087"
"a4_622" = "164225966"
"a4_621" = "157056845"
"a4_620" = "149887724"
"a2_75" = "537686347"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015011920150120]
"CacheRepair" = "0"

[HKCU\Software\Aas]
"a2_74" = "530523545"
"a1_763" = "540288033"
"a2_77" = "552020161"
"a2_76" = "544855382"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"

[HKCU\Software\Aas]
"a2_71" = "509003044"
"a2_70" = "501831500"
"a4_753" = "1103380817"
"a4_752" = "1096211696"
"a4_751" = "1089042575"
"a4_750" = "1081873454"
"a4_757" = "1132057301"
"a2_73" = "523353230"
"a4_755" = "1117719059"
"a4_754" = "1110549938"
"a1_877" = "414572315"
"a1_876" = "843671122"
"a4_759" = "1146395543"
"a2_72" = "516173612"
"a1_873" = "3440390790"
"a1_872" = "2776605733"
"a1_871" = "3350730932"
"a1_870" = "338688664"
"a4_195" = "1397978595"
"a4_194" = "1390809474"
"a4_197" = "1412316837"
"a4_196" = "1405147716"
"a4_191" = "1369302111"
"a4_190" = "1362132990"
"a4_193" = "1383640353"
"a4_192" = "1376471232"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"

[HKCU\Software\Aas]
"a4_198" = "1419485958"
"a1_909" = "3467218353"
"a4_179" = "1283272659"
"a4_178" = "1276103538"
"a4_173" = "1240257933"
"a4_172" = "1233088812"
"a4_171" = "1225919691"
"a4_170" = "1218750570"
"a4_177" = "1268934417"
"a4_176" = "1261765296"
"a4_175" = "1254596175"
"a4_174" = "1247427054"
"a4_577" = "4136582817"
"a3_123" = "898388146"
"a4_575" = "4122244575"
"a4_574" = "4115075454"
"a4_573" = "4107906333"
"a4_572" = "4100737212"
"a4_571" = "4093568091"
"a3_122" = "891468819"
"a4_970" = "2659080074"
"a3_121" = "850861040"
"a4_579" = "4150921059"
"a4_578" = "4143751938"
"a4_289" = "2071875969"
"a4_288" = "2064706848"
"a3_636" = "247859925"
"a3_120" = "843343697"
"a4_985" = "2766616889"
"a4_281" = "2014523001"
"a4_280" = "2007353880"
"a4_283" = "2028861243"
"a1_108" = "3931418661"
"a4_285" = "2043199485"
"a4_284" = "2036030364"
"a4_287" = "2057537727"
"a3_126" = "886312343"
"a3_125" = "879323508"
"a3_124" = "905966805"
"a4_965" = "2623234469"
"a3_691" = "642161658"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Aas]
"a3_967" = "2620735566"
"a4_379" = "2717096859"
"a4_378" = "2709927738"
"a3_966" = "2647370799"
"a4_375" = "2688420375"
"a4_374" = "2681251254"
"a4_377" = "2702758617"
"a4_376" = "2695589496"
"a4_371" = "2659743891"
"a4_370" = "2652574770"
"a4_373" = "2674082133"
"a4_372" = "2666913012"
"a3_964" = "2599327597"
"a3_963" = "2592338634"
"a3_962" = "2584764075"
"a4_756" = "1124888180"
"a3_961" = "2611395080"
"a1_755" = "2779367746"
"a1_437" = "1300325345"
"a3_960" = "2604335593"
"a2_553" = "3964532388"
"a2_552" = "3957352626"
"a2_551" = "3950187486"
"a2_550" = "3943021934"
"a2_557" = "3993191182"
"a2_556" = "3986037187"
"a2_555" = "3978855187"
"a2_554" = "3971689997"
"a2_889" = "2078379701"
"a2_888" = "2071203887"
"a2_559" = "4007540207"
"a2_558" = "4000376857"
"a4_980" = "2730771284"
"a4_981" = "2737940405"
"a2_429" = "3075551000"
"a2_428" = "3068382096"
"a2_427" = "3061216985"
"a2_426" = "3054048884"
"a2_425" = "3046868516"
"a2_424" = "3039713535"
"a2_423" = "3032532040"
"a2_422" = "3025365043"
"a2_421" = "3018207316"
"a2_420" = "3011033107"
"a1_758" = "3233759595"
"a2_565" = "4050528322"
"a4_984" = "2759447768"
"a2_959" = "2580224692"
"a2_958" = "2573055545"
"a2_957" = "2565875370"
"a2_956" = "2558707330"
"a2_955" = "2551538340"
"a2_954" = "2544382253"
"a1_785" = "2009955003"
"a2_952" = "2530039677"
"a2_951" = "2522873447"
"a2_950" = "2515691761"
"a1_208" = "2131883765"
"a1_209" = "4065736513"
"a1_204" = "2720007154"
"a1_205" = "1112691880"
"a1_206" = "2109311920"
"a1_207" = "849855864"
"a1_200" = "2822967709"
"a1_201" = "1218510599"
"a1_202" = "716111412"
"a1_203" = "2032762318"
"a2_777" = "1275431506"
"a2_776" = "1268273463"
"a2_775" = "1261108505"
"a2_774" = "1253926585"
"a2_773" = "1246756914"
"a2_772" = "1239589151"
"a2_771" = "1232421956"
"a2_770" = "1225258149"
"a2_779" = "1289776892"
"a2_778" = "1282611449"
"a2_395" = "2831808561"
"a2_394" = "2824628957"
"a2_397" = "2846143467"
"a2_396" = "2838977511"
"a2_391" = "2803135981"
"a2_390" = "2795961679"
"a2_393" = "2817460204"
"a2_392" = "2810290469"
"a2_399" = "2860478200"
"a2_398" = "2853318389"
"a2_568" = "4072057440"
"a2_569" = "4079226094"
"a2_379" = "2717090036"
"a2_378" = "2709925253"
"a2_373" = "2674088805"
"a2_372" = "2666906145"
"a2_371" = "2659741676"
"a2_370" = "2652583711"
"a2_377" = "2702756958"
"a2_376" = "2695581283"
"a2_375" = "2688422004"
"a2_374" = "2681257823"
"a3_246" = "1746738975"
"a3_247" = "1753789374"
"a3_244" = "1765852765"
"a3_245" = "1773304572"
"a2_179" = "1283274313"
"a2_178" = "1276105941"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"

[HKCU\Software\Aas]
"a3_241" = "1744311672"
"a2_175" = "1254603653"
"a2_174" = "1247421363"
"a2_177" = "1268936994"
"a2_176" = "1261771655"
"a2_171" = "1225922080"
"a2_170" = "1218753943"
"a2_173" = "1240256161"
"a3_249" = "1801832560"
"a4_960" = "2587388864"
"a1_510" = "1346553486"
"a1_511" = "424871713"
"a1_512" = "1593648348"
"a1_513" = "478279730"
"a1_514" = "3419063676"
"a1_515" = "123049086"
"a1_516" = "2656812881"
"a1_517" = "2848522932"
"a1_518" = "3680477989"
"a1_519" = "2449179422"
"a3_648" = "367361953"
"a3_649" = "340792256"
"a3_69" = "478110732"
"a3_68" = "470664173"
"a3_65" = "449123976"
"a3_64" = "442135145"
"a3_67" = "497168202"
"a3_66" = "489720619"
"a3_61" = "454263092"
"a3_60" = "413199509"
"a3_63" = "468244982"
"a3_62" = "461186391"
"a1_784" = "1774879029"
"a3_514" = "3667976427"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Aas]
"a2_543" = "3892824542"
"a1_424" = "3324325587"
"a1_425" = "939098807"
"a1_426" = "561638197"
"a1_427" = "1055436944"
"a1_420" = "4096181874"
"a1_421" = "2689638149"
"a1_422" = "1555697851"
"a1_423" = "221656113"
"a3_199" = "1409969486"
"a1_428" = "582741222"
"a1_429" = "1106802857"
"a3_515" = "3709043978"
"a3_693" = "690213052"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015011920150120]
"CacheLimit" = "8192"

[HKCU\Software\Aas]
"a2_965" = "2623261970"
"a3_338" = "2439897659"
"a3_339" = "2446886490"
"a3_336" = "2391856505"
"a3_337" = "2432846232"
"a3_334" = "2411437223"
"a3_335" = "2384801990"
"a3_332" = "2363312101"
"a3_333" = "2403923972"
"a3_330" = "2348814115"
"a3_331" = "2356388674"
"a1_738" = "873627387"
"a1_739" = "3347331286"
"a3_428" = "3084957701"
"a3_429" = "3058850980"
"a3_422" = "3041926607"
"a3_423" = "3049502318"
"a3_420" = "2994455821"
"a3_421" = "3001383340"
"a3_426" = "3070911299"
"a3_427" = "3077900258"
"a3_424" = "3022858881"
"a3_425" = "3029913376"
"a1_864" = "226863950"
"a2_915" = "2264783316"
"a1_865" = "823902583"
"a4_870" = "1942167974"
"a4_873" = "1963675337"
"a1_861" = "3490327683"
"a1_863" = "4082146769"
"a3_87" = "607024862"
"a3_86" = "633131711"
"a3_85" = "626081308"
"a3_84" = "585598461"
"a3_83" = "578085210"
"a3_82" = "571034939"
"a3_81" = "597665944"
"a4_183" = "1311949143"
"a3_89" = "654610320"
"a3_88" = "614067057"
"a4_612" = "92534756"
"a4_613" = "99703877"
"a4_610" = "78196514"
"a4_611" = "85365635"
"a4_616" = "121211240"
"a4_617" = "128380361"
"a4_614" = "106872998"
"a4_615" = "114042119"
"a4_968" = "2644741832"
"a4_969" = "2651910953"
"a4_618" = "135549482"
"a4_619" = "142718603"

"a4_871" = "1949337095"
"a3_689" = "661144376"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Aas]
"a3_812" = "1543047557"
"a3_692" = "649083933"
"a4_876" = "1985182700"
"a4_766" = "1196579390"
"a4_767" = "1203748511"
"a4_764" = "1182241148"
"a4_765" = "1189410269"
"a4_762" = "1167902906"
"a4_763" = "1175072027"
"a4_760" = "1153564664"
"a4_761" = "1160733785"
"a1_848" = "1286589711"
"a1_849" = "2246313997"
"a1_439" = "3497446046"
"a4_768" = "1210917632"
"a4_769" = "1218086753"
"a3_938" = "2446500163"
"a3_512" = "3687557161"
"a2_662" = "450987935"
"a3_513" = "3660926024"
"a3_930" = "2355479115"
"a3_931" = "2362926826"
"a3_932" = "2403474189"
"a3_814" = "1523992135"
"a4_877" = "1992351821"
"a3_510" = "3639513879"
"a3_936" = "2398382209"
"a3_937" = "2439449888"
"a3_511" = "3679991734"
"a3_516" = "3715971501"
"a3_517" = "3723025868"
"a1_198" = "733386680"
"a1_199" = "1230627390"
"a4_148" = "1061029908"
"a4_149" = "1068199029"
"a4_146" = "1046691666"
"a4_147" = "1053860787"
"a1_196" = "3341748621"
"a4_145" = "1039522545"
"a1_190" = "908033904"
"a4_143" = "1025184303"
"a4_140" = "1003676940"
"a4_141" = "1010846061"
"a2_983" = "2752272368"
"a3_910" = "2245638887"
"a4_548" = "3928678308"
"a4_549" = "3935847429"
"a4_542" = "3885663582"
"a4_543" = "3892832703"
"a4_540" = "3871325340"
"a4_541" = "3878494461"
"a4_546" = "3914340066"
"a4_547" = "3921509187"
"a4_544" = "3900001824"
"a4_545" = "3907170945"
"a4_839" = "1719925223"
"a1_662" = "1622896514"
"a1_663" = "200814178"
"a3_965" = "2639793036"
"a1_660" = "958784077"
"a4_380" = "2724265980"
"a4_381" = "2731435101"
"a4_382" = "2738604222"
"a4_383" = "2745773343"
"a4_384" = "2752942464"
"a4_385" = "2760111585"
"a4_386" = "2767280706"
"a4_169" = "1211581449"
"a4_388" = "2781618948"
"a4_389" = "2788788069"

"a1_667" = "2174499302"
"a1_664" = "2304878374"

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"

[HKCU\Software\Aas]
"a1_665" = "1211862743"
"a1_0" = "4092103001"
"a1_1" = "3542201012"
"a1_2" = "4074786672"
"a1_3" = "2074005661"
"a1_4" = "3894258262"
"a1_5" = "2381088440"
"a1_6" = "102310160"
"a1_7" = "1358400507"
"a1_8" = "1887961564"
"a1_9" = "181482553"
"a2_566" = "4057724136"
"a2_567" = "4064888248"
"a2_564" = "4043387571"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKCU\Software\Aas]
"a2_562" = "4029040677"
"a2_563" = "4036220516"
"a3_8" = "40388897"
"a3_9" = "47967552"
"a3_6" = "59977839"
"a3_7" = "67032206"
"a3_4" = "11991981"
"a3_5" = "52535244"
"a3_2" = "31040235"
"a3_3" = "4933386"
"a3_0" = "17001001"
"a3_1" = "23989832"
"a2_412" = "2953680700"
"a2_413" = "2960845893"
"a2_410" = "2939346186"
"a2_411" = "2946514694"
"a2_416" = "2982349647"
"a2_417" = "2989531715"
"a2_414" = "2968011145"
"a2_415" = "2975182344"
"a2_418" = "2996697387"
"a2_419" = "3003866612"
"a2_962" = "2601723964"
"a2_963" = "2608892692"
"a2_960" = "2587393706"
"a2_961" = "2594556410"
"a2_966" = "2630409789"
"a2_967" = "2637577408"
"a2_964" = "2616059048"
"a4_950" = "2515697654"
"a1_631" = "2305835086"
"a2_968" = "2644748524"
"a2_969" = "2651907810"
"a4_564" = "4043384244"
"a1_219" = "1833392034"
"a1_218" = "3048295630"
"a1_217" = "1954670213"
"a1_216" = "1728477980"
"a1_215" = "1015481543"
"a1_214" = "2252051801"
"a1_213" = "644237536"
"a1_212" = "1018390415"
"a1_211" = "718200905"
"a1_210" = "2731424700"
"a2_988" = "2788127027"
"a4_567" = "4064891607"
"a1_630" = "3305581039"
"a2_980" = "2730777459"
"a4_560" = "4014707760"
"a2_982" = "2745118357"
"a4_956" = "2558712380"
"a2_984" = "2759445605"
"a2_985" = "2766613570"
"a2_986" = "2773781237"
"a4_561" = "4021876881"
"a4_562" = "4029046002"
"a4_563" = "4036215123"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015011920150120]
"CacheOptions" = "11"

[HKCU\Software\Aas]
"a4_443" = "3175920603"
"a1_633" = "1487517847"
"a4_442" = "3168751482"
"a4_441" = "3161582361"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "c:\%original file name%.exe:*:Enabled:ipsec"

A firewall is disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"

The Worm modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"

The Worm modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

Firewall notifications are disabled:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"

The Worm modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"

The Worm deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013041720130418]

The Worm deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Worm's file once a user opens a drive's folder in Windows Explorer.

VersionInfo

Company Name: Softonic
Product Name: Softonic Downloader
Product Version: 1, 40, 1, 0
Legal Copyright: Copyright (C) 2013
Legal Trademarks:
Original Filename: SoftonicDownloader.exe
Internal Name: Softonic Downloader
File Version: 1, 40, 1, 0
File Description: Softonic Downloader
Comments:
Language: English (United States)

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://c.global-ssl.fastly.net/nr-476.min.js
hxxp://46.28.209.70/universaldownloader-track
hxxp://46.28.209.74/blank.gif?product=st_activity&event=prefetch:campaigns:selected&id_session=ED284C48-BEE8-43E5-ADF1-A8C43C9909D3t1421668077f21547&id_campaign=100861&id_campaign=101633&id_campaign=101727&ts=1421668078218
hxxp://74.125.228.201/r/collect?v=1&_v=j31&a=1415093474&t=pageview&_s=1&dl=http://sd.softonic.pl/21547/universaldownloader-prefetch&ul=en-us&de=utf-8&dt=Pobieranie i instalacja TeamSpeak 3&sd=32-bit&sr=1024x768&vp=650x450&je=0&fl=11.6 r602&_utma=176340583.1552066270.1421668072.1421668072.1421668072.1&_utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&_utmht=1421668078343&_u=MQACAEAAI~&jid=726396425&cid=1552066270.1421668072&tid=UA-48247475-3&_r=1&z=561424862
hxxp://beacon.newrelic.com/1/cc92a7d66e?a=2337114&pl=1421668062968&v=476.c73f3a6&to=NQcAZUJXXUdWAEZdVwxNN0NZGVtAUwxRRxcLDAZUSBhDXEc=&ap=367&fe=15234&dc=8953&f=["err"]&jsonp=NREUM.setToken
hxxp://46.28.209.70/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077
hxxp://46.28.209.70/css/generated/fad58-8688a.css
hxxp://zdjecia.pl.sftcdn.net/pl/scrn/21000/21547/teamspeak-2-11.jpg	46.28.209.56
hxxp://screenshots.en.sftcdn.net/campaign/scrn/100000/100861/sd_100861_41d97.jpeg	46.28.209.52
hxxp://screenshots.en.sftcdn.net/campaign/scrn/100000/100861/sd_icon_100861_8a4a3.png	46.28.209.52
hxxp://screenshots.en.sftcdn.net/campaign/scrn/101000/101633/sd_101633_08ebf.jpeg	46.28.209.52
hxxp://46.28.209.70/shared/img/sd_client/gradientbg.png
hxxp://46.28.209.70/shared/img/sd_client/sprite.png
hxxp://d1ykf07e75w7ss.cloudfront.net/aax2/amzn_ads.js
hxxp://46.28.209.70/shared/img/sd_client/loading.gif
hxxp://aax-us-east.amazon-adsystem.com/e/dtb/bid?src=3177&u=http://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077&cb=3030167
hxxp://a1389.g.akamai.net/partner/scripts/rubicon/dorothy.js?pc=10496/44182
hxxp://anvil-perf-global.rubiconproject.net.akadns.net/a/api/market.js?&account_id=10496&site_id=44182&zone_id=191950&rtb_model=1&cb=oz_onValuationLoaded_191950_15&size_id=15
hxxp://anvil-perf-global.rubiconproject.net.akadns.net/a/api/market.js?&account_id=10496&site_id=44182&zone_id=191952&rtb_model=1&cb=oz_onValuationLoaded_191952_15&size_id=15
hxxp://74.125.228.201/analytics.js
hxxp://pagead46.l.doubleclick.net/tag/js/gpt.js
hxxp://74.125.228.201/__utm.gif?utmwv=5.4.6&utms=2&utmn=671250179&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=-&utmp=/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077&utmht=1421668083109&utmac=UA-48247475-1&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~
hxxp://74.125.228.201/__utm.gif?utmwv=5.4.6&utms=3&utmn=1502296361&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/init_startup&utmht=1421668083328&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://74.125.228.201/__utm.gif?utmwv=5.4.6&utms=4&utmn=498571742&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/start_api&utmht=1421668083374&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://74.125.228.201/__utm.gif?utmwv=5.4.6&utms=5&utmn=432915247&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/legal_start&utmht=1421668083499&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://74.125.228.201/__utm.gif?utmwv=5.4.6&utms=6&utmn=1822610648&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/legal_timestamp&utmht=1421668083546&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://74.125.228.201/__utm.gif?utmwv=5.4.6&utms=7&utmn=260708331&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/C101727--setup_timestamp&utmht=1421668083593&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://74.125.228.201/__utm.gif?utmwv=5.4.6&utms=8&utmn=1543877491&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/C101727--shown&utmht=1421668083656&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://74.125.228.201/__utm.gif?utmwv=5.4.6&utms=9&utmn=385588187&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/recommendations&utmht=1421668083687&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://74.125.228.201/__utm.gif?utmwv=5.4.6&utms=10&utmn=2121111889&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/C100861--load1&utmht=1421668083765&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://74.125.228.201/__utm.gif?utmwv=5.4.6&utms=11&utmn=266052665&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/C101633--load2&utmht=1421668083812&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://screenshots.en.sftcdn.net/campaign/scrn/100000/100861/sd_100861_41d97.jpeg?v=0.010570287798522315	46.28.209.52
hxxp://screenshots.en.sftcdn.net/campaign/scrn/101000/101633/sd_101633_08ebf.jpeg?v=0.12472576205380864	46.28.209.52
hxxp://74.125.228.201/collect?v=1&_v=j31&a=1027184309&t=pageview&_s=1&dl=http://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077&ul=en-us&de=utf-8&dt=Pobieranie i instalacja TeamSpeak 3&sd=32-bit&sr=1024x768&vp=780x550&je=0&fl=11.6 r602&_utma=176340583.1552066270.1421668072.1421668072.1421668072.1&_utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&_utmht=1421668084468&_u=MACCAEAAI~&jid=&cid=1552066270.1421668072&tid=UA-48247475-3&z=1515662130
hxxp://pagead46.l.doubleclick.net/gpt/pubads_impl_56.js
hxxp://pagead46.l.doubleclick.net/pagead/show_companion_ad.js
hxxp://pagead-googlehosted.l.google.com/safeframe/1-0-1/html/container.html
hxxp://beacon.rubiconproject.net.akadns.net/beacon/p/rtp/valuation?&p=rubicon&pc=10496/44182&ptc=191952&api=valuation&as=dart-gpt&asz=300x250&asid=15&tier=5&cpm=0.14439&hit=2&type=rtb&co=ca&rnd=5057&rtc=1&rta=rtb.randomized.session&ruc=-99
hxxp://beacon.rubiconproject.net.akadns.net/beacon/p/rtp/valuation?&p=rubicon&pc=10496/44182&ptc=191950&api=valuation&as=dart-gpt&asz=300x250&asid=15&hit=1&co=ca&rnd=2947
hxxp://tpc.googlesyndication.com/safeframe/1-0-1/html/container.html	74.125.226.11
hxxp://tap-cdn.rubiconproject.com/partner/scripts/rubicon/dorothy.js?pc=10496/44182	69.31.116.65
hxxp://beacon-6.newrelic.com/1/cc92a7d66e?a=2337114&pl=1421668062968&v=476.c73f3a6&to=NQcAZUJXXUdWAEZdVwxNN0NZGVtAUwxRRxcLDAZUSBhDXEc=&ap=367&fe=15234&dc=8953&f=["err"]&jsonp=NREUM.setToken	50.31.164.172
hxxp://sd.softonic.pl/universaldownloader-track
hxxp://c.amazon-adsystem.com/aax2/amzn_ads.js	54.192.23.193
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=4&utmn=498571742&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/start_api&utmht=1421668083374&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://js-agent.newrelic.com/nr-476.min.js	23.235.44.175
hxxp://static.sd.softonic.pl/css/generated/fad58-8688a.css
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=6&utmn=1822610648&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/legal_timestamp&utmht=1421668083546&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://www.google-analytics.com/r/collect?v=1&_v=j31&a=1415093474&t=pageview&_s=1&dl=http://sd.softonic.pl/21547/universaldownloader-prefetch&ul=en-us&de=utf-8&dt=Pobieranie i instalacja TeamSpeak 3&sd=32-bit&sr=1024x768&vp=650x450&je=0&fl=11.6 r602&_utma=176340583.1552066270.1421668072.1421668072.1421668072.1&_utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&_utmht=1421668078343&_u=MQACAEAAI~&jid=726396425&cid=1552066270.1421668072&tid=UA-48247475-3&_r=1&z=561424862
hxxp://www.google-analytics.com/analytics.js
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=10&utmn=2121111889&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/C100861--load1&utmht=1421668083765&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=2&utmn=671250179&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=-&utmp=/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077&utmht=1421668083109&utmac=UA-48247475-1&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~
hxxp://aax.amazon-adsystem.com/e/dtb/bid?src=3177&u=http://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077&cb=3030167	176.32.103.187
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=9&utmn=385588187&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/recommendations&utmht=1421668083687&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://www.google-analytics.com/collect?v=1&_v=j31&a=1027184309&t=pageview&_s=1&dl=http://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077&ul=en-us&de=utf-8&dt=Pobieranie i instalacja TeamSpeak 3&sd=32-bit&sr=1024x768&vp=780x550&je=0&fl=11.6 r602&_utma=176340583.1552066270.1421668072.1421668072.1421668072.1&_utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&_utmht=1421668084468&_u=MACCAEAAI~&jid=&cid=1552066270.1421668072&tid=UA-48247475-3&z=1515662130
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=8&utmn=1543877491&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/C101727--shown&utmht=1421668083656&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://www.googletagservices.com/tag/js/gpt.js	74.125.226.25
hxxp://pagead2.googlesyndication.com/pagead/show_companion_ad.js	74.125.226.26
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=3&utmn=1502296361&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/init_startup&utmht=1421668083328&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=5&utmn=432915247&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/legal_start&utmht=1421668083499&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://static.sd.softonic.pl/shared/img/sd_client/loading.gif
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=7&utmn=260708331&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/C101727--setup_timestamp&utmht=1421668083593&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://anvil.rubiconproject.com/a/api/market.js?&account_id=10496&site_id=44182&zone_id=191952&rtb_model=1&cb=oz_onValuationLoaded_191952_15&size_id=15	8.39.37.42
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.4.6&utms=11&utmn=266052665&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/C101633--load2&utmht=1421668083812&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~
hxxp://beacon.rubiconproject.com/beacon/p/rtp/valuation?&p=rubicon&pc=10496/44182&ptc=191950&api=valuation&as=dart-gpt&asz=300x250&asid=15&hit=1&co=ca&rnd=2947	8.39.37.23
hxxp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077
hxxp://beacon.rubiconproject.com/beacon/p/rtp/valuation?&p=rubicon&pc=10496/44182&ptc=191952&api=valuation&as=dart-gpt&asz=300x250&asid=15&tier=5&cpm=0.14439&hit=2&type=rtb&co=ca&rnd=5057&rtc=1&rta=rtb.randomized.session&ruc=-99	8.39.37.23
hxxp://anvil.rubiconproject.com/a/api/market.js?&account_id=10496&site_id=44182&zone_id=191950&rtb_model=1&cb=oz_onValuationLoaded_191950_15&size_id=15	8.39.37.42
hxxp://partner.googleadservices.com/gpt/pubads_impl_56.js	74.125.226.25
hxxp://static.sd.softonic.pl/shared/img/sd_client/gradientbg.png
hxxp://static.sd.softonic.pl/shared/img/sd_client/sprite.png
bam.nr-data.net	50.31.164.165

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /aax2/amzn_ads.js HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c.amazon-adsystem.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Length: 13053

Connection: keep-alive

Date: Wed, 07 Jan 2015 23:13:57 GMT

Cache-Control: public, max-age=3600

Last-Modified: Wed, 07 Jan 2015 23:08:19 GMT

ETag: "cd9ebc01a824fb79da4c52f2bc1b899f"

Accept-Ranges: bytes

Server: AmazonS3

Age: 1716

X-Cache: Hit from cloudfront

Via: 1.1 cc6ca0e3e6cb30bf44e25b4521fb51eb.cloudfront.net (CloudFront)

X-Amz-Cf-Id: mhLDp-REMPOxHnS4vR9r9CUN8oTQyE99_Nm2B7KoQlf04g2xCOfzNw==
function amzn_ads(t){"use strict";try{amznads.updateAds(t)}catch(e){tr
y{console.log("amzn_ads: " e)}catch(a){}}}function aax_write(t,e){t.wr
ite(e);t.close()}function aax_render_ad(t){if(t.passback){aax_write(do
cument,t.html);return}var e=t.slotSize;if(!e){aax_write(document,t.htm
l);return}var a=e.indexOf("x");var n=e.substring(0,a);var r=e.substrin
g(a 1);var i="amznad" Math.round(Math.random()*1e6);aax_write(document
,'<iframe id="' i '" width="' n '" height="' r '" src="javascript:\
'\'" scrolling="no" frameborder="0" marginwidth="0" marginheight="0" b
gcolor="#FFFFFF" topmargin="0" leftmargin="0" rightmargin="0" bottomma
rgin="0"></iframe>');var o;try{o=document.getElementById(i);v
ar s=o.contentWindow||o.contentDocument;if(s.document)s=s.document;aax
_write(s,t.html)}catch(d){if(o){o.style.display="none"}}}var amzn_cons
ole=function(){"use strict";var t={};t.log=function(){};return t}();if
(window.console){amzn_console=window.console}var amznads=function(t,e,
a,n){"use strict";var r="https:"===e.location.protocol;t.protocol=r?"h
ttps://":"hXXp://";t.host="aax.amazon-adsystem.com";t.dtb_svc="/e/dtb/
bid";t.pb_svc="/x/getad";t.px_svc="/x/px/";t.debug_mode=t.debug_mode||
false;t.MIN_TIMEOUT=0;t.DEFAULT_TIMEOUT=1e3;t.targetingKey="amznslots"
;t.vidKey="amzn_vid";t.tasks=t.tasks||[];t.$jQ=t.$jQ||null;t.VIEWABILI
TY_CUTOFF_AREA=t.VIEWABILITY_CUTOFF_AREA||.5;t.VIEWABILITY_CUTOFF_DURA
TION_SEC=t.VIEWABILITY_CUTOFF_DURATION_SEC||1;t.isjQueryPresent=functi
on(){if(typeof t.$jQ==="function")return true;try{if(a.top.jQuery&
<<< skipped >>>

GET /safeframe/1-0-1/html/container.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: tpc.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/html

Last-Modified: Fri, 14 Nov 2014 14:57:36 GMT

Date: Tue, 13 Jan 2015 15:57:06 GMT

Expires: Wed, 13 Jan 2016 15:57:06 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 1786

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 522161

Alternate-Protocol: 80:quic,p=0.02
......n....W{S.....Oa<\...;..i.qD...RJ...8IzG.......<h..~W....{.
9sfxH...O..o..........1...x....Fc.h(.0....q.....cf..D.(a...%.....~.>
;.;..G..'.....$.Q. .kF...1.2;$ 9..>.......E.d..........t._#[email protected]
N.1gb........\)#...{..#Z.Lx*R...iG.(.:..c...t5..K.....HX.......(...L.c
.q..Grb......i...\dh..W.I...........<k.a...........L..nV`.../.>.
V^.?.I.Z.*_..Y.1..&S....Hb]iA.l. ..w..|.\....O...<.77...A...y..E.&1
..r.w{YoA...r5:p..i...n.....7..a.N..f.^..F.......I.,.R.r.Nc....;....!K
..'...$....7x...ij[.rX.'#.b.-..........]......].[.........6..vw.e.}jb.
:.....C:g.E3..Zk...HH.}..]b[.>...=%;.C.B.4...{ _.IW..4d.Y..F5.gOw..
....XV..x.%.H.J....`....!.L."\.^....g.:.~.a._.....v..r...f].s.g.[7.O..
e!P....H.\..T..=H.D.....[...0....u.....j..a.?.P...8..............Wn/.r
.<.>..wi.._>.z..#...TX.a..K ..w..^.. ..%.#gL...Th.,...`....7&
gt;{.R. ....}`'..J>..o......2Q..........m.....c..Se..|.7.."....O...
.Z.uK.o...w.....<^...G.'C.X .......D ).kUl......../,..jz.j..{C$.m).
.|....;..~4Rm.?_q......O.hY.M......N..J..*......L....L......Q.s.c...g.
..X?..)}C.0.Z.......7..r.Z.d...N...A.^.......p...c&g..........d..X...Z
MK[d.f.n..l...`.....^...C...L~..=I.%.:.x:........VGk.'.].3J..9.1.,....
......v...n...e..-.....3..../........h.n..m._.....g4.&..v.JH..0 ......
.3.:sX"Kyx..by.....4T.....$as..^h........N..L_A6.C{........G..8(..*D..
7........%...~.S..6U.....!8.s]..%.w .I.......*:.......|G...4W.(..c..T.
6.B.a1...hs.<[email protected]#..."5.Bp..`.m.*...9Ye.;I.........o .
....'.`6.3.Q.>.....S-|Q.>..u.. .n.L.&]....\.d`..3..`....q*;.
<<< skipped >>>

GET /analytics.js HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Thu, 13 Nov 2014 21:10:00 GMT; length=25393

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 304 Not Modified

Date: Mon, 19 Jan 2015 15:46:35 GMT

Expires: Mon, 19 Jan 2015 17:46:35 GMT

Age: 4391

Server: GFE/2.0

Alternate-Protocol: 80:quic,p=0.02
....


GET /__utm.gif?utmwv=5.4.6&utms=3&utmn=1502296361&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/init_startup&utmht=1421668083328&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 14 Jan 2015 16:05:41 GMT

Server: Golfe2

Content-Length: 35

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Age: 435245

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....


GET /__utm.gif?utmwv=5.4.6&utms=5&utmn=432915247&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/legal_start&utmht=1421668083499&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 14 Jan 2015 16:05:41 GMT

Server: Golfe2

Content-Length: 35

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Age: 435245

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....


GET /__utm.gif?utmwv=5.4.6&utms=7&utmn=260708331&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/C101727--setup_timestamp&utmht=1421668083593&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 14 Jan 2015 16:05:41 GMT

Server: Golfe2

Content-Length: 35

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Age: 435245

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....


GET /__utm.gif?utmwv=5.4.6&utms=9&utmn=385588187&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/recommendations&utmht=1421668083687&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 14 Jan 2015 16:05:41 GMT

Server: Golfe2

Content-Length: 35

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Age: 435245

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....


GET /__utm.gif?utmwv=5.4.6&utms=11&utmn=266052665&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/C101633--load2&utmht=1421668083812&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 14 Jan 2015 16:05:41 GMT

Server: Golfe2

Content-Length: 35

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Age: 435246

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;..

GET /gpt/pubads_impl_56.js HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partner.googleadservices.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Mon, 12 Jan 2015 20:02:58 GMT

Date: Tue, 13 Jan 2015 23:46:36 GMT

Expires: Wed, 13 Jan 2016 23:46:36 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 33962

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 493991

Alternate-Protocol: 80:quic,p=0.02
......n.....i{...(......u...%giC..u.'q......U?.&.ZCR^b...3.. E%.y.}.i,
...c0...b.....v..x.=f_.|0.X......q.H..W.a....}.b.... ....XY....x.lso..
.,........W(.....,......).uD[......yK..B......Hm..Y>.6...C....f..ch
.:..=..4.F....$T.....Qw..riM.. N.E..9...|..k-.Q...qd....|<..M...y..
....T..<.C.......Y.....>.s..[.,NF.K[.m....Gj..U<..m.:]@..R...
.l.R7.r.....{.B^[email protected],.....U?..*v%ti.*.X^.pF{.(.bWu...]..v$.....|.
T.....S..s..Y..%....,[...b.]X.-.}...k...)..1..'O.....~..........5j..||
k.f......;c.g.......;.....z.$Mg.M...P.'.Y.0.....9../..............w.j.
.4...\.-d.n..4..j...Z1cBV.vmBn}u^..q&ww..;.25T..&..7o.PMy>....Y...3
..P...[.....%..Z...5..r.jZ.../^.m....h.....M.~...<_..7......v.....c
/......ISk;....9..8........N... ~.;...JW..v..NXL.....o~.......vh.4..\0
.".g..!.....Y...q.....;w..a......io.h8.....:.;.i.Vt.....b}.9t.]r?.....
q.../...a..(:\...Ps.!...,.a.lH.....`D.-..<....y.R..x..{.U.$.2..}.'.
...#{....xcs..|....".g...h..N?.:h..O.<;........y....gue....|.c*>
k,..O.}fY.........\....S..C.k90j...|.......w`...Z..K....O..gX._W.g..j.
...Y.j..y........u..oZ........W..b_....S...!.f...~s...w..?....b..8...&
gt;..>.~.....[....Xj.[...tn.bto./t......k.B.r.]X.9..L..5.&.../..4UC
.0.y...c|..hxe.w...#..0....?...^[email protected]......"..
.=...7v.Y..D..f..&.P.1.{.rV...0[.8}y............0....p.5.P.O>^.k.n.
.v...[?Y..........x....r.......y8..)...Y0.. ..]....\..Z..H...OTA\.....
......U..Vg12g1,.".o1..>.u..9 ..q..p..p...].r.......S.Z..-.C..=....
c..Sz..cJ.)>.....M.)../.!.?..[?C.9%....ck?.......:...D#5q.b....
<<< skipped >>>

GET /partner/scripts/rubicon/dorothy.js?pc=10496/44182 HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: tap-cdn.rubiconproject.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Last-Modified: Mon, 19 Jan 2015 16:59:44 GMT

p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Content-Type: text/javascript;charset=UTF-8

Content-Encoding: gzip

Content-Length: 6376

Cache-Control: max-age=3600

Expires: Mon, 19 Jan 2015 17:59:44 GMT

Date: Mon, 19 Jan 2015 16:59:44 GMT

Connection: keep-alive

Vary: Accept-Encoding
............ko.......4.:b...-.......r.4..(.W.....D.$.Gd.....\>$'...
..\.........v......n....W...F...;O.#........s.._..n.(...w..-E.\,....(.
IB.;.A./...x.'...~...N..OICe..]qa.%............Q^."[email protected]..
.l..).......hhkD.....k...I}w.&iW..i.=<L.....-.0.\..R..0..}.L.R.~.,V
.R.A:.....EJ..0n6&%.#3g.H.0..t.u..n&.=...<...u..b!..s'..........n..
..&.0.&.gR..d.qz3.....n...E.....@W.....(.~b.m../C...u.6[}..]..N.5..u..
.n.'..b.wU.~.wL?..l.;....Cm................t...Ug0.wc.8..V7....DE..vC2
.I.K?...(2.u..2...t..".....6.....tA.d..~F...Y$ThN...y.u.9..a.xd..sO.2U
.d......%N@........~.3hcI.[.g..b...a.u*....k../...;'Vz&.|kMT. UWeM)5.h
[email protected]*..9....<..s..mkA..tn..Mm...N..E.MT....][..8..
OO....d)....q.p.......OIQ.-......M.Pm...{....:..$Z.i..k...V@.._V...7..
.Zk.."....)...|...W'[email protected].
/.N..im....:;.h.>...L|./.....8..x.eOJ...0.....>...w.%...d...yaZ.
.l....<., ....f.X0.]..-.['5`..UG..!.3..."...zl.!.....g..p73e8.-u...
........%sZAT...wj..B...f.Pl_D..uRw....".A....../B.#...>.........&g
t;3..LI*.&....I.....l.....=..........I.`A..P... ..,.k%$.L...Y.......G.
~.8.....w........I.p\.8.....j......<....Y.$.4%...../......T..r_6...
.B..s..5zhS.p..2.^/.K/........}...=|f...;.hr..p.....i....u../C.......C
T........H.r....I~..8M..'.....`..u.I......]=...........].4..v.. nAq.).
.....{.n>....V.sbG...o.Y1`.."..j.M[.WU1.lM,..Fd...."...xF..e)L..c..
[email protected]..........^&..r......U...7.C|..s.g.........LS
m.....9'.?..hZ.....E. .R/.W..lU...[.=.I."....8.N.D>'......Z..`q
<<< skipped >>>

GET /partner/scripts/rubicon/dorothy.js?pc=10496/44182 HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

If-Modified-Since: Mon, 19 Jan 2015 16:59:44 GMT; length=23311

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: tap-cdn.rubiconproject.com

Connection: Keep-Alive

Cookie: ruid=553d828f54bd3801b86b26260f9033^1^1421686785^3094029862; rsid=D9mHUmzor4ROFe/ifUEExbIlZameizM4neDXJEmywTNFMJ/OUnD8SJxgKuNsi8Vv2dhLoBsVvXbJcuItcII2VJBP/a4zJzyPfMah/Yq/He8BD4By41q DGoIlkdnrg6ySvzkV9BuD6xR506DigXWmb2l

HTTP/1.1 304 Not Modified

Content-Type: text/javascript;charset=UTF-8

Last-Modified: Mon, 19 Jan 2015 16:59:44 GMT

Cache-Control: max-age=3600

Expires: Mon, 19 Jan 2015 17:59:45 GMT

Date: Mon, 19 Jan 2015 16:59:45 GMT

Connection: keep-alive

GET /tag/js/gpt.js HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.googletagservices.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=ISO-8859-1

ETag: 6991555325526566283

Date: Mon, 19 Jan 2015 16:21:02 GMT

Expires: Mon, 19 Jan 2015 17:21:02 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Server: cafe

Content-Length: 46464

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 2324

Alternate-Protocol: 80:quic,p=0.02
(function(){var e,h=this,l=function(a){return void 0!==a},aa=function(
a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"ar
ray";if(a instanceof Object)return b;var c=Object.prototype.toString.c
all(a);if("[object Window]"==c)return"object";if("[object Array]"==c||
"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=
typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))retur
n"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undef
ined"!=typeof a.propertyIsEnumerable&&.!a.propertyIsEnumerable("call")
)return"function"}else return"null";else if("function"==b&&"undefined"
==typeof a.call)return"object";return b},m=function(a){return"array"==
aa(a)},ba=function(a){var b=aa(a);return"array"==b||"object"==b&&"numb
er"==typeof a.length},n=function(a){return"string"==typeof a},p=functi
on(a){return"boolean"==typeof a},r=function(a){return"number"==typeof 
a},ca=function(a){var b=typeof a;return"object"==b&&null!=a||"function
"==b},da="closure_uid_" (1E9*Math.random()>>>0),ea=.0,fa=func
tion(a,b,c){return a.call.apply(a.bind,arguments)},ga=function(a,b,c){
if(!a)throw Error();if(2<arguments.length){var d=Array.prototype.sl
ice.call(arguments,2);return function(){var c=Array.prototype.slice.ca
ll(arguments);Array.prototype.unshift.apply(c,d);return a.apply(b,c)}}
return function(){return a.apply(b,arguments)}},ha=function(a,b,c){ha=
Function.prototype.bind&&-1!=Function.prototype.bind.toString().indexO
f("native code")?fa:ga;return ha.apply(null,arguments)},ia=functio
<<< skipped >>>

GET /beacon/p/rtp/valuation?&p=rubicon&pc=10496/44182&ptc=191952&api=valuation&as=dart-gpt&asz=300x250&asid=15&tier=5&cpm=0.14439&hit=2&type=rtb&co=ca&rnd=5057&rtc=1&rta=rtb.randomized.session&ruc=-99 HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: beacon.rubiconproject.com

Connection: Keep-Alive

Cookie: ruid=553d828f54bd3801b86b26260f9033^1^1421686785^3094029862; rsid=D9mHUmzor4ROFe/ifUEExbIlZameizM4neDXJEmywTNFMJ/OUnD8SJxgKuNsi8Vv2dhLoBsVvXbJcuItcII2VJBP/a4zJzyPfMah/Yq/He8BD4By41q DGoIlkdnrg6ySvzkV9BuD6xR506DigXWmb2l

HTTP/1.1 204 No Content

Server: Apache-Coyote/1.1

Cache-Control: private, max-age=0, no-cache

Expires: 01 Jan 1970 10:00:00 GMT

Pragma: no-cache

Date: Mon, 19 Jan 2015 16:59:48 GMT

GET /1/cc92a7d66e?a=2337114&pl=1421668062968&v=476.c73f3a6&to=NQcAZUJXXUdWAEZdVwxNN0NZGVtAUwxRRxcLDAZUSBhDXEc=&ap=367&fe=15234&dc=8953&f=["err"]&jsonp=NREUM.setToken HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader-prefetch

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: beacon-6.newrelic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Set-Cookie: JSESSIONID=b27dd11bbb2d37e5;Path=/

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Content-Type: text/javascript;charset=ISO-8859-1

Content-Length: 25
NREUM.setToken({'stn':1})..

GET /nr-476.min.js HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader-prefetch

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: js-agent.newrelic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

x-amz-id-2: 3ZCWv4gpoEhqHp/HTXWRmKm hY5J36mDrIS0iVZXKF mgxgbrQD30oaPVgq26fnc

x-amz-request-id: C43A0659FB2160D7

Cache-Control: public, max-age=315360000

Expires: Thu, 31 Dec 2037 23:55:55 GMT

Last-Modified: Tue, 30 Sep 2014 18:19:08 GMT

ETag: "d131658362c40cedda15546bb81e9644"

Content-Type: application/javascript

Server: AmazonS3

Content-Length: 18146

Accept-Ranges: bytes

Date: Mon, 19 Jan 2015 16:59:41 GMT

Via: 1.1 varnish

Age: 6570694

Connection: keep-alive

X-Served-By: cache-dfw1835-DFW

X-Cache: HIT

X-Cache-Hits: 779909

X-Timer: S1421686781.612711668,VS0,VE0

Vary: Accept-Encoding
!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var u="function"=
=typeof __nr_require&&__nr_require;if(!i&&u)return u(t,!0);if(o)return
 o(t,!0);throw new Error("Cannot find module '" t "'")}var a=e[t]={exp
orts:{}};n[t][0].call(a.exports,function(e){var o=n[t][1][e];return r(
o?o:e)},a,a.exports)}return e[t].exports}for(var o="function"==typeof 
__nr_require&&__nr_require,i=0;i<t.length;i  )r(t[i]);return r}({1:
[function(n,e){e.exports=function(n,e){return"addEventListener"in wind
ow?addEventListener(n,e,!1):"attachEvent"in window?attachEvent("on" n,
e):void 0}},{}],2:[function(n,e){function t(n,e,t,o){l("bstAgg",[n,e,t
,o]),m[n]||(m[n]={});var i=m[n][e];return i||(m[n][e]=i={params:t||{}}
),i.metrics=r(o,i.metrics),i}function r(n,e){return e||(e={count:0}),e
.count =1,c(n,function(n,t){e[n]=o(t,e[n])}),e}function o(n,e){return 
e?(e&&!e.c&&(e={t:e.t,min:e.t,max:e.t,sos:e.t*e.t,c:1}),e.c =1,e.t =n,
e.sos =n*n,n>e.max&&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}functi
on i(n,e){return e?m[n]&&m[n][e]:m[n]}function u(n){for(var e,t={},r="
",o=0;o<n.length;o  )r=n[o],t[r]=a(m[r]),t[r].length&&(e=!0),delete
 m[r];return e?t:null}function a(n){return"object"!=typeof n?[]:c(n,fu
nction(n,e){return e})}function s(n,e){"undefined"==typeof e&&(e=(new 
Date).getTime()),p[n]=e}function f(n,e,r){var o=p[e],i=p[r];"undefined
"!=typeof o&&"undefined"!=typeof i&&t("measures",n,{value:i-o})}var c=
n(1),l=n("handle"),d=n(2),m={},p={};e.exports={store:t,take:u,get:i,ma
rk:s,measure:f},setTimeout(function(){d("bstAgg",function(){})},1e
<<< skipped >>>

GET /pl/scrn/21000/21547/teamspeak-2-11.jpg HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: zdjecia.pl.sftcdn.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 19 Jan 2010 15:53:32 GMT

Cache-Control: max-age=172800

Content-Type: image/jpeg

Content-Length: 15163

Accept-Ranges: bytes

Date: Mon, 19 Jan 2015 16:59:43 GMT

Connection: keep-alive

Age: 0

X-Served-By: screenshots

X-Cache: HIT

X-Cache-Hits: 245

Expires: Wed, 21 Jan 2015 16:59:43 GMT
.PNG........IHDR...d...d.....p..T....tEXtSoftware.Adobe ImageReadyq.e&
lt;..:.IDATx..}..$Wu.....qz.'.N...V(... ...E...#.g..y`,...g[~`....l@..
$.%..UZi.v.qvf'..9wuW.;........,.............s....M..w.7.M...xs.......
..aiO;d2y..t`2J ..P) ...0.$0..`..x...|..vkc2.uY..&A....EK6.w..%.Y..j.]
..([email protected]}hf62....}...@4.....[a&...f...Q.Y.....P,..j.h,.........5. 
..C6W...F(.d.E.."....hk.@<.....tX!.....z\...^;<..R.>......C..
.....s._..S.A....6b..LF|,..( .7....t"~9.....t&.C.....Z...t*.........P(
....A..dRl6{..v.,.K......8.....\1,....8........f.j6..b.......d4..\."vz
.R.K........i..-....n...j.u...@.Tvd....D.........6...w.LMh.xDK.R8.....
[email protected]....(6..N/.M..v.u..f.5.A{g.,...F.'...... v..|A....}..~
....$.........t...#..........e......E.m...7.........C...\*.b'.}6..z<
;.i.A..r..A.Tto.R)kJ..C...;.....E..2....^. .t&..)%G6.Y3...G...r..e4Y..
NOcg...k.m|...=...KY,..SQ....Y.a...1..1......z3.s..X,F...u........|.h.
?....B6.g.^|.l6..&.x..`r...V....&8....<..20.%.f...f.c....L...Tl3.4(
.. ..$..WL... ....#.f.:....z...... Vo....6_....3V.....9tkO.`y...H.... 
.X..M...j..'3_.....GF.G?.!.....6.j.xRk.o..=.-. :ibt..;...[.}3.I....T.*
..\...e.!|<[email protected].....^z..m..5.......V{.\..Hf..M...:...3K..
.b.[.(.....G>.Hf.|..L.k.Q8:0...t...{v..c3...u..s..]....5..I...,.y..
T..j.A6.......V..q.Q...........;...l.l..iCg[...v._..._6...j...Q 0P...H
k9o@&....H.o.G.u....@(.J.....J....tck.Zm.\.K#[.#\AW...G>.r.m.o5.ME.
..N...i../<.#.H..../...Cu.......j.f.k....fDl....:...|*p..}..C......
a....:;....b..M...D...z.8I.B..oP.|..dr.-.p.q..../.\..............;
<<< skipped >>>

GET /r/collect?v=1&_v=j31&a=1415093474&t=pageview&_s=1&dl=http://sd.softonic.pl/21547/universaldownloader-prefetch&ul=en-us&de=utf-8&dt=Pobieranie i instalacja TeamSpeak 3&sd=32-bit&sr=1024x768&vp=650x450&je=0&fl=11.6 r602&_utma=176340583.1552066270.1421668072.1421668072.1421668072.1&_utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&_utmht=1421668078343&_u=MQACAEAAI~&jid=726396425&cid=1552066270.1421668072&tid=UA-48247475-3&_r=1&z=561424862 HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader-prefetch

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Date: Mon, 19 Jan 2015 16:59:41 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, no-store, must-revalidate

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Server: Golfe2

Content-Length: 35

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....


GET /__utm.gif?utmwv=5.4.6&utms=2&utmn=671250179&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=-&utmp=/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077&utmht=1421668083109&utmac=UA-48247475-1&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAg~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 14 Jan 2015 16:06:08 GMT

Server: Golfe2

Content-Length: 35

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Age: 435218

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....


GET /__utm.gif?utmwv=5.4.6&utms=4&utmn=498571742&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/start_api&utmht=1421668083374&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 14 Jan 2015 16:06:08 GMT

Server: Golfe2

Content-Length: 35

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Age: 435218

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....


GET /__utm.gif?utmwv=5.4.6&utms=6&utmn=1822610648&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/legal_timestamp&utmht=1421668083546&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 14 Jan 2015 16:06:08 GMT

Server: Golfe2

Content-Length: 35

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Age: 435218

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....


GET /__utm.gif?utmwv=5.4.6&utms=8&utmn=1543877491&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/C101727--shown&utmht=1421668083656&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 14 Jan 2015 16:06:08 GMT

Server: Golfe2

Content-Length: 35

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Age: 435218

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....


GET /__utm.gif?utmwv=5.4.6&utms=10&utmn=2121111889&utmhn=sd.softonic.pl&utmcs=utf-8&utmsr=1024x768&utmvp=650x450&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Pobieranie i instalacja TeamSpeak 3&utmhid=1027184309&utmr=http://unknown_browser_unknown_version&utmp=/C100861--load1&utmht=1421668083765&utmac=UA-152357-4&utmcc=__utma=176340583.1552066270.1421668072.1421668072.1421668072.1;+__utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qACgAAAAC~ HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 14 Jan 2015 16:06:08 GMT

Server: Golfe2

Content-Length: 35

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Age: 435219

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....


GET /collect?v=1&_v=j31&a=1027184309&t=pageview&_s=1&dl=http://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077&ul=en-us&de=utf-8&dt=Pobieranie i instalacja TeamSpeak 3&sd=32-bit&sr=1024x768&vp=780x550&je=0&fl=11.6 r602&_utma=176340583.1552066270.1421668072.1421668072.1421668072.1&_utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&_utmht=1421668084468&_u=MACCAEAAI~&jid=&cid=1552066270.1421668072&tid=UA-48247475-3&z=1515662130 HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Mon, 07 Aug 1995 23:30:00 GMT

Access-Control-Allow-Origin: *

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 14 Jan 2015 16:05:42 GMT

Server: Golfe2

Content-Length: 35

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Age: 435245

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;..

GET /pagead/show_companion_ad.js HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 1436797345198880355

Date: Mon, 19 Jan 2015 16:22:31 GMT

Expires: Mon, 19 Jan 2015 17:22:31 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 53257

X-XSS-Protection: 1; mode=block

Age: 2236

Cache-Control: public, max-age=3600

Alternate-Protocol: 80:quic,p=0.02
...........}i..=..{....u.........m.;.......>.....G..}.JR......v_.L.
..J.T.*...p6....P7.n.I.q.i..1.....x....dX....Ru.....T..2.xpl.......U4.
.lo>w.........V.Jp.x-o..O.s5.kX.VF`..G.....T...;....>....S.0,c5I
q..5.....].j.......X0_i...`A.{N..L.....z..)..T..:.1..=.nK....K.....~..
..c.C]..?.o...k@.`.o./j...d........feaN...Tr-...yle<.MGXge:jM'.a..9
...E...-(}....m.Z...D......C`..6.].....O..k.....a.k.I*...,K....... jB.
..q...Z..k.0...N..wb.e{...../5..J.$.^[..((....`,[email protected]
1...:..`...HiV&..../..l..I^....#Zc.....pE....?._.#@....j;.fu...g...;.G
.....{......3........U>'L..cL{..m.9..........#.[...G....B..Nfa.r.K.
...U~..B....D.<...8".{.X.k...(#.`....m....q(...k...c......w'.......
....[...1..D...=8..9......6V[6.....0.ne<.z.p(...*~.. ];..3.*...|...
2....`.r..9.k...g.......d.,C%..,/...&.p:.........1.o...d.MG.{.....D.Z.
.B.Z..]>.zv..o..goZ....z.........]..1:K.r....e].a:.F.3?v&Q.n0r..F .
.c.X.................2..P..Us.....Y9.......Fe.D...j....:.......i...?..
...v..b<....la...Eu.M.l..l.([.GC.C..\;S..O.~{@.T.P..L.{..Z.R..X.`.8
L.....[..N..W.. ...{.....j.`.J...^.@SIx....{%a.....Z........\.d.Z{Q...
........M8....b.s1'..S._.....R..D..F.A..Q.[.G3 .<@(W.a0.`s....N].;]
..Y........B...Z3E..C.|.[...;.....o....5.Rtca.&N.........2..s...<.z
..e...q...5....?9L[s...f.q.1n0U..`T7....~.F..o....7j.w..B..W.c.8r....X
xF9......<,i.....A'......'...?..f.....~. ..dE.J....Z..HF..t..a..G..
.~..m....o.. .j...~...w..b...|^....[.i{..n.b..|].G....p..Sw].7=..Mq...
...1=&.!.....Ck....g....g..[w .$.S.9..J]..7...Td ....f.].oV..K...a
<<< skipped >>>

GET /campaign/scrn/100000/100861/sd_100861_41d97.jpeg HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: screenshots.en.sftcdn.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 24 Mar 2014 16:19:57 GMT

Cache-Control: max-age=172800

Content-Type: image/jpeg

Content-Length: 8968

Accept-Ranges: bytes

Date: Mon, 19 Jan 2015 16:59:43 GMT

Connection: keep-alive

Age: 0

X-Served-By: screenshots

X-Cache: HIT

X-Cache-Hits: 444

Expires: Wed, 21 Jan 2015 16:59:43 GMT
......JFIF.....H.H.....C..............................................
......................C...............................................
........................j.............................................
.?.........................!.1..A.."2Qaq..#BR..38bt...$CS.(Dcr........
..........................4........................!1.A..Q."aq.....R..
#2B................?..TF....v8..$...[j..2..:.B.*'..#...S]5......m.i...
u..k.....U....zY...*.c&6#..G#=..`...h...5}..........Y...&H..p...0....@
f.vn....UV....MK.D.T.L.q.............a.W....e.\...#QTh)d...g.. .....q.
.{h.s...h.....4.....4..........=4....Ac..B3{.h.Ta..S.Q#.9.\....?..*..B
..u..k.w.;q..i.Kt\...N...B...s...........[.?....Y)$.....,.O .,p.....w.
..mQ...c[...'..mDm;....=.....>U.a9....J..;.../..E{QZ.n^......z...oQ
.&~..>3...s.q....5..l...l..y...n.7......:.(...........9.d.!........
.=..;n{...].5.]...d..?..$qB..eO/...$.9..T..jx.b.S...%.T.]..R.o.[....=N
..YY...He.yd.....R@.... [....6]}f..F..5..K...B.i.M5@(.. ....1!....v..m
/g.M.z.J..,.]........t...VK .x.h.c.jX?W$F.#....OQm...x/.W.,.*.a..h....
Y.....S.d..;.c..b.......~...l.&....tX....n.F.Sr..T...X..*W.^..N2......
.wh..;.........=^"T....\0v.W.........J..%.Ay...i.UB..UD.S%Z.Y...0..nT.
=..,.Y\q.....h...V.B.J.....I..e.|.,J....|..\.......>`.`IN.K....5.&z
...[..x..<..r.#..,~..$.\. .m...I4..6.%..eX.Q^.d.;...n..<..?.. ..
..d........>.%..U.8..Xc.Ia.........C..U....Zo..E...\..<.ReH:...j
Y..<0..F......,.;3a.n.... %....-L.uK.2!`......=3. m.$._...m.."...c.
...f.i!....p.>_?"....Rw,../.-..Z....I..%...Q....."`[email protected]
<<< skipped >>>

GET /campaign/scrn/101000/101633/sd_101633_08ebf.jpeg HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: screenshots.en.sftcdn.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 30 Oct 2014 23:27:53 GMT

Cache-Control: max-age=172800

Content-Type: image/jpeg

Content-Length: 261

Accept-Ranges: bytes

Date: Mon, 19 Jan 2015 16:59:43 GMT

Connection: keep-alive

Age: 0

X-Served-By: screenshots

X-Cache: HIT

X-Cache-Hits: 1318

Expires: Wed, 21 Jan 2015 16:59:43 GMT
......JFIF.....`.`......LEAD Technologies Inc. V1.01...C..............
.........................................................}............
...............................................?..`...................
................................................?......


GET /campaign/scrn/101000/101633/sd_101633_08ebf.jpeg?v=0.12472576205380864 HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: screenshots.en.sftcdn.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 30 Oct 2014 23:27:53 GMT

Cache-Control: max-age=172800

Content-Type: image/jpeg

Content-Length: 261

Accept-Ranges: bytes

Date: Mon, 19 Jan 2015 16:59:47 GMT

Connection: keep-alive

Age: 0

X-Served-By: screenshots

X-Cache: MISS

X-Cache-Hits: 0

Expires: Wed, 21 Jan 2015 16:59:47 GMT
......JFIF.....`.`......LEAD Technologies Inc. V1.01...C..............
.........................................................}............
...............................................?..`...................
................................................?....

GET /shared/img/sd_client/sprite.png HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: static.sd.softonic.pl

Connection: Keep-Alive

Cookie: __utma=176340583.1552066270.1421668072.1421668072.1421668072.1; __utmb=176340583.1.10.1421668072; __utmc=176340583; __utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); UACR_21547=false; UACA_21547=false; _FCpl=101727|1|1421668077.101633|1|1421668077.100861|1|1421668077; UD1_POSITION_21547=; NREUM=s=1421668078734&r=155687&p=0; _ga=GA1.2.1552066270.1421668072; _gat=1

HTTP/1.1 200 OK

Date: Mon, 19 Jan 2015 16:59:44 GMT

Server: Apache

Last-Modified: Thu, 29 May 2014 10:12:25 GMT

Accept-Ranges: bytes

Content-Length: 7892

Cache-Control: max-age=172800

Expires: Wed, 21 Jan 2015 16:59:44 GMT

Keep-Alive: timeout=3, max=10

Connection: Keep-Alive

Content-Type: image/png
.PNG........IHDR.......\.....ld......sBIT.....O.....PLTE..............
......................................................................
...............................................h......................
.f.....n........Dw.I..............U..}..,...v..\. g...........x.a...R.
.............>....:n........M..].T*..:.....m....tV.....]........7..
..Q..P..O)....P.i...O..N..N..M....sJ..M..K..L..L..J..J..JJz...I..I..H.
.I..H..Istv..H..G..H..G..G..G..F..F.x.go...F..F..E..E..D..D..D..B..C/v
...B:[email protected]..>/g..m..p..i...<..=.z:.g.;b..z:[email protected]?[ZW
.5>.u8.4<.s7.b..3;.1:.09{O$./8.p5..7.-6.[..m4&Q..,5. 3.k3(X..*2.
)1.R..(0.'/.%,.T..f1.e1.&..$,.$,.%-.# .# ."*.#,."*.!)." .!(.!*.!). (..
'. (..&. '.I...'..&..%..&..%..%..$..$.."..#..#..".."..!..!....9.899...
................*................>.j.....tRNS......................
......................................................................
......................................................................
......................................................................
.............~T.....pHYs...........~.....tEXtSoftware.Adobe Fireworks 
CS6.......gIDATx...._[.^..'.LhC...4.t.K....H.w0......^.)w.i..T...q..w.
.bq..*U.2j]..hU...^.}).\.......,.@......._..!0.u>[email protected]\..
fUHC....c.X;4.c..I...m..c...d.B.2...}. ..- ...A....,.:p51.4.Ig..:.}...
...r......WXw..........z. 3v..^.....2......5.Bw.;...M.......ffx..Ac...
....jf...F53.K...y...^.(h..M].>....................y.o.:...m.-.2C..
..................(.Jro.P............wqo....7....<...7*.z......
<<< skipped >>>

GET /e/dtb/bid?src=3177&u=http://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077&cb=3030167 HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: aax.amazon-adsystem.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/javascript;charset=UTF-8

Content-Length: 8

Date: Mon, 19 Jan 2015 16:59:43 GMT

Server: Server
void(0);..

GET /css/generated/fad58-8688a.css HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: static.sd.softonic.pl

Connection: Keep-Alive

Cookie: __utma=176340583.1552066270.1421668072.1421668072.1421668072.1; __utmb=176340583.1.10.1421668072; __utmc=176340583; __utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); UACR_21547=false; UACA_21547=false; _FCpl=101727|1|1421668077.101633|1|1421668077.100861|1|1421668077; UD1_POSITION_21547=; NREUM=s=1421668078734&r=155687&p=0; _ga=GA1.2.1552066270.1421668072; _gat=1

HTTP/1.1 200 OK

Date: Mon, 19 Jan 2015 16:59:43 GMT

Server: Apache

Last-Modified: Tue, 16 Dec 2014 09:23:38 GMT

Accept-Ranges: bytes

Cache-Control: max-age=2592000

Expires: Wed, 18 Feb 2015 16:59:43 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 5076

Keep-Alive: timeout=3, max=10

Connection: Keep-Alive

Content-Type: text/css
...........<k..Fr.. ..,|. ..........H. ......"[...I.......T........
...DuWUWW.....H..v..s....6...C.o9Mi..N$/.......t[.......cUd...........
.......0...Y.f].e....",.....qx...ix...yX74.W.)......0/.s.v.kG.J.:..U..
.s...;.].G\N.9..:..$............c.N...kGv.........(H......?.5I..k-....
A|.i:.........aJ....0.....h..K$..i......{).....b..<s... 0.\\......*
.v..r!"E~(...wW...O..]'q.........i....;.\R.C.n..wW..5!I..|9..,....%.[.
..N.Y.....Ku.......J..%:U.E....QZP......w.w.....FlY.a3...;n..m....{Y..
,.e.OQ...'.r....>|....Gw...T7y.m..P...,^..A8......~....o.?...j:Rv.Q
Ym{./....^..,....^....A._-.....U......N.@."....T_h./.g................
L..\.M...b"...h{...r..a.~........_..;.G.:..K.}.."lI.F-m..y.... H|-.BAv
.`2/.;H.o.<c..y..y...t.q...@....~....6.)....O!..J.......G.q\...]..i
G.6...OI!............?.d.L.R...x.k.{\r6.w.R.?}.|J?......x..,.......v.%
....S{......~.>......IS......A........A"7.p*}.{.;....2C...<.....
..N[..FOPK.......J~...............Mu....)...c.&.f..&|l.mZ.p(?..K::....
?...I..S.....ZS..O..g.t..#.B.O.%WA...M8.......X.vsJ..*...t....[.....qI
l..oZa...b.)....A..%..i.oM...&.7........a.ILq...H7.....Y.........Z./.&
gt;.H...q....q&.L..' ..6..f....^.-...0..E... Q.............c..Z...&(P.
.`q....1..{[email protected]!.'i.......ca...Mu".5..%n0G]ub.U...g.........T...N..Q.
X...(...F...z...d..... ..s.Vv...O...f...>.........'..8.A....2._..B.
&L...F. A....x..|ibD....r.c[.tB..S...c..`...|..2.aLKI.....tk....8..g.&
gt;..).;1...1....p...$.C.!E.,.cb....z..o..(..m\L. "P`'.X.3r........h./
=.F..S{Q...O..$....Nmu.B.%.....F....B......G.YsW#......!...~I..=..
<<< skipped >>>

GET /shared/img/sd_client/gradientbg.png HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: static.sd.softonic.pl

Connection: Keep-Alive

Cookie: __utma=176340583.1552066270.1421668072.1421668072.1421668072.1; __utmb=176340583.1.10.1421668072; __utmc=176340583; __utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); UACR_21547=false; UACA_21547=false; _FCpl=101727|1|1421668077.101633|1|1421668077.100861|1|1421668077; UD1_POSITION_21547=; NREUM=s=1421668078734&r=155687&p=0; _ga=GA1.2.1552066270.1421668072; _gat=1

HTTP/1.1 200 OK

Date: Mon, 19 Jan 2015 16:59:44 GMT

Server: Apache

Last-Modified: Thu, 27 Mar 2014 08:18:48 GMT

Accept-Ranges: bytes

Content-Length: 2958

Cache-Control: max-age=172800

Expires: Wed, 21 Jan 2015 16:59:44 GMT

Keep-Alive: timeout=3, max=9

Connection: Keep-Alive

Content-Type: image/png
.PNG........IHDR...)...........\.....tEXtSoftware.Adobe ImageReadyq.e&
lt;....PLTE...........................................................
......................................................................
...........................O *E...4tRNS...............................
.....................KW"e...HIDATx....v.9..Q{.%y......I.3.\...m..`..u.
s1.s.D...Q,. ..`(..S....O.....SJ........8...=.LR.[.&......:.eJY..oI:./
...$..BJ.#KS.sH2..%.{F..='..?HR./..6.X......)./R.. ..6.....F..g.[.I.&l
t;.l..2$...42.....S.....>..........h2..f..3.........<...X&r....T
..gg.-...t.....em<b.V&.g.c....6E,.-..qF6. ...o.Q.$S...(./y...DD..w.
.:iQ .c....3.&.TcCT.t,UE.E..HP.R.s.......V.`...%...'6.`...g..UIf(..K..
..uF2..r......T.!..]fLWF..\lU$....=c:2#.`....<...E". .".. qU.7P.[..
c.}.J.q.N.*..:g)%...!.. ..,[email protected]..,9.:l....c....<...
G.8...O......?.....5..'}.....TB..#.... Uxq..\..Y....1.P ..P.........Cd
a...g.....V'....G.:..uW..2.X......a2!.....L..2...mb...f:.i. z........S
...u)d8dC.R..q.`..N.^.~.q.......].....U.....%..p1&..b5..K..q..h...D...
...0...b..?M`...ak..2}J.7....l..<........7\...g!.Jf.0k.......){.-[.
f...M.. ..`.hY}..]....Z...z`.J.eb.........Vl..s...p.Zi.*..kd~..Q...l.@
......(l.v.L%:..|.c....,..Tg.....I..7[.-#,.....j#...B.`..b.m`..[....g.
.<Gs......".5c.R.4QC.5.][email protected]....
%0.m./....z{{~.y...........gz.zz.........??{..g~....D...............z.
_.......k.}...^?v..w.O..........t.x...~..x..}.........................
..............=..m...]Ew7...._....j_.j.....~.&....\7....~.....Pw..
<<< skipped >>>

GET /shared/img/sd_client/loading.gif HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: static.sd.softonic.pl

Connection: Keep-Alive

Cookie: __utma=176340583.1552066270.1421668072.1421668072.1421668072.1; __utmb=176340583.1.10.1421668072; __utmc=176340583; __utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); UACR_21547=false; UACA_21547=false; _FCpl=101727|1|1421668077.101633|1|1421668077.100861|1|1421668077; UD1_POSITION_21547=; NREUM=s=1421668078734&r=155687&p=0; _ga=GA1.2.1552066270.1421668072; _gat=1

HTTP/1.1 200 OK

Date: Mon, 19 Jan 2015 16:59:44 GMT

Server: Apache

Last-Modified: Thu, 27 Mar 2014 08:18:48 GMT

Accept-Ranges: bytes

Content-Length: 1553

Cache-Control: max-age=172800

Expires: Wed, 21 Jan 2015 16:59:44 GMT

Keep-Alive: timeout=3, max=8

Connection: Keep-Alive

Content-Type: image/gif
GIF89a................................................................
......................................................................
......................................................................
......................................................................
......................................................~..}..|..z..y..x
..t..v..s..r..q..p..m..o..l..k..j..............!..NETSCAPE2.0.....!...
..|.,............|..;\r....bvwz.....-lqK'......|.[p9.....4lE.....Nj#..
...^g.....[c.....G_......[8..!..IV*..'..|#OP1......).. @JGB=93)...$3&l
t;9 ......!.....|.,..........y.|.|4RhjW:...)Vilortvd1.&]eA..&Lwt.N`..|
<.-[;...|AX....NU....JQ....8M.....%I.....|8C ......<=%.........1
73/*&!....% '.....!.....|.,..........w.|.|-EY[L3..!GX[_cgjZ..LS6.Cmj..
?M)..6r`."I0..Iu:3E...&xZ<A...zr9=.. 8....5!....*0....... *........
..!$!................!.....|.,..........w.|.|$9IM@,...8GJOSWZM&..;A..:
_]).1<...0dU|.7$..Aj4&3..mR,0..pi(...qk.)..&uX.$..Mw;|....{g.|.....
..|2....................!.....|.,..........z.|.|.(591#...'258=AE<..
.)-....-KI ..)...&PE|."...5W,......ZD...._X....c[....fL....Dk4|....9o\
......'Jsl......zxa.....[;....!.....|.,..........x.|.|..$'#......"&*.2
-......... 77.......=5|.....(C#......G6....LG....QJ...|U?....:Z,|...1_
M.N'|.Be]&.fyxtrokV)..;YljS....!.....|.,..........w.|.|...............
............$%........*&|......0......3)..95..=9[z...B1<wL./G#.ct8.
)M>./mrF.7TL...]nkfc_ZH!.5O_[G....!.....|.,..........v.|.|........|
.........1.......gz.|...|;wM.|...Xv'..!.lt..&"jr.|*'So../#5lD.#3.|
<<< skipped >>>

GET /a/api/market.js?&account_id=10496&site_id=44182&zone_id=191950&rtb_model=1&cb=oz_onValuationLoaded_191950_15&size_id=15 HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: anvil.rubiconproject.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 19 Jan 2015 16:59:45 GMT

Server: RAS

Set-Cookie: ruid=553d828f54bd3801b86b26260f9033^1^1421686785^3094029862; Domain=.rubiconproject.com; Path=/; Expires=Sun, 19-Apr-2015 16:59:45 GMT; Max-Age=7776000

Set-Cookie: rsid=D9mHUmzor4ROFe/ifUEExbIlZameizM4neDXJEmywTNFMJ/OUnD8SJxgKuNsi8Vv2dhLoBsVvXbJcuItcII2VJBP/a4zJzyPfMah/Yq/He8BD4By41q DGoIlkdnrg6ySvzkV9BuD6xR506DigXWmb2l; Domain=.rubiconproject.com; Path=/

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Cache-Control: private, max-age=14400, must-revalidate

X-Rubicon: AE API

X-Revision: svnrevision: 104957

Keep-Alive: timeout=5, max=97

Connection: Keep-Alive

Transfer-Encoding: chunked

Content-Type: application/x-javascript

Content-Encoding: gzip

Vary: Accept-encoding
149............ePMk.1.....rR).[?.......CA.RJH...M.& .........d.....w..
V.W:xg..'..sBv..ZD., ..{....2......G..f[W...M.=...........EM..t:.g...Y
.........Fq._......=.]{.XL...Q....`0Q..C.M.tu.fYk5..H}L.F6.9.%.....]&g
t;..?.......]_.zwBi..Y>.g<.w...9..".-v...Jw....z."..R.....[..7..
.MG....(b..\....8...RM`.......yI,.Z.".....k.V.j.-.......F........0..font>....


GET /a/api/market.js?&account_id=10496&site_id=44182&zone_id=191952&rtb_model=1&cb=oz_onValuationLoaded_191952_15&size_id=15 HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: anvil.rubiconproject.com

Connection: Keep-Alive

Cookie: ruid=553d828f54bd3801b86b26260f9033^1^1421686785^3094029862; rsid=D9mHUmzor4ROFe/ifUEExbIlZameizM4neDXJEmywTNFMJ/OUnD8SJxgKuNsi8Vv2dhLoBsVvXbJcuItcII2VJBP/a4zJzyPfMah/Yq/He8BD4By41q DGoIlkdnrg6ySvzkV9BuD6xR506DigXWmb2l

HTTP/1.1 200 OK

Date: Mon, 19 Jan 2015 16:59:45 GMT

Server: RAS

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Cache-Control: private, max-age=14400, must-revalidate

X-Rubicon: AE API

X-Revision: svnrevision: 104957

Keep-Alive: timeout=5, max=63

Connection: Keep-Alive

Transfer-Encoding: chunked

Content-Type: application/x-javascript

Content-Encoding: gzip

Vary: Accept-encoding
798.............X[o.G.}..X.....W./A.J.."..  U.......Y.-....w.._.=....O
.Owo>.|...........~....^..ry.......{..n..^....?.~.....n@_.}......].
}..y%....G ..o.]cS...".o.?...._o.no..%op6M...7W ^.^. V.x1..VAqQ.VY....
b*V..:..^...RO}.rjkm...J..I..G6....J-..C6.S......nEj.U-..so/..d..a.!..
iT.."...Jk.cj#......c-..%.p...0[d.}u..-`}../...O.@...=.^......C......[
.<.. .JeH......kM. ...{.j..dU...)w....\.X.}Jul`3._.....l.X3w..d....
.........*.2Z&.9.0[....{......~.h>..aOY.)..\.0Rj......%G.S@lT..... 
..Y....)E.ks.EJ.E...&....y^..52....@._%...5..0I........X.=8E...@0.....
....... (.QW...u...5X.J..."...^...B......PG.< 5SC|6...E5./....0...k
...(R..).v.*...9#.."Y.N]'.r..?.:o0M1.!.............`....2.".{..ArbF"..
......~.<9............"SCR.C6..b....u...,...L...VK.UE...l....[.....
*Mv.k.Z.!D..[.B...xi[.i8QT"2 uG.iq.....( %..t.8..... 0|..J W..Xp..".f!
Z..X^....B[t..<"=K..X.*...B.uAV...1.6..D.i....W...K..."......[.....
#8............pRq.#.aIph#.m0.~....{...p?........mz.Qh.].v..y...tV.ye.t
.[..\,%...n..c...J.\......OU...!.][email protected]).. 9.....%/...dJ..
`0.'#4..."/...........d.w(..U...VT#.....|.p.........-..\14.Q<......
#.P0..s....1......."..~..."./..T.F.....d..!.0$x......#w..q.......8....
B0.OC.......]5.....E...Q...:...0.....<.6.w.eJ.J.i#.l.Xe...#..?...W.
........g.}Q...C._:.iR........E.X.Q...pP$Vk-0A'...uY%.;z..sh...UE.....
...J..(....8b..................w......j.O8.y=S..=.q.cD.3..E.....~.1..i
..W.......F.........P.SWzG.d..-B.......Aa:."........L'.o.i..5{........
=.`..(......g.l...._....l...3^bJ.|1.aL...o..U.....ZbwJAY.v.D_..~J.
<<< skipped >>>

GET /campaign/scrn/100000/100861/sd_icon_100861_8a4a3.png HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: screenshots.en.sftcdn.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 25 Mar 2014 08:34:17 GMT

Cache-Control: max-age=172800

Content-Type: image/png

Content-Length: 1191

Accept-Ranges: bytes

Date: Mon, 19 Jan 2015 16:59:43 GMT

Connection: keep-alive

Age: 0

X-Served-By: screenshots

X-Cache: HIT

X-Cache-Hits: 474

Expires: Wed, 21 Jan 2015 16:59:43 GMT
.PNG........IHDR..............w=.....bKGD..............pHYs...t...t..f
.x....vpAg.........xL......IDATH..V.K.Q........[n...-....4...YXQ).. .E
!A..P..>T.E...P...?D.Y...,.PD.e.Yd..:..c.).9xv.......y..y...$....!&
gt;>.111|LLL..QQQ...Fll,.###.H:.FB{.NJJ..._.IR......9#=.........f8l
640..PY...|...r....(..........9xDD.W...R........8..G.....5^0.....V..V.
a.XPQ^..Rt"b.'L.,..iR...j...W......W...........bOs.LF#.J%..i&C..PX4!KK
.......0.6...f...ao:.m.A..>y."...D..s...]9/.`.H...`ge.\&Cxx8O.$.B..
..6r.C.v-..;.............O]........c...M..*.TG9/........q.............
.....O...9.:.f....l49.....HT..99hu....N...ob>....n\......PI.i).....
.l..a...&.a.kk..#k......wc#[email protected] .A.....4.|[.7.V.&..R4.
.^..R...eZ...|.v.....O..>6p-...v-....!S.T...h2..tj.....{V......>
b..2..aF...........nGN..H..c..B........K..n....MR.Y**(@ws-'..........C
.....N...!:_.....( -.N..D........T1 ... .........s;.&....... ....03.&g
t;...{3_&%. ....['..0y..A.......f.^mS..N9.ai!...E.'.-S.S..h.:....n...7
T..f-.w....*.a..S..[..HK......Q=9....G.$.$...M....*!.5}cM.\N'.<B...
......W|q....4.h.0....$~..[lJg...EF.X..|..G..#.#.....o...m...%tEXtdate
:create.2014-03-25T09:34:13 01:00y..B...%tEXtdate:modify.2014-03-25T09
:34:13 01:00........IEND.B`.....
<<< skipped >>>

GET /campaign/scrn/100000/100861/sd_100861_41d97.jpeg?v=0.010570287798522315 HTTP/1.1

Accept: */*

Referer: hXXp://sd.softonic.pl/21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: screenshots.en.sftcdn.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 24 Mar 2014 16:19:57 GMT

Cache-Control: max-age=172800

Content-Type: image/jpeg

Content-Length: 8968

Accept-Ranges: bytes

Date: Mon, 19 Jan 2015 16:59:47 GMT

Connection: keep-alive

Age: 0

X-Served-By: screenshots

X-Cache: MISS

X-Cache-Hits: 0

Expires: Wed, 21 Jan 2015 16:59:47 GMT
......JFIF.....H.H.....C..............................................
......................C...............................................
........................j.............................................
.?.........................!.1..A.."2Qaq..#BR..38bt...$CS.(Dcr........
..........................4........................!1.A..Q."aq.....R..
#2B................?..TF....v8..$...[j..2..:.B.*'..#...S]5......m.i...
u..k.....U....zY...*.c&6#..G#=..`...h...5}..........Y...&H..p...0....@
f.vn....UV....MK.D.T.L.q.............a.W....e.\...#QTh)d...g.. .....q.
.{h.s...h.....4.....4..........=4....Ac..B3{.h.Ta..S.Q#.9.\....?..*..B
..u..k.w.;q..i.Kt\...N...B...s...........[.?....Y)$.....,.O .,p.....w.
..mQ...c[...'..mDm;....=.....>U.a9....J..;.../..E{QZ.n^......z...oQ
.&~..>3...s.q....5..l...l..y...n.7......:.(...........9.d.!........
.=..;n{...].5.]...d..?..$qB..eO/...$.9..T..jx.b.S...%.T.]..R.o.[....=N
..YY...He.yd.....R@.... [....6]}f..F..5..K...B.i.M5@(.. ....1!....v..m
/g.M.z.J..,.]........t...VK .x.h.c.jX?W$F.#....OQm...x/.W.,.*.a..h....
Y.....S.d..;.c..b.......~...l.&....tX....n.F.Sr..T...X..*W.^..N2......
.wh..;.........=^"T....\0v.W.........J..%.Ay...i.UB..UD.S%Z.Y...0..nT.
=..,.Y\q.....h...V.B.J.....I..e.|.,J....|..\.......>`.`IN.K....5.&z
...[..x..<..r.#..,~..$.\. .m...I4..6.%..eX.Q^.d.;...n..<..?.. ..
..d........>.%..U.8..Xc.Ia.........C..U....Zo..E...\..<.ReH:...j
Y..<0..F......,.;3a.n.... %....-L.uK.2!`......=3. m.$._...m.."...c.
...f.i!....p.>_?"....Rw,../.-..Z....I..%...Q....."`[email protected]
<<< skipped >>>

POST /universaldownloader-track HTTP/1.1

md5_hash: eb12145e862292884137a3429d645032

Accept-Language: en-us

Referer: hXXp://sd.softonic.pl/21547/universaldownloader-prefetch

Accept: application/json, text/javascript, */*; q=0.01

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

x-requested-with: XMLHttpRequest

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: sd.softonic.pl

Content-Length: 5820

Connection: Keep-Alive

Cache-Control: no-cache

Cookie: __utma=176340583.1552066270.1421668072.1421668072.1421668072.1; __utmb=176340583.1.10.1421668072; __utmc=176340583; __utmz=176340583.1421668072.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); UACR_21547=false; UACA_21547=false; _FCpl=101727|1|1421668077.101633|1|1421668077.100861|1|1421668077; UD1_POSITION_21547=

id_session=ED284C48-BEE8-43E5-ADF1-A8C43C9909D3t1421668077f21547&id_machine=a8a67a25000000000000000c297ccd1f&id_user=ED284C48-BEE8-43E5-ADF1-A8C43C9909D3&id_file=21547&id_section=157&id_main_section=200&ab_test=&api_version=1.40.2×tamp=1421668077&download_browser=unknown_browser&download_browser_version=unknown_version&client_timezone=2&test_track=false&flavour=&av_installed=&step=prefetch_events&events=[["special_conditions_evaluation",[{"campaign_id":"101727","campaign_priority":1,"campaign_reranked_priority":null,"special_condition_id":-3,"sp
HTTP/1.1 200 OK

Date: Mon, 19 Jan 2015 16:59:41 GMT

Server: Apache

Set-Cookie: sd_client_pl-admin=deleted; expires=Sun, 19-Jan-2014 16:59:40 GMT; path=/; domain=sd.softonic.com

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 35

Keep-Alive: timeout=3, max=10

Connection: Keep-Alive

Content-Type: application/json; charset=utf-8
...........V*.I,)-V.R..V.....l.........


GET /21547/universaldownloader/campaign-100861,101633/eulastep-101727?sd_timestamp=1421668077 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate