mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Malware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: faea69c49ffb25161c0475e4a7320dd0
SHA1: e3785d065be9f71b962dc8eee41e80052337f32b
SHA256: 0012d225d7aa7401949074fb6c332121ea1cfa72efdfdb341df09719266024cf
SSDeep: 49152:kNjKEhegFjRO3RGMRvHTWINhw65CYTxaaToY:hEhljRO3RvRlw65CYwaToY
Size: 2002144 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: PC Drivers HeadQuarters
Created at: 2012-04-25 04:16:29
Analyzed on: Windows7Ada SP1 64-bit
Summary: Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Malware creates the following process(es):
csc.exe:2468
csc.exe:1424
MSIEXEC.EXE:212
ochelper.exe:1372
cvtres.exe:2448
cvtres.exe:2764
MSI4C8C.tmp:580
%original file name%.exe:384
The Malware injects its code into the following process(es):
Offercast2802_PCD_.exe:2276
Offercast2802_PCD_.exe:2500
MsiExec.exe:2588
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process csc.exe:2468 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCB569.tmp (700 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\iuvvszf0.dll (4930 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\iuvvszf0.out (120 bytes)
The process csc.exe:1424 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smozgw5x.dll (4258 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCB672.tmp (700 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smozgw5x.out (240 bytes)
The process Offercast2802_PCD_.exe:2276 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\CRPrimary-ext[1].png (1801 bytes)
C:\Users\"%CurrentUserName%"\Documents\APNSetup.exe (6657 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ochelper.exe (61 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\orchestrator1[1].htm (923 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\APNAnalytics.xml (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\scrolltext.xml (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\IEPrimary.png (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\pipcore-min[1].js (37170 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\ochelper[1].exe (2309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\scrolltext[1].xml (2969 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\APNAnalytics[1].xml (297 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CRPrimary-ext.png (10 bytes)
C:\Users\"%CurrentUserName%"\Documents\APNSetup1.exe (6657 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\IEPrimary[1].png (1803 bytes)
The process Offercast2802_PCD_.exe:2500 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\orchestrator.html (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\objectmodel.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\rules.js (61 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\v7tb.png (10 bytes)
The process MSIEXEC.EXE:212 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\Windows\Installer\MSI450B.tmp (512335 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI4BB0.tmp (59 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_65128B3C2E64A999469787910011EEC0 (1520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI74c7c.LOG (3844 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1212 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI4C8C.tmp (7596 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSIADFE.tmp (8281 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSIB9F1.tmp (14988 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_65128B3C2E64A999469787910011EEC0 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI4C2E.tmp (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSIBD6B.tmp (14988 bytes)
The process ochelper.exe:1372 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ochelper.dll (54 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ochelper.dl_ (14 bytes)
The process cvtres.exe:2448 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESB673.tmp (3950 bytes)
The process cvtres.exe:2764 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESB57A.tmp (3950 bytes)
The process MSI4C8C.tmp:580 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Offercast2802_PCD_.exe (129587 bytes)
The process %original file name%.exe:384 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\Microsoft .NET Framework 3.5 SP1 (Windows Feature).prq (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\0x0410.ini (812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\Microsoft .NET Framework 2.0 SP1 (IA64).prq (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\Setup.INI (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\0x0409.ini (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~2E11.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\Microsoft .NET Framework 2.0 SP1 (x64).prq (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\1033.MST (1937 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\0x040c.ini (812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\0x040a.ini (812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\_ISMSIDEL.INI (22060 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~2E22.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\Microsoft .NET Framework 2.0 SP1.prq (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\0x0407.ini (812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\0x0416.ini (808 bytes)
The process MsiExec.exe:2588 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{655167B5-4B46-4B6A-B1D1-38562EDDDEFD}\_isres_0x0409.dll (23352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{3DC1A4B2-A068-4957-AABF-5ED9F9957E86}\IsConfig.ini (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smozgw5x.cmdline (362 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smozgw5x.0.cs (1444 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\iuvvszf0.cmdline (687 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSIBD6B.tmp (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI4C2E.tmp (147 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{3DC1A4B2-A068-4957-AABF-5ED9F9957E86}\ISBEW64.exe (6705 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{655167B5-4B46-4B6A-B1D1-38562EDDDEFD}\ISRT.dll (13792 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSIB9F1.tmp (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{3DC1A4B2-A068-4957-AABF-5ED9F9957E86}\ISRT.dll (13792 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{655167B5-4B46-4B6A-B1D1-38562EDDDEFD}\setup.inx (13381 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\iuvvszf0.out (770 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\iuvvszf0.0.cs (22900 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{3DC1A4B2-A068-4957-AABF-5ED9F9957E86} (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{655167B5-4B46-4B6A-B1D1-38562EDDDEFD}\ISBEW64.exe (6705 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}\_isconfig.xml (127 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSIADFE.tmp (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI4BB0.tmp (61 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{655167B5-4B46-4B6A-B1D1-38562EDDDEFD} (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{3DC1A4B2-A068-4957-AABF-5ED9F9957E86}\String1033.txt (6868 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{3DC1A4B2-A068-4957-AABF-5ED9F9957E86}\setup.inx (13381 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{655167B5-4B46-4B6A-B1D1-38562EDDDEFD}\IsConfig.ini (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{655167B5-4B46-4B6A-B1D1-38562EDDDEFD}\String1033.txt (6868 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}\EULA.rtf (102000 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smozgw5x.out (445 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{3DC1A4B2-A068-4957-AABF-5ED9F9957E86}\_isres_0x0409.dll (23352 bytes)
Registry activity
The process Offercast2802_PCD_.exe:2276 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\APN PIP\PCD]
"PIP_UI_Ready" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\APN PIP\PCD]
"PIP_Top" = "239"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "24 E3 E3 96 B2 7B D0 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "52 47 30 95 B2 7B D0 01"
[HKCU\Software\APN PIP\PCD]
"PIP_SkipAll" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"
[HKCU\Software\APN PIP\PCD]
"PIP_Toolbar_Selection" = "hp:true|ds:true|oi:true"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 49 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\APN PIP\PCD]
"PIP_UI_Complete" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
"WpadDecision" = "0"
[HKCU\Software\APN PIP\PCD]
"PIP_Left" = "606"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"PIP" = "C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Offercast2802_PCD_.exe -rb"
The Malware deletes the following value(s) in system registry:
[HKCU\Software\APN PIP\PCD]
"PIP_Exit_Code"
"PIP_UI_Ready"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKCU\Software\APN PIP\PCD]
"PIP_Offers_Launched"
"Top"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\APN PIP\PCD]
"PIP_Offers_Selection"
"Show_UI"
"PIP_Toolbar_Launched"
"PIP_Top"
"PIP_SkipAll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoDetect"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"
[HKCU\Software\APN PIP\PCD]
"Left"
"PIP_Toolbar_Exitcode"
"PIP_Toolbar_Selection"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\APN PIP\PCD]
"Cancel_PIP"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\APN PIP\PCD]
"PIP_Offers_Exitcode"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKCU\Software\APN PIP\PCD]
"Start_Install"
"PIP_UI_Complete"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKCU\Software\APN PIP\PCD]
"PIP_Left"
The process Offercast2802_PCD_.exe:2500 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
The Malware deletes the following value(s) in system registry:
[HKCU\Software\APN PIP\PCD]
"PIP_Exit_Code"
"PIP_UI_Ready"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\APN PIP\PCD]
"Show_UI"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\APN PIP\PCD]
"Start_Install"
"PIP_UI_Complete"
"PIP_Offers_Launched"
"Top"
"Cancel_PIP"
"PIP_Offers_Exitcode"
"Left"
"PIP_SkipAll"
"PIP_Toolbar_Exitcode"
"PIP_Toolbar_Launched"
"PIP_Offers_Selection"
"PIP_Top"
"PIP_Toolbar_Selection"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\APN PIP\PCD]
"PIP_Left"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process MSIEXEC.EXE:212 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "2D 85 33 3A 90 73 D0 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"
[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 48 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"
"WpadDecisionTime" = "52 47 30 95 B2 7B D0 01"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Malware deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The process MSI4C8C.tmp:580 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32]
"fveui.dll,-844" = "BitLocker Data Recovery Agent"
"fveui.dll,-843" = "BitLocker Drive Encryption"
[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"
The process %original file name%.exe:384 makes changes in the system registry.
The Malware deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion]
"%IS_PREREQ%-Driver Detective"
"%IS_PREREQF%-Driver Detective"
The Malware disables automatic startup of the application by deleting the following autorun value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
" ISSetupPrerequisistes"
The process MsiExec.exe:2588 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MsiExec_RASAPI32]
"EnableFileTracing" = "0"
[HKCU\Software\APN PIP\PCD]
"Left" = "606"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MsiExec_RASAPI32]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MsiExec_RASMANCS]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MsiExec_RASAPI32]
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MsiExec_RASMANCS]
"EnableFileTracing" = "0"
"MaxFileSize" = "1048576"
[HKCU\Software\APN PIP\PCD]
"Top" = "239"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MsiExec_RASAPI32]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MsiExec_RASMANCS]
"FileTracingMask" = "4294901760"
[HKCU\Software\APN PIP\PCD]
"Show_UI" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MsiExec_RASMANCS]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MsiExec_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MsiExec_RASMANCS]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\MsiExec_RASAPI32]
"ConsoleTracingMask" = "4294901760"
Dropped PE files
MD5 | File path |
---|---|
aa3cf23ec4d00ec8885807a7570f8259 | c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\ochelper[1].exe |
135fb44681e6b409dc378960cfcb7a76 | c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Offercast2802_PCD_.exe |
f1e14b066f078bf8f91c4ae5fea4281a | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\APNSetup.exe.tmp |
e8245fadab2278ad63c147ad6e1407b2 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI4C8C.tmp |
1affd4b7e687f2caa3a62a09b7f35814 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\ochelper.dll |
aa3cf23ec4d00ec8885807a7570f8259 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\ochelper.exe |
f1e14b066f078bf8f91c4ae5fea4281a | c:\Users\"%CurrentUserName%"\Documents\APNSetup.exe |
f1e14b066f078bf8f91c4ae5fea4281a | c:\Users\"%CurrentUserName%"\Documents\APNSetup1.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
csc.exe:2468
csc.exe:1424
MSIEXEC.EXE:212
ochelper.exe:1372
cvtres.exe:2448
cvtres.exe:2764
MSI4C8C.tmp:580
%original file name%.exe:384 - Delete the original Malware file.
- Delete or disinfect the following files created/modified by the Malware:
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCB569.tmp (700 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\iuvvszf0.dll (4930 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\iuvvszf0.out (120 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smozgw5x.dll (4258 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCB672.tmp (700 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smozgw5x.out (240 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\CRPrimary-ext[1].png (1801 bytes)
C:\Users\"%CurrentUserName%"\Documents\APNSetup.exe (6657 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ochelper.exe (61 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\orchestrator1[1].htm (923 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\APNAnalytics.xml (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\scrolltext.xml (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\IEPrimary.png (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\pipcore-min[1].js (37170 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\ochelper[1].exe (2309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\scrolltext[1].xml (2969 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\APNAnalytics[1].xml (297 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CRPrimary-ext.png (10 bytes)
C:\Users\"%CurrentUserName%"\Documents\APNSetup1.exe (6657 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\IEPrimary[1].png (1803 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\orchestrator.html (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\objectmodel.js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\rules.js (61 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\v7tb.png (10 bytes)
C:\Windows\Installer\MSI450B.tmp (512335 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI4BB0.tmp (59 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_65128B3C2E64A999469787910011EEC0 (1520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI74c7c.LOG (3844 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1212 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI4C8C.tmp (7596 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSIADFE.tmp (8281 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSIB9F1.tmp (14988 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_65128B3C2E64A999469787910011EEC0 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSI4C2E.tmp (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\MSIBD6B.tmp (14988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ochelper.dll (54 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ochelper.dl_ (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESB673.tmp (3950 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESB57A.tmp (3950 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Offercast2802_PCD_.exe (129587 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\Microsoft .NET Framework 3.5 SP1 (Windows Feature).prq (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\0x0410.ini (812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\Microsoft .NET Framework 2.0 SP1 (IA64).prq (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\Setup.INI (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\0x0409.ini (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~2E11.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\Microsoft .NET Framework 2.0 SP1 (x64).prq (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\1033.MST (1937 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\0x040c.ini (812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\0x040a.ini (812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\_ISMSIDEL.INI (22060 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\~2E22.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\Microsoft .NET Framework 2.0 SP1.prq (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\0x0407.ini (812 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\0x0416.ini (808 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{655167B5-4B46-4B6A-B1D1-38562EDDDEFD}\_isres_0x0409.dll (23352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{3DC1A4B2-A068-4957-AABF-5ED9F9957E86}\IsConfig.ini (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smozgw5x.cmdline (362 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\smozgw5x.0.cs (1444 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\iuvvszf0.cmdline (687 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{3DC1A4B2-A068-4957-AABF-5ED9F9957E86}\ISBEW64.exe (6705 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{655167B5-4B46-4B6A-B1D1-38562EDDDEFD}\ISRT.dll (13792 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{3DC1A4B2-A068-4957-AABF-5ED9F9957E86}\ISRT.dll (13792 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{655167B5-4B46-4B6A-B1D1-38562EDDDEFD}\setup.inx (13381 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\iuvvszf0.0.cs (22900 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{655167B5-4B46-4B6A-B1D1-38562EDDDEFD}\ISBEW64.exe (6705 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}\_isconfig.xml (127 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{3DC1A4B2-A068-4957-AABF-5ED9F9957E86}\String1033.txt (6868 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{3DC1A4B2-A068-4957-AABF-5ED9F9957E86}\setup.inx (13381 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{655167B5-4B46-4B6A-B1D1-38562EDDDEFD}\IsConfig.ini (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{655167B5-4B46-4B6A-B1D1-38562EDDDEFD}\String1033.txt (6868 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}\EULA.rtf (102000 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{3DC1A4B2-A068-4957-AABF-5ED9F9957E86}\_isres_0x0409.dll (23352 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"PIP" = "C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Offercast2802_PCD_.exe -rb" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: PC Drivers HeadQuarters
Product Name: Driver Detective
Product Version: 8.1
Legal Copyright: Copyright (C) 2009 PC Drivers HeadQuarters
Legal Trademarks:
Original Filename: InstallShield Setup.exe
Internal Name: Setup
File Version: 8.1
File Description: This installer database contains the logic and data required to install Driver Detective.
Comments:
Language: English (United States)
Company Name: PC Drivers HeadQuartersProduct Name: Driver DetectiveProduct Version: 8.1 Legal Copyright: Copyright (C) 2009 PC Drivers HeadQuartersLegal Trademarks: Original Filename: InstallShield Setup.exeInternal Name: SetupFile Version: 8.1 File Description: This installer database contains the logic and data required to install Driver Detective.Comments: Language: English (United States)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 929067 | 929280 | 4.57147 | b2e6465308e6857a116cdbdb0dc54c40 |
.rdata | 933888 | 204268 | 204288 | 3.30051 | 85171aa4179d7f4afec4302c929554e9 |
.data | 1138688 | 35656 | 10752 | 3.15828 | f0272d79af07cde9705c963653bf45d4 |
.rsrc | 1175552 | 312864 | 313344 | 4.41878 | c6872616fc39662edaaf8d235190cb3e |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 3
446d526261785c7aad69ab2d7de4f637
e197828cae703bc2fb62391f70a6764a
fbf37a32f1a41c250516d26670c16ba3
Network Activity
URLs
URL | IP |
---|---|
hxxp://a52.dscg10.akamai.net/Driver Detective.msi | |
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1e2fb7996d56742c | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEEu1uHVrr/uBz4xsjvTmEAY= | |
hxxp://e3432.g.akamaiedge.net/static/partners/PCD/APNAnalytics.xml | |
hxxp://www103.apnpartners.com/PIP/Server.jhtml?partner_id=PCD&language=en&version=2.8.0.2 | |
hxxp://e3432.g.akamaiedge.net/static/resources/ochelper/2.9.1.0/ochelper.exe | |
hxxp://e3432.g.akamaiedge.net/static/resources/ui/html/orchestrator1.html?PIPPID=PCD&PTBPartnerID=PCD-SP&STBPartnerID=&tbType=vanilla&version=2.8.0.2 | |
hxxp://e3432.g.akamaiedge.net/static/resources/ui/js/pipcore-min.js?vers=1124 | |
hxxp://e3432.g.akamaiedge.net/static/partners/PCD/images/IEPrimary.png | |
hxxp://e3432.g.akamaiedge.net/static/partners/PCD/scrolltext.xml | |
hxxp://e3432.g.akamaiedge.net/static/partners/PCD/images/CRPrimary-ext.png | |
hxxp://webservices.drivershq.com/2011/12/MiscService.asmx | 64.49.225.72 |
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f207920a3dc5ddab | |
hxxp://a1363.dscg.akamai.net/media/toolbar/everest/7.9.0/APNSetup.exe | |
hxxp://a52.dscg10.akamai.net/AskToo~1.cab | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | |
hxxp://e6845.ce.akamaiedge.net/ThawtePremiumServerCA.crl | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= | |
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEAll8qxyNsfhvcpE7RObJzo= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEAccnCzHkryxnIBMNlXU3h8= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= | |
hxxp://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id=PCD&language=en&version=2.8.0.2 | 199.36.100.103 |
hxxp://apnmedia.ask.com/media/toolbar/everest/7.9.0/APNSetup.exe | 87.245.216.33 |
hxxp://c4213550.r50.cf2.rackcdn.com/AskToo~1.cab | 23.14.92.121 |
hxxp://c4213550.r50.cf2.rackcdn.com/Driver Detective.msi | 23.14.92.121 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | 23.57.107.27 |
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl | 87.245.216.33 |
hxxp://ak.pipoffers.apnpartners.com/static/resources/ui/html/orchestrator1.html?PIPPID=PCD&PTBPartnerID=PCD-SP&STBPartnerID=&tbType=vanilla&version=2.8.0.2 | 23.223.235.37 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | 23.57.107.27 |
hxxp://ak.pipoffers.apnpartners.com/static/resources/ui/js/pipcore-min.js?vers=1124 | 23.223.235.37 |
hxxp://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEAccnCzHkryxnIBMNlXU3h8= | 23.57.107.27 |
hxxp://crl.thawte.com/ThawtePremiumServerCA.crl | 23.57.101.163 |
hxxp://ak.pipoffers.apnpartners.com/static/partners/PCD/images/IEPrimary.png | 23.223.235.37 |
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl | 87.245.216.33 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= | 23.57.107.27 |
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl | 87.245.216.33 |
hxxp://ak.pipoffers.apnpartners.com/static/partners/PCD/scrolltext.xml | 23.223.235.37 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | 23.57.107.27 |
hxxp://ak.pipoffers.apnpartners.com/static/resources/ochelper/2.9.1.0/ochelper.exe | 23.223.235.37 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1e2fb7996d56742c | 87.245.216.19 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= | 23.57.107.27 |
hxxp://ak.pipoffers.apnpartners.com/static/partners/PCD/images/CRPrimary-ext.png | 23.223.235.37 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= | 23.57.107.27 |
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl | 87.245.216.33 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEAll8qxyNsfhvcpE7RObJzo= | 23.57.107.27 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= | 23.57.107.27 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEEu1uHVrr/uBz4xsjvTmEAY= | 23.57.107.27 |
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= | 23.57.107.27 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f207920a3dc5ddab | 87.245.216.19 |
hxxp://ak.pipoffers.apnpartners.com/static/partners/PCD/APNAnalytics.xml | 23.223.235.37 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=539439, public, no-transform, must-revalidate
Last-Modified: Mon, 20 Apr 2015 03:30:31 GMT
Expires: Mon, 27 Apr 2015 03:30:31 GMT
Date: Mon, 20 Apr 2015 21:44:46 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..20150420033031Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5..........^.3@..cL.1.......20150420033031Z....20150427033031Z0...*.H.............|G#(.}&......W.._..vp/H.....h@v.N....d..G%.od.'...|g........j......k..d.^.y.U.._n...AM{$.../...S....f8.8{%.........y...\nZk...{.J.z.i.`F=..#...Q.Y6%.....W....e.m.H.n.,x=.C...........fx.1.......^......$.P.&*..5....6% ...... #.-.7....@(^.P....s;....O....o......#0...0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.............m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H......
<<< skipped >>>
GET /AskToo~1.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows Installer
Host: c4213550.r50.cf2.rackcdn.com
HTTP/1.1 200 OK
Last-Modified: Mon, 23 Sep 2013 18:43:45 GMT
ETag: 759ae9f637b47107851d05af93664db7
X-Timestamp: 1379961824.56190
Content-Type: application/vnd.ms-cab-compressed
X-Trans-Id: tx9cbd6b8fec1148089f017-005506e213ord1
Cache-Control: public, max-age=394
Expires: Mon, 20 Apr 2015 21:49:42 GMT
Date: Mon, 20 Apr 2015 21:43:08 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
00008C6E..MSCF............D...............W...............`...........c...#...pU.........C(h .installask.exe...... ..[.... Vcq...b.4".`...^..{.m.m.........Z...3U.43..-..3..Ju.5"!g.......z|............,..O...@....02eu#.p`........w.....$.'O>.$.lg.X^...w..........r...)....Ur.EZX.V(..J@V....B .l..U......yr............""(* ....._.....&.b&}`....."..(..Fb.Gu=.I.R.....?0pa.|P..s................vP`...E-.{...z..qHh.N:=..M.B..i.5......i@:...=t:>..d#.1....[..5......R ......t.A. ....;.X.{..".D..Z....c..w......f.B.r..v...JC.l....I.?pW."8Y....0T:..Lm..}^....SG.]]/.N.s....LD.J..~.<.&F..]..=B....l#..0...?v|.[......-dpk8..N.7..E...-....k.......A..C..!.k..X........*....YS..\...7C.AEUU9Fd....9lD:.[.......................P.z%.y C.h. Q......Y..A.......&.................S<......UB.i...c....>.0.E,..rD'C2DT8P..).....7.%.AH...:Gs...IU.......d.(;P.U#3]..r*.."...tp8.).k XHD.]....]/..(...B9!...d..]..P}..f.m..D..U?vk.@....ab/..#.SJ...N....L,|3>3.;...7%N.X7...!O,.{......e....uj......z..E..1..q.X.D..*..f$.\s.s..-....x.dDO{>p...h.;..A...IR00..g...d.>.._$.5...F..!...2....U.p.c\....u...m../..AX."..z@'.{...{I....9U..Gm>F...IZ.?`....n..GR.Q.....I.RsJ....0.......H...I.Z..5]q....!=.4...R..............0eZU..ejV4........?..cG...EA.F.L.35..|.....W.M.X..-..dM:<.A........];s.C8...My.....u.............",...q.. ..o...:....5..D.R..,.;U.$...?..B......eK.z,S}.(..Zq....h..;....,..o.\U.4.c.^i%B..!..M=I..{q.........a.%0.M.E.."...44Qy.avA.`.....p...L..X#.z.Eq.......a4H.{.Q.?.R6.A.S'.]....*3..)..Cz8d.3.D..gq.}@..7.%j....ft...{.k.....A
<<< skipped >>>
GET /AskToo~1.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows Installer
Host: c4213550.r50.cf2.rackcdn.com
HTTP/1.1 200 OK
Last-Modified: Mon, 23 Sep 2013 18:43:45 GMT
ETag: 759ae9f637b47107851d05af93664db7
X-Timestamp: 1379961824.56190
Content-Type: application/vnd.ms-cab-compressed
X-Trans-Id: tx9cbd6b8fec1148089f017-005506e213ord1
Cache-Control: public, max-age=465
Expires: Mon, 20 Apr 2015 21:49:42 GMT
Date: Mon, 20 Apr 2015 21:41:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
00008C6E..MSCF............D...............W...............`...........c...#...pU.........C(h .installask.exe...... ..[.... Vcq...b.4".`...^..{.m.m.........Z...3U.43..-..3..Ju.5"!g.......z|............,..O...@....02eu#.p`........w.....$.'O>.$.lg.X^...w..........r...)....Ur.EZX.V(..J@V....B .l..U......yr............""(* ....._.....&.b&}`....."..(..Fb.Gu=.I.R.....?0pa.|P..s................vP`...E-.{...z..qHh.N:=..M.B..i.5......i@:...=t:>..d#.1....[..5......R ......t.A. ....;.X.{..".D..Z....c..w......f.B.r..v...JC.l....I.?pW."8Y....0T:..Lm..}^....SG.]]/.N.s....LD.J..~.<.&F..]..=B....l#..0...?v|.[......-dpk8..N.7..E...-....k.......A..C..!.k..X........*....YS..\...7C.AEUU9Fd....9lD:.[.......................P.z%.y C.h. Q......Y..A.......&.................S<......UB.i...c....>.0.E,..rD'C2DT8P..).....7.%.AH...:Gs...IU.......d.(;P.U#3]..r*.."...tp8.).k XHD.]....]/..(...B9!...d..]..P}..f.m..D..U?vk.@....ab/..#.SJ...N....L,|3>3.;...7%N.X7...!O,.{......e....uj......z..E..1..q.X.D..*..f$.\s.s..-....x.dDO{>p...h.;..A...IR00..g...d.>.._$.5...F..!...2....U.p.c\....u...m../..AX."..z@'.{...{I....9U..Gm>F...IZ.?`....n..GR.Q.....I.RsJ....0.......H...I.Z..5]q....!=.4...R..............0eZU..ejV4........?..cG...EA.F.L.35..|.....W.M.X..-..dM:<.A........];s.C8...My.....u.............",...q.. ..o...:....5..D.R..,.;U.$...?..B......eK.z,S}.(..Zq....h..;....,..o.\U.4.c.^i%B..!..M=I..{q.........a.%0.M.E.."...44Qy.avA.`.....p...L..X#.z.Eq.......a4H.{.Q.?.R6.A.S'.]....*3..)..Cz8d.3.D..gq.}@..7.%j....ft...{.k.....A
<<< skipped >>>
POST /2011/12/MiscService.asmx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.1)
Content-Type: text/xml; charset=utf-8
SOAPAction: "hXXp://webservices.drivershq.com/2011/12/miscservice/ValidateThirdPartyInstall"
Host: webservices.drivershq.com
Content-Length: 1140
Expect: 100-continue
Connection: Keep-Alive
HTTP/1.1 100 Continue
....
GET /AskToo~1.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows Installer
Host: c4213550.r50.cf2.rackcdn.com
HTTP/1.1 200 OK
Last-Modified: Mon, 23 Sep 2013 18:43:45 GMT
ETag: 759ae9f637b47107851d05af93664db7
X-Timestamp: 1379961824.56190
Content-Type: application/vnd.ms-cab-compressed
X-Trans-Id: tx9cbd6b8fec1148089f017-005506e213ord1
Cache-Control: public, max-age=372
Expires: Mon, 20 Apr 2015 21:50:32 GMT
Date: Mon, 20 Apr 2015 21:44:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
00009BF1..MSCF............D...............W...............`...........c...#...pU.........C(h .installask.exe...... ..[.... Vcq...b.4".`...^..{.m.m.........Z...3U.43..-..3..Ju.5"!g.......z|............,..O...@....02eu#.p`........w.....$.'O>.$.lg.X^...w..........r...)....Ur.EZX.V(..J@V....B .l..U......yr............""(* ....._.....&.b&}`....."..(..Fb.Gu=.I.R.....?0pa.|P..s................vP`...E-.{...z..qHh.N:=..M.B..i.5......i@:...=t:>..d#.1....[..5......R ......t.A. ....;.X.{..".D..Z....c..w......f.B.r..v...JC.l....I.?pW."8Y....0T:..Lm..}^....SG.]]/.N.s....LD.J..~.<.&F..]..=B....l#..0...?v|.[......-dpk8..N.7..E...-....k.......A..C..!.k..X........*....YS..\...7C.AEUU9Fd....9lD:.[.......................P.z%.y C.h. Q......Y..A.......&.................S<......UB.i...c....>.0.E,..rD'C2DT8P..).....7.%.AH...:Gs...IU.......d.(;P.U#3]..r*.."...tp8.).k XHD.]....]/..(...B9!...d..]..P}..f.m..D..U?vk.@....ab/..#.SJ...N....L,|3>3.;...7%N.X7...!O,.{......e....uj......z..E..1..q.X.D..*..f$.\s.s..-....x.dDO{>p...h.;..A...IR00..g...d.>.._$.5...F..!...2....U.p.c\....u...m../..AX."..z@'.{...{I....9U..Gm>F...IZ.?`....n..GR.Q.....I.RsJ....0.......H...I.Z..5]q....!=.4...R..............0eZU..ejV4........?..cG...EA.F.L.35..|.....W.M.X..-..dM:<.A........];s.C8...My.....u.............",...q.. ..o...:....5..D.R..,.;U.$...?..B......eK.z,S}.(..Zq....h..;....,..o.\U.4.c.^i%B..!..M=I..{q.........a.%0.M.E.."...44Qy.avA.`.....p...L..X#.z.Eq.......a4H.{.Q.?.R6.A.S'.]....*3..)..Cz8d.3.D..gq.}@..7.%j....ft...{.k.....A
<<< skipped >>>
GET /AskToo~1.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows Installer
Host: c4213550.r50.cf2.rackcdn.com
HTTP/1.1 200 OK
Last-Modified: Mon, 23 Sep 2013 18:43:45 GMT
ETag: 759ae9f637b47107851d05af93664db7
X-Timestamp: 1379961824.56190
Content-Type: application/vnd.ms-cab-compressed
X-Trans-Id: tx9cbd6b8fec1148089f017-005506e213ord1
Cache-Control: public, max-age=337
Expires: Mon, 20 Apr 2015 21:50:16 GMT
Date: Mon, 20 Apr 2015 21:44:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
0000969F..MSCF............D...............W...............`...........c...#...pU.........C(h .installask.exe...... ..[.... Vcq...b.4".`...^..{.m.m.........Z...3U.43..-..3..Ju.5"!g.......z|............,..O...@....02eu#.p`........w.....$.'O>.$.lg.X^...w..........r...)....Ur.EZX.V(..J@V....B .l..U......yr............""(* ....._.....&.b&}`....."..(..Fb.Gu=.I.R.....?0pa.|P..s................vP`...E-.{...z..qHh.N:=..M.B..i.5......i@:...=t:>..d#.1....[..5......R ......t.A. ....;.X.{..".D..Z....c..w......f.B.r..v...JC.l....I.?pW."8Y....0T:..Lm..}^....SG.]]/.N.s....LD.J..~.<.&F..]..=B....l#..0...?v|.[......-dpk8..N.7..E...-....k.......A..C..!.k..X........*....YS..\...7C.AEUU9Fd....9lD:.[.......................P.z%.y C.h. Q......Y..A.......&.................S<......UB.i...c....>.0.E,..rD'C2DT8P..).....7.%.AH...:Gs...IU.......d.(;P.U#3]..r*.."...tp8.).k XHD.]....]/..(...B9!...d..]..P}..f.m..D..U?vk.@....ab/..#.SJ...N....L,|3>3.;...7%N.X7...!O,.{......e....uj......z..E..1..q.X.D..*..f$.\s.s..-....x.dDO{>p...h.;..A...IR00..g...d.>.._$.5...F..!...2....U.p.c\....u...m../..AX."..z@'.{...{I....9U..Gm>F...IZ.?`....n..GR.Q.....I.RsJ....0.......H...I.Z..5]q....!=.4...R..............0eZU..ejV4........?..cG...EA.F.L.35..|.....W.M.X..-..dM:<.A........];s.C8...My.....u.............",...q.. ..o...:....5..D.R..,.;U.$...?..B......eK.z,S}.(..Zq....h..;....,..o.\U.4.c.^i%B..!..M=I..{q.........a.%0.M.E.."...44Qy.avA.`.....p...L..X#.z.Eq.......a4H.{.Q.?.R6.A.S'.]....*3..)..Cz8d.3.D..gq.}@..7.%j....ft...{.k.....A
<<< skipped >>>
GET /AskToo~1.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows Installer
Host: c4213550.r50.cf2.rackcdn.com
HTTP/1.1 200 OK
Last-Modified: Mon, 23 Sep 2013 18:43:45 GMT
ETag: 759ae9f637b47107851d05af93664db7
X-Timestamp: 1379961824.56190
Content-Type: application/vnd.ms-cab-compressed
X-Trans-Id: tx9cbd6b8fec1148089f017-005506e213ord1
Cache-Control: public, max-age=389
Expires: Mon, 20 Apr 2015 21:49:55 GMT
Date: Mon, 20 Apr 2015 21:43:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
GET /AskToo~1.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows Installer
Host: c4213550.r50.cf2.rackcdn.com
HTTP/1.1 200 OK
Last-Modified: Mon, 23 Sep 2013 18:43:45 GMT
ETag: 759ae9f637b47107851d05af93664db7
X-Timestamp: 1379961824.56190
Content-Type: application/vnd.ms-cab-compressed
X-Trans-Id: tx9cbd6b8fec1148089f017-005506e213ord1
Cache-Control: public, max-age=494
Expires: Mon, 20 Apr 2015 21:49:42 GMT
Date: Mon, 20 Apr 2015 21:41:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
00008C6E..MSCF............D...............W...............`...........c...#...pU.........C(h .installask.exe...... ..[.... Vcq...b.4".`...^..{.m.m.........Z...3U.43..-..3..Ju.5"!g.......z|............,..O...@....02eu#.p`........w.....$.'O>.$.lg.X^...w..........r...)....Ur.EZX.V(..J@V....B .l..U......yr............""(* ....._.....&.b&}`....."..(..Fb.Gu=.I.R.....?0pa.|P..s................vP`...E-.{...z..qHh.N:=..M.B..i.5......i@:...=t:>..d#.1....[..5......R ......t.A. ....;.X.{..".D..Z....c..w......f.B.r..v...JC.l....I.?pW."8Y....0T:..Lm..}^....SG.]]/.N.s....LD.J..~.<.&F..]..=B....l#..0...?v|.[......-dpk8..N.7..E...-....k.......A..C..!.k..X........*....YS..\...7C.AEUU9Fd....9lD:.[.......................P.z%.y C.h. Q......Y..A.......&.................S<......UB.i...c....>.0.E,..rD'C2DT8P..).....7.%.AH...:Gs...IU.......d.(;P.U#3]..r*.."...tp8.).k XHD.]....]/..(...B9!...d..]..P}..f.m..D..U?vk.@....ab/..#.SJ...N....L,|3>3.;...7%N.X7...!O,.{......e....uj......z..E..1..q.X.D..*..f$.\s.s..-....x.dDO{>p...h.;..A...IR00..g...d.>.._$.5...F..!...2....U.p.c\....u...m../..AX."..z@'.{...{I....9U..Gm>F...IZ.?`....n..GR.Q.....I.RsJ....0.......H...I.Z..5]q....!=.4...R..............0eZU..ejV4........?..cG...EA.F.L.35..|.....W.M.X..-..dM:<.A........];s.C8...My.....u.............",...q.. ..o...:....5..D.R..,.;U.$...?..B......eK.z,S}.(..Zq....h..;....,..o.\U.4.c.^i%B..!..M=I..{q.........a.%0.M.E.."...44Qy.avA.`.....p...L..X#.z.Eq.......a4H.{.Q.?.R6.A.S'.]....*3..)..Cz8d.3.D..gq.}@..7.%j....ft...{.k.....A
<<< skipped >>>
GET /AskToo~1.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows Installer
Host: c4213550.r50.cf2.rackcdn.com
HTTP/1.1 200 OK
Last-Modified: Mon, 23 Sep 2013 18:43:45 GMT
ETag: 759ae9f637b47107851d05af93664db7
X-Timestamp: 1379961824.56190
Content-Type: application/vnd.ms-cab-compressed
X-Trans-Id: tx9cbd6b8fec1148089f017-005506e213ord1
Cache-Control: public, max-age=340
Expires: Mon, 20 Apr 2015 21:49:42 GMT
Date: Mon, 20 Apr 2015 21:44:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
00008C6E..MSCF............D...............W...............`...........c...#...pU.........C(h .installask.exe...... ..[.... Vcq...b.4".`...^..{.m.m.........Z...3U.43..-..3..Ju.5"!g.......z|............,..O...@....02eu#.p`........w.....$.'O>.$.lg.X^...w..........r...)....Ur.EZX.V(..J@V....B .l..U......yr............""(* ....._.....&.b&}`....."..(..Fb.Gu=.I.R.....?0pa.|P..s................vP`...E-.{...z..qHh.N:=..M.B..i.5......i@:...=t:>..d#.1....[..5......R ......t.A. ....;.X.{..".D..Z....c..w......f.B.r..v...JC.l....I.?pW."8Y....0T:..Lm..}^....SG.]]/.N.s....LD.J..~.<.&F..]..=B....l#..0...?v|.[......-dpk8..N.7..E...-....k.......A..C..!.k..X........*....YS..\...7C.AEUU9Fd....9lD:.[.......................P.z%.y C.h. Q......Y..A.......&.................S<......UB.i...c....>.0.E,..rD'C2DT8P..).....7.%.AH...:Gs...IU.......d.(;P.U#3]..r*.."...tp8.).k XHD.]....]/..(...B9!...d..]..P}..f.m..D..U?vk.@....ab/..#.SJ...N....L,|3>3.;...7%N.X7...!O,.{......e....uj......z..E..1..q.X.D..*..f$.\s.s..-....x.dDO{>p...h.;..A...IR00..g...d.>.._$.5...F..!...2....U.p.c\....u...m../..AX."..z@'.{...{I....9U..Gm>F...IZ.?`....n..GR.Q.....I.RsJ....0.......H...I.Z..5]q....!=.4...R..............0eZU..ejV4........?..cG...EA.F.L.35..|.....W.M.X..-..dM:<.A........];s.C8...My.....u.............",...q.. ..o...:....5..D.R..,.;U.$...?..B......eK.z,S}.(..Zq....h..;....,..o.\U.4.c.^i%B..!..M=I..{q.........a.%0.M.E.."...44Qy.avA.`.....p...L..X#.z.Eq.......a4H.{.Q.?.R6.A.S'.]....*3..)..Cz8d.3.D..gq.}@..7.%j....ft...{.k.....A
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=580524, public, no-transform, must-revalidate
Last-Modified: Mon, 20 Apr 2015 14:59:52 GMT
Expires: Mon, 27 Apr 2015 14:59:52 GMT
Date: Mon, 20 Apr 2015 21:44:35 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..20150420145952Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......A..2.....:...:......20150420145952Z....20150427145952Z0...*.H.............V.s.:U]#!i-......awW2!...=!z.P=.ry.ZpLz..(.....< uJ...}h.....<...:.p.Z....N.......}..KD.......>..#..s...V0...e.2.4...X:..p.. .}.u...H...*..b.D..a.vg..Co..'.tp.....!...]C.....|:V.*.......g.E.$S}.....}..).............(....}.......'.O....{Bl...@vD..Sv.z.T.d.....#0...0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.............m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...
<<< skipped >>>
GET /static/partners/PCD/APNAnalytics.xml HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8o DAV/2 mod_jk/1.2.32
Last-Modified: Fri, 02 May 2014 23:26:22 GMT
ETag: "8287f-9d5-4f8731c072380"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1069
Content-Type: application/xml
Cache-Control: max-age=86400
Date: Mon, 20 Apr 2015 21:40:13 GMT
Connection: keep-alive
...........V.n.6.}/..`.@.j.......x}..6p...&@...)..,.$.....;..R.t..h......J..n..'*$.y..^.#.'|..U..*m....._B...7B...SA.).dC.D.38..>1^...s...Z=..E.O...rO.N.F.....b.nC.....'4....B.._.lL%;.W.Vk.u.a.';.w.T..4.....}.....h4.}..C.......Tb......Fw......d.p3.]..x..D...t.......l.X"...".0..?B......B.(.MD..G..T.^.7~....V..J..Xz...1....i....ph:.C`..B.J..IB....V.,... ......D..X..7[.m<..\.s......%...v...Br....*......k-...}`.^...... #..$ .{.xB2j.U.?;.....8;nmm..R$4...U=<..... F....;..d..S.#a..v.J.........:..P.EF..KW.......9.A...l6.....x~9..Xp..3A.....}..g...y.#.R).To8...).$.H.).&.....JP......zts..Q..=/.1.f.@...*..(.X..b..&. ..byI=t..6%.h.9D..,..d...8.:..}'L``..z.h......yP.E.....d0.......`..G}.JS)K'l.->1.*..n....._5....... ..x..Z..}....{/b.x\..=n.#..h.d..}.. .............'...r#2#....i..d.}m.l...V..Z.[......3./ .......0RLe..H %H.af.c..:...1"E!..7....V...hQ*.s.v..V....,...Wj..GUI.y...v*h.4....30.$.........j.#G.I...z../(....0....4A..^;.p.....'...:........Fk..r.q.....~t|BU.m[..-...cp.........y.QE.K$.....T.?......`..o..1...f..-0..~...A.....k..r.....n._N_...0..P...w?i...cy.....HTTP/1.1 200 OK..Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8o DAV/2 mod_jk/1.2.32..Last-Modified: Fri, 02 May 2014 23:26:22 GMT..ETag: "8287f-9d5-4f8731c072380"..Accept-Ranges: bytes..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Length: 1069..Content-Type: application/xml..Cache-Control: max-age=86400..Date: Mon, 20 Apr 2015 21:40:13 GMT..Connection: keep-alive.............V.n.6.}/..`.@.j.......x}..6p...&@...)..,.$.....;..R.t..
<<< skipped >>>
GET /static/resources/ochelper/2.9.1.0/ochelper.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8o DAV/2 mod_jk/1.2.32
Last-Modified: Wed, 12 Nov 2014 02:16:18 GMT
ETag: "7601b-6738-5079ffb212080"
Accept-Ranges: bytes
Content-Length: 26424
Content-Type: application/x-msdownload
Cache-Control: max-age=86400
Date: Mon, 20 Apr 2015 21:40:14 GMT
Connection: keep-alive
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Pz.d>).d>).d>)...).d>).d?).d>)...).d>)...).d>)...).d>)Rich.d>)........................PE..L.....bT.....................D......~........ ....@.................................M.....@..................................!..x....@..(9...........N..8............ ............................................... ...............................text...:........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...(9...@...:..................@..@.reloc...............L..............@..B.........................................................................................................................................................................................................................................................................................................................................................................L$...t!..D$.i.......SW.|$............._[.D$...T$....3...t.V.q.......w.k...D.......u.^.U....0....e..SW... @.j.j.............tZh,.........j.P.o............PW......,..........9.....t.......PW.f.....u..........E.W... @..E._[..U..QQWd.......$.E..u..e..j.j.... @.....t j.j..E.P.u.W... @...u.!E.W... @..E._..U........SV.54 @.Wj .u.3.3....u.......P..0 @.......P.., @.j_Yf..E....j ......P..Sh....j.SSh...@......P..( @......t~S.E.P.u..]..u.V..$ @.V... @..E.9E.uM.E.P.E.P.E.P.E.P......P.]...x @.
<<< skipped >>>
GET /static/resources/ui/html/orchestrator1.html?PIPPID=PCD&PTBPartnerID=PCD-SP&STBPartnerID=&tbType=vanilla&version=2.8.0.2 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8o DAV/2 mod_jk/1.2.32
Last-Modified: Wed, 30 Apr 2014 20:45:11 GMT
ETag: "386b7-3244-4f8489fe8a3c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4244
Content-Type: text/html
Cache-Control: max-age=86400
Date: Mon, 20 Apr 2015 21:40:14 GMT
Connection: keep-alive
...........[mo.H......tZ..@2....dr...jg.m2...VjL.:16k.!(.._....Ir{..pH..]U]]].TU...../?..?.....o..Nb7..#.z.N.F....\J........OW._........%...|..8.....f...%.kt..fJ.Hb%b.i.4..t #..AJ..nW|...4B.FMU.....\*..|%cPr....j.w2.H.$.D N...8...#...'.>.mx\T.'.z..4...B.....i./NO..j..j......\..j].(h...:.F5.L.....u.5[-qV...QL..v..s...T2.S..@8.0....,.|..3...q.z..N.UI..~...0....8zOk...(..,. ...$........g|.~n. ..`Z].........*.!-...Cp..YK.=........6%...r.@tw0L........9::......#o...?~M..:L^........W...Wt........<..yx...Qw...Q. .r. ..8l..p..cox...?~....L."...D.&.. #.n,\.......H.FE"N...&...K6w.c..........Sy........^.A.......`x..p....s.n..m..^......6&.'..S.{.p...T@....X.!..B?.Q...$.tS..x......}..J.A~ V.#..KO.k.D...s..b!.0.1.tP...D .............KW.....`B:gC..63...S..X....U..U..............r:..d.;.e9.F.X...u...r;.)ha4t.......f. ....80. z....HP......d.M.!..w.y...b.k..i.:..A....d......&.73.)... ...,.'*J..2.'.,.LexQ8.4....V.-...L...V....8_..<...{[%. .e.........eb_.S3 ... .V..*.Y..h.....d.ua..bt....?.6.....I.......b...{@b.j.....#..#,...R?...........VK..q..*.K...,.....Ns...)...p$f3.2..h@.F.d.....&....g..(;8j...-.y.ie:...n...B!.Ba &.~Ob...z:1...X..vg.r,... ...p...>#t...c@%.0...||'f.. .Q........@98.[.%. .C...M...-.......NE.1W=.9...u......2.0"...p.*26.R....`....vEj1..f)#..qx...:...........]S.$..nn.X@.......Ed.F...LN...7T.,.HG.q.4.....tF.3Q.GP......Z..d..5.Fi[k...".....l..r..]I.<.!.B8A.}.....5c.....Q...J.......B..!.&OM\...L.zH.j%...[...;4.D2..T..'>..h.k..5.....j..l.'.Nm....k..A..q..Su..3...J..m....u...>...;.5r.dx]rx;T.z..M(.w.
<<< skipped >>>
GET /static/resources/ui/js/pipcore-min.js?vers=1124 HTTP/1.1
Accept: */*
Referer: hXXp://ak.pipoffers.apnpartners.com/static/resources/ui/html/orchestrator1.html?PIPPID=PCD&PTBPartnerID=PCD-SP&STBPartnerID=&tbType=vanilla&version=2.8.0.2
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8o DAV/2 mod_jk/1.2.32
Last-Modified: Thu, 04 Dec 2014 02:25:38 GMT
ETag: "6816c-fe23-5095aad044c80"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14120
Content-Type: application/javascript
Cache-Control: max-age=86400
Date: Mon, 20 Apr 2015 21:40:14 GMT
Connection: keep-alive
...........}k[...._q..'..V..h...\)....@.V...-.K........~ft..k..}.>..!6.4.F...h4.S..1'.........(.(..O.?..{...u...x.m]].{......>.....R.6.....;.k...n......j....//M......\................~........<.R..LE.e......Y..ww.....:...tLC..3....Cu.r.%.|$dj......3.k....,..1U.....y.kw........:....tV4.a......X......}Q....c..M=k)..|i:ss).~,f.c:.S........=..Rc...&.dce.;.Q/.]...6Yh...n.Q)]=..I..:1..-.3./.......r...tS.!..1....{..7.....{......\.....[H...r._....^...|..-M}....o{..Q._.$.,....O..M..{...*...#..{?V...L..wG...l.<>..F.31.........h....C6~l|...W!.%]........?J.K.CRg@...d..6..d...`.~bX.l-.C@n..#...,..`X..{.M...w..j.......{D_.\..8.T@..........X........?-@.d..h8....v$6......O.......i)...p.9./..5...0kW......c_......_................:.....J0-=x4.......(I..H.s...|6.W......{N....Y.E..Z...E.....W...:.&..X......$'.U|..h..J"....4....kr."d.....2.....[....C7M...W0Q..$..3...I?3N........v..x.....o..>o.T..|.m.U"^<h@..T..u...........=.|/....*....y.f-.HqJ.....T>..#-..?4.;K....t.%p..4......@n.]...-....F..1\.....;....b......8..7.......-.s..K.........M..i;.9\...A..T. .Vh...$....1...P@.O.d.~|Ha. ....I..z.....?}p-].u.[.y8sA.y8...,L..C.Y$..g..........0:.(.c.X..OcX.Q.f.0...f.F|....\m.Om... ..r\.>.,.Q..D.D.......*&.j...p.....B.{Mc.. A..|.....*..C.!.P%.b..1...TD...ceX (.8 ......._....6..:^.A.I.I...Q<.=...g.S....u...b1q`............`.Y[<..;....p..u.J.U.T*.TJk..$.~..7a.z.&{.7.vz.7......`...9..^.'#..\.... rz3.1."..T2.C...T .D3.. P.G.......R.z.......a....nW....p..[.Z!...%.z...s....FoLDz.......:...J...*/.j.*..". A.WR....H2..
<<< skipped >>>
GET /static/partners/PCD/images/IEPrimary.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8o DAV/2 mod_jk/1.2.32
Last-Modified: Sat, 28 Jun 2014 08:36:14 GMT
ETag: "4036-2954-4fce1519e1b80"
Accept-Ranges: bytes
Content-Length: 10580
Content-Type: image/png
Cache-Control: max-age=86400
Date: Mon, 20 Apr 2015 21:40:15 GMT
Connection: keep-alive
.PNG........IHDR.......:.....1..8....PLTEF..:.....7..Oy....#c.............\.....Q..............B..w......................................{z}W..............-/0.........k...........;.....9.....l..N..@..E......N....z..c...........S..Y.....J..5v.^.....3m.........................8w.....w....x..e.....)Ts.......o.......H..............O..m...w................I..<W.x..ghj\..{..Pl.J!*i..l...D8h..E..?..QRT......T..[..q...i..k\!........5.....]........=@C....S..........|...<.......1.....................9]..rZ....F..........}.:........N\m=.. ........m.....s..{........fr.............R........X.....[.......5v../L....#.....\iw......%........=......z.......!l...........................p........K...........wE..................OH.........................................................!x.....u...n...........|...l..q..a.....&.IDATx...Oo.H....EX.`.k.....83...,<.l.#Y.W.............b.:........6..../..2...5.....}...R9$..V/...F.R...~y.Jd............\~......._.lll. .>...(......r........R...........R9B.E.)8..#E..d.....P.W..H..&......K.?.N....z..x..8..$~TA..u._J5.!..C.....S......<J..q...#.rt....8.&.]....?}*qA.....6a. q..I..;qA..#..N.D...(Z\`.....8%.......?!?3..Q]...nUU.......xW*.....!.x...g....n...8.*...I.QI..L..%..HL.D.........z!x....B...L..57p.U....Aw!...G.}..y.>.I..%........x.iTGH%[6.7...1{^W].o1.... .Mc...>.99I..\.......uiT..R.C.a.t{.y.s6.....I/...S.Wk<\[..Eq..$....y...x.x.Z.......Z...5..W=.RE...mjz....J.,..G....?.K. ..H"....1qdU|S..OF.....r...'3...r....H.7......\.V....sW.w.../%../'p.M.ggg......G.. ~.1.W.....m..
<<< skipped >>>
GET /static/partners/PCD/scrolltext.xml HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8o DAV/2 mod_jk/1.2.32
Last-Modified: Sat, 19 Jul 2014 00:24:03 GMT
ETag: "5c6c6-609b-4fe80e419aec0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8789
Content-Type: application/xml
Cache-Control: max-age=86400
Date: Mon, 20 Apr 2015 21:40:15 GMT
Connection: keep-alive
...........\[s.H.~.....~i;B.]5=.=./K.U...n.].G!.P...]......%S)..g.6b_....'O..w...dh.......F....q.~6..?x4.S\}...?-.ie.6......Y..uZ.f...CeKs.&6...oJkw6.......*21.e S....M%c..X...1]2..'..2 .d.boWf.b.......h...Ed....)Js.Tx6.Y..9..x...g.Wu.e....`..Av...bf...V3.k.R......)5?`.z....._S...........L.d...k.."[.%.)7.|....o........,... s:7...\....q..G....[]..s....w."M....?..K........bU.;.s...i.b...... ....E........t.z..........h[1d.......k.R4......1i..).R0[:......f.......C.SJ.....H-3~.....Z........LsKdZ.Z.......!...A#~..-qfW.R...i.....{m..)m.6*^.?76'r.GB.8.l..C'.....s.......qR.O.?K.....3.....7.G....HIW..B....<w.3.BZ.........*].......I9...;.....,.@L>r.,.>......n._....R.x.<.^..../...o5.uz..x#...y..!...-. pl.T..e...*.....Y7%_..&e.....M........Uv...$..zF.*.J..^.6.....W{..{*q.........!.DHl.fY..5.mG.l..4.07yB..,.....7....J.......$.4..g....V../X.4..:n.....l[..>.Xg.^o.FL........3....b.T.......#:.......:......\........L...M.y............Ae^.>.....F.^'.t.*..s\..Y..S._%q^u......6I.i.C.....U.Q.].|v....Ho.hQ/".<.Q5.Yv.t]g........d..[...lB.CX.....E.lE"H..D.|..a..diXl.=.-..9.y..=sW.Z.....@,.....Oq...!..`.u..ps....:Mz.....y..A...xY4....S......SgB.....B...Ix..Kz...X.gUa........./....Y.......,{.V.u...(.....k....W..'^..~.(t.;...6.{h...cW...Z.y..d.*..|.....eJ.>....,...`.z.N._....'8./j..r.9...6F..."q=!....~........O....Sw.%[..u.-....E.#........J....$......]Z.@.F.IQ.... .~2jx...J.=......^c.}vb.d.N...0{.*.u...A.o.....:"...X0......"3..f./...3<.@..u....7@K".....2;.q....B.....*..<../\...."..5.._...:^F..I..Q.b......V...!
<<< skipped >>>
GET /static/partners/PCD/images/CRPrimary-ext.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8o DAV/2 mod_jk/1.2.32
Last-Modified: Sat, 28 Jun 2014 08:36:14 GMT
ETag: "62060-2781-4fce1519e1b80"
Accept-Ranges: bytes
Content-Length: 10113
Content-Type: image/png
Cache-Control: max-age=86400
Date: Mon, 20 Apr 2015 21:40:15 GMT
Connection: keep-alive
.PNG........IHDR.......:.....1..8....PLTEQ...S....j....M...#c.yxzG.K.........)Tsr......$(........................s....................hu.......788......V.................k..............;.....9..l..N..@..E......N.z..c...........S...w....Y.....J..^.....3m................c..B.....8w....x..;..Oy............................7.....E..m..O.....L.I....hS.........I...F;x..fgg.....SJ!*h..............@..E...........CDE...T.....[..=....$...Ql..74..................].....|........QRS...q..u.................w........[.....{..SZf...>.Q...X.....?..b..[........M.....j....................`m}.........,u...........<................^.....Yes9.........Q;...e.e.........2.2...............Gw..#w....06.............hd...g..........se.?...../.........B........".....xRS..........................................Z0l.........bs`...c..O..$<IDATx....k.J..pc.4l..8Kc^.M.23;..L;...C.'..F.X.c,..C....b_l|Z....q...rl.....O.:.s.....]~.Z._....>.R....O...R...I.......r.....G..y.srrr.|.x.S......W.....2R,. ...........Zm..........q.......}.X.."..6q$.../^.......[..{.....{...kH".\..R.....Pq*q..X.........y\.=d......x".D...xy....J\...pr.M..J..~~3.D\....<..8.K.0....8.*p.......?r.....q1.K%...iZ.z45....Z......I5.G.tM....]EQ\..du.:-...).i...]..).........[....q!. .k-..a_.#W[./.......=zT....'.]...O......._./>....`...f..A....V...bc....i.qQ.."..?...#..\......B\.q.73?.......z..<5..6...a......\..!...'.4.......X.........f...f...14.wh....si..Q..n..-4........1.l.I...8.*.....L.....j..W.yWI....?]&.k|.s5wT-} m....V.....3.g..........RI.........G......wt.E....
<<< skipped >>>
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 05:02:25 GMT
If-None-Match: "a1132b8ef65d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Tue, 24 Mar 2015 05:02:25 GMT
ETag: "a1132b8ef65d01:0"
Cache-Control: max-age=900
Date: Mon, 20 Apr 2015 21:40:45 GMT
Connection: keep-alive
....
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 07 Mar 2015 06:01:44 GMT
If-None-Match: "dde36a309c58d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Sat, 07 Mar 2015 06:01:44 GMT
ETag: "dde36a309c58d01:0"
Cache-Control: max-age=900
Date: Mon, 20 Apr 2015 21:40:45 GMT
Connection: keep-alive
....
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 05 Mar 2015 06:01:35 GMT
If-None-Match: "cf2633d6957d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Thu, 05 Mar 2015 06:01:35 GMT
ETag: "cf2633d6957d01:0"
Cache-Control: max-age=900
Date: Mon, 20 Apr 2015 21:40:45 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Modified: Thu, 05 Mar 2015 06:01:35 GMT..ETag: "cf2633d6957d01:0"..Cache-Control: max-age=900..Date: Mon, 20 Apr 2015 21:40:45 GMT..Connection: keep-alive..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEAccnCzHkryxnIBMNlXU3h8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: sf.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=345649, public, no-transform, must-revalidate
Last-Modified: Fri, 17 Apr 2015 21:45:26 GMT
Expires: Fri, 24 Apr 2015 21:45:26 GMT
Date: Mon, 20 Apr 2015 21:44:37 GMT
Connection: keep-alive
0..........0..... .....0......0...0......N$p...v....1.;..vn....20150417214526Z0s0q0I0... ...................F....0.yV......{&.K......&..........,......L6U.......20150417214526Z....20150424214526Z0...*.H.............O....?.x.U_;F$"..v...U...<e..O@.u.1...vGh_.e<_......S".V.R1......47..A...T/.....r.....%....G.P.......eu:.%FZ*....(.C....0.<....W..e...>..x.f...........f..h.....a.q....v-..d980....$^....X.jv.!.^...q..M..NG.-.'......E.4.*...z}l.@...w.e..D4i.....Y0m.. _..A.C=....0...0...0............F...I]A(M..s@.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........q<...A...#......A...u..Lz.............o..D.vQ%..s.......f....e../jI.d.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p....M/.. ..;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L...5.o..o..{..}.........%e.....N..._i........*Bc....:yQg.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://www.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H..............-..^.........f.P`...s.....8.....V.......... .... B.
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?f207920a3dc5ddab HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Feb 2015 00:37:01 GMT
If-None-Match: "80b4d90ca4fd01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Feb 2015 00:37:01 GMT
ETag: "80b4d90ca4fd01:0"
Cache-Control: max-age=604800
Date: Mon, 20 Apr 2015 21:40:45 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Tue, 24 Feb 2015 00:37:01 GMT..ETag: "80b4d90ca4fd01:0"..Cache-Control: max-age=604800..Date: Mon, 20 Apr 2015 21:40:45 GMT..Connection: keep-alive..
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Tue, 14 Apr 2015 05:02:07 GMT
Accept-Ranges: bytes
ETag: "2711f7277076d01:0"
Server: Microsoft-IIS/8.5
VTag: 438486457400000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Mon, 20 Apr 2015 21:44:35 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..150413163223Z..150713045223Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......Z0... .....7......150712164223Z0...*.H.............WK....e.\.-.n......./......."]..E!.. //=...[....w... ..........#...[.l.J..f|..... .s......w...J._.......3.[..#.z....ko.I..Q{....e.nV......F..d}..rF\H.jlH]dQ.E....x......W............j....&L. 2.$.?...X?.#.(.....pK.v.......y..r....t......=.AW......K.G.gJD.b...
GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1e2fb7996d56742c HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT
If-None-Match: "804047d4e66d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT
ETag: "804047d4e66d01:0"
Cache-Control: max-age=86400
Date: Mon, 20 Apr 2015 21:40:10 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..Cache-Control: max-age=86400..Date: Mon, 20 Apr 2015 21:40:10 GMT..Connection: keep-alive..
GET /AskToo~1.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows Installer
Host: c4213550.r50.cf2.rackcdn.com
HTTP/1.1 200 OK
Last-Modified: Mon, 23 Sep 2013 18:43:45 GMT
ETag: 759ae9f637b47107851d05af93664db7
X-Timestamp: 1379961824.56190
Content-Type: application/vnd.ms-cab-compressed
X-Trans-Id: tx9cbd6b8fec1148089f017-005506e213ord1
Cache-Control: public, max-age=392
Expires: Mon, 20 Apr 2015 21:50:16 GMT
Date: Mon, 20 Apr 2015 21:43:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
GET /Driver Detective.msi HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows Installer
Host: c4213550.r50.cf2.rackcdn.com
HTTP/1.1 200 OK
Last-Modified: Mon, 23 Sep 2013 18:43:49 GMT
ETag: c1c6ca70953b55e1112e6e074bee86c3
X-Trans-Id: tx5c2c751e01f04b6ca2dd4-0054f6eac4ord1
Content-Length: 7969280
Accept-Ranges: bytes
X-Timestamp: 1379961828.04995
Content-Type: application/x-msdownload
Cache-Control: public, max-age=524
Expires: Mon, 20 Apr 2015 21:48:53 GMT
Date: Mon, 20 Apr 2015 21:40:09 GMT
Connection: keep-alive
........................>...................z...............8........6....................................................................................................................................................................................................................................................................... ... ...!...!..."..."..."...#...#...$...$...%...%...&...'...'...(...(...)...)...)...*...*... ...,...,...,...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........;...............................................................................................#................... ...!..."...%...$.../...&.......(...)...*... ...,...-.......5...0...1...2...3...4...7...6...P...A...M...:...<.......=.......?...@...5-..B...C...D...E...F...G...H...I...J...O...L...R...........U...Q...a.......T....<..V...W...Z...Y....<..[...\...]...^..._...`...c...b...o...d...e...f...g...h...i...j...k...l...m...n...q...p.......r...s...t...u...v...w...x...y...z...{...|...}...~...........R.o.o.t. .E.n.t.r.y............................................................................F................E...9.............S.u.m.m.a.r.y.I.n.f.o.r.m.a.t.i.o.n...........................(...............................................................@H.?.C.A.E.D1H......................................................................................................X...........@H.?dA/B6H..........................................................................................................
<<< skipped >>>
GET /PIP/Server.jhtml?partner_id=PCD&language=en&version=2.8.0.2 HTTP/1.1
User-Agent: APNPIP
Host: pipoffers.apnpartners.com
HTTP/1.1 200 OK
Date: Mon, 20 Apr 2015 21:40:13 GMT
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
Content-Type: text/xml;charset=UTF-8
1ff8..<?xml version="1.0" encoding="UTF-8"?><root><OwnerInformation><owner><name>APN</name><organization>APN Toolbar</organization></owner></OwnerInformation><GeneralParameters><Height>390</Height><Width>503</Width><bgcolor>efebdf</bgcolor><dlg_transparency>255</dlg_transparency><defaultLanguage>en</defaultLanguage><ShowOfferScreensOnly>false</ShowOfferScreensOnly><MessageUser>false</MessageUser><BalloonIconPath>hXXp://ak.pipoffers.apnpartners.com/static/partners/{partnerid}/images/install.ico</BalloonIconPath><TrayTipTime>2000</TrayTipTime><PreviousX>250</PreviousX><PreviousY>37</PreviousY><NextX>169</NextX><NextY>37</NextY><CancelX>88</CancelX><CancelY>37</CancelY><CancelDeclinesOffer>true</CancelDeclinesOffer><RetryTimeout>300</RetryTimeout><NumberOfSecOffersToShow>0</NumberOfSecOffersToShow><Orchestrator>hXXp://ak.pipoffers.apnpartners.com/static/resources/ui/html/orchestrator1.html?PIPPID=PCD&PTBPartnerID=PCD-SP&STBPartnerID=&tbType=vanilla&version={version}</Orchestrator><CBID>AFU</CBID><TrackID>default</TrackID><geo>UA</geo><HidePrevious>false</HidePrevious><optintextsize>12</optintextsize><PartnerKey>154</PartnerKey><Progress
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEAll8qxyNsfhvcpE7RObJzo= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=463823, public, no-transform, must-revalidate
Last-Modified: Sun, 19 Apr 2015 06:30:15 GMT
Expires: Sun, 26 Apr 2015 06:30:15 GMT
Date: Mon, 20 Apr 2015 21:44:36 GMT
Connection: keep-alive
0..........0..... .....0......0...0......N$p...v....1.;..vn....20150419063015Z0s0q0I0... ...................F....0.yV......{&.K......&........e..r6....D...':....20150419063015Z....20150426063015Z0...*.H.............E..,.......l;n.$3...s...qY....wVaM.68..5R.Q.=.........r^.*..._..*G.;..}.Z..Y,..........@...du)...(.:9_gytM.*.`.K...#{..h%...bpF.X.HyC..........u=..........PE=...........B.(......\?L....zC. D......%...'..[.........;..*..?..\.k.U....8...._.@....T`........nM1....0...0...0............F...I]A(M..s@.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........q<...A...#......A...u..Lz.............o..D.vQ%..s.......f....e../jI.d.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p....M/.. ..;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L...5.o..o..{..}.........%e.....N..._i........*Bc....:yQg.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H..............-..^.........f.P`...s.....8.....V.......... .... B.(@-)6.Rf....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1762
content-transfer-encoding: binary
Cache-Control: max-age=407268, public, no-transform, must-revalidate
Last-Modified: Sat, 18 Apr 2015 14:45:04 GMT
Expires: Sat, 25 Apr 2015 14:45:04 GMT
Date: Mon, 20 Apr 2015 21:40:11 GMT
Connection: keep-alive
0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..20150418144504Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313..R...%V.......K3.....20150418144504Z....20150425144504Z0...*.H.............cG..0.<.3....Z}.. .A.D.c.O.l5.%9|.;q..E..{d...3u~....4....Hw....,w..p.<H.I ....0..M....V...|DY....&.nP.sD..B......,D0.{....Bp.....'j......C1.7[..N..........]..w.R....^......`F..sd.i.....A....._.j..\.9.j..gV)e..nv8..<...|..Y....x.J.S.{ ..W......7...yC~..vnP....0...0...0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 30.."0...*.H.............0...............2&..PL...,..2....:..tH...`JG.%..*...s.c%...?t..J..0.q....~..k@X.l.i....0..kk..h.9"1.5?..s.....3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J.....@2$"..$l.B.......D.ye..(..2.........@...... ...."... E..0M,..b{.^..s'....f.6.pr4.J........'j..........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://www.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0!..U....0...0.1.0...U....TGV-B-2760...U......;O}a.!..u...au..eUNp0...U.#..0.....e......0..C9...3130...*.H.............(.&..Dgr.Ve..#.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEEu1uHVrr/uBz4xsjvTmEAY= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=492001, public, no-transform, must-revalidate
Last-Modified: Sun, 19 Apr 2015 14:14:58 GMT
Expires: Sun, 26 Apr 2015 14:14:58 GMT
Date: Mon, 20 Apr 2015 21:40:11 GMT
Connection: keep-alive
0..........0..... .....0......0...0......N$p...v....1.;..vn....20150419141458Z0s0q0I0... ...................F....0.yV......{&.K......&.......K..uk.....l.........20150419141458Z....20150426141458Z0...*.H.............'v8..0.rd..P.i.?p.....Y.....l....#O...d.......P....x.-.G.L... .LH..{..#.x.'.^....M.."..g.4.d!9..b.....z.F..`... ....}...l\..Fb...[.'..t.2../..\..|n.[.4o.Q.l.8.....O...=/v....\&f..p.D$.........P....o.....Ow.....H6........gz.h..p.s.q.I......?..H%.v..!......*....0...0...0............F...I]A(M..s@.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........q<...A...#......A...u..Lz.............o..D.vQ%..s.......f....e../jI.d.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p....M/.. ..;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L...5.o..o..{..}.........%e.....N..._i........*Bc....:yQg.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H..............-..^.........f.P`...s.....8.....V.......... .... B.(@-)6.Rf....
<<< skipped >>>
GET /ThawtePremiumServerCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.thawte.com
HTTP/1.1 200 OK
Server: Apache
ETag: "9cb8d0774970ba44db75b20559ee66ef:1429564251"
Last-Modified: Mon, 20 Apr 2015 21:10:51 GMT
Date: Mon, 20 Apr 2015 21:44:31 GMT
Content-Length: 7587
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Cape Town1.0...U....Thawte Consulting cc1(0&..U....Certification Services Division1!0...U....Thawte Premium Server CA1(0&..*.H........premium-server@thawte.com..150420210100Z..150430210100Z0...0!....T..W...p.[..%...100322161038Z0!....hx.....k...7....130919164724Z0!...!P..6{.lS.@...5..130927150657Z0!...Da\v..........%..130920062728Z0!...>.e..-...s[.2I...140418142220Z0!....dU...(...=...*..140801114607Z0!........d.{#E..9`...130926061856Z0!....6..q.'tT..1.Q...130926062249Z0!............>..i....130528164218Z0!..........#.P.......130716072254Z0!.....%.......R......100801221434Z0!.....M..HK.....x....130926060355Z0!....k."..z......64..130919082450Z0!...W..._....%..I....130926063253Z0!..._._~gq.I.)q6@g...131025034600Z0!.....=X>...]..h5@...130920130332Z0!... .(........n.S...130923202627Z0!.....:...B..=]Hsx_..130920011556Z0!....>.ITt.Aw%*I.....130918091937Z0!....-.U.BC{#...x....120301162056Z0!...U...z7.....UK.n..150330151829Z0!..........1S..Pp....130925105017Z0!.......x.G.....=....130926064912Z0!....d....... ..=....130911111649Z0!.....|...x._....wH..100510135256Z0!.....f.....F."E.....100527143439Z0!.......B...Y..;..S..130925185558Z0!..........G.1.......100624153158Z0!...3...$o~...w.t3...140304192649Z0!...=.;...........`..130924105544Z0!....e..8..3...h1[|..130905162920Z0!...d.[,tpLq..o.; ...100528183707Z0!...c.$.?.._..4..O...130905193529Z0!......V..T].Y..:|...130304224528Z0!....Xy..MnW.G..f.t..130810133109Z0!.....c.8..vX....ue..13093018594
<<< skipped >>>
GET /AskToo~1.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows Installer
Host: c4213550.r50.cf2.rackcdn.com
HTTP/1.1 200 OK
Last-Modified: Mon, 23 Sep 2013 18:43:45 GMT
ETag: 759ae9f637b47107851d05af93664db7
X-Timestamp: 1379961824.56190
Content-Type: application/vnd.ms-cab-compressed
X-Trans-Id: tx9cbd6b8fec1148089f017-005506e213ord1
Cache-Control: public, max-age=441
Expires: Mon, 20 Apr 2015 21:49:36 GMT
Date: Mon, 20 Apr 2015 21:42:15 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
GET /AskToo~1.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows Installer
Host: c4213550.r50.cf2.rackcdn.com
HTTP/1.1 200 OK
Last-Modified: Mon, 23 Sep 2013 18:43:45 GMT
ETag: 759ae9f637b47107851d05af93664db7
X-Timestamp: 1379961824.56190
Content-Type: application/vnd.ms-cab-compressed
X-Trans-Id: tx9cbd6b8fec1148089f017-005506e213ord1
Cache-Control: public, max-age=370
Expires: Mon, 20 Apr 2015 21:48:43 GMT
Date: Mon, 20 Apr 2015 21:42:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
00008B5B..MSCF............D...............W...............`...........c...#...pU.........C(h .installask.exe...... ..[.... Vcq...b.4".`...^..{.m.m.........Z...3U.43..-..3..Ju.5"!g.......z|............,..O...@....02eu#.p`........w.....$.'O>.$.lg.X^...w..........r...)....Ur.EZX.V(..J@V....B .l..U......yr............""(* ....._.....&.b&}`....."..(..Fb.Gu=.I.R.....?0pa.|P..s................vP`...E-.{...z..qHh.N:=..M.B..i.5......i@:...=t:>..d#.1....[..5......R ......t.A. ....;.X.{..".D..Z....c..w......f.B.r..v...JC.l....I.?pW."8Y....0T:..Lm..}^....SG.]]/.N.s....LD.J..~.<.&F..]..=B....l#..0...?v|.[......-dpk8..N.7..E...-....k.......A..C..!.k..X........*....YS..\...7C.AEUU9Fd....9lD:.[.......................P.z%.y C.h. Q......Y..A.......&.................S<......UB.i...c....>.0.E,..rD'C2DT8P..).....7.%.AH...:Gs...IU.......d.(;P.U#3]..r*.."...tp8.).k XHD.]....]/..(...B9!...d..]..P}..f.m..D..U?vk.@....ab/..#.SJ...N....L,|3>3.;...7%N.X7...!O,.{......e....uj......z..E..1..q.X.D..*..f$.\s.s..-....x.dDO{>p...h.;..A...IR00..g...d.>.._$.5...F..!...2....U.p.c\....u...m../..AX."..z@'.{...{I....9U..Gm>F...IZ.?`....n..GR.Q.....I.RsJ....0.......H...I.Z..5]q....!=.4...R..............0eZU..ejV4........?..cG...EA.F.L.35..|.....W.M.X..-..dM:<.A........];s.C8...My.....u.............",...q.. ..o...:....5..D.R..,.;U.$...?..B......eK.z,S}.(..Zq....h..;....,..o.\U.4.c.^i%B..!..M=I..{q.........a.%0.M.E.."...44Qy.avA.`.....p...L..X#.z.Eq.......a4H.{.Q.?.R6.A.S'.]....*3..)..Cz8d.3.D..gq.}@..7.%j....ft...{.k.....A
<<< skipped >>>
GET /AskToo~1.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows Installer
Host: c4213550.r50.cf2.rackcdn.com
HTTP/1.1 200 OK
Last-Modified: Mon, 23 Sep 2013 18:43:45 GMT
ETag: 759ae9f637b47107851d05af93664db7
X-Timestamp: 1379961824.56190
Content-Type: application/vnd.ms-cab-compressed
X-Trans-Id: tx9cbd6b8fec1148089f017-005506e213ord1
Cache-Control: public, max-age=507
Expires: Mon, 20 Apr 2015 21:50:06 GMT
Date: Mon, 20 Apr 2015 21:41:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
00008C6E..MSCF............D...............W...............`...........c...#...pU.........C(h .installask.exe...... ..[.... Vcq...b.4".`...^..{.m.m.........Z...3U.43..-..3..Ju.5"!g.......z|............,..O...@....02eu#.p`........w.....$.'O>.$.lg.X^...w..........r...)....Ur.EZX.V(..J@V....B .l..U......yr............""(* ....._.....&.b&}`....."..(..Fb.Gu=.I.R.....?0pa.|P..s................vP`...E-.{...z..qHh.N:=..M.B..i.5......i@:...=t:>..d#.1....[..5......R ......t.A. ....;.X.{..".D..Z....c..w......f.B.r..v...JC.l....I.?pW."8Y....0T:..Lm..}^....SG.]]/.N.s....LD.J..~.<.&F..]..=B....l#..0...?v|.[......-dpk8..N.7..E...-....k.......A..C..!.k..X........*....YS..\...7C.AEUU9Fd....9lD:.[.......................P.z%.y C.h. Q......Y..A.......&.................S<......UB.i...c....>.0.E,..rD'C2DT8P..).....7.%.AH...:Gs...IU.......d.(;P.U#3]..r*.."...tp8.).k XHD.]....]/..(...B9!...d..]..P}..f.m..D..U?vk.@....ab/..#.SJ...N....L,|3>3.;...7%N.X7...!O,.{......e....uj......z..E..1..q.X.D..*..f$.\s.s..-....x.dDO{>p...h.;..A...IR00..g...d.>.._$.5...F..!...2....U.p.c\....u...m../..AX."..z@'.{...{I....9U..Gm>F...IZ.?`....n..GR.Q.....I.RsJ....0.......H...I.Z..5]q....!=.4...R..............0eZU..ejV4........?..cG...EA.F.L.35..|.....W.M.X..-..dM:<.A........];s.C8...My.....u.............",...q.. ..o...:....5..D.R..,.;U.$...?..B......eK.z,S}.(..Zq....h..;....,..o.\U.4.c.^i%B..!..M=I..{q.........a.%0.M.E.."...44Qy.avA.`.....p...L..X#.z.Eq.......a4H.{.Q.?.R6.A.S'.]....*3..)..Cz8d.3.D..gq.}@..7.%j....ft...{.k.....A
<<< skipped >>>
HEAD /media/toolbar/everest/7.9.0/APNSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: apnmedia.ask.com
HTTP/1.1 200 OK
Server: Apache
ETag: "f1e14b066f078bf8f91c4ae5fea4281a:1402695766"
Last-Modified: Fri, 13 Jun 2014 21:37:11 GMT
Accept-Ranges: bytes
Content-Length: 543640
Content-Type: application/octet-stream
Date: Mon, 20 Apr 2015 21:40:49 GMT
Connection: keep-alive
....
GET /media/toolbar/everest/7.9.0/APNSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 13 Jun 2014 21:37:11 GMT
User-Agent: Microsoft BITS/7.5
Host: apnmedia.ask.com
HTTP/1.1 200 OK
Server: Apache
ETag: "f1e14b066f078bf8f91c4ae5fea4281a:1402695766"
Last-Modified: Fri, 13 Jun 2014 21:37:11 GMT
Accept-Ranges: bytes
Content-Length: 543640
Content-Type: application/octet-stream
Date: Mon, 20 Apr 2015 21:40:49 GMT
Connection: keep-alive
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........|.../.../.../.V./.../.../.../.../.../.../.../.../.../.V./.../.../.../.../.../.../.../.../.../Rich.../................PE..L......S.....................^.......-............@.......................................@..............................................[...........2...........N..@...................................@.......................@....................text............................... ..`.rdata...?.......@..................@..@.data...`.... ...(..................@....rsrc....[.......\...<..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................j.h..E.d.....PV..-G.3.P.D$.d......t$..D$......D$....P.. &F..P.......F..D$...D$$...P.8....L$(...j.j.....F..D$,j.j.Q.F..F......F.........E..F...u...`.E..F..D$...D$.....P........I........P.B....D$......D$ ....H........J........P.B......L$.d......Y^...........V........D$..t.V..........^.....V...F... &F...t.P....E..F.....H........J........P.B....F.....H........J^........P.B.............j.h,.E.d.....P..B...H`....-G.3...$.B..SUVW..-G.3.P..$.B..d.......$.B.....D$..F..D$...3.;.......j8.L$<SQ..<..h......$...
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1396
content-transfer-encoding: binary
Cache-Control: max-age=547094, public, no-transform, must-revalidate
Last-Modified: Mon, 20 Apr 2015 05:40:05 GMT
Expires: Mon, 27 Apr 2015 05:40:05 GMT
Date: Mon, 20 Apr 2015 21:44:31 GMT
Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0......Qw.}`.Z8...JV...r@z...20150420054005Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q..%Qq.........w.O.....20150420054005Z....20150427054005Z0...*.H.............jBq`.<.. . ...FG--&.......b..}&..."V@u..G...wb5F..$%.........T......A...G&S...v.o..k./&.....BJ.C...z..Nu:...y....HT...1H.#n....1.E0....{".........M...X.}..GT..%..=..a....)2...v .!....)E....]'..O'.....d,........ ......t...g..O.{h..1(..y..i...w$...Y=.q?...C.....0...0...0..y.......^..........N...)0...*.H........0J1.0...U....US1.0...U....Thawte, Inc.1$0"..U....Thawte Code Signing CA - G20...150303000000Z..150601235959Z0Y1.0...U....US1.0...U....Thawte, Inc.1301..U...*Thawte Code Signing CA - G2 OCSP Responder0.."0...*.H.............0............).Z.......O.~.l...,\.3.".'.'W .ih./..}OA...K...HJd....K^..<.....-.rWJ.j.U.._......W.../.6....J.y.u-.\...2..U.52B.>...=F...RbR.y.zm.......{b.bj....Y..J..m...*=.^......V.}p......rmA......9.L ...{?.g.-Y............8...k.$.:.5..6#4..F.#....t.B.8.O)'F.p).........d0b0...U....0.0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32450...*.H..............C.....8.Aw.{....`...y1N...W4M..M.J.3~..7#}..X..:x..5....$...Z^%.?6..e...}I.)....... .A.w......_...B..j.T..Yu.o.....g....H....q.Ju.SA`K.....~..O_.....S....I>..O.X..E.......]...y..L..F....K......../...._XSk6.:a};.?`...:^.....p....4Z.3L;.......t....>.....j....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1552
content-transfer-encoding: binary
Cache-Control: max-age=578164, public, no-transform, must-revalidate
Last-Modified: Mon, 20 Apr 2015 14:15:22 GMT
Expires: Mon, 27 Apr 2015 14:15:22 GMT
Date: Mon, 20 Apr 2015 21:44:46 GMT
Connection: keep-alive
0..........0..... .....0......0...0........C...4N...@..6...v...20150420141522Z0s0q0I0... .........z`.V.<N.v...TM)(.r...L_.6....a"I9....J.8........c..uU..$.;.....20150420141522Z....20150427141522Z0...*.H................u......../:.......r).rF;..."?89....)..../Y..I...KBb...J_{|.-...m......8.!..Ia..Mp....e....F...\.8.$y.6..&"r.......N....~X1a...,.#....Y..0..*.=.U[/.B.[o.h.....b..2..... ...^N..."...,..q.4}.....}i5.N..V 0n...|u.n{.]...8...T..%%..{Rop....y_.U...N,.g.h.... ...50..10..-0..........y.P}~.EY....T]. 0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1<0:..U...3Class 3 Public Primary Certification Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For authorized use only1.0...U....VeriSign Trust Network0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G2 OCSP Responder Certificate 30.."0...*.H.............0..........6..]......w';.r........I..c..4.... .........TyW......hd_.....!C.k......SE<?o.H.. .me.c..9N.&....e.^-..a.....i\:..*."..u...|....".Nf3.~.L...QW...p.....-]UV8U...J&.<./.G.....I...4.T....#I*.i.E0\..~q$.I.......X?G....f.t......v.l.U.Ld.I...B.....=...Sf...H.s.........0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U....0...0.1.0...U....TGV-B-2740...*.H............1.`...i.....H.C.i.9~.i..Z.r.*$..(./.ag9.....J.Q.~.`.$?b..C....<.h.........d&....3.kV.....f...3I..
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=345944, public, no-transform, must-revalidate
Last-Modified: Fri, 17 Apr 2015 21:49:58 GMT
Expires: Fri, 24 Apr 2015 21:49:58 GMT
Date: Mon, 20 Apr 2015 21:44:46 GMT
Connection: keep-alive
0..........0..... .....0......0...0......%bn.$..5.......?'4....20150417214958Z0s0q0I0... ........N.E.~.?Q.n.j<a.....3...>c."t..d.1..#....M....=....x..":...K.....20150417214958Z....20150424214958Z0...*.H.............y...eJ.K&.u&..HV..M'.m6K.,........N.Ou.{..#.Z.....GZ s.?.{......%..;m....N........u.p.>....T.Ez.......X..a...K..XU....)'.......e...F.5..7.}..VH....[...........^]...].Q..QH...*...'...G`....*...S......U....C.. ?.....l......|6.U)Z..a.wz.o...6.Sq...D.%Q..U........0...0...0..........7.R.~|..r."....#0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091.0,..U...%VeriSign Class 3 Code Signing 2009 CA0...150401000000Z..150630235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2009 OCSP Responder0.."0...*.H.............0..........z..|..>.....5.Z ...2.C MWIH.5......M.\.... ...eW..`.B=..`:..R. ...Z.k.Y.....p@.(3.c....a.;..[E....J:'...`...B....M..&......{. (........%......^[v[....m....*.T.o&4..3.....3.........G...e)...'?.K..2s..8=?..z.:..T..-.8R..
GET /AskToo~1.cab HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows Installer
Host: c4213550.r50.cf2.rackcdn.com
HTTP/1.1 200 OK
Last-Modified: Mon, 23 Sep 2013 18:43:45 GMT
ETag: 759ae9f637b47107851d05af93664db7
X-Timestamp: 1379961824.56190
Content-Type: application/vnd.ms-cab-compressed
X-Trans-Id: tx9cbd6b8fec1148089f017-005506e213ord1
Cache-Control: public, max-age=412
Expires: Mon, 20 Apr 2015 21:49:42 GMT
Date: Mon, 20 Apr 2015 21:42:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
00008C6E..MSCF............D...............W...............`...........c...#...pU.........C(h .installask.exe...... ..[.... Vcq...b.4".`...^..{.m.m.........Z...3U.43..-..3..Ju.5"!g.......z|............,..O...@....02eu#.p`........w.....$.'O>.$.lg.X^...w..........r...)....Ur.EZX.V(..J@V....B .l..U......yr............""(* ....._.....&.b&}`....."..(..Fb.Gu=.I.R.....?0pa.|P..s................vP`...E-.{...z..qHh.N:=..M.B..i.5......i@:...=t:>..d#.1....[..5......R ......t.A. ....;.X.{..".D..Z....c..w......f.B.r..v...JC.l....I.?pW."8Y....0T:..Lm..}^....SG.]]/.N.s....LD.J..~.<.&F..]..=B....l#..0...?v|.[......-dpk8..N.7..E...-....k.......A..C..!.k..X........*....YS..\...7C.AEUU9Fd....9lD:.[.......................P.z%.y C.h. Q......Y..A.......&.................S<......UB.i...c....>.0.E,..rD'C2DT8P..).....7.%.AH...:Gs...IU.......d.(;P.U#3]..r*.."...tp8.).k XHD.]....]/..(...B9!...d..]..P}..f.m..D..U?vk.@....ab/..#.SJ...N....L,|3>3.;...7%N.X7...!O,.{......e....uj......z..E..1..q.X.D..*..f$.\s.s..-....x.dDO{>p...h.;..A...IR00..g...d.>.._$.5...F..!...2....U.p.c\....u...m../..AX."..z@'.{...{I....9U..Gm>F...IZ.?`....n..GR.Q.....I.RsJ....0.......H...I.Z..5]q....!=.4...R..............0eZU..ejV4........?..cG...EA.F.L.35..|.....W.M.X..-..dM:<.A........];s.C8...My.....u.............",...q.. ..o...:....5..D.R..,.;U.$...?..B......eK.z,S}.(..Zq....h..;....,..o.\U.4.c.^i%B..!..M=I..{q.........a.%0.M.E.."...44Qy.avA.`.....p...L..X#.z.Eq.......a4H.{.Q.?.R6.A.S'.]....*3..)..Cz8d.3.D..gq.}@..7.%j....ft...{.k.....A
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1453
content-transfer-encoding: binary
Cache-Control: max-age=378603, public, no-transform, must-revalidate
Last-Modified: Sat, 18 Apr 2015 06:50:09 GMT
Expires: Sat, 25 Apr 2015 06:50:09 GMT
Date: Mon, 20 Apr 2015 21:44:30 GMT
Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....20150418065009Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..eR&.....Y.)..".\....20150418065009Z....20150425065009Z0...*.H..................3..9..A..A....kqk......".R.P.....A.......A.7.......WT...=p.m.b...az.K..#..`.j\...g...._..v.OV...Z.......yr...m..bi..}."......O.."3..4.......... l...e.[Y....6p..yh.....u..r]A....j...U..z...ae..'.7.'.7 ..../.......`|....$..DU.p......n. :.:.........n.-......0...0...0..3......./...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 30.."0...*.H.............0..........'......Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; ).....0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|o....S..v.).).....r.v.qo$......C.V!....@.h#qh...u1T.].G0.]E...=._...... ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D...........e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=424743, public, no-transform, must-revalidate
Last-Modified: Sat, 18 Apr 2015 19:40:18 GMT
Expires: Sat, 25 Apr 2015 19:40:18 GMT
Date: Mon, 20 Apr 2015 21:44:30 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..20150418194018Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5........M.s.Q~...@?j.......20150418194018Z....20150425194018Z0...*.H...............$c.!|..m..L.Z..N....u."%x..'.9.R...C.ZU3F.F:.J7.....F...X..?8..).H34< .-...q..w.F...%.*........1.b#GA`U*....H.e.p-.r....5..oK.1r...S.. *..H/83.b.1...`..(....c4.f...d\.>....aO>.4.%...a...`.;/.....hO%......"...O.......7............p.......4|U...p....s.P;.....#0...0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.............m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...
<<< skipped >>>
Map
The Malware connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_384:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
SSSh|LN
SSSh|LN
SSShlLN
SSShlLN
tBSSSSh0u
tBSSSSh0u
SSSSh0u
SSSSh0u
SSWSShxZN
SSWSShxZN
t SSh
t SSh
t%SSh
t%SSh
SShpeN
SShpeN
SSh\eN
SSh\eN
PSSSSSSh
PSSSSSSh
SSSSH
SSSSH
uDPj
uDPj
L$.Qf
L$.Qf
vSSSh
vSSSh
It.It It!It
It.It It!It
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
AUu.AUu FUuL
AUu.AUu FUuL
setup.exe
setup.exe
CertFreeCertificateContext
CertFreeCertificateContext
CertAddSerializedElementToStore
CertAddSerializedElementToStore
CertCompareCertificate
CertCompareCertificate
CertSerializeCertificateStoreElement
CertSerializeCertificateStoreElement
WTHelperGetProvCertFromChain
WTHelperGetProvCertFromChain
{7E76A8D6-33D1-0032-16C3-4593092861D0}
{7E76A8D6-33D1-0032-16C3-4593092861D0}
{E7E2C871-090A-C372-F9AE-C3C6A988D260}
{E7E2C871-090A-C372-F9AE-C3C6A988D260}
{6741C120-01BA-87F9-8734-5FB9DA8A4445}
{6741C120-01BA-87F9-8734-5FB9DA8A4445}
ISSetup.dll
ISSetup.dll
msi.dll
msi.dll
EvalMarker.dat
EvalMarker.dat
BetaMarker.dat
BetaMarker.dat
.rdata
.rdata
.debug
.debug
ShellExecuteExW
ShellExecuteExW
RegOverridePredefKey
RegOverridePredefKey
GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryW
Kernel32.dll
Kernel32.dll
SHFileOperationA
SHFileOperationA
SHFileOperationW
SHFileOperationW
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
FtpFindFirstFileA
FtpFindFirstFileA
InternetCanonicalizeUrlW
InternetCanonicalizeUrlW
HttpEndRequestW
HttpEndRequestW
HttpSendRequestExW
HttpSendRequestExW
HttpSendRequestW
HttpSendRequestW
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoW
HttpQueryInfoW
InternetCreateUrlW
InternetCreateUrlW
InternetCrackUrlW
InternetCrackUrlW
InternetOpenUrlW
InternetOpenUrlW
CertFreeCertificateChain
CertFreeCertificateChain
CertGetCertificateChain
CertGetCertificateChain
CertAddCertificateContextToStore
CertAddCertificateContextToStore
CertFindCertificateInStore
CertFindCertificateInStore
CertCloseStore
CertCloseStore
CertSaveStore
CertSaveStore
CertOpenStore
CertOpenStore
CertGetIssuerCertificateFromStore
CertGetIssuerCertificateFromStore
CertDuplicateCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertEnumCertificatesInStore
CryptImportPublicKeyInfo
CryptImportPublicKeyInfo
CryptMsgClose
CryptMsgClose
CryptMsgGetParam
CryptMsgGetParam
CertNameToStrW
CertNameToStrW
CertOpenSystemStoreW
CertOpenSystemStoreW
CryptDestroyKey
CryptDestroyKey
CryptExportKey
CryptExportKey
CryptImportKey
CryptImportKey
CryptDeriveKey
CryptDeriveKey
-x
-x
skin.ini
skin.ini
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
portuguese-brazilian
portuguese-brazilian
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
ADVAPI32.DLL
ADVAPI32.DLL
qR.Rd
qR.Rd
inflate 1.2.3 Copyright 1995-2005 Mark Adler
inflate 1.2.3 Copyright 1995-2005 Mark Adler
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
1.2.3
1.2.3
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\Setup___Win32_Release_Prerequisites_Unicode\setupPreReq.pdb
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\Setup___Win32_Release_Prerequisites_Unicode\setupPreReq.pdb
VERSION.dll
VERSION.dll
COMCTL32.dll
COMCTL32.dll
GetProcessHeap
GetProcessHeap
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
CreateDialogIndirectParamW
CreateDialogIndirectParamW
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
RPCRT4.dll
RPCRT4.dll
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
ExitWindowsEx
ExitWindowsEx
EnumChildWindows
EnumChildWindows
SetViewportExtEx
SetViewportExtEx
SetViewportOrgEx
SetViewportOrgEx
RegCreateKeyW
RegCreateKeyW
RegOpenKeyW
RegOpenKeyW
RegEnumKeyW
RegEnumKeyW
.?AVhttp_file@is@@
.?AVhttp_file@is@@
.?AVftp_file@is@@
.?AVftp_file@is@@
.?AV?$CComObject@VCScriptInitProgressHandler@@@ATL@@
.?AV?$CComObject@VCScriptInitProgressHandler@@@ATL@@
.?AVCScriptInitProgressHandler@@
.?AVCScriptInitProgressHandler@@
.?AUIDownloadProgressHandler@@
.?AUIDownloadProgressHandler@@
.?AVPasswdDlg@@
.?AVPasswdDlg@@
zcÃ
zcÃ
&&&4-)82,777
&&&4-)82,777
=ID)f
=ID)f
0F.eW
0F.eW
%CW9]
%CW9]
11111118
11111118
222222222
222222222
7777@@@@
7777@@@@
2222222
2222222
222222222222
222222222222
22222222222
22222222222
2222222222
2222222222
''''~~~~
''''~~~~
777@7@@@
777@7@@@
--$$#!!!!
--$$#!!!!
7777777
7777777
111118111
111118111
22222222
22222222
FFFrCrTrTTTTTTTTTTTTTTTTTrTrTrrrrrrrFrrbFbbbFbbbbbbbbbbbbbbbbbooooooooooooooooo
FFFrCrTrTTTTTTTTTTTTTTTTTrTrTrrrrrrrFrrbFbbbFbbbbbbbbbbbbbbbbbooooooooooooooooo
!!##$$$$#
!!##$$$$#
.....zzbF
.....zzbF
...zzbFF)
...zzbFF)
0000000
0000000
11111111
11111111
1111111
1111111
|||:||||
|||:||||
,6,6,666
,6,6,666
))):||||
))):||||
2222222222222
2222222222222
222222222222222
222222222222222
):::||||
):::||||
;{;{;;3;
;{;{;;3;
{;{{;;{;
{;{{;;{;
6,66,,,,
6,66,,,,
6,,666,,,
6,,666,,,
>>>///>///>>>
>>>///>///>>>
,6,,6,,,
,6,,6,,,
>>/>//>/
>>/>//>/
>//>/>>>
>//>/>>>
///>>/>/>
///>>/>/>
#$)))'--'-..1/..1...,,. ', (& &(,&&(,&,&(&,& ',&,(,&,,, ,046782
#$)))'--'-..1/..1...,,. ', (& &(,&&(,&,&(&,& ',&,(,&,,, ,046782
#!#&))-&--1'... ,,,&&(,&&(& (,&'(,&'(&,&'&(&(&'&'&(&&',&,,0465
#!#&))-&--1'... ,,,&&(,&&(& (,&'(,&'(&,&'&(&(&'&'&(&&',&,,0465
$#!)))'&--'*. (,(,,(,&(,&'(,&&(&',&&'&,'&',&,&,& (,&,& (,&,& &.5.
$#!)))'&--'*. (,(,,(,&(,&'(,&&(&',&&'&,'&',&,&,& (,&,& (,&,& &.5.
#$!)))-)-*-,& & &'& (&&,&(',&&,&&',&'&,&(&'(&&(&&&'&(&(&(&'(,&,,
#$!)))-)-*-,& & &'& (&&,&(',&&,&&',&'&,&(&'(&&(&&&'&(&(&(&'(,&,,
$$!#&)&&'& ,&&(&(,(,&& (&,& &',&',&',&'& ',&,&,&,(,&,&,& &,&,',&
$$!#&)&&'& ,&&(&(,(,&& (&,& &',&',&',&'& ',&,&,&,(,&,&,& &,&,',&
#$)!))&',&,&,',&,&'& (,&& &'&''&'&'&'&&&''&'&&'(&'&'&'(&'(&&'&&',&
#$)!))&',&,&,',&,&'& (,&& &'&''&'&'&'&&&''&'&&'(&'&'&'(&'(&&'&&',&
$$!#*'*'* ,&&',&&'&&&&'"&&&&!&
$$!#*'*'* ,&&',&&'&&&&'"&&&&!&
!&&'&'(&(&&&'(&'&&'&'&((& &
!&&'&'(&(&&&'(&'&&'&'&((& &
#&&'&'&'&'&&&!&&!&
#&&'&'&'&'&&&!&&!&
&&&',& &,(,&,&,(,&,&,& &(&
&&&',& &,(,&,&,(,&,&,& &(&
#!&&''!&&!&
#!&&''!&&!&
!& (&(&(&'&'&&&'&'&((&'(& &
!& (&(&(&'&'&&&'&'&((&'(& &
!)&,&&&!&
!)&,&&&!&
&'& &',&(,&,(,&,&,& &,&,(&
&'& &',&(,&,(,&,&,& &,&,(&
#!&&',&&&&!!
#!&&',&&&&!!
&&' ',&& &'&'&'(&'(&(&&'&'&
&&' ',&& &'&'&'(&'(&(&&'&'&
!& ,', (,&(,&,&,&,&,& (,&,&,
!& ,', (,&(,&,&,&,&,& (,&,&,
$!!)&& &',&''&&"!
$!!)&& &',&''&&"!
!!)&!''.,//,/',&&'(&'(&&&'&(&(&'&'
!!)&!''.,//,/',&&'(&'(&&&'&(&(&'&'
!$!)'&- /,///.01021//,',&,&,&,',(,&,&,&,&&
!$!)'&- /,///.01021//,',&,&,&,',(,&,&,&,&&
'&&&&!&!$
'&&&&!&!$
$#!&))&.'./10/4222442420/, &'(&&'&(&'&&'&'&'(,&
$#!&))&.'./10/4222442420/, &'(&&'&(&'&&'&'&'(,&
&&'&'&/#
&&'&'&/#
&&'"%"%!!
&&'"%"%!!
!&&"&&&"%&!%!$!$!))&'-. 1/22244447474442//'&,&,&,&,& (,&,&,&&'&'
!&&"&&&"%&!%!$!$!))&'-. 1/22244447474442//'&,&,&,&,& (,&,&,&&'&'
)"&"&"&"'&"&&"&!&&&&---.//2224447464474420, (&'(&&'&(&&'&'(&',&,&
)"&"&"&"'&"&&"&!&&&&---.//2224447464474420, (&'(&&'&(&&'&'(&',&,&
!&"'&&&,& &',06878787440 ,&,& &,(,& (,& (,&,& (,&
!&"'&&&,& &',06878787440 ,&,& &,(,& (,& (,&,& (,&
!&&&'(,&(&(&& 478878470.,'&(&(&&'&(&(&('(&&&'(&'&(
!&&&'(,&(&(&& 478878470.,'&(&(&&'&(&(&('(&&&'(&'&(
&"'&(&(& &'&&/47787745 ',&,& (,&,&,& &,& (,&,&,&'
&"'&(&(& &'&&/47787745 ',&,& (,&,&,& &,& (,&,&,&'
$'&&(&&&,&(&&&&.7877460 (&'&(&&'(&&'&(&&'(&'&&'&,&
$'&&(&&&,&(&&&&.7877460 (&'&(&&'(&&'&(&&'(&'&&'&,&
&&'&&'(&&(&'&& .478854,,&,&,& (,& (,& (,&,&,(,&,&(
&&'&&'(&&(&'&& .478854,,&,&,& (,& (,& (,&,&,(,&,&(
&'&,(& (,& &'&&,,68764,,&&'(&(&'&(&(&&(&(&&'&'(&'&
&'&,(& (,& &'&&,,68764,,&&'(&(&'&(&(&&(&(&&'&'(&'&
!)&'. /.,/ &(,&& &&',,0744.('(&'&&'&(&&'&'&(&(&&'&'(&'&
!)&'. /.,/ &(,&& &&',,0744.('(&'&&'&(&&'&'&(&(&&'&'(&'&
$!)&&- .,//2/// ,&&'(&,& &(,.40.,&'(&&'&'(&'(&(&&'&(&'(&'(&&'
$!)&&- .,//2/// ,&&'(&,& &(,.40.,&'(&&'&'(&'(&(&&'&(&'(&'(&&'
#!&)'*. ../2//2, & (& &'&(& &,45 ((,& (,&,&,&,& (,&,&,&,&,& (&
#!&)'*. ../2//2, & (& &'&(& &,45 ((,& (,&,&,&,& (,&,&,&,&,& (&
#$!)&- . /10/2///'(&&&'(,&,&(,,.., '&(&(&(&'&(&'(&'(&'&(&&'(&,&
#$!)&- . /10/2///'(&&&'(,&,&(,,.., '&(&(&(&'&(&'(&'(&'&(&&'(&,&
!#&)'. //1/02300, &&(,&&&'&',&,,,,&(,&,& &,',&,&,&,&,&,& (,&&'&
!#&)'. //1/02300, &&(,&&&'&',&,,,,&(,&,& &,',&,&,&,&,&,& (,&&'&
!)&- .,/010202/ '(&&&,(,&,&&',,&,&&&'&(&(&&&'&&'(&&'&'(&&& (,&
!)&- .,/010202/ '(&&&,(,&,&&',,&,&&&'&(&(&&&'&&'(&&'&'(&&& (,&
! ! !!&'- .0/102240.'(&&(&'&'(&(,&,',& (,&,& &,(,&,&,& (,&,& (,&&&'
! ! !!&'- .0/102240.'(&&(&'&'(&(,&,',& (,&,& &,(,&,&,& (,&,& (,&&&'
! "!!&& //.202440.,,'(&&&(,& &'&(&'&(&&'&(&'(&''((&(&(&'(&('(&'(,&
! "!!&& //.202440.,,'(&&&(,& &'&(&'&(&&'&(&'(&''((&(&(&'(&('(&'(,&
" ! "!&& /.2024.440'&&&'&,&(&(,&,&,&,& (,&,&,&,&,& & &,&,&,& &,',&'
" ! "!&& /.2024.440'&&&'&,&(&(,&,&,&,& (,&,&,&,&,& & &,&,&,& &,',&'
! "!"! !'/1244420,'&'&&&'(&&',&,&,& (,& (,&,&,&,& & &,(,&,&,& (,&,
! "!"! !'/1244420,'&'&&&'(&&',&,&,& (,& (,&,&,&,& & &,(,&,&,& (,&,
'.42442, (&&(&(&(&,&&'&(&'(&'&(&&&'&&(&'(&(&&&'&&(&'(&'(&
'.42442, (&&(&(&(&,&&'&(&'(&'&(&&&'&&(&'(&(&&&'&&(&'(&'(&
"! !!!&/24445 &&'&&&'&&'(,&,&,&,&,&,& (,&,&,&,&,& (,&,&,&,&,& &
"! !!!&/24445 &&'&&&'&&'(,&,&,&,&,&,& (,&,&,&,&,& (,&,&,&,&,& &
"! ! ! &,0472.'(&&&'(&(&(&'(&(&'&&&'&((&'((&'&&'&((&'((&'&&'&((&
"! ! ! &,0472.'(&&&'(&(&(&'(&(&'&&&'&((&'((&'&&'&((&'((&'&&'&((&
! " "!"! " 0440,'&&&'&&&&(&',& &,',(,&,& &,& &,(,&,& &,& &,(,&,& &
! " "!"! " 0440,'&&&'&&&&(&',& &,',(,&,& &,& &,(,&,& &,& &,(,&,& &
"! " !&'.445''&'"&'(&&&&(&&(&(&&'&(&'((&'(&&'&(&'((&'(&&'&(&'(&
"! " !&'.445''&'"&'(&&&&(&&(&(&&'&(&'((&'(&&'&(&'((&'(&&'&(&'(&
!! "! "!&"&,24.(&&&&'&'&(&(&(,& & (,& &,& &,& (,& &,& &,& (,& &,&
!! "! "!&"&,24.(&&&&'&'&(&(&(,& & (,& &,& &,& (,& &,& &,& (,& &,&
!" ! ""& .5,'&"'"&&&'&'& &(&((&((&((&((&((&((&((&((&((&((&((&('
!" ! ""& .5,'&"'"&&&'&'& &(&((&((&((&((&((&((&((&((&((&((&((&('
!"!&"&"'..,'&&&''&'&&'&',& & & & & & & & & & & & & & & & & & &
!"!&"&"'..,'&&&''&'&&'&',& & & & & & & & & & & & & & & & & & &
! &" "&& &&'&&'&&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'(
! &" "&& &&'&&'&&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'&'(
&[[[[FKEEEC?953).ILSPPRRPSTVVWYYZZZ[[[[[[Q&
&[[[[FKEEEC?953).ILSPPRRPSTVVWYYZZZ[[[[[[Q&
####'"""!
####'"""!
7
7
##''((,-6!
##''((,-6!
X#MSGF
X#MSGF
%Dv )Fz
%Dv )Fz
3333333
3333333
version="1.0.0.0"
version="1.0.0.0"
name="InstallShield.Setup"
name="InstallShield.Setup"
InstallShield.Setup
InstallShield.Setup
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
NO_KEY_VALUE
NO_KEY_VALUE
_ISMSIDEL.INI
_ISMSIDEL.INI
explorer.exe
explorer.exe
Folder=%s
Folder=%s
File=%s
File=%s
CmdLine
CmdLine
installfromweb:
installfromweb:
show_err_msg_invalid_identity
show_err_msg_invalid_identity
show_err_msg
show_err_msg
show_beta_msg
show_beta_msg
show_eval_msg
show_eval_msg
Supported
Supported
cmdline
cmdline
ErrorReportURL
ErrorReportURL
hXXp://VVV.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d : 0x%x&ErrorInfo=%s
hXXp://VVV.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d : 0x%x&ErrorInfo=%s
CompanyURL
CompanyURL
ShowPasswordDialog
ShowPasswordDialog
Failed to read setup package: %s name from Setup.ini
Failed to read setup package: %s name from Setup.ini
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\diskaction.cpp
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\diskaction.cpp
Reading setup.ini from %s
Reading setup.ini from %s
hXXps://
hXXps://
hXXp://
hXXp://
PTF://
PTF://
Referer: %s
Referer: %s
0xx
0xx
wintrust.dll
wintrust.dll
crypt32.dll
crypt32.dll
Forcing item moniker %s into ROT...
Forcing item moniker %s into ROT...
CLSID\%s
CLSID\%s
lFailed to load ISSetup.dll
lFailed to load ISSetup.dll
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\IsMsiHelper.cpp
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\IsMsiHelper.cpp
Launching InstallScript engine: %s, %s, %d
Launching InstallScript engine: %s, %s, %d
Could not find entry point in ISSetup.dll
Could not find entry point in ISSetup.dll
setup.ini
setup.ini
C:\CodeBases\isdev\src\Runtime\Shared\Setup\IsPreReqDlg.cpp
C:\CodeBases\isdev\src\Runtime\Shared\Setup\IsPreReqDlg.cpp
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\RunOnce
%%IS_PREREQ%%-%s
%%IS_PREREQ%%-%s
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
DownloadFiles: %s
DownloadFiles: %s
XXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX
StartStopProgress - Fallback - %d of %d
StartStopProgress - Fallback - %d of %d
Default.prq
Default.prq
%s: %s
%s: %s
%s.%s
%s.%s
MSI or .NET rebooting before prerequsite
MSI or .NET rebooting before prerequsite
Prerequisites need elevation; launching elevated with arguments: %s
Prerequisites need elevation; launching elevated with arguments: %s
Setup.iss
Setup.iss
Software\InstallShield\ISWI\7.0\SetupExeLog
Software\InstallShield\ISWI\7.0\SetupExeLog
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
%%IS_PREREQCMD%%-%s
%%IS_PREREQCMD%%-%s
Advertising installation with parameters: %s
Advertising installation with parameters: %s
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\IsSetup.cpp
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\IsSetup.cpp
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
show_reboot_msg
show_reboot_msg
This setup was created with an EVALUATION VERSION of %s, which does not support extraction of the internal MSI file. The full version of InstallShield supports this functionality.
This setup was created with an EVALUATION VERSION of %s, which does not support extraction of the internal MSI file. The full version of InstallShield supports this functionality.
NoSuppressRebootKey
NoSuppressRebootKey
SETUPEXENAME
SETUPEXENAME
SETUPEXEDIR
SETUPEXEDIR
CertKey
CertKey
I>>> Fatal %s
I>>> Fatal %s
Reason: %s
Reason: %s
passed an invalid handle.
passed an invalid handle.
passed an invalid parameter.
passed an invalid parameter.
passed a bad SQL syntax.
passed a bad SQL syntax.
4.70.0.1300
4.70.0.1300
WinInet.dll
WinInet.dll
%s /g %s /g %s
%s /g %s /g %s
%s /g %s /g %s /s
%s /g %s /g %s /s
Software\Microsoft\Windows\CurrentVersion\RunOnceEx
Software\Microsoft\Windows\CurrentVersion\RunOnceEx
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
*.mst
*.mst
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\msiaction.cpp
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\msiaction.cpp
dotnetredist.exe
dotnetredist.exe
dotnetfx.exe
dotnetfx.exe
dotnetredistSp3.exe
dotnetredistSp3.exe
Software\Microsoft\Active Setup\Installed Components\%s
Software\Microsoft\Active Setup\Installed Components\%s
{1C370964-514B-321C-7237-2B4FD86D8568}
{1C370964-514B-321C-7237-2B4FD86D8568}
{021122EA-49DC-4aeb-9D15-DCEAD9BAB1BC}
{021122EA-49DC-4aeb-9D15-DCEAD9BAB1BC}
{F1B13231-13BE-1231-5401-486BA763DEB6}
{F1B13231-13BE-1231-5401-486BA763DEB6}
{F279058C-50B2-4BE4-60C9-369CACF06821}
{F279058C-50B2-4BE4-60C9-369CACF06821}
{78705f0d-e8db-4b2d-8193-982bdda15ecd}
{78705f0d-e8db-4b2d-8193-982bdda15ecd}
{9B29D757-088E-E8C9-2535-AA319B92C00A}
{9B29D757-088E-E8C9-2535-AA319B92C00A}
Software\Microsoft\Windows\CurrentVersion\Installer
Software\Microsoft\Windows\CurrentVersion\Installer
Redist return value (%d) indicates a reboot is required, DotNetDelayReboot is %x
Redist return value (%d) indicates a reboot is required, DotNetDelayReboot is %x
.mst"
.mst"
"%s" /c:"msiinst /delayrebootq"
"%s" /c:"msiinst /delayrebootq"
"%s" /quiet /norestart
"%s" /quiet /norestart
"%s" /q
"%s" /q
2.0.2600.0
2.0.2600.0
Installing MSI engine %s
Installing MSI engine %s
lExtracting resource: %s
lExtracting resource: %s
Template summary for current package: %s
Template summary for current package: %s
Status returned obtaining PID_TEMPLATE property: %d
Status returned obtaining PID_TEMPLATE property: %d
Status returned from summary info: %d
Status returned from summary info: %d
SupportOS
SupportOS
SupportOSMsi12
SupportOSMsi12
SupportOSMsi30
SupportOSMsi30
Msi.DLL
Msi.DLL
{lX-X-X-XX-XXXXXX}
{lX-X-X-XX-XXXXXX}
DownloadFiles: downloading %s
DownloadFiles: downloading %s
Move failed, attempting to copy and delete file, last error %d
Move failed, attempting to copy and delete file, last error %d
Moving file %s to %s
Moving file %s to %s
Cab%d
Cab%d
Caching skin %s to %s
Caching skin %s to %s
Caching ini file %s to %s
Caching ini file %s to %s
Caching transform %s to %s
Caching transform %s to %s
Failed to cache file, last error %d, prompting for alternate location
Failed to cache file, last error %d, prompting for alternate location
Copying file for cache to %s
Copying file for cache to %s
SHFolder.dll
SHFolder.dll
vjredist20-LP.exe
vjredist20-LP.exe
vjredist-LP.exe
vjredist-LP.exe
langpack20.exe
langpack20.exe
langpack.exe
langpack.exe
dotnetfxsp1.exe
dotnetfxsp1.exe
Error opening package '%s' for Costing: %d
Error opening package '%s' for Costing: %d
Error applying transform '%s' for Costing: %d
Error applying transform '%s' for Costing: %d
Error opening database '%s' for Costing: %d
Error opening database '%s' for Costing: %d
Getting file from source, '%s'
Getting file from source, '%s'
Getting file from setup.exe
Getting file from setup.exe
Getting file from web download
Getting file from web download
Getting file from web install
Getting file from web install
Getting file from temp location, '%s'
Getting file from temp location, '%s'
File to get to '%s'
File to get to '%s'
GetFile: file '%s', ini section '%s', full path '%s', location %d
GetFile: file '%s', ini section '%s', full path '%s', location %d
Could not extract isconfig.ini from current issetup.dll
Could not extract isconfig.ini from current issetup.dll
Extracting resources for '%s' to '%s'
Extracting resources for '%s' to '%s'
ISConfig.ini for current issetup.dll does not contain TempPathGuid.
ISConfig.ini for current issetup.dll does not contain TempPathGuid.
IsConfig.ini
IsConfig.ini
Microsoft(R) .NET Framework
Microsoft(R) .NET Framework
J#CmdLine
J#CmdLine
/jscmd:
/jscmd:
/langcmd:"/q:a /c:\"
/langcmd:"/q:a /c:\"
DotNetFxCmd
DotNetFxCmd
DotNetLangPackCmd
DotNetLangPackCmd
vjredist20.exe
vjredist20.exe
vjredist.exe
vjredist.exe
dotnetfx20.exe
dotnetfx20.exe
isnetfx.exe
isnetfx.exe
3.0.0.0
3.0.0.0
2.0.0.0
2.0.0.0
Reboot needed: %s
Reboot needed: %s
Got file '%s' for MSI engine install
Got file '%s' for MSI engine install
instmsi30.exe
instmsi30.exe
Attempting to get file '%s' for MSI engine install
Attempting to get file '%s' for MSI engine install
WindowsInstaller-KB893803-x86.exe
WindowsInstaller-KB893803-x86.exe
Failed to execute query on Binary table, error: %d
Failed to execute query on Binary table, error: %d
Failed to query Binary table, error: %d
Failed to query Binary table, error: %d
Error opening MSI database: %d
Error opening MSI database: %d
MsiAction::Reboot command line %s
MsiAction::Reboot command line %s
"%s" %s /l%d /t"%s" /e"%s" /v"%s" %s
"%s" %s /l%d /t"%s" /e"%s" /v"%s" %s
"%s" /k %s /l%d /t"%s" /e"%s" /w /v"%s" %s
"%s" /k %s /l%d /t"%s" /e"%s" /w /v"%s" %s
Failed to get UI DLL from setup.exe for billboard support. This installation will run without billboards.
Failed to get UI DLL from setup.exe for billboard support. This installation will run without billboards.
Failed to load UI DLL, last error %x, install will run without billboards
Failed to load UI DLL, last error %x, install will run without billboards
lLoading ISExternalUI.dll from '%s'
lLoading ISExternalUI.dll from '%s'
ISExternalUI.dll
ISExternalUI.dll
First time install uses billboard support
First time install uses billboard support
/passive
/passive
Attempted unloaded of msi.dll: %d
Attempted unloaded of msi.dll: %d
Failed to locate ISSetup.dll (%s)
Failed to locate ISSetup.dll (%s)
%s /a "%s"%s
%s /a "%s"%s
%s /f%s "%s" %s
%s /f%s "%s" %s
%s /j%s "%s" %s
%s /j%s "%s" %s
%s /x "%s" %s
%s /x "%s" %s
/p"%s" %s
/p"%s" %s
%s /p "%s" %s
%s /p "%s" %s
%s /i "%s" %s
%s /i "%s" %s
%s="%s" %s="%s"
%s="%s" %s="%s"
ISSCRIPTCMDLINE="
ISSCRIPTCMDLINE="
ISSCRIPTCMDLINE
ISSCRIPTCMDLINE
Installing silent prerequisites for features: %s
Installing silent prerequisites for features: %s
Windows Installer 4.5 or newer is required to run this installation but is not present on the machine. Setup will now exit.
Windows Installer 4.5 or newer is required to run this installation but is not present on the machine. Setup will now exit.
4.05.0.0
4.05.0.0
InstanceId%d
InstanceId%d
/n %s
/n %s
:InstanceId%d.mst
:InstanceId%d.mst
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
DataCabInSetupExe
DataCabInSetupExe
Data.Cab
Data.Cab
Setup.bmp
Setup.bmp
CEvalMarker.dat
CEvalMarker.dat
D1.20.1827.0
D1.20.1827.0
2.9.0.0
2.9.0.0
Extracting setup.ini...
Extracting setup.ini...
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\session.cpp
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\session.cpp
%s/%s
%s/%s
%s"%s"
%s"%s"
0xx.ini
0xx.ini
Extraction of '%s' failed
Extraction of '%s' failed
Extracting '%s' to %s
Extracting '%s' to %s
This setup was created with a EVALUATION VERSION of %s
This setup was created with a EVALUATION VERSION of %s
This setup was created with a BETA VERSION of %s
This setup was created with a BETA VERSION of %s
This setup was created with an EVALUATION VERSION of %s. Evaluation setups work for only %s hours after they were built. Please rebuild the setup to run it again. The setup will now exit.
This setup was created with an EVALUATION VERSION of %s. Evaluation setups work for only %s hours after they were built. Please rebuild the setup to run it again. The setup will now exit.
Upgrade check: obtained package code %s from machine, current package code is %s
Upgrade check: obtained package code %s from machine, current package code is %s
Upgrade check: checking product code %s
Upgrade check: checking product code %s
PASSWORD
PASSWORD
Using language transforms from setup.exe location
Using language transforms from setup.exe location
Default language: %d, got code page %d
Default language: %d, got code page %d
%s=%s
%s=%s
Password
Password
Section: %s
Section: %s
Dumping setup.ini...
Dumping setup.ini...
DSetup.INI
DSetup.INI
INSTMSIA.EXE
INSTMSIA.EXE
INSTMSIW.EXE
INSTMSIW.EXE
MSIEXEC.EXE
MSIEXEC.EXE
setup.isn
setup.isn
CloneSetupExe
CloneSetupExe
Setup returning %d
Setup returning %d
%s /q"%s" /tempdisk1folder"%s" %s
%s /q"%s" /tempdisk1folder"%s" %s
%s\x.mst
%s\x.mst
%s\0xx.ini
%s\0xx.ini
key%d
key%d
%s %s
%s %s
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\Setup.cpp
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\Setup.cpp
InstallShield setup.exe (Unicode) started, cmdline: %s
InstallShield setup.exe (Unicode) started, cmdline: %s
DC:\CodeBases\isdev\src\Runtime\Shared\Setup\SetupPrereqMgr.cpp
DC:\CodeBases\isdev\src\Runtime\Shared\Setup\SetupPrereqMgr.cpp
Transform list: %s
Transform list: %s
Skipping prerequisite '%s' because it was installed before the reboot
Skipping prerequisite '%s' because it was installed before the reboot
Marking prerequisite '%s' for install during ADMIN install
Marking prerequisite '%s' for install during ADMIN install
Features match for prerequisite '%s'
Features match for prerequisite '%s'
Features do not match for prerequisite '%s'
Features do not match for prerequisite '%s'
Prerequisite '%s' scheduled before feature selection
Prerequisite '%s' scheduled before feature selection
Checking setup prerequisite '%s'
Checking setup prerequisite '%s'
Prerequisites returning %d
Prerequisites returning %d
%%IS_PREREQF%%-%s
%%IS_PREREQF%%-%s
Running setup prerequisites (%s)...
Running setup prerequisites (%s)...
SOFTWARE\Microsoft\Windows\CurrentVersion
SOFTWARE\Microsoft\Windows\CurrentVersion
C:\CodeBases\isdev\src\Runtime\Shared\Setup\SetupPreRequisite.cpp
C:\CodeBases\isdev\src\Runtime\Shared\Setup\SetupPreRequisite.cpp
[WindowsFolder]
[WindowsFolder]
%s,%s,%s,%s,%s,%s
%s,%s,%s,%s,%s,%s
[SETUPEXEDIR]
[SETUPEXEDIR]
[SETUPEXENAME]
[SETUPEXENAME]
Launching MSI prerequisite %s, command line %s
Launching MSI prerequisite %s, command line %s
CSetupPreRequisite::ExecuteMsiWithProgress
CSetupPreRequisite::ExecuteMsiWithProgress
cmdlinesilent
cmdlinesilent
AltPrqURL
AltPrqURL
operatingsystemcondition
operatingsystemcondition
[WindowsFolder]Wininit.ini
[WindowsFolder]Wininit.ini
PendingFileRenameOperations
PendingFileRenameOperations
SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations
SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Reboot required - %s key added
Reboot required - %s key added
Wininit.ini rename
Wininit.ini rename
FileRenameOperations
FileRenameOperations
Could not launch prerequisite, last error: %d, ShellExecute: %d
Could not launch prerequisite, last error: %d, ShellExecute: %d
Prerequisite process exited with return code %d
Prerequisite process exited with return code %d
Creating new process for prerequisite, launching command line %s [%s] %s
Creating new process for prerequisite, launching command line %s [%s] %s
CSetupPreRequisite::ExecuteGenericPrerequisite
CSetupPreRequisite::ExecuteGenericPrerequisite
Return Code from EXE: %d
Return Code from EXE: %d
Attempting to execute prerequisite: %s
Attempting to execute prerequisite: %s
CSetupPrerequisite::ExecutePrerequisite
CSetupPrerequisite::ExecutePrerequisite
N%s,%u
N%s,%u
%u.%u.%u.%u
%u.%u.%u.%u
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\utils.cpp
C:\CodeBases\isdev\src\Runtime\MSI\Shared\Setup\utils.cpp
System\CurrentControlSet\Control\Windows
System\CurrentControlSet\Control\Windows
%d: %s
%d: %s
Launch result %d, exit code %d
Launch result %d, exit code %d
Attempting to launch: %s
Attempting to launch: %s
Launch result %d
Launch result %d
Attempting to launch (no wait): %s
Attempting to launch (no wait): %s
"%s" %s
"%s" %s
WShell32.dll
WShell32.dll
kernel32.dll
kernel32.dll
Advapi32.lib
Advapi32.lib
advapi32.dll
advapi32.dll
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
.Default\Control Panel\desktop\ResourceLocale
.Default\Control Panel\desktop\ResourceLocale
mlang.dll
mlang.dll
KERNEL32.DLL
KERNEL32.DLL
portuguese
portuguese
oleaut32.dll
oleaut32.dll
Windows Server 2003
Windows Server 2003
Windows Vista / Server 2008
Windows Vista / Server 2008
Windows 7 / Server 2008 R2
Windows 7 / Server 2008 R2
Windows 8 / Server 2012
Windows 8 / Server 2012
Windows XP
Windows XP
Windows 95
Windows 95
Windows 98
Windows 98
Windows Me
Windows Me
Windows NT 4.0
Windows NT 4.0
Windows 2000
Windows 2000
shell32.dll
shell32.dll
%d%s%d%s%d%s%d
%d%s%d%s%d%s%d
Ntdll.dll
Ntdll.dll
psapi.dll
psapi.dll
PSTORES.EXE
PSTORES.EXE
SetupExeVersion: %ld.%ld.%ld.%ld
SetupExeVersion: %ld.%ld.%ld.%ld
SetupExe: %ls
SetupExe: %ls
%s%s%d.%s
%s%s%d.%s
NRange: bytes=%d-
NRange: bytes=%d-
Range: bytes=%d-
Range: bytes=%d-
AutoConfigURL
AutoConfigURL
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
RPAWINET.DLL
RPAWINET.DLL
wininet.dll
wininet.dll
NWinTrust.dll
NWinTrust.dll
Crypt32.dll
Crypt32.dll
Advapi32.dll
Advapi32.dll
1.2.840.113549.1.9.1
1.2.840.113549.1.9.1
2.5.4.10
2.5.4.10
2.5.4.11
2.5.4.11
2.5.4.3
2.5.4.3
%hx.rra
%hx.rra
123.tmp
123.tmp
uxtheme.dll
uxtheme.dll
%d,%d,%d
%d,%d,%d
%d,%d
%d,%d
mscoree.dll
mscoree.dll
Ndest%d
Ndest%d
source%d
source%d
Software\InstallShieldPendingOperation
Software\InstallShieldPendingOperation
InstallShieldPendingOperation
InstallShieldPendingOperation
WININIT.INI
WININIT.INI
InstallShield.log
InstallShield.log
%s[%s]: %s
%s[%s]: %s
%s[%s]: %s -- File: %s, Line: %d
%s[%s]: %s -- File: %s, Line: %d
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\Setup.INI
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\Setup.INI
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}
c:\%original file name%.exe
c:\%original file name%.exe
@10550,10551;1;0;;0,128,128
@10550,10551;1;0;;0,128,128
Do you wish to install %s?
Do you wish to install %s?
This software has not been altered since publication by %s. To install %s, click OK.
This software has not been altered since publication by %s. To install %s, click OK.
Caution: %s affirms this software is safe. You should only continue if you trust %s to make this assertion.
Caution: %s affirms this software is safe. You should only continue if you trust %s to make this assertion.
The identity of this software publisher was verified by %s.
The identity of this software publisher was verified by %s.
&Always trust software published by %s.
&Always trust software published by %s.
@10650,10651;1;0;;0,128,128
@10650,10651;1;0;;0,128,128
You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
Please enter the password
Please enter the password
Password:
Password:
%sc%1 Setup is preparing the %2, which will guide you through the program setup process. Please wait.!Checking Operating System Version%Checking Windows(R) Installer Version
%sc%1 Setup is preparing the %2, which will guide you through the program setup process. Please wait.!Checking Operating System Version%Checking Windows(R) Installer Version
Configuring Windows Installer
Configuring Windows Installer
Configuring %s
Configuring %s
Setup has completed configuring the Windows Installer on your system. The system needs to be restarted in order to continue with the installation. Please click Restart to reboot the system.
Setup has completed configuring the Windows Installer on your system. The system needs to be restarted in order to continue with the installation. Please click Restart to reboot the system.
The installer must restart your system to complete configuring the Windows Installer service. Click Yes to restart now or No if you plan to restart later.DThis setup will perform an upgrade of '%s'. Do you want to continue?XA later version of '%s' is already installed on this machine. The setup cannot continue.
The installer must restart your system to complete configuring the Windows Installer service. Click Yes to restart now or No if you plan to restart later.DThis setup will perform an upgrade of '%s'. Do you want to continue?XA later version of '%s' is already installed on this machine. The setup cannot continue.
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running either Windows 95 (or later version), or Windows NT 4.0 Service Pack 6 (or later version), before relaunching the installation'Error writing to the temporary location
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running either Windows 95 (or later version), or Windows NT 4.0 Service Pack 6 (or later version), before relaunching the installation'Error writing to the temporary location
-Error extracting %s to the temporary location'Error reading setup initialization file
-Error extracting %s to the temporary location'Error reading setup initialization file
Installer not found in %s
Installer not found in %s
File %s not found#Internal error in Windows Installer
File %s not found#Internal error in Windows Installer
IError populating strings. Verify that all strings in Setup.ini are valid.
IError populating strings. Verify that all strings in Setup.ini are valid.
RestartQSetup needs %lu KB free disk space in %s. Please free up some space and try again
RestartQSetup needs %lu KB free disk space in %s. Please free up some space and try again
/V parameters to MsiExec.exejWindows(R) Installer %s found. This is an older version of the Windows(R) Installer. Click OK to continue.
/V parameters to MsiExec.exejWindows(R) Installer %s found. This is an older version of the Windows(R) Installer. Click OK to continue.
ANSI code page for %s is not installed on the system and therefore setup cannot run in the selected language. Run the setup and select another language.
ANSI code page for %s is not installed on the system and therefore setup cannot run in the selected language. Run the setup and select another language.
Setup requires Windows Installer version %s or higher to install the Microsoft .NET Framework version 2.0. Please install the Windows Installer version %s or higher and try again.
Setup requires Windows Installer version %s or higher to install the Microsoft .NET Framework version 2.0. Please install the Windows Installer version %s or higher and try again.
xThis setup does not contain the Windows Installer engine (%s) required to run the installation on this operating system.
xThis setup does not contain the Windows Installer engine (%s) required to run the installation on this operating system.
'Unable to install %s Scripting Runtime.8Unable to create InstallDriver instance, Return code: %d;Please specify a location to save the installation package.
'Unable to install %s Scripting Runtime.8Unable to create InstallDriver instance, Return code: %d;Please specify a location to save the installation package.
Unable to extract the file %s.
Unable to extract the file %s.
Downloading file %s.LAn error occurred while downloading the file %s. What would you like to do?
Downloading file %s.LAn error occurred while downloading the file %s. What would you like to do?
/sec&Failed to verify signature of file %s.
/sec&Failed to verify signature of file %s.
Estimated time remaining: %d %s of %d %s downloaded at d.d %s%s
Estimated time remaining: %d %s of %d %s downloaded at d.d %s%s
Unable to save file: %s Failed to complete installation.
Unable to save file: %s Failed to complete installation.
/UA
/UA
/UW
/UW
/UM
/UM
/US8Setup Initialization Error, failed to clone the process.:The file %s already exists. Would you like to replace it?
/US8Setup Initialization Error, failed to clone the process.:The file %s already exists. Would you like to replace it?
_Could not verify signature. You need Internet Explorer 3.02 or later with Authenticode update.hSetup requires a newer version of WinInet.dll. You may need to install Internet Explorer 3.02 or later.}You do not have sufficient privileges to complete this installation. Log on as administrator and then retry this installation=Error installing Microsoft(R) .NET Framework, Return Code: %dZ%s optionally uses the Microsoft (R) .NET %s Framework. Would you like to install it now?
_Could not verify signature. You need Internet Explorer 3.02 or later with Authenticode update.hSetup requires a newer version of WinInet.dll. You may need to install Internet Explorer 3.02 or later.}You do not have sufficient privileges to complete this installation. Log on as administrator and then retry this installation=Error installing Microsoft(R) .NET Framework, Return Code: %dZ%s optionally uses the Microsoft (R) .NET %s Framework. Would you like to install it now?
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running either Windows 95 (or later version), or Windows NT 4.0 Service Pack 3 (or later version), before relaunching the installation\%s optionally uses the Visual J# Redistributable Package. Would you like to install it now? - (This will also install the .NET Framework.)
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running either Windows 95 (or later version), or Windows NT 4.0 Service Pack 3 (or later version), before relaunching the installation\%s optionally uses the Visual J# Redistributable Package. Would you like to install it now? - (This will also install the .NET Framework.)
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running Windows 2000 Service Pack 3 (or later version), before relaunching the installationw%s requires the following items to be installed on your computer. Click Install to begin installing these requirements.
Setup has detected an incompatible version of Windows. Please click OK and verify that the target system is running Windows 2000 Service Pack 3 (or later version), before relaunching the installationw%s requires the following items to be installed on your computer. Click Install to begin installing these requirements.
Installing %sDWould you like to cancel the setup after %s has finished installing?
Installing %sDWould you like to cancel the setup after %s has finished installing?
The files for installation requirement %s could not be found. The installation will now stop. This is probably due to a failed, or canceled download.XThe installation of %s appears to have failed. Do you want to continue the installation?
The files for installation requirement %s could not be found. The installation will now stop. This is probably due to a failed, or canceled download.XThe installation of %s appears to have failed. Do you want to continue the installation?
Skipped7The installation of %s has failed. Setup will now exit.gThe installation of %s requires a reboot. Click Yes to restart now or No if you plan to restart later.8%1 optionally uses %2. Would you like to install it now?
Skipped7The installation of %s has failed. Setup will now exit.gThe installation of %s requires a reboot. Click Yes to restart now or No if you plan to restart later.8%1 optionally uses %2. Would you like to install it now?
&Patch an existing instanceWThis installation requires Windows Installer version 4.5 or newer. Setup will now exit.
&Patch an existing instanceWThis installation requires Windows Installer version 4.5 or newer. Setup will now exit.
Authenticity Verified;The identity of this software publisher was verified by %s.lCaution: %s affirms this software is safe. You should only continue if you trust %s to make this assertion.'&Always trust software published by %s.UThis software has not been altered since publication by %s. To install %s, click OK.
Authenticity Verified;The identity of this software publisher was verified by %s.lCaution: %s affirms this software is safe. You should only continue if you trust %s to make this assertion.'&Always trust software published by %s.UThis software has not been altered since publication by %s. To install %s, click OK.
%s - InstallShield Wizard
%s - InstallShield Wizard
Setup has detected one or more instances of this application already installed on your system. You can maintain or update an existing instance or install a completely new instance.MSelect the instance of the application you want to &maintain or update below:
Setup has detected one or more instances of this application already installed on your system. You can maintain or update an existing instance or install a completely new instance.MSelect the instance of the application you want to &maintain or update below:
x%s Setup is preparing the InstallShield Wizard, which will guide you through the rest of the setup process. Please wait.
x%s Setup is preparing the InstallShield Wizard, which will guide you through the rest of the setup process. Please wait.
Error Information:3An error (%s) has occurred while running the setup.
Error Information:3An error (%s) has occurred while running the setup.
Please make sure you have finished any previous setup and closed other applications. If the error still occurs, please contact your vendor: %s.
Please make sure you have finished any previous setup and closed other applications. If the error still occurs, please contact your vendor: %s.
&Report}There is not enough space to initialize the setup. Please free up at least %ld KB on your %s drive before you run the setup.{A user with administrator rights installed this application. You need to have similar privileges to modify or uninstall it.tAnother instance of this setup is already running. Please wait for the other instance to finish and then try again.
&Report}There is not enough space to initialize the setup. Please free up at least %ld KB on your %s drive before you run the setup.{A user with administrator rights installed this application. You need to have similar privileges to modify or uninstall it.tAnother instance of this setup is already running. Please wait for the other instance to finish and then try again.
The origin and integrity of this application could not be verified. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
The origin and integrity of this application could not be verified. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
The origin and integrity of this application could not be verified because it was not signed by the publisher. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
The origin and integrity of this application could not be verified because it was not signed by the publisher. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.
The origin and integrity of this application could not be verified. The certificate used to sign the software has expired or is invalid or untrusted. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.jThe software is corrupted or has been altered since it was published. You should not continue this setup.0This setup was created with a BETA VERSION of %s7This Setup was created with an EVALUATION VERSION of %s
The origin and integrity of this application could not be verified. The certificate used to sign the software has expired or is invalid or untrusted. You should continue only if you can identify the publisher as someone you trust and are certain this application hasn't been altered since publication.jThe software is corrupted or has been altered since it was published. You should not continue this setup.0This setup was created with a BETA VERSION of %s7This Setup was created with an EVALUATION VERSION of %s
This setup was created with an EVALUATION VERSION of %s, which does not support extraction of the internal MSI file. The full version of InstallShield supports this functionality. For more information, see InstallShield KB article Q200900.
This setup was created with an EVALUATION VERSION of %s, which does not support extraction of the internal MSI file. The full version of InstallShield supports this functionality. For more information, see InstallShield KB article Q200900.
This setup was created with an EVALUATION VERSION of %s. Evaluation setups work for only %s days after they were built. Please rebuild the setup to run it again. The setup will now exit.3This setup works until %s. The setup will now exit.
This setup was created with an EVALUATION VERSION of %s. Evaluation setups work for only %s days after they were built. Please rebuild the setup to run it again. The setup will now exit.3This setup works until %s. The setup will now exit.
The path to the installation contains unsupported characters. Try moving the installation to a location that does not have special characters, and then try relaunching it.iThis setup requires administrative privileges that appear to be unavailable. Would you like to try again?
The path to the installation contains unsupported characters. Try moving the installation to a location that does not have special characters, and then try relaunching it.iThis setup requires administrative privileges that appear to be unavailable. Would you like to try again?
InstallShield Setup.exe
InstallShield Setup.exe
19.0.160
19.0.160
MSIEXEC.EXE_212:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
USER32.dll
USER32.dll
msvcrt.dll
msvcrt.dll
ole32.dll
ole32.dll
msi.dll
msi.dll
CUu,CUu.AUu;AUu
CUu,CUu.AUu;AUu
PSSSSSSh
PSSSSSSh
t%SSWV3
t%SSWV3
ntdll.dll
ntdll.dll
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
ReportEventW
ReportEventW
RegCloseKey
RegCloseKey
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyW
RegEnumKeyW
RegEnumKeyExW
RegEnumKeyExW
RegGetKeySecurity
RegGetKeySecurity
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
_acmdln
_acmdln
_amsg_exit
_amsg_exit
msiexec.pdb
msiexec.pdb
name="MSIExec"
name="MSIExec"
version="4.0.0.0"
version="4.0.0.0"
Windows installer setup service
Windows installer setup service
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
> >$>(>,>4>8>
> >$>(>,>4>8>
Msi.dll
Msi.dll
Software\Microsoft\Windows\CurrentVersion\Installer
Software\Microsoft\Windows\CurrentVersion\Installer
passive
passive
Kernel32.dll
Kernel32.dll
FIsKeyLocalSystemOrAdminOrTrustedInstallersOwned: Could not get owner security info.
FIsKeyLocalSystemOrAdminOrTrustedInstallersOwned: Could not get owner security info.
PurgeUserOwnedSubkeys: Could not open subkey: %s
PurgeUserOwnedSubkeys: Could not open subkey: %s
PurgeUserOwnedSubkeys: Could not enumerate subkeys.
PurgeUserOwnedSubkeys: Could not enumerate subkeys.
PurgeUserOwnedSubkeys: Could not delete SubKey tree.
PurgeUserOwnedSubkeys: Could not delete SubKey tree.
PurgeUserOwnedSubkeys: %s not owned by System, Admin or Trusted Installers. Deleting key subkeys.
PurgeUserOwnedSubkeys: %s not owned by System, Admin or Trusted Installers. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Could not delete tree.
PurgeUserOwnedInstallerKeys: Could not delete tree.
PurgeUserOwnedInstallerKeys: Key '%s' not owned by System, Admin, or Trusted Installers. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Key '%s' not owned by System, Admin, or Trusted Installers. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Could not open key '%s'
PurgeUserOwnedInstallerKeys: Could not open key '%s'
OpenProcessToken failed with %d
OpenProcessToken failed with %d
OLEAUT32.dll
OLEAUT32.dll
Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
SetInstallerACLs: Could not create Secure Installer sub key.
SetInstallerACLs: Could not create Secure Installer sub key.
SetInstallerACLs: Could not delete Installer key tree.
SetInstallerACLs: Could not delete Installer key tree.
SetInstallerACLs: Installer key not owned by System or Admin. Deleting key subkeys and re-creating.
SetInstallerACLs: Installer key not owned by System or Admin. Deleting key subkeys and re-creating.
SetInstallerACLs: Could not create Installer key.
SetInstallerACLs: Could not create Installer key.
Wait Failed in MsgWait.
Wait Failed in MsgWait.
kernel32.dll
kernel32.dll
APPID\%s
APPID\%s
%s\DefaultIcon
%s\DefaultIcon
%s\CLSID
%s\CLSID
CLSID\%s
CLSID\%s
CLSID\%s\ProgId
CLSID\%s\ProgId
Msi.Package
Msi.Package
Windows Installer Package
Windows Installer Package
Msi.Patch
Msi.Patch
Windows Installer Patch
Windows Installer Patch
MsiExecCA32
MsiExecCA32
{lX-0000-0000-C000-000000000046}
{lX-0000-0000-C000-000000000046}
MsiRegMv.Exe
MsiRegMv.Exe
ISMIF32.DLL
ISMIF32.DLL
%d.%d.%.4d.%d
%d.%d.%.4d.%d
REINSTALL=ALL REINSTALLMODE=%s
REINSTALL=ALL REINSTALLMODE=%s
Error: %d. %s.
Error: %d. %s.
Software\Policies\Microsoft\Windows\Installer
Software\Policies\Microsoft\Windows\Installer
Failed to connect to server. Error: 0x%X
Failed to connect to server. Error: 0x%X
FDeleteRegTree: Unable to delete subkey: %s
FDeleteRegTree: Unable to delete subkey: %s
TRANSFORMS="C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\1033.MST" SETUPEXEDIR="c:" SETUPEXENAME="%original file name%.exe"
TRANSFORMS="C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{4762F2A4-1902-419A-8E6C-D60454C800A8}\1033.MST" SETUPEXEDIR="c:" SETUPEXENAME="%original file name%.exe"
Windows
Windows
5.0.7601.17514 (win7sp1_rtm.101119-1850)
5.0.7601.17514 (win7sp1_rtm.101119-1850)
msiexec
msiexec
msiexec.exe
msiexec.exe
Windows Installer - Unicode
Windows Installer - Unicode
5.0.7601.17514
5.0.7601.17514
MsiExec.exe_2588:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
USER32.dll
USER32.dll
msvcrt.dll
msvcrt.dll
ole32.dll
ole32.dll
msi.dll
msi.dll
CUu,CUu.AUu;AUu
CUu,CUu.AUu;AUu
PSSSSSSh
PSSSSSSh
t%SSWV3
t%SSWV3
ntdll.dll
ntdll.dll
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
ReportEventW
ReportEventW
RegCloseKey
RegCloseKey
RegDeleteKeyW
RegDeleteKeyW
RegEnumKeyW
RegEnumKeyW
RegEnumKeyExW
RegEnumKeyExW
RegGetKeySecurity
RegGetKeySecurity
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
_acmdln
_acmdln
_amsg_exit
_amsg_exit
msiexec.pdb
msiexec.pdb
name="MSIExec"
name="MSIExec"
version="4.0.0.0"
version="4.0.0.0"
Windows installer setup service
Windows installer setup service
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
> >$>(>,>4>8>
> >$>(>,>4>8>
Msi.dll
Msi.dll
Software\Microsoft\Windows\CurrentVersion\Installer
Software\Microsoft\Windows\CurrentVersion\Installer
passive
passive
Kernel32.dll
Kernel32.dll
FIsKeyLocalSystemOrAdminOrTrustedInstallersOwned: Could not get owner security info.
FIsKeyLocalSystemOrAdminOrTrustedInstallersOwned: Could not get owner security info.
PurgeUserOwnedSubkeys: Could not open subkey: %s
PurgeUserOwnedSubkeys: Could not open subkey: %s
PurgeUserOwnedSubkeys: Could not enumerate subkeys.
PurgeUserOwnedSubkeys: Could not enumerate subkeys.
PurgeUserOwnedSubkeys: Could not delete SubKey tree.
PurgeUserOwnedSubkeys: Could not delete SubKey tree.
PurgeUserOwnedSubkeys: %s not owned by System, Admin or Trusted Installers. Deleting key subkeys.
PurgeUserOwnedSubkeys: %s not owned by System, Admin or Trusted Installers. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Could not delete tree.
PurgeUserOwnedInstallerKeys: Could not delete tree.
PurgeUserOwnedInstallerKeys: Key '%s' not owned by System, Admin, or Trusted Installers. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Key '%s' not owned by System, Admin, or Trusted Installers. Deleting key subkeys.
PurgeUserOwnedInstallerKeys: Could not open key '%s'
PurgeUserOwnedInstallerKeys: Could not open key '%s'
OpenProcessToken failed with %d
OpenProcessToken failed with %d
OLEAUT32.dll
OLEAUT32.dll
Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
Software\Microsoft\Windows\CurrentVersion\Installer\RunOnceEntries
SetInstallerACLs: Could not create Secure Installer sub key.
SetInstallerACLs: Could not create Secure Installer sub key.
SetInstallerACLs: Could not delete Installer key tree.
SetInstallerACLs: Could not delete Installer key tree.
SetInstallerACLs: Installer key not owned by System or Admin. Deleting key subkeys and re-creating.
SetInstallerACLs: Installer key not owned by System or Admin. Deleting key subkeys and re-creating.
SetInstallerACLs: Could not create Installer key.
SetInstallerACLs: Could not create Installer key.
Wait Failed in MsgWait.
Wait Failed in MsgWait.
kernel32.dll
kernel32.dll
APPID\%s
APPID\%s
%s\DefaultIcon
%s\DefaultIcon
%s\CLSID
%s\CLSID
CLSID\%s
CLSID\%s
CLSID\%s\ProgId
CLSID\%s\ProgId
Msi.Package
Msi.Package
Windows Installer Package
Windows Installer Package
Msi.Patch
Msi.Patch
Windows Installer Patch
Windows Installer Patch
MsiExecCA32
MsiExecCA32
{lX-0000-0000-C000-000000000046}
{lX-0000-0000-C000-000000000046}
MsiRegMv.Exe
MsiRegMv.Exe
ISMIF32.DLL
ISMIF32.DLL
%d.%d.%.4d.%d
%d.%d.%.4d.%d
REINSTALL=ALL REINSTALLMODE=%s
REINSTALL=ALL REINSTALLMODE=%s
Error: %d. %s.
Error: %d. %s.
Software\Policies\Microsoft\Windows\Installer
Software\Policies\Microsoft\Windows\Installer
Failed to connect to server. Error: 0x%X
Failed to connect to server. Error: 0x%X
FDeleteRegTree: Unable to delete subkey: %s
FDeleteRegTree: Unable to delete subkey: %s
Windows
Windows
5.0.7601.17514 (win7sp1_rtm.101119-1850)
5.0.7601.17514 (win7sp1_rtm.101119-1850)
msiexec
msiexec
msiexec.exe
msiexec.exe
Windows Installer - Unicode
Windows Installer - Unicode
5.0.7601.17514
5.0.7601.17514
MsiExec.exe_2588_rwx_001C0000_00002000:
The procedure %s could not be located in the DLL %s.
The procedure %s could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.
ochelper.exe_1372:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
_ReportResult@0
_ReportResult@0
KERNEL32.dll
KERNEL32.dll
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExW
USER32.dll
USER32.dll
SHLWAPI.dll
SHLWAPI.dll
SHELL32.dll
SHELL32.dll
SETUPAPI.dll
SETUPAPI.dll
C:\Jenkins\workspace\OC_HELPER\Release\BootStrap.pdb
C:\Jenkins\workspace\OC_HELPER\Release\BootStrap.pdb
ochelper.dll
ochelper.dll
.OP@x
.OP@x
5"5*50565
5"5*50565
Global\4442DC16-8108-42F8-A300-EA2B80F8B6C1
Global\4442DC16-8108-42F8-A300-EA2B80F8B6C1
%s /r %d
%s /r %d
MsiExec.exe_2588_rwx_00980000_00002000:
The procedure %s could not be located in the DLL %s.
The procedure %s could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.
MsiExec.exe_2588_rwx_00AE0000_00002000:
The procedure %s could not be located in the DLL %s.
The procedure %s could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.
Offercast2802_PCD_.exe_2500:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
8%uEP3
8%uEP3
D$$PSSh
D$$PSSh
SSSShT
SSSShT
X
X
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
Lpt.Vot
Lpt.Vot
F%D,3
F%D,3
%d / %m / %y
%d / %m / %y
%I : %M : %S %p
%I : %M : %S %p
%m / %d / %y
%m / %d / %y
%b %d %H : %M : %S %Y
%b %d %H : %M : %S %Y
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
portuguese-brazilian
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
operator
operator
GetProcessWindowStation
GetProcessWindowStation
RegOpenKeyTransactedW
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
RegDeleteKeyExW
pipoffers.apnpartners.com
pipoffers.apnpartners.com
user_pref("keyword.URL", "
user_pref("keyword.URL", "
user_pref("browser.startup.homepage", "
user_pref("browser.startup.homepage", "
GetChromeIncumbentDSProvider in
GetChromeIncumbentDSProvider in
"search_url": "
"search_url": "
GetChromeIncumbentHPR in
GetChromeIncumbentHPR in
report
report
rules.js
rules.js
objectmodel.js
objectmodel.js
Finished Parsing the config.xml file
Finished Parsing the config.xml file
analytics.xml
analytics.xml
Download APNAnalytics.xml file failed, attempting to use local
Download APNAnalytics.xml file failed, attempting to use local
No .xml file is found:
No .xml file is found:
Local ui.xml will be used:
Local ui.xml will be used:
Local .xml will be used:
Local .xml will be used:
Create thread failed in ExecuteAllOfferFiles()
Create thread failed in ExecuteAllOfferFiles()
Wait on execution thread success
Wait on execution thread success
Wait on execution thread failure
Wait on execution thread failure
Finished successfully executing file
Finished successfully executing file
Failed to execute file
Failed to execute file
Skipping cancel for execution progress
Skipping cancel for execution progress
OnPostReporting...
OnPostReporting...
Total number of eligible offers to report
Total number of eligible offers to report
Lookup breaking. Parent exitcode %d waitWindow %x
Lookup breaking. Parent exitcode %d waitWindow %x
WaitWnd %x WaitWnd PID %d WaitWnd TID %d
WaitWnd %x WaitWnd PID %d WaitWnd TID %d
GetWindowThreadID failed last error %d
GetWindowThreadID failed last error %d
OpenProcess failed Last error %d
OpenProcess failed Last error %d
Waitforsingleobject failed Last error %d
Waitforsingleobject failed Last error %d
AreThereOffersToDownloadAndExecute : true. Identified fileid:
AreThereOffersToDownloadAndExecute : true. Identified fileid:
AreThereOffersToDownloadAndExecute : False
AreThereOffersToDownloadAndExecute : False
ui.xml
ui.xml
Download Config.xml file failed, attempting to use local
Download Config.xml file failed, attempting to use local
Installchecker exe validation failed
Installchecker exe validation failed
Installchecker exe run failed
Installchecker exe run failed
reporting
reporting
%s %d -/d/d d:d:d.d
%s %d -/d/d d:d:d.d
APNLog.txt
APNLog.txt
HttpOpenRequest return failed
HttpOpenRequest return failed
HttpSendRequest return failed
HttpSendRequest return failed
Send Reporting finished
Send Reporting finished
Beacon HttpOpenRequest return failed
Beacon HttpOpenRequest return failed
Beacon HttpSendRequest return failed
Beacon HttpSendRequest return failed
Beacon URL incorrect
Beacon URL incorrect
icUrl
icUrl
promptmsg
promptmsg
failed to set recv timeout: %d
failed to set recv timeout: %d
failed to set send timeout: %d
failed to set send timeout: %d
Reply from %s: bytes=%d time=%.0fms TTL=%d icmp_seq=%u
Reply from %s: bytes=%d time=%.0fms TTL=%d icmp_seq=%u
Rule execution aborted- either local / remote succeeded.
Rule execution aborted- either local / remote succeeded.
X;
X;
%s>
%s>
%s="%s"
%s="%s"
%s='%s'
%s='%s'
version="%s"
version="%s"
encoding="%s"
encoding="%s"
standalone="%s"
standalone="%s"
2.5.4.11
2.5.4.11
1.3.6.1.4.1.311.2.1.12
1.3.6.1.4.1.311.2.1.12
DownloadSingleFile()... url:
DownloadSingleFile()... url:
C:\.jenkins\jobs\PIP2.0_INSTALLER\workspace\release\AskInstaller_1_.pdb
C:\.jenkins\jobs\PIP2.0_INSTALLER\workspace\release\AskInstaller_1_.pdb
RPCRT4.dll
RPCRT4.dll
msi.dll
msi.dll
UxTheme.dll
UxTheme.dll
WinExec
WinExec
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExW
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHLWAPI.dll
SHLWAPI.dll
COMCTL32.dll
COMCTL32.dll
MSIMG32.dll
MSIMG32.dll
DeleteUrlCacheEntryW
DeleteUrlCacheEntryW
InternetCrackUrlW
InternetCrackUrlW
HttpSendRequestW
HttpSendRequestW
HttpQueryInfoW
HttpQueryInfoW
HttpOpenRequestW
HttpOpenRequestW
WININET.dll
WININET.dll
URLDownloadToFileW
URLDownloadToFileW
urlmon.dll
urlmon.dll
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
WS2_32.dll
WS2_32.dll
VERSION.dll
VERSION.dll
CryptMsgClose
CryptMsgClose
CertGetNameStringW
CertGetNameStringW
CertFreeCertificateContext
CertFreeCertificateContext
CertFindCertificateInStore
CertFindCertificateInStore
CertCloseStore
CertCloseStore
CryptMsgGetParam
CryptMsgGetParam
CRYPT32.dll
CRYPT32.dll
WINTRUST.dll
WINTRUST.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
zcÃ
zcÃ
.?AUIPIPRulesExecutor@@
.?AUIPIPRulesExecutor@@
.?AV?$IDispatchImpl@UIPIPRulesExecutor@@$1?IID_IPIPRulesExecutor@@3U_GUID@@B$1?LIBID_AskInstallerLib@@3U3@B$0PPPP@$0PPPP@VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$IDispatchImpl@UIPIPRulesExecutor@@$1?IID_IPIPRulesExecutor@@3U_GUID@@B$1?LIBID_AskInstallerLib@@3U3@B$0PPPP@$0PPPP@VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$SODispatchImpl@UIPIPRulesExecutor@@$1?IID_IPIPRulesExecutor@@3U_GUID@@B$1?LIBID_AskInstallerLib@@3U3@B@@
.?AV?$SODispatchImpl@UIPIPRulesExecutor@@$1?IID_IPIPRulesExecutor@@3U_GUID@@B$1?LIBID_AskInstallerLib@@3U3@B@@
.?AUISupportErrorInfo@@
.?AUISupportErrorInfo@@
.?AVCDestroyerAndUrlBinderCallback@CDownloader@@
.?AVCDestroyerAndUrlBinderCallback@CDownloader@@
.?AV?$_IDispEventLocator@$0A@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$_IDispEventLocator@$0A@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$IDispEventSimpleImpl@$0A@V?$CAxWindowEx@VCAxView@@@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$IDispEventSimpleImpl@$0A@V?$CAxWindowEx@VCAxView@@@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.Pf:f\
.Pf:f\
if (typeof Date.prototype.toJSON !== 'function') {
if (typeof Date.prototype.toJSON !== 'function') {
Date.prototype.toJSON = function (key) {
Date.prototype.toJSON = function (key) {
return isFinite(this.valueOf()) ?
return isFinite(this.valueOf()) ?
this.getUTCFullYear() '-'
this.getUTCFullYear() '-'
f(this.getUTCMonth() 1) '-'
f(this.getUTCMonth() 1) '-'
f(this.getUTCDate()) 'T'
f(this.getUTCDate()) 'T'
f(this.getUTCHours()) ':'
f(this.getUTCHours()) ':'
f(this.getUTCMinutes()) ':'
f(this.getUTCMinutes()) ':'
f(this.getUTCSeconds()) 'Z' : null;
f(this.getUTCSeconds()) 'Z' : null;
String.prototype.toJSON =
String.prototype.toJSON =
Number.prototype.toJSON =
Number.prototype.toJSON =
Boolean.prototype.toJSON = function (key) {
Boolean.prototype.toJSON = function (key) {
return this.valueOf();
return this.valueOf();
'"' : '\\"',
'"' : '\\"',
'\\': '\\\\'
'\\': '\\\\'
escapable.lastIndex = 0;
escapable.lastIndex = 0;
return escapable.test(string) ? '"' string.replace(escapable, function (a) {
return escapable.test(string) ? '"' string.replace(escapable, function (a) {
'\\u' ('0000' a.charCodeAt(0).toString(16)).slice(-4);
'\\u' ('0000' a.charCodeAt(0).toString(16)).slice(-4);
function str(key, holder) {
function str(key, holder) {
// Produce a string from holder[key].
// Produce a string from holder[key].
k, // The member key.
k, // The member key.
value = holder[key];
value = holder[key];
typeof value.toJSON === 'function') {
typeof value.toJSON === 'function') {
value = value.toJSON(key);
value = value.toJSON(key);
value = rep.call(holder, key, value);
value = rep.call(holder, key, value);
if (Object.prototype.toString.apply(value) === '[object Array]') {
if (Object.prototype.toString.apply(value) === '[object Array]') {
length = value.length;
length = value.length;
// Join all of the elements together, separated with commas, and wrap them in
// Join all of the elements together, separated with commas, and wrap them in
v = partial.length === 0 ? '[]' : gap ?
v = partial.length === 0 ? '[]' : gap ?
'[\n' gap partial.join(',\n' gap) '\n' mind ']' :
'[\n' gap partial.join(',\n' gap) '\n' mind ']' :
'[' partial.join(',') ']';
'[' partial.join(',') ']';
length = rep.length;
length = rep.length;
partial.push(quote(k) (gap ? ': ' : ':') v);
partial.push(quote(k) (gap ? ': ' : ':') v);
// Otherwise, iterate through all of the keys in the object.
// Otherwise, iterate through all of the keys in the object.
if (Object.prototype.hasOwnProperty.call(value, k)) {
if (Object.prototype.hasOwnProperty.call(value, k)) {
// Join all of the member texts together, separated with commas,
// Join all of the member texts together, separated with commas,
v = partial.length === 0 ? '{}' : gap ?
v = partial.length === 0 ? '{}' : gap ?
'{\n' gap partial.join(',\n' gap) '\n' mind '}' :
'{\n' gap partial.join(',\n' gap) '\n' mind '}' :
'{' partial.join(',') '}';
'{' partial.join(',') '}';
if (typeof JSON.stringify !== 'function') {
if (typeof JSON.stringify !== 'function') {
JSON.stringify = function (value, replacer, space) {
JSON.stringify = function (value, replacer, space) {
// that can replace values, or an array of strings that will select the keys.
// that can replace values, or an array of strings that will select the keys.
typeof replacer.length !== 'number')) {
typeof replacer.length !== 'number')) {
throw new Error('JSON.stringify');
throw new Error('JSON.stringify');
// Make a fake root object containing our value under the key of ''.
// Make a fake root object containing our value under the key of ''.
if (typeof JSON.parse !== 'function') {
if (typeof JSON.parse !== 'function') {
JSON.parse = function (text, reviver) {
JSON.parse = function (text, reviver) {
function walk(holder, key) {
function walk(holder, key) {
var k, v, value = holder[key];
var k, v, value = holder[key];
if (Object.prototype.hasOwnProperty.call(value, k)) {
if (Object.prototype.hasOwnProperty.call(value, k)) {
return reviver.call(holder, key, value);
return reviver.call(holder, key, value);
// Parsing happens in four stages. In the first stage, we replace certain
// Parsing happens in four stages. In the first stage, we replace certain
cx.lastIndex = 0;
cx.lastIndex = 0;
if (cx.test(text)) {
if (cx.test(text)) {
text = text.replace(cx, function (a) {
text = text.replace(cx, function (a) {
('0000' a.charCodeAt(0).toString(16)).slice(-4);
('0000' a.charCodeAt(0).toString(16)).slice(-4);
// We split the second stage into 4 regexp operations in order to work around
// We split the second stage into 4 regexp operations in order to work around
.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, '@')
.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, '@')
.replace(/"[^"\\\n\r]*"|true|false|null|-?\d (?:\.\d*)?(?:[eE][ \-]?\d )?/g, ']')
.replace(/"[^"\\\n\r]*"|true|false|null|-?\d (?:\.\d*)?(?:[eE][ \-]?\d )?/g, ']')
.replace(/(?:^|:|,)(?:\s*\[) /g, ''))) {
.replace(/(?:^|:|,)(?:\s*\[) /g, ''))) {
// JavaScript structure. The '{' operator is subject to a syntactic ambiguity
// JavaScript structure. The '{' operator is subject to a syntactic ambiguity
// In the optional fourth stage, we recursively walk the new structure, passing
// In the optional fourth stage, we recursively walk the new structure, passing
throw new SyntaxError('JSON.parse');
throw new SyntaxError('JSON.parse');
var primaryTlbrID = getURLParameters("PTBPartnerID");
var primaryTlbrID = getURLParameters("PTBPartnerID");
= getURLParameters("STBPartnerID");
= getURLParameters("STBPartnerID");
var pipPartnerID = getURLParameters("PIPPID");
var pipPartnerID = getURLParameters("PIPPID");
var tbType=getURLParameters("tbType");
var tbType=getURLParameters("tbType");
var version=getURLParameters("version");
var version=getURLParameters("version");
var hidePtnrSecondaryOffer=getURLParameters("hideSecondary");
var hidePtnrSecondaryOffer=getURLParameters("hideSecondary");
function getURLParameters(paramName)
function getURLParameters(paramName)
var sURL = window.document.URL.toString();
var sURL = window.document.URL.toString();
if (sURL.indexOf("?") > 0)
if (sURL.indexOf("?") > 0)
var arrParams = sURL.split("?");
var arrParams = sURL.split("?");
var arrURLParams = arrParams[1].split("&");
var arrURLParams = arrParams[1].split("&");
var arrParamNames = new Array(arrURLParams.length);
var arrParamNames = new Array(arrURLParams.length);
var arrParamValues = new Array(arrURLParams.length);
var arrParamValues = new Array(arrURLParams.length);
for (i=0;i
for (i=0;i
var sParam = arrURLParams[i].split("=");
var sParam = arrURLParams[i].split("=");
piprule.setRuleCallback(
piprule.setRuleCallback(
logger.log("\r\n ****** pirule setRule callBackFired : function called is " "Rule name: " ruleName "Number: " arguments.length);
logger.log("\r\n ****** pirule setRule callBackFired : function called is " "Rule name: " ruleName "Number: " arguments.length);
var params = Array.prototype.slice.call(arguments, 1);
var params = Array.prototype.slice.call(arguments, 1);
return window[ruleName].apply(this, params);
return window[ruleName].apply(this, params);
logger.log("\r\n ****** inside load " e.message " Rule name: " ruleName);
logger.log("\r\n ****** inside load " e.message " Rule name: " ruleName);
logger.log("\r\n ****** Load Function Error " e.message);
logger.log("\r\n ****** Load Function Error " e.message);
hXXp://VVV.JSON.org/json2.js
hXXp://VVV.JSON.org/json2.js
2011-02-23
2011-02-23
See hXXp://VVV.JSON.org/js.html
See hXXp://VVV.JSON.org/js.html
See hXXp://javascript.crockford.com/jsmin.html
See hXXp://javascript.crockford.com/jsmin.html
JSON.stringify(value, replacer, space)
JSON.stringify(value, replacer, space)
will be passed the key associated with the value, and this will be
will be passed the key associated with the value, and this will be
Date.prototype.toJSON = function (key) {
Date.prototype.toJSON = function (key) {
return this.getUTCFullYear() '-'
return this.getUTCFullYear() '-'
f(this.getUTCMonth() 1) '-'
f(this.getUTCMonth() 1) '-'
f(this.getUTCDate()) 'T'
f(this.getUTCDate()) 'T'
f(this.getUTCHours()) ':'
f(this.getUTCHours()) ':'
f(this.getUTCMinutes()) ':'
f(this.getUTCMinutes()) ':'
f(this.getUTCSeconds()) 'Z';
f(this.getUTCSeconds()) 'Z';
You can provide an optional replacer method. It will be passed the
You can provide an optional replacer method. It will be passed the
key and value of each member, with this bound to the containing
key and value of each member, with this bound to the containing
such that only members with keys listed in the replacer array are
such that only members with keys listed in the replacer array are
JSON.stringify(undefined) returns undefined.
JSON.stringify(undefined) returns undefined.
text = JSON.stringify(['e', {pluribus: 'unum'}]);
text = JSON.stringify(['e', {pluribus: 'unum'}]);
text = JSON.stringify(['e', {pluribus: 'unum'}], null, '\t');
text = JSON.stringify(['e', {pluribus: 'unum'}], null, '\t');
text = JSON.stringify([new Date()], function (key, value) {
text = JSON.stringify([new Date()], function (key, value) {
return this[key] instanceof Date ?
return this[key] instanceof Date ?
'Date(' this[key] ')' : value;
'Date(' this[key] ')' : value;
JSON.parse(text, reviver)
JSON.parse(text, reviver)
transform the results. It receives each of the keys and values,
transform the results. It receives each of the keys and values,
myData = JSON.parse(text, function (key, value) {
myData = JSON.parse(text, function (key, value) {
/^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2}(?:\.\d*)?)Z$/.exec(value);
/^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2}(?:\.\d*)?)Z$/.exec(value);
return new Date(Date.UTC( a[1], a[2] - 1, a[3], a[4],
return new Date(Date.UTC( a[1], a[2] - 1, a[3], a[4],
myData = JSON.parse('["Date(09/09/2001)"]', function (key, value) {
myData = JSON.parse('["Date(09/09/2001)"]', function (key, value) {
value.slice(0, 5) === 'Date(' &&
value.slice(0, 5) === 'Date(' &&
value.slice(-1) === ')') {
value.slice(-1) === ')') {
d = new Date(value.slice(5, -1));
d = new Date(value.slice(5, -1));
getUTCMinutes, getUTCMonth, getUTCSeconds, hasOwnProperty, join,
getUTCMinutes, getUTCMonth, getUTCSeconds, hasOwnProperty, join,
objectModel.initialized = false;
objectModel.initialized = false;
if (objectModel.initialized === false && typeof window !== "undefined" &&
if (objectModel.initialized === false && typeof window !== "undefined" &&
typeof window.external !== "undefined") {
typeof window.external !== "undefined") {
_logger = window.external.GetObject("logger");
_logger = window.external.GetObject("logger");
logger.log = function(var1) {
logger.log = function(var1) {
return _logger.log(var1);
return _logger.log(var1);
logger.error = function(var1) {
logger.error = function(var1) {
return _logger.error(var1);
return _logger.error(var1);
logger.debug = function(var1) {
logger.debug = function(var1) {
return _logger.debug(var1);
return _logger.debug(var1);
logger.info = function(var1) {
logger.info = function(var1) {
return _logger.info(var1);
return _logger.info(var1);
logger.warn = function(var1) {
logger.warn = function(var1) {
return _logger.warn(var1);
return _logger.warn(var1);
logger.group = function(var1) {
logger.group = function(var1) {
return _logger.group(var1);
return _logger.group(var1);
logger.dir = function(var1) {
logger.dir = function(var1) {
return _logger.dir(var1);
return _logger.dir(var1);
logger.error(x);
logger.error(x);
browser = window.external.GetObject("browserinfo");
browser = window.external.GetObject("browserinfo");
system = window.external.GetObject("system");
system = window.external.GetObject("system");
piprule = window.external.GetObject("piprule");
piprule = window.external.GetObject("piprule");
pipclient = window.external.GetObject("pipclient");
pipclient = window.external.GetObject("pipclient");
};PAvar regsistryPathx64 = "HKEY_LOCAL_MACHINE\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\";
};PAvar regsistryPathx64 = "HKEY_LOCAL_MACHINE\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\";
var registryPathx86 = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\";
var registryPathx86 = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\";
var FIREFOX="firefox";
var FIREFOX="firefox";
var CHROME="Google Chrome";
var CHROME="Google Chrome";
var unsupportedBrowser = "2:Unsupported default browser";
var unsupportedBrowser = "2:Unsupported default browser";
var IneligibleChrome = "3:Ineligible Chrome";
var IneligibleChrome = "3:Ineligible Chrome";
var UnsupportedOSXP64bit = "11:Unsupported OS XP 64 bit";
var UnsupportedOSXP64bit = "11:Unsupported OS XP 64 bit";
var AnchorFreeUnsupportedOS = "18: AnchorFree unsupported OS XP or Vista 64bit ";
var AnchorFreeUnsupportedOS = "18: AnchorFree unsupported OS XP or Vista 64bit ";
var AudialsOfferNotEligibleUnsupportedOSXP32orVista64bit = "20: Audials offer not eligible as unsupported OS XP 32 or Vista 64 bit";
var AudialsOfferNotEligibleUnsupportedOSXP32orVista64bit = "20: Audials offer not eligible as unsupported OS XP 32 or Vista 64 bit";
var OldClientAskSecureOfferNotSupported = "24:Old Client AskSecure offer not supported";
var OldClientAskSecureOfferNotSupported = "24:Old Client AskSecure offer not supported";
var inputBrowserTypeNotSupported = "27:Input Browser Type is NOT Supported";
var inputBrowserTypeNotSupported = "27:Input Browser Type is NOT Supported";
var inputIEBrowserVersionNotSupported = "28:IE Browser Version Is NOT Supported";
var inputIEBrowserVersionNotSupported = "28:IE Browser Version Is NOT Supported";
var inputCRBrowserVersionNotSupported = "29:CR Browser Version Is NOT Supported";
var inputCRBrowserVersionNotSupported = "29:CR Browser Version Is NOT Supported";
var inputFFBrowserVersionNotSupported = "30:FF Browser Version Is NOT Supported";
var inputFFBrowserVersionNotSupported = "30:FF Browser Version Is NOT Supported";
"WCL2","ACDS","ADS","AF3-SRS","AGH","ALSV5-DL","AM2","AM3","AMG","APLV5","APL1V5","APL2V5","ATR","ATU","ATU-DL","ATU-ASK","ATU-QBD","ATU-SRS","AXBX","BBY","BBY-SRS","BBY2","BBY2-SRS","BCC","BCPAP","BUD","BLP-DL","BGM","BOO","BOO2","BS","BT-SRS-T3","BT-T1","BT-T2","BT-T3","BT-ASK-T4","BUD","BW","C2P","CCS","CDS","CDS2","CDS3","CDS4","CEBV5","CFTPV5","CFTP2V5","CIE","CLA","CLM-DL","CNB","CNET","CNET2","CNET3","CPUID-DL","CPUID-ST","CS","CS-ST","CS2","CS3","CWN","DAT","DDI","DDIS","DDIS2","DGY","DIG-A","DIG-N","DIG-OFF","DIG-ON","DIG-P","DIG-S","DNA","DNA2","DPO","DVDX","DVDX2","EAC","F-CT","F-ET","FAC","FF2-DL","FJS","FKR","FLV","FM","FTB","FTB2","FTB3","FW-ASK","FW-QBD","FW-SRS","FWT","FW2V5","FXTV5-DL","GAM4","GAM-ASK-T4","GAM-SRS","GAM-SRS-T3","GAM-QBD","GAM-T1","GAM-T2","GAM-T3","GET-SRS","GET2-SRS","GET3-SRS","GGSV5","GGSV5-DL","GOM","GYG","HIY-SRS","HULU","ICM-SRS","IEAK9","IMB","IMB-DL","IMT","JDR","JMYV5","KG-ASK","KYT","LMW","LMW2","LMW3","LMW4","LMW-BETA","LMW-BETA2","LOL","LPLV5","LUC","MDG","MEB","MGN","MGX","MMB","MMG","MOV","MOV-DL","MP3","MP3DS","MP3FB","MP3P2","MP3R-ASK","MP3R-DL","MP3R-QBD","MP3R-SRS","MP3R4","MP3R5","MP3R6","MP3SF","MP3SW","MP3TR","MP3SD","MPC","MPC2","MROV5","MYC","MYC-ASK","MYC-DL","MYC-SRS","MYC-QBD","NG1V5","NG2V5","NG3V5","NG4V5","NSC-S","NSC-O","NSC-E","NSC-P","NSC-A","NSC-N","NSC-NS","NR1V5","NRV5","NXZ","ORJ-SAT","ORJ2","ORJ2-SAT","OSUB","OTV5","OVO","PCH","PDF","PDF2","PDO","PFN","PLF3","PLF4","PLTV5","PLTV5-DL","PLTV5-DL2","POS","POS2","PTF","PTJ","PTV2","PTV2-DL","PTV5","QSYS","RAD","S99","SBES","SCV5","SDT","SE","SF","SKR","SNAPT","SNP-ST","SP","SP2","SPC","SPT","SRFV5","SS2V5","SS3V5","STC2","STC4","STC-SRS","STC2-SRS","STC3-SRS","STC4-SRS","STK","STK2","STK3","STK4","TEMU","THE","TKR","TM","TMN2","TTB","TTR","TVTYV5","UKT","UNI","URS","VDJ","VRS","VD","VD-DL","VZ3","WBG-DL","WBG-ST","WBM2","WBV5-DL","WCL","WCLV5","WCL2V5","WCR","WCV5","WME","WSV5","WZP","YLC","ZMR","ZTV","ZTV-DL","FBK","FB-BETA","FB-PRO","FB-APP","FB-ASK","FB-OD","FB-SEM","MDF","MDF-BETA","NRO","NRO2","NRO3","UTR","UTR2","WID","WID-BETA"]}
"WCL2","ACDS","ADS","AF3-SRS","AGH","ALSV5-DL","AM2","AM3","AMG","APLV5","APL1V5","APL2V5","ATR","ATU","ATU-DL","ATU-ASK","ATU-QBD","ATU-SRS","AXBX","BBY","BBY-SRS","BBY2","BBY2-SRS","BCC","BCPAP","BUD","BLP-DL","BGM","BOO","BOO2","BS","BT-SRS-T3","BT-T1","BT-T2","BT-T3","BT-ASK-T4","BUD","BW","C2P","CCS","CDS","CDS2","CDS3","CDS4","CEBV5","CFTPV5","CFTP2V5","CIE","CLA","CLM-DL","CNB","CNET","CNET2","CNET3","CPUID-DL","CPUID-ST","CS","CS-ST","CS2","CS3","CWN","DAT","DDI","DDIS","DDIS2","DGY","DIG-A","DIG-N","DIG-OFF","DIG-ON","DIG-P","DIG-S","DNA","DNA2","DPO","DVDX","DVDX2","EAC","F-CT","F-ET","FAC","FF2-DL","FJS","FKR","FLV","FM","FTB","FTB2","FTB3","FW-ASK","FW-QBD","FW-SRS","FWT","FW2V5","FXTV5-DL","GAM4","GAM-ASK-T4","GAM-SRS","GAM-SRS-T3","GAM-QBD","GAM-T1","GAM-T2","GAM-T3","GET-SRS","GET2-SRS","GET3-SRS","GGSV5","GGSV5-DL","GOM","GYG","HIY-SRS","HULU","ICM-SRS","IEAK9","IMB","IMB-DL","IMT","JDR","JMYV5","KG-ASK","KYT","LMW","LMW2","LMW3","LMW4","LMW-BETA","LMW-BETA2","LOL","LPLV5","LUC","MDG","MEB","MGN","MGX","MMB","MMG","MOV","MOV-DL","MP3","MP3DS","MP3FB","MP3P2","MP3R-ASK","MP3R-DL","MP3R-QBD","MP3R-SRS","MP3R4","MP3R5","MP3R6","MP3SF","MP3SW","MP3TR","MP3SD","MPC","MPC2","MROV5","MYC","MYC-ASK","MYC-DL","MYC-SRS","MYC-QBD","NG1V5","NG2V5","NG3V5","NG4V5","NSC-S","NSC-O","NSC-E","NSC-P","NSC-A","NSC-N","NSC-NS","NR1V5","NRV5","NXZ","ORJ-SAT","ORJ2","ORJ2-SAT","OSUB","OTV5","OVO","PCH","PDF","PDF2","PDO","PFN","PLF3","PLF4","PLTV5","PLTV5-DL","PLTV5-DL2","POS","POS2","PTF","PTJ","PTV2","PTV2-DL","PTV5","QSYS","RAD","S99","SBES","SCV5","SDT","SE","SF","SKR","SNAPT","SNP-ST","SP","SP2","SPC","SPT","SRFV5","SS2V5","SS3V5","STC2","STC4","STC-SRS","STC2-SRS","STC3-SRS","STC4-SRS","STK","STK2","STK3","STK4","TEMU","THE","TKR","TM","TMN2","TTB","TTR","TVTYV5","UKT","UNI","URS","VDJ","VRS","VD","VD-DL","VZ3","WBG-DL","WBG-ST","WBM2","WBV5-DL","WCL","WCLV5","WCL2V5","WCR","WCV5","WME","WSV5","WZP","YLC","ZMR","ZTV","ZTV-DL","FBK","FB-BETA","FB-PRO","FB-APP","FB-ASK","FB-OD","FB-SEM","MDF","MDF-BETA","NRO","NRO2","NRO3","UTR","UTR2","WID","WID-BETA"]}
a = a.split('.');
a = a.split('.');
b = b.split('.');
b = b.split('.');
l = Math.min(a.length, b.length);
l = Math.min(a.length, b.length);
return a.length - b.length;
return a.length - b.length;
var versionresult=cmpVersions(clientversion,"2.6.8.0");
var versionresult=cmpVersions(clientversion,"2.6.8.0");
if(window.navigator.userAgent.indexOf('WOW64')>-1 || window.navigator.platform=='Win64')
if(window.navigator.userAgent.indexOf('WOW64')>-1 || window.navigator.platform=='Win64')
function isSupportedOS() {
function isSupportedOS() {
if (window.navigator.appVersion.indexOf("Windows NT 5.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 5.2") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.2") != -1 ) {
if (window.navigator.appVersion.indexOf("Windows NT 5.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 5.2") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.2") != -1 ) {
for (var i=0; i
for (var i=0; i
if(partnerID == jsonString.makeofferdisabled[i]){
if(partnerID == jsonString.makeofferdisabled[i]){
unsupportedBrowser = IneligibleChrome;
unsupportedBrowser = IneligibleChrome;
var key;
var key;
for (key in checkObj) {
for (key in checkObj) {
incumbentPartners = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\AskPartnerNetwork\\Toolbar\\shared\\","tbsinstalled",0);
incumbentPartners = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\AskPartnerNetwork\\Toolbar\\shared\\","tbsinstalled",0);
incumbentPartners = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\shared\\","tbsinstalled",0);
incumbentPartners = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\shared\\","tbsinstalled",0);
incumbentPartnerIDs = incumbentPartners.split(",");
incumbentPartnerIDs = incumbentPartners.split(",");
for(var j=0; j
for(var j=0; j
if(tlbrID == jsonString.blocklistedPartners[j]) {
if(tlbrID == jsonString.blocklistedPartners[j]) {
if(incPartners.length = 4) {
if(incPartners.length = 4) {
for(var k=0; k
for(var k=0; k
if(incumbentTbType.toLowerCase().startsWith("vanilla") && tbType.toLowerCase().startsWith("vanilla")){
if(incumbentTbType.toLowerCase().startsWith("vanilla") && tbType.toLowerCase().startsWith("vanilla")){
var productVersion =system.getProductVersion(productCode);
var productVersion =system.getProductVersion(productCode);
var registryValue=system.getRegValue(registryPath,regValue,n);
var registryValue=system.getRegValue(registryPath,regValue,n);
if (window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.2") != -1 )
if (window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.2") != -1 )
defaultbrowserAppPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice","Progid",0);
defaultbrowserAppPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice","Progid",0);
defaultbrowserPath = "HKEY_CLASSES_ROOT\\" defaultbrowserAppPath "\\shell\\open\\command\\";
defaultbrowserPath = "HKEY_CLASSES_ROOT\\" defaultbrowserAppPath "\\shell\\open\\command\\";
default_browser = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Clients\\StartMenuInternet\\","",0);
default_browser = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Clients\\StartMenuInternet\\","",0);
default_browser = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Clients\\StartMenuInternet\\","",0)
default_browser = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Clients\\StartMenuInternet\\","",0)
default_browser = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Classes\\http\\shell\\open\\command\\","",0);
default_browser = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Classes\\http\\shell\\open\\command\\","",0);
default_browser = pipgetRegValue("HKEY_CLASSES_ROOT\\http\\shell\\open\\command\\","",0);
default_browser = pipgetRegValue("HKEY_CLASSES_ROOT\\http\\shell\\open\\command\\","",0);
function isSupportedBrowser(partnerID) {
function isSupportedBrowser(partnerID) {
if (window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.2") != -1 ) {
if (window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.2") != -1 ) {
defaultbrowserAppPath=pipgetRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice","Progid",0);
defaultbrowserAppPath=pipgetRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice","Progid",0);
defaultbrowserPath="HKEY_CLASSES_ROOT\\" defaultbrowserAppPath "\\shell\\open\\command\\";
defaultbrowserPath="HKEY_CLASSES_ROOT\\" defaultbrowserAppPath "\\shell\\open\\command\\";
defaultBrowser = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Clients\\StartMenuInternet\\","",0);
defaultBrowser = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Clients\\StartMenuInternet\\","",0);
defaultBrowser = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Clients\\StartMenuInternet\\","",0)
defaultBrowser = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Clients\\StartMenuInternet\\","",0)
defaultBrowser=pipgetRegValue("HKEY_CURRENT_USER\\Software\\Classes\\http\\shell\\open\\command\\","",0);
defaultBrowser=pipgetRegValue("HKEY_CURRENT_USER\\Software\\Classes\\http\\shell\\open\\command\\","",0);
defaultBrowser=pipgetRegValue("HKEY_CLASSES_ROOT\\http\\shell\\open\\command\\","",0);
defaultBrowser=pipgetRegValue("HKEY_CLASSES_ROOT\\http\\shell\\open\\command\\","",0);
if(defaultBrowser.toLowerCase().indexOf("firefox.exe") > -1){
if(defaultBrowser.toLowerCase().indexOf("firefox.exe") > -1){
defBrowser =FIREFOX;
defBrowser =FIREFOX;
if(defaultBrowser.toLowerCase().indexOf("iexplore.exe") > -1 ){
if(defaultBrowser.toLowerCase().indexOf("iexplore.exe") > -1 ){
if(defaultBrowser.toLowerCase().indexOf("chrome") > -1 && makeoffer(partnerID)) {
if(defaultBrowser.toLowerCase().indexOf("chrome") > -1 && makeoffer(partnerID)) {
defBrowser =CHROME;
defBrowser =CHROME;
n=defaultBrowser.lastIndexOf("\\");
n=defaultBrowser.lastIndexOf("\\");
defBrowser=defaultBrowser.substring(n,defaultBrowser.length-1);
defBrowser=defaultBrowser.substring(n,defaultBrowser.length-1);
defBrowser=defBrowser.replace(/[^\w\s]/gi, '');
defBrowser=defBrowser.replace(/[^\w\s]/gi, '');
unsupportedBrowser=unsupportedBrowser defBrowser;
unsupportedBrowser=unsupportedBrowser defBrowser;
var checkV5Installed = getProductVersion("{86D4B82A-ABED-442A-BE86-96357B70F4FE}");
var checkV5Installed = getProductVersion("{86D4B82A-ABED-442A-BE86-96357B70F4FE}");
for(var i=0; i
for(var i=0; i
if((incumbentTlbrList[i].indexOf("-SAT") > -1 && satTlbrID.indexOf("-SAT")> -1)) {
if((incumbentTlbrList[i].indexOf("-SAT") > -1 && satTlbrID.indexOf("-SAT")> -1)) {
partnerid.value=incumbentTlbrList[i];
partnerid.value=incumbentTlbrList[i];
if (!isSupportedOS()) return false;
if (!isSupportedOS()) return false;
if(!isSupportedBrowser(primaryTlbrID)){
if(!isSupportedBrowser(primaryTlbrID)){
return getReasonCode(unsupportedBrowser);
return getReasonCode(unsupportedBrowser);
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\AskToolbar\\Macro","tb",0);
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\AskToolbar\\Macro","tb",0);
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\AskToolbar\\Macro","tb",0);
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\AskToolbar\\Macro","tb",0);
if(!isSupportedBrowser(primaryTlbrID))
if(!isSupportedBrowser(primaryTlbrID))
this.value="";
this.value="";
if(!isSupportedBrowser(satTlbrID))
if(!isSupportedBrowser(satTlbrID))
v6SatInstalled=v6SatInstalled " " partnerid.value;
v6SatInstalled=v6SatInstalled " " partnerid.value;
var getIEversion=browser.ieVersion;
var getIEversion=browser.ieVersion;
parseInt(isIE9extnenabled,2)=system.getRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Approved Extensions","{D4027C7F-154A-4066-A1AD-4243D8127440}",0);
parseInt(isIE9extnenabled,2)=system.getRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Approved Extensions","{D4027C7F-154A-4066-A1AD-4243D8127440}",0);
toolbarDisableFlag = system.getRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{D4027C7F-154A-4066-A1AD-4243D8127440}","Flags",0);
toolbarDisableFlag = system.getRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{D4027C7F-154A-4066-A1AD-4243D8127440}","Flags",0);
if(e.message =="CSystemUtil::getRegValue Failed : UnSupported Variant Type of 3"){
if(e.message =="CSystemUtil::getRegValue Failed : UnSupported Variant Type of 3"){
if(e.message =="CSystemUtil::getRegValue Failed : UnSupported Variant Type of 0"){
if(e.message =="CSystemUtil::getRegValue Failed : UnSupported Variant Type of 0"){
if(defBrowser.toLowerCase() == FIREFOX) return true;
if(defBrowser.toLowerCase() == FIREFOX) return true;
if(window.navigator.appVersion.indexOf("Windows NT 5.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 5.2") != -1 ||(window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 && is64Bit())){
if(window.navigator.appVersion.indexOf("Windows NT 5.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 5.2") != -1 ||(window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 && is64Bit())){
return AnchorFreeUnsupportedOS;
return AnchorFreeUnsupportedOS;
AFRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\HotspotShield","Publisher",0);
AFRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\HotspotShield","Publisher",0);
AFRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\HotspotShield","Publisher",0);
AFRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\HotspotShield","Publisher",0);
if(window.navigator.appVersion.indexOf("Windows NT 5.1") != -1 || (window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 && is64Bit())){
if(window.navigator.appVersion.indexOf("Windows NT 5.1") != -1 || (window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 && is64Bit())){
return AudialsOfferNotEligibleUnsupportedOSXP32orVista64bit;
return AudialsOfferNotEligibleUnsupportedOSXP32orVista64bit;
var DPRegistryPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\DealPly","InstallStatus",0);
var DPRegistryPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\DealPly","InstallStatus",0);
if(!isEmpty(DPRegistryPath) && DPRegistryPath.toLowerCase() =="ok"){
if(!isEmpty(DPRegistryPath) && DPRegistryPath.toLowerCase() =="ok"){
var UBRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Uniblue\\SpeedUpMyPC","InstalledLocation",0);
var UBRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Uniblue\\SpeedUpMyPC","InstalledLocation",0);
var PTRegistryPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Paltalk","InstallerAppDir",0);
var PTRegistryPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Paltalk","InstallerAppDir",0);
var SFRegistryPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\AppDataLow\\Software\\superfish","InstallStatus",0);
var SFRegistryPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\AppDataLow\\Software\\superfish","InstallStatus",0);
if(!isEmpty(SFRegistryPath) && SFRegistryPath.toLowerCase() =="ok"){
if(!isEmpty(SFRegistryPath) && SFRegistryPath.toLowerCase() =="ok"){
if(!v6SaturationToolbarOfferFlag &&!showSecondaryOffer &&(primaryTlbrID.toLowerCase().indexOf("myc") > -1 || satTlbrID.toLowerCase().indexOf("myc-sat") > -1)){
if(!v6SaturationToolbarOfferFlag &&!showSecondaryOffer &&(primaryTlbrID.toLowerCase().indexOf("myc") > -1 || satTlbrID.toLowerCase().indexOf("myc-sat") > -1)){
var SCRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Speedchecker Limited\\PC Speed Up","Uninstaller",0);
var SCRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Speedchecker Limited\\PC Speed Up","Uninstaller",0);
if(window.navigator.appVersion.indexOf("Windows NT 5.1") != -1){
if(window.navigator.appVersion.indexOf("Windows NT 5.1") != -1){
winServicePackRegValue=pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","CSDVersion",0);
winServicePackRegValue=pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","CSDVersion",0);
if(window.navigator.appVersion.indexOf("Windows NT 5.2") != -1) {
if(window.navigator.appVersion.indexOf("Windows NT 5.2") != -1) {
reasonString = UnsupportedOSXP64bit;
reasonString = UnsupportedOSXP64bit;
cpuSpeed = system.getRegValue("HKLM\\Hardware\\Description\\System\\Centralprocessor\\0","~MHZ",0);
cpuSpeed = system.getRegValue("HKLM\\Hardware\\Description\\System\\Centralprocessor\\0","~MHZ",0);
physicalMemory=(system.getTotalPhysicalMemory());
physicalMemory=(system.getTotalPhysicalMemory());
diskFreeSize = system.getDiskFreeSize();
diskFreeSize = system.getDiskFreeSize();
var nortonToolbarKey;
var nortonToolbarKey;
nortonToolbarKey = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Toolbar","{A13C2648-91D4-4bf3-BC6D-0079707C4389}",0);
nortonToolbarKey = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Toolbar","{A13C2648-91D4-4bf3-BC6D-0079707C4389}",0);
if(isEmpty(nortonToolbarKey)){
if(isEmpty(nortonToolbarKey)){
nortonToolbarKey = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Toolbar","{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}",0);
nortonToolbarKey = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Toolbar","{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}",0);
nortonToolbarKey = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar","{A13C2648-91D4-4bf3-BC6D-0079707C4389}",0);
nortonToolbarKey = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar","{A13C2648-91D4-4bf3-BC6D-0079707C4389}",0);
if(!isEmpty(nortonToolbarKey)){
if(!isEmpty(nortonToolbarKey)){
logger.log("\r\n******************Norton Toolbar Installed****************");
logger.log("\r\n******************Norton Toolbar Installed****************");
partnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\AskPartnerNetwork\\Toolbar\\";
partnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\AskPartnerNetwork\\Toolbar\\";
partnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\";
partnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\";
for(var i=0; i
for(var i=0; i
if(installedPartners[i].startsWith(partner)){
if(installedPartners[i].startsWith(partner)){
toolbarID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\AskToolbar\\Macro","tb",0);
toolbarID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\AskToolbar\\Macro","tb",0);
toolbarID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\AskToolbar\\Macro","tb",0);
toolbarID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\AskToolbar\\Macro","tb",0);
if(toolbarID.startsWith(partnerids)){
if(toolbarID.startsWith(partnerids)){
for(var i=0; i
for(var i=0; i
String.prototype.startsWith = function(prefix) {
String.prototype.startsWith = function(prefix) {
return this.indexOf(prefix) === 0;
return this.indexOf(prefix) === 0;
function clientSupported() {
function clientSupported() {
var versionValue=cmpVersions(version,"2.6.12.1");
var versionValue=cmpVersions(version,"2.6.12.1");
if(!clientSupported()){
if(!clientSupported()){
return getReasonCode(OldClientAskSecureOfferNotSupported);
return getReasonCode(OldClientAskSecureOfferNotSupported);
Offers.Check = function (offer_id)
Offers.Check = function (offer_id)
offers_gen_params = offers_gen_params || JSON.parse(pipclient.getOffers());
offers_gen_params = offers_gen_params || JSON.parse(pipclient.getOffers());
if (!this.cache)
if (!this.cache)
this.cache = [];
this.cache = [];
for (var i = 0; i
for (var i = 0; i
var ttt = offers_gen_params.offers[i].id;
var ttt = offers_gen_params.offers[i].id;
var t_obj = {id : offers_gen_params.offers[i].id};
var t_obj = {id : offers_gen_params.offers[i].id};
this.cache.push(t_obj);
this.cache.push(t_obj);
for (var i = 0; i
for (var i = 0; i
if (this.cache[i].id === offer_id)
if (this.cache[i].id === offer_id)
if (this.cache[i].result)
if (this.cache[i].result)
} // Offers.Check
} // Offers.Check
Offers.RetrieveResult = function (offer_id)
Offers.RetrieveResult = function (offer_id)
return this.cache[i].result;
return this.cache[i].result;
} // Offers.RetrieveResult
} // Offers.RetrieveResult
Offers.OfferedToolbars = function (installed_toolbars, offer_id)
Offers.OfferedToolbars = function (installed_toolbars, offer_id)
if (this.cache[i].tb_info && this.cache[i].tb_info.PID)
if (this.cache[i].tb_info && this.cache[i].tb_info.PID)
installed_toolbars.push(this.cache[i].tb_info);
installed_toolbars.push(this.cache[i].tb_info);
} // Offers.OfferedToolbars
} // Offers.OfferedToolbars
Offers.StoreResult = function (offer_id, result, toolbar_to_be_installed)
Offers.StoreResult = function (offer_id, result, toolbar_to_be_installed)
this.cache[i].result = result;
this.cache[i].result = result;
this.cache[i].tb_info = toolbar_to_be_installed;
this.cache[i].tb_info = toolbar_to_be_installed;
for ( i; i
for ( i; i
delete this.cache[i].result;
delete this.cache[i].result;
} // Offers.StoreResult
} // Offers.StoreResult
if (show_logger) logger.log(" --- Enter InstallCheck with param of : " JSON.stringify(param));
if (show_logger) logger.log(" --- Enter InstallCheck with param of : " JSON.stringify(param));
if (!isSupportedOS() || !isOSServicePackCompatible())
if (!isSupportedOS() || !isOSServicePackCompatible())
return_JSON.result = parseInt(reasonString, 10);
return_JSON.result = parseInt(reasonString, 10);
return_JSON.errorDescription = reasonString;
return_JSON.errorDescription = reasonString;
return JSON.stringify(return_JSON);
return JSON.stringify(return_JSON);
toolbar_to_be_installed.PID = primaryTlbrID;
toolbar_to_be_installed.PID = primaryTlbrID;
if (Offers.Check(offer_id))
if (Offers.Check(offer_id))
return JSON.stringify(Offers.RetrieveResult(offer_id));
return JSON.stringify(Offers.RetrieveResult(offer_id));
Offers.OfferedToolbars(installed_toolbars, offer_id);
Offers.OfferedToolbars(installed_toolbars, offer_id);
all_browsers = all_browsers || JSON.parse(browser.allBrowsers);
all_browsers = all_browsers || JSON.parse(browser.allBrowsers);
return_JSON.result = 0;
return_JSON.result = 0;
return_JSON.result = 1;
return_JSON.result = 1;
return_JSON.result = parseInt(result, 10);
return_JSON.result = parseInt(result, 10);
return_JSON.errorDescription = result;
return_JSON.errorDescription = result;
return_JSON.lookupTable.fileid = "v6ic";
return_JSON.lookupTable.fileid = "v6ic";
return_JSON.lookupTable.stubversion = "6.6.0";
return_JSON.lookupTable.stubversion = "6.6.0";
Offers.StoreResult(offer_id, return_JSON, toolbar_to_be_installed);
Offers.StoreResult(offer_id, return_JSON, toolbar_to_be_installed);
if (show_logger) logger.log("RETURN RESULT FOR V6 CALL : " JSON.stringify(return_JSON));
if (show_logger) logger.log("RETURN RESULT FOR V6 CALL : " JSON.stringify(return_JSON));
return JSON.stringify(return_JSON);
return JSON.stringify(return_JSON);
var p_param = param.split("|");
var p_param = param.split("|");
for (var i = 0; i
for (var i = 0; i
if (offers_gen_params.offers[i].id === offer_id)
if (offers_gen_params.offers[i].id === offer_id)
var toolbar_id = offers_gen_params.offers[i].ToolbarID || "";
var toolbar_id = offers_gen_params.offers[i].ToolbarID || "";
if (toolbar_id.indexOf("-SAT") > 0)
if (toolbar_id.indexOf("-SAT") > 0)
if (offers_gen_params.offers[i].id === p_offer_id)
if (offers_gen_params.offers[i].id === p_offer_id)
toolbar_type = offers_gen_params.offers[i].tbType || "";
toolbar_type = offers_gen_params.offers[i].tbType || "";
toolbar_id = offers_gen_params.offers[i].ToolbarID || "";
toolbar_id = offers_gen_params.offers[i].ToolbarID || "";
var r1 = toolbar_id.match(reg_exp);
var r1 = toolbar_id.match(reg_exp);
r2 = toolbar_id.slice(0, -r1[0].length);
r2 = toolbar_id.slice(0, -r1[0].length);
if (r1[0].length === 3)
if (r1[0].length === 3)
return Offers.RetrieveResult(offer_id);
return Offers.RetrieveResult(offer_id);
return JSON.stringify(ps_check);
return JSON.stringify(ps_check);
Offers.OfferedToolbars(installed_toolbars, offer_id);
Offers.OfferedToolbars(installed_toolbars, offer_id);
all_browsers = all_browsers || JSON.parse(browser.allBrowsers);
all_browsers = all_browsers || JSON.parse(browser.allBrowsers);
if (!all_browsers.dfBr)
if (!all_browsers.dfBr)
all_browsers.dfBr = defaultBrowser();
all_browsers.dfBr = defaultBrowser();
if (show_logger) logger.log("\r\n All browsers values: " JSON.stringify(all_browsers) " : ");
if (show_logger) logger.log("\r\n All browsers values: " JSON.stringify(all_browsers) " : ");
offers_gen_params = offers_gen_params || JSON.parse(pipclient.getOffers());
offers_gen_params = offers_gen_params || JSON.parse(pipclient.getOffers());
if (show_logger) logger.log("Actual Param " param " *******Returned offers " JSON.stringify(offers_gen_params) "\n");
if (show_logger) logger.log("Actual Param " param " *******Returned offers " JSON.stringify(offers_gen_params) "\n");
if (show_logger) logger.log("Installed Toolbars : " JSON.stringify(installed_toolbars) "\n");
if (show_logger) logger.log("Installed Toolbars : " JSON.stringify(installed_toolbars) "\n");
if (show_logger) logger.log("Toolbar To Be Installed : " JSON.stringify(toolbar_to_be_installed) "\n");
if (show_logger) logger.log("Toolbar To Be Installed : " JSON.stringify(toolbar_to_be_installed) "\n");
return_JSON.errorDescription = "";
return_JSON.errorDescription = "";
return_JSON.result = parseInt(reasonString, 10);
return_JSON.result = parseInt(reasonString, 10);
return_JSON.errorDescription = reasonString;
return_JSON.errorDescription = reasonString;
if (show_logger) logger.log("\r\n********** V7 Stringified JSON " JSON.stringify(return_JSON));
if (show_logger) logger.log("\r\n********** V7 Stringified JSON " JSON.stringify(return_JSON));
if (return_JSON.result !== 0)
if (return_JSON.result !== 0)
toolbar_to_be_installed.browser = target_browser;
toolbar_to_be_installed.browser = target_browser;
Offers.StoreResult(offer_id, return_JSON, toolbar_to_be_installed);
Offers.StoreResult(offer_id, return_JSON, toolbar_to_be_installed);
if (show_logger) logger.log("\r\n******Error*****" e.message);
if (show_logger) logger.log("\r\n******Error*****" e.message);
for (var i = 0; i
for (var i = 0; i
if (offers_gen_params.offers[i].id === offer_id)
if (offers_gen_params.offers[i].id === offer_id)
//var toolbar_id = offers_gen_params.offers[i].ToolbarID || "";
//var toolbar_id = offers_gen_params.offers[i].ToolbarID || "";
var offer_type = offers_gen_params.offers[i].offerType || "";
var offer_type = offers_gen_params.offers[i].offerType || "";
offer_type = offer_type.toLowerCase();
offer_type = offer_type.toLowerCase();
if (offer_type.indexOf("saturation") >= 0)
if (offer_type.indexOf("saturation") >= 0)
else if (offer_type.indexOf("toolbar") >= 0)
else if (offer_type.indexOf("toolbar") >= 0)
return_JSON.result = parseInt(secondaryOfferRejected, 10);
return_JSON.result = parseInt(secondaryOfferRejected, 10);
return_JSON.errorDescription = secondaryOfferRejected;
return_JSON.errorDescription = secondaryOfferRejected;
var tb = "" || (all_browsers && all_browsers.orBr);
var tb = "" || (all_browsers && all_browsers.orBr);
return tb.slice(0, 2);
return tb.slice(0, 2);
var tb = "" || (all_browsers && all_browsers.dfBr);
var tb = "" || (all_browsers && all_browsers.dfBr);
var tb = "" || (all_browsers && all_browsers.cmdBr);
var tb = "" || (all_browsers && all_browsers.cmdBr);
if (show_logger) logger.log("\nCanBeInstalled :\n");
if (show_logger) logger.log("\nCanBeInstalled :\n");
if (show_logger) logger.log(" Installed Toolbars : " JSON.stringify(installed_toolbars) "\n");
if (show_logger) logger.log(" Installed Toolbars : " JSON.stringify(installed_toolbars) "\n");
for (var i = 0, N = installed_toolbars.length; i
for (var i = 0, N = installed_toolbars.length; i
var pid_name = installed_toolbars[i].PID;
var pid_name = installed_toolbars[i].PID;
if (name === toolbar_to_be_installed.PID)
if (name === toolbar_to_be_installed.PID)
to_be_installed.push(toolbar_to_be_installed);
to_be_installed.push(toolbar_to_be_installed);
if (installed_toolbars.length && isUniquePIDOnMachine(installed_toolbars, toolbar_to_be_installed.PID))
if (installed_toolbars.length && isUniquePIDOnMachine(installed_toolbars, toolbar_to_be_installed.PID))
reasonString = tbtypeOfBlockPIDNotEqual " PIDS " installed_toolbars[0].PID " and " toolbar_to_be_installed.PID;
reasonString = tbtypeOfBlockPIDNotEqual " PIDS " installed_toolbars[0].PID " and " toolbar_to_be_installed.PID;
PID_to_be_installed.push(toolbar_to_be_installed.PID);
PID_to_be_installed.push(toolbar_to_be_installed.PID);
for (var i = 0, N = installed_toolbars.length; i
for (var i = 0, N = installed_toolbars.length; i
PIDs_on_Machine.push(installed_toolbars[i].PID);
PIDs_on_Machine.push(installed_toolbars[i].PID);
if (show_logger) logger.log(" PID on Blocked List: " JSON.stringify(PIDs_on_Machine) " and " JSON.stringify(toolbar_to_be_installed) "\n");
if (show_logger) logger.log(" PID on Blocked List: " JSON.stringify(PIDs_on_Machine) " and " JSON.stringify(toolbar_to_be_installed) "\n");
reasonString = PIDIsOnBlockedList " " toolbar_to_be_installed.PID;
reasonString = PIDIsOnBlockedList " " toolbar_to_be_installed.PID;
if (jsonString.blocklistedPartners.length === 0)
if (jsonString.blocklistedPartners.length === 0)
for (var i = 0; i
for (var i = 0; i
for (var j = 0; j
for (var j = 0; j
if (jsonString.blocklistedPartners[j] === p_toolbartypes[i])
if (jsonString.blocklistedPartners[j] === p_toolbartypes[i])
for (var i = 0; i
for (var i = 0; i
if (TbTypesIntersect(installed_toolbars[i].tb_type, toolbar_to_be_installed.tb_type))
if (TbTypesIntersect(installed_toolbars[i].tb_type, toolbar_to_be_installed.tb_type))
if (installed_toolbars[i].PID != toolbar_to_be_installed.PID)
if (installed_toolbars[i].PID != toolbar_to_be_installed.PID)
reasonString = " Installed PID/tbType " installed_toolbars[i].PID "/" installed_toolbars[i].tb_type;
reasonString = " Installed PID/tbType " installed_toolbars[i].PID "/" installed_toolbars[i].tb_type;
reasonString = " New PID/tbType " toolbar_to_be_installed.PID "/" toolbar_to_be_installed.tb_type;
reasonString = " New PID/tbType " toolbar_to_be_installed.PID "/" toolbar_to_be_installed.tb_type;
for (var i = 0; i
for (var i = 0; i
if ((p_installed_toolbars[i].PID.substring(0, 4) === "AVR-") ||
if ((p_installed_toolbars[i].PID.substring(0, 4) === "AVR-") ||
(p_installed_toolbars[i].PID.substring(0, 6) === "AVIRA-") )
(p_installed_toolbars[i].PID.substring(0, 6) === "AVIRA-") )
if (p_toolbar_to_be_installed.PID.substring(0, 6) === "AVIRA-")
if (p_toolbar_to_be_installed.PID.substring(0, 6) === "AVIRA-")
if (p_toolbar_to_be_installed.tb_type.toLowerCase() === "secure")
if (p_toolbar_to_be_installed.tb_type.toLowerCase() === "secure")
var list_1 = tb_type_1.split(",");
var list_1 = tb_type_1.split(",");
var list_2 = tb_type_2.split(",");
var list_2 = tb_type_2.split(",");
for (var i = 0; i
for (var i = 0; i
for (var j = 0; j
for (var j = 0; j
if (list_1[i].toLowerCase() == list_2[j].toLowerCase())
if (list_1[i].toLowerCase() == list_2[j].toLowerCase())
for (var i = 0; i
for (var i = 0; i
if (toolbars[i].tb_type === "blocked")
if (toolbars[i].tb_type === "blocked")
if (installed_toolbars[i].PID == toolbar_to_be_installed.PID)
if (installed_toolbars[i].PID == toolbar_to_be_installed.PID)
for (var i = 0; i
for (var i = 0; i
if (show_logger) logger.log("CheckVersion :");
if (show_logger) logger.log("CheckVersion :");
p_browser = p_browser.toLowerCase();
p_browser = p_browser.toLowerCase();
reasonString = inputBrowserTypeNotSupported " [" p_browser "]";
reasonString = inputBrowserTypeNotSupported " [" p_browser "]";
if (all_browsers && all_browsers.ie)
if (all_browsers && all_browsers.ie)
var version = parseInt(all_browsers.ie, 10);
var version = parseInt(all_browsers.ie, 10);
reasonString = inputIEBrowserVersionNotSupported " [" all_browsers.ie "]";
reasonString = inputIEBrowserVersionNotSupported " [" all_browsers.ie "]";
if (show_logger) logger.log(" CheckVersion of Chrome");
if (show_logger) logger.log(" CheckVersion of Chrome");
if (all_browsers && all_browsers.cr)
if (all_browsers && all_browsers.cr)
var version = parseInt(all_browsers.cr, 10);
var version = parseInt(all_browsers.cr, 10);
if (show_logger) logger.log(" CheckVersion of Chrome, version : " version);
if (show_logger) logger.log(" CheckVersion of Chrome, version : " version);
reasonString = inputCRBrowserVersionNotSupported " [" all_browsers.cr "]";
reasonString = inputCRBrowserVersionNotSupported " [" all_browsers.cr "]";
if (all_browsers && all_browsers.ff)
if (all_browsers && all_browsers.ff)
var version = parseInt(all_browsers.ff, 10);
var version = parseInt(all_browsers.ff, 10);
reasonString = inputFFBrowserVersionNotSupported " [" all_browsers.ff "]";
reasonString = inputFFBrowserVersionNotSupported " [" all_browsers.ff "]";
if (installed_toolbars[i].browser == p_browser)
if (installed_toolbars[i].browser == p_browser)
toolbars_on_browser.push(installed_toolbars[i]);
toolbars_on_browser.push(installed_toolbars[i]);
if (toolbars_on_browser.length == 0)
if (toolbars_on_browser.length == 0)
if (show_logger) logger.log(" Toolbars on Browser == 0 return " p_browser "\n");
if (show_logger) logger.log(" Toolbars on Browser == 0 return " p_browser "\n");
if (toolbars_on_browser[0].PID == toolbar_to_be_installed.PID)
if (toolbars_on_browser[0].PID == toolbar_to_be_installed.PID)
if (show_logger) logger.log(" PID === PID : " toolbars_on_browser[0].PID " : " toolbar_to_be_installed.PID "\n");
if (show_logger) logger.log(" PID === PID : " toolbars_on_browser[0].PID " : " toolbar_to_be_installed.PID "\n");
reasonString = PIDsAreSameOnSameBrowser ", Browser " p_browser " PIDS [" toolbar_to_be_installed.PID "]";
reasonString = PIDsAreSameOnSameBrowser ", Browser " p_browser " PIDS [" toolbar_to_be_installed.PID "]";
if (toolbars_on_browser.length >= MAX_NUMBER_OF_TOOLBARS_ON_BROWSER)
if (toolbars_on_browser.length >= MAX_NUMBER_OF_TOOLBARS_ON_BROWSER)
if (show_logger) logger.log(" >= MAX_NUMBER_OF_TOOLBARS_ON_BROWSER \n");
if (show_logger) logger.log(" >= MAX_NUMBER_OF_TOOLBARS_ON_BROWSER \n");
this.PID = p_PID;
this.PID = p_PID;
this.tb_type = p_tb_type;
this.tb_type = p_tb_type;
this.browser = p_browser;
this.browser = p_browser;
var checkV5Installed = getProductVersion("{86D4B82A-ABED-442A-BE86-96357B70F4FE}");
var checkV5Installed = getProductVersion("{86D4B82A-ABED-442A-BE86-96357B70F4FE}");
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\AskToolbar\\Macro","tb",0) || "";
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\AskToolbar\\Macro","tb",0) || "";
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\AskToolbar\\Macro","tb",0) || "";
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\AskToolbar\\Macro","tb",0) || "";
result.push({PID: v5TlbrID, tb_type : "ALL", browser : "ie"});
result.push({PID: v5TlbrID, tb_type : "ALL", browser : "ie"});
result.push({PID: v5TlbrID, tb_type : "ALL", browser : "ff"});
result.push({PID: v5TlbrID, tb_type : "ALL", browser : "ff"});
result.push({PID: v5TlbrID, tb_type : "ALL", browser : "cr"});
result.push({PID: v5TlbrID, tb_type : "ALL", browser : "cr"});
incumbentPartnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\AskPartnerNetwork\\Toolbar\\";
incumbentPartnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\AskPartnerNetwork\\Toolbar\\";
incumbentPartnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\";
incumbentPartnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\";
for (i = 0; i
for (i = 0; i
result.push({PID: partners[i], tb_type : tb_type, browser : "ie"});
result.push({PID: partners[i], tb_type : tb_type, browser : "ie"});
result.push({PID: partners[i], tb_type : tb_type, browser : "ff"});
result.push({PID: partners[i], tb_type : tb_type, browser : "ff"});
result.push({PID: partners[i], tb_type : tb_type, browser : "cr"});
result.push({PID: partners[i], tb_type : tb_type, browser : "cr"});
var tb_incumbent_path = "HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\";
var tb_incumbent_path = "HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\";
if (browsers.search("_IE") > 0)
if (browsers.search("_IE") > 0)
result.push({PID: partners[i], tb_type : tb_type, browser : "ie"});
result.push({PID: partners[i], tb_type : tb_type, browser : "ie"});
if (browsers.search("_CR") > 0)
if (browsers.search("_CR") > 0)
result.push({PID: partners[i], tb_type : tb_type, browser : "cr"});
result.push({PID: partners[i], tb_type : tb_type, browser : "cr"});
if (browsers.search("_FF") > 0)
if (browsers.search("_FF") > 0)
result.push({PID: partners[i], tb_type : tb_type, browser : "ff"});
result.push({PID: partners[i], tb_type : tb_type, browser : "ff"});
this.result = 0;
this.result = 0;
this.errorDescription = "";
this.errorDescription = "";
this.display = t_f === true ? 1 : 0;
this.display = t_f === true ? 1 : 0;
this.reporting = new Reporting();
this.reporting = new Reporting();
this.lookupTable = t_f === true ? new LookupTable(arguments[3]) : {};
this.lookupTable = t_f === true ? new LookupTable(arguments[3]) : {};
//this.tb_info = toolbar_to_be_installed;
//this.tb_info = toolbar_to_be_installed;
function Reporting()
function Reporting()
this.trgb = target_browser.toUpperCase();
this.trgb = target_browser.toUpperCase();
this.orgb = all_browsers.orBr.toUpperCase();
this.orgb = all_browsers.orBr.toUpperCase();
this.apn_dbr = all_browsers.dfBr.toUpperCase();
this.apn_dbr = all_browsers.dfBr.toUpperCase();
this.cmdb = all_browsers.cmdBr;
this.cmdb = all_browsers.cmdBr;
this.IEVersionInstalled = all_browsers.ie;
this.IEVersionInstalled = all_browsers.ie;
this.FFVersionInstalled = all_browsers.ff;
this.FFVersionInstalled = all_browsers.ff;
this.ChromeVersionInstalled = all_browsers.cr;
this.ChromeVersionInstalled = all_browsers.cr;
this.TrackID = "";
this.TrackID = "";
if (offers_gen_params && offers_gen_params.GeneralParameters && offers_gen_params.GeneralParameters.TrackID)
if (offers_gen_params && offers_gen_params.GeneralParameters && offers_gen_params.GeneralParameters.TrackID)
this.TrackID = offers_gen_params.GeneralParameters.TrackID;
this.TrackID = offers_gen_params.GeneralParameters.TrackID;
this.IETB = toolbars_on_ie;
this.IETB = toolbars_on_ie;
this.FFTB = toolbars_on_ff;
this.FFTB = toolbars_on_ff;
this.ChromeTB = toolbars_on_cr;
this.ChromeTB = toolbars_on_cr;
this.TBPartnerid = toolbar_to_be_installed.PID
this.TBPartnerid = toolbar_to_be_installed.PID
for (var i = 0, N = installed_toolbars.length; i
for (var i = 0, N = installed_toolbars.length; i
if (installed_toolbars[i].browser == p_browser)
if (installed_toolbars[i].browser == p_browser)
toolbars_on_browser = installed_toolbars[i].PID ":" installed_toolbars[i].tb_type;
toolbars_on_browser = installed_toolbars[i].PID ":" installed_toolbars[i].tb_type;
this.BROWSER_TEXT = "Browser_" target_browser.toUpperCase() "_TXT";
this.BROWSER_TEXT = "Browser_" target_browser.toUpperCase() "_TXT";
this.targetBrowser = target_browser.toUpperCase();
this.targetBrowser = target_browser.toUpperCase();
this.fileid = "QRST_ABCD";
this.fileid = "QRST_ABCD";
this.orgb = all_browsers.orBr.toUpperCase();
this.orgb = all_browsers.orBr.toUpperCase();
this.stubversion = "7.0.0";
this.stubversion = "7.0.0";
this.tbType = tb_info?tb_info.tb_type:"";
this.tbType = tb_info?tb_info.tb_type:"";
this.tbID = tb_info.PID;
this.tbID = tb_info.PID;
return_obj.result = 1;
return_obj.result = 1;
return_obj.errorDescription = "Value Was False";
return_obj.errorDescription = "Value Was False";
return_obj.display = 0;
return_obj.display = 0;
if (show_logger) logger.log("\r\n ****** Frog UI. Parameter " param);
if (show_logger) logger.log("\r\n ****** Frog UI. Parameter " param);
if (show_logger) logger.log ("type of param is " typeof param);
if (show_logger) logger.log ("type of param is " typeof param);
var offer_ids = param.split('-');
var offer_ids = param.split('-');
if (show_logger) logger.log("offer_ids after split");
if (show_logger) logger.log("offer_ids after split");
if (show_logger) logger.log("offer_ids " offer_ids);
if (show_logger) logger.log("offer_ids " offer_ids);
var offer_ids = param.split('-')[0].split('|');
var offer_ids = param.split('-')[0].split('|');
if (show_logger) logger.log(" --- offer_ids -- " offer_ids[0] " : " offer_ids[1]);
if (show_logger) logger.log(" --- offer_ids -- " offer_ids[0] " : " offer_ids[1]);
checkness = param.split('-');
checkness = param.split('-');
if (show_logger) logger.log(" --- checkyness " JSON.stringify(checkness));
if (show_logger) logger.log(" --- checkyness " JSON.stringify(checkness));
checkness = checkness[checkness.length-1];
checkness = checkness[checkness.length-1];
checkness = checkness.split('|');
checkness = checkness.split('|');
for (var i = 0; i
for (var i = 0; i
if (checkness[i].search("oi") >= 0)
if (checkness[i].search("oi") >= 0)
if (show_logger) logger.log(" --- checkyness " JSON.stringify(checkness[i]));
if (show_logger) logger.log(" --- checkyness " JSON.stringify(checkness[i]));
var checkness_parts = checkness[i].split(':');
var checkness_parts = checkness[i].split(':');
if (show_logger) logger.log(" --- checkyness is true ");
if (show_logger) logger.log(" --- checkyness is true ");
return_obj.errorDescription = "";
return_obj.errorDescription = "";
return_obj.display = 1;
return_obj.display = 1;
return_obj.result = 0;
return_obj.result = 0;
if (show_logger) logger.log (JSON.stringify(return_obj));
if (show_logger) logger.log (JSON.stringify(return_obj));
return_obj.result = 1;
return_obj.result = 1;
return_obj.errorDescription = "Error Executing Rule";
return_obj.errorDescription = "Error Executing Rule";
return_obj.display = 0;
return_obj.display = 0;
return JSON.stringify(return_obj);
return JSON.stringify(return_obj);
if (show_logger) logger.log("\r\n ****** UI rule. Parameter " param);
if (show_logger) logger.log("\r\n ****** UI rule. Parameter " param);
stdole2.tlbWWW
stdole2.tlbWWW
.ICColorStaticWWWd
.ICColorStaticWWWd
strRulesJSUrlWWW
strRulesJSUrlWWW
zIPIPRulesExecutorWWW
zIPIPRulesExecutorWWW
strKeyWW
strKeyWW
strCmdLineWW
strCmdLineWW
rchromeVersionWWWx
rchromeVersionWWWx
BchromeDefaultSearchProviderWx
BchromeDefaultSearchProviderWx
chromeHomePageWWx
chromeHomePageWWx
Get object from ScriptObject Map using object name as keyW
Get object from ScriptObject Map using object name as keyW
Callback for rules executorWWW
Callback for rules executorWWW
Get version of Firefox browser$
Get version of Firefox browser$
Get version of Google Chrome browserWW8
Get version of Google Chrome browserWW8
Get Default Search provider in Firefox browser4
Get Default Search provider in Firefox browser4
Get Default Search provider in Google Chrome browserWW*
Get Default Search provider in Google Chrome browserWW*
Get Home Page in Firefox browserWW&
Get Home Page in Firefox browserWW&
Get Home Page in Google Chrome browser
Get Home Page in Google Chrome browser
Writes a message to the console and opens a nested block to indent all future messages sent to the console. Call console.groupEnd() to close the block.WWW1
Writes a message to the console and opens a nested block to indent all future messages sent to the console. Call console.groupEnd() to close the block.WWW1
Created by MIDL version 7.00.0555 at Thu Jun 20 14:52:05 2013
Created by MIDL version 7.00.0555 at Thu Jun 20 14:52:05 2013
HKEY_CURRENT_USER\Software\APN PIP\Analytics\{partnerid}
HKEY_CURRENT_USER\Software\APN PIP\Analytics\{partnerid}
anx.apnanalytics.com/200/pip/test.gif?
anx.apnanalytics.com/200/pip/test.gif?
pipoffers.apnpartners.com/PIP/OfferAccept.jhtml
pipoffers.apnpartners.com/PIP/OfferAccept.jhtml
hXXp://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}
hXXp://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}
If you accept the terms of the agreement, click I Agree to continue. You must accept the agreement to install FrostWire 4.21.3
If you accept the terms of the agreement, click I Agree to continue. You must accept the agreement to install FrostWire 4.21.3
VVV.FrostWire.com
VVV.FrostWire.com
./orchestrator.html?PIPPID=PCD&PTBPartnerID=PCD-G&tbType=vanilla&version={version}
./orchestrator.html?PIPPID=PCD&PTBPartnerID=PCD-G&tbType=vanilla&version={version}
STRID_Executingfile
STRID_Executingfile
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
Loading Dictionary.com required files...
Loading Dictionary.com required files...
Dictionary.com Setup
Dictionary.com Setup
Loading Dictionary.com required files...
Loading Dictionary.com required files...
Dictionary.com Setup
Dictionary.com Setup
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
PIP Installing...
PIP Installing...
*Toolbar installs and browser settings apply in Firefox.
*Toolbar installs and browser settings apply in Firefox.
*Toolbar installs and browser settings apply in Chrome.
*Toolbar installs and browser settings apply in Chrome.
*Toolbar installs and browser settings apply in IE, Firefox and Chrome.
*Toolbar installs and browser settings apply in IE, Firefox and Chrome.
.NET control deployment tool
.NET control deployment tool
version="1.0.0.0"
version="1.0.0.0"
.NET control deployment tool
.NET control deployment tool
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
3?3
3?3
7$767?7`7
7$767?7`7
0-0A0h0}0
0-0A0h0}0
7!7%7)7-71757{7
7!7%7)7-71757{7
6*7074787
6*7074787
=">*>0>7>
=">*>0>7>
7&7,71777
7&7,71777
; ;$;(;,;0;4;8;
; ;$;(;,;0;4;8;
6 6$6(6,6
6 6$6(6,6
1(141
1(141
1 1$1(1,1
1 1$1(1,1
ekernel32.dll
ekernel32.dll
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
nKERNEL32.DLL
nKERNEL32.DLL
WUSER32.DLL
WUSER32.DLL
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
Advapi32.dll
Advapi32.dll
hXXp://ak.pipoffers.apnpartners.com/static/partners/{partnerid}/APNAnalytics.xml
hXXp://ak.pipoffers.apnpartners.com/static/partners/{partnerid}/APNAnalytics.xml
hXXp://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}&src={publisher}
hXXp://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}&src={publisher}
hXXp://localhost/APNAnalytics.xml
hXXp://localhost/APNAnalytics.xml
hXXp://localhost/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}&src={publisher}
hXXp://localhost/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}&src={publisher}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
SOFTWARE\Mozilla\Mozilla Firefox
SOFTWARE\Mozilla\Mozilla Firefox
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
n\Mozilla\Firefox
n\Mozilla\Firefox
\profiles.ini
\profiles.ini
\prefs.js
\prefs.js
"\Google\Chrome\User Data\Default\Preferences
"\Google\Chrome\User Data\Default\Preferences
google:baseURL
google:baseURL
VVV.google.com
VVV.google.com
"%d.%d.%d.%d
"%d.%d.%d.%d
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\userchoice
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\userchoice
HKEY_CLASSES_ROOT\
HKEY_CLASSES_ROOT\
http\shell\open\command\
http\shell\open\command\
firefox
firefox
chrome
chrome
M-d-dTd:d:d_-
M-d-dTd:d:d_-
d:d
d:d
Failed to get IE default Search provider. Win32 error code %d
Failed to get IE default Search provider. Win32 error code %d
Failed to get IE Hpr value. Win32 error code %d
Failed to get IE Hpr value. Win32 error code %d
Failed to get FF DS value. Win32 error code %d
Failed to get FF DS value. Win32 error code %d
Failed to get FF Hpr value. Win32 error code %d
Failed to get FF Hpr value. Win32 error code %d
Failed to get GChrome DS value. Win32 error code %d
Failed to get GChrome DS value. Win32 error code %d
Failed to get GChrome HPR value. Win32 error code %d
Failed to get GChrome HPR value. Win32 error code %d
Failed to get IE version. Win32 error code %d
Failed to get IE version. Win32 error code %d
Failed to get Firefox version. Win32 error code %d
Failed to get Firefox version. Win32 error code %d
Failed to get Chrome version. Win32 error code %d
Failed to get Chrome version. Win32 error code %d
"cmdBr":
"cmdBr":
treport
treport
IDispatch error #%d
IDispatch error #%d
Downloader(BITS)::InitializeBITS::CoInitializeSecurity : Error = 0x%X - %s
Downloader(BITS)::InitializeBITS::CoInitializeSecurity : Error = 0x%X - %s
https
https
WaitForDownloadCompleteInternal File Name %s BytesTotal %I64d BytesTransferred %I64d FileIndex %d
WaitForDownloadCompleteInternal File Name %s BytesTotal %I64d BytesTransferred %I64d FileIndex %d
ShowExecutionProgress
ShowExecutionProgress
2.8.0.2
2.8.0.2
.Previous
.Previous
PIPReportSever
PIPReportSever
.The config.xml file is missing or invalid!
.The config.xml file is missing or invalid!
.NumberOfSecOffersToShow
.NumberOfSecOffersToShow
The required key OfferXml is missing or invalid!
The required key OfferXml is missing or invalid!
APNAnalytics.xml
APNAnalytics.xml
apnconfig_en.xml
apnconfig_en.xml
apnconfig.xml
apnconfig.xml
.Local mode
.Local mode
%s PIP UI ready exiting.
%s PIP UI ready exiting.
.%s PIP Show UI exiting.
.%s PIP Show UI exiting.
OnLoadComplete - SetWindowPos topmost lasterror %d
OnLoadComplete - SetWindowPos topmost lasterror %d
OnLoadComplete - SetWindowPos notopmost lasterror %d
OnLoadComplete - SetWindowPos notopmost lasterror %d
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\RunOnce
GetDownloadProgress percent %I64d bytesTransferred %I64d total %I64d @ %I64dB/s result %s
GetDownloadProgress percent %I64d bytesTransferred %I64d total %I64d @ %I64dB/s result %s
Software\Microsoft\Windows\CurrentVersion\Installer
Software\Microsoft\Windows\CurrentVersion\Installer
msiexec.exe
msiexec.exe
ui.xml_localmode
ui.xml_localmode
No left top published. Using CenterLeft %0x CenterTop %0x
No left top published. Using CenterLeft %0x CenterTop %0x
Out of boundry. Monitor top %d left %d bottom %d right %d Parent top %d left %d bottom %d right %d Dlg top %d left %d bottom %d right %d
Out of boundry. Monitor top %d left %d bottom %d right %d Parent top %d left %d bottom %d right %d Dlg top %d left %d bottom %d right %d
Notifying Tray add false. Lasterror %d
Notifying Tray add false. Lasterror %d
Notifying Tray modify false. Lasterror %d
Notifying Tray modify false. Lasterror %d
sNotifying Tray delete false. Lasterror %d
sNotifying Tray delete false. Lasterror %d
windows
windows
dpipoffers.apnpartners.com
dpipoffers.apnpartners.com
/PIP2.5/OfferAccept.jhtml
/PIP2.5/OfferAccept.jhtml
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
dhXXp://
dhXXp://
%s:%s
%s:%s
Current style %d
Current style %d
sActual path %s . CreateDirectory last error %d
sActual path %s . CreateDirectory last error %d
Wait on mutex returned %d
Wait on mutex returned %d
Default ui ready time out from server %d
Default ui ready time out from server %d
Wait result for DefaultUiReadyTimeout returned %d
Wait result for DefaultUiReadyTimeout returned %d
Wait result on new time returned %d
Wait result on new time returned %d
Partner process id to watch %d Process handle %d
Partner process id to watch %d Process handle %d
eGetExitCode returning %d Remote process exitcode %d
eGetExitCode returning %d Remote process exitcode %d
dEventmanager running. ThreadID %d
dEventmanager running. ThreadID %d
Remote process started. Handle %d
Remote process started. Handle %d
HandleEvents. EventID %d
HandleEvents. EventID %d
HandleEvents returning abort. LastError %d
HandleEvents returning abort. LastError %d
.continue
.continue
HandleEvents returning %s further.
HandleEvents returning %s further.
StopMonitor eventmanager handle %0x
StopMonitor eventmanager handle %0x
eWait on thread handle result %d
eWait on thread handle result %d
dStopMonitor waitonhandle %0x returning %d
dStopMonitor waitonhandle %0x returning %d
offercast.com
offercast.com
CSystemUtil::getRegValue Failed : UnSupported Variant Type of %d
CSystemUtil::getRegValue Failed : UnSupported Variant Type of %d
Failed to get memory status. Win32 error code %d
Failed to get memory status. Win32 error code %d
%%%2x
%%%2x
iexplore.exe
iexplore.exe
chrome.exe
chrome.exe
firefox.exe
firefox.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Offercast2802_PCD_.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Offercast2802_PCD_.exe
hXXp://
hXXp://
"SATTB.PNG"
"SATTB.PNG"
"TB.PNG"
"TB.PNG"
"V7TB.PNG"
"V7TB.PNG"
"ORCHESTRATOR.HTML"
"ORCHESTRATOR.HTML"
"JSON.JS"
"JSON.JS"
"OBJECTMODEL.JS"
"OBJECTMODEL.JS"
"RULES.JS"
"RULES.JS"
"ANALYTICS.XML"
"ANALYTICS.XML"
"UI.XML"
"UI.XML"
VVV.ask.com
VVV.ask.com
9hXXp://apnpip.ask.com/PIP/partners/{partnerid}/config.xml
9hXXp://apnpip.ask.com/PIP/partners/{partnerid}/config.xml
hXXp://VVV.163.com
hXXp://VVV.163.com
Ask.com
Ask.com
AskInstaller.exe
AskInstaller.exe
2010 (c) Ask.com. All rights reserved.
2010 (c) Ask.com. All rights reserved.
MsiExec.exe_2588_rwx_00AF0000_00002000:
The procedure %s could not be located in the DLL %s.
The procedure %s could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.
The ordinal %d could not be located in the DLL %s.
MsiExec.exe_2588_rwx_02970000_0000B000:
s.Spe
s.Spe
Offercast2802_PCD_.exe_2276:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
8%uEP3
8%uEP3
D$$PSSh
D$$PSSh
SSSShT
SSSShT
X
X
xSSSh
xSSSh
FTPjKS
FTPjKS
FtPj;S
FtPj;S
C.PjRV
C.PjRV
Lpt.Vot
Lpt.Vot
F%D,3
F%D,3
%d / %m / %y
%d / %m / %y
%I : %M : %S %p
%I : %M : %S %p
%m / %d / %y
%m / %d / %y
%b %d %H : %M : %S %Y
%b %d %H : %M : %S %Y
Visual C CRT: Not enough memory to complete call to strerror.
Visual C CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
portuguese-brazilian
Broken pipe
Broken pipe
Inappropriate I/O control operation
Inappropriate I/O control operation
Operation not permitted
Operation not permitted
operator
operator
GetProcessWindowStation
GetProcessWindowStation
RegOpenKeyTransactedW
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
RegDeleteKeyExW
pipoffers.apnpartners.com
pipoffers.apnpartners.com
user_pref("keyword.URL", "
user_pref("keyword.URL", "
user_pref("browser.startup.homepage", "
user_pref("browser.startup.homepage", "
GetChromeIncumbentDSProvider in
GetChromeIncumbentDSProvider in
"search_url": "
"search_url": "
GetChromeIncumbentHPR in
GetChromeIncumbentHPR in
report
report
rules.js
rules.js
objectmodel.js
objectmodel.js
Finished Parsing the config.xml file
Finished Parsing the config.xml file
analytics.xml
analytics.xml
Download APNAnalytics.xml file failed, attempting to use local
Download APNAnalytics.xml file failed, attempting to use local
No .xml file is found:
No .xml file is found:
Local ui.xml will be used:
Local ui.xml will be used:
Local .xml will be used:
Local .xml will be used:
Create thread failed in ExecuteAllOfferFiles()
Create thread failed in ExecuteAllOfferFiles()
Wait on execution thread success
Wait on execution thread success
Wait on execution thread failure
Wait on execution thread failure
Finished successfully executing file
Finished successfully executing file
Failed to execute file
Failed to execute file
Skipping cancel for execution progress
Skipping cancel for execution progress
OnPostReporting...
OnPostReporting...
Total number of eligible offers to report
Total number of eligible offers to report
Lookup breaking. Parent exitcode %d waitWindow %x
Lookup breaking. Parent exitcode %d waitWindow %x
WaitWnd %x WaitWnd PID %d WaitWnd TID %d
WaitWnd %x WaitWnd PID %d WaitWnd TID %d
GetWindowThreadID failed last error %d
GetWindowThreadID failed last error %d
OpenProcess failed Last error %d
OpenProcess failed Last error %d
Waitforsingleobject failed Last error %d
Waitforsingleobject failed Last error %d
AreThereOffersToDownloadAndExecute : true. Identified fileid:
AreThereOffersToDownloadAndExecute : true. Identified fileid:
AreThereOffersToDownloadAndExecute : False
AreThereOffersToDownloadAndExecute : False
ui.xml
ui.xml
Download Config.xml file failed, attempting to use local
Download Config.xml file failed, attempting to use local
Installchecker exe validation failed
Installchecker exe validation failed
Installchecker exe run failed
Installchecker exe run failed
reporting
reporting
%s %d -/d/d d:d:d.d
%s %d -/d/d d:d:d.d
APNLog.txt
APNLog.txt
HttpOpenRequest return failed
HttpOpenRequest return failed
HttpSendRequest return failed
HttpSendRequest return failed
Send Reporting finished
Send Reporting finished
Beacon HttpOpenRequest return failed
Beacon HttpOpenRequest return failed
Beacon HttpSendRequest return failed
Beacon HttpSendRequest return failed
Beacon URL incorrect
Beacon URL incorrect
icUrl
icUrl
promptmsg
promptmsg
failed to set recv timeout: %d
failed to set recv timeout: %d
failed to set send timeout: %d
failed to set send timeout: %d
Reply from %s: bytes=%d time=%.0fms TTL=%d icmp_seq=%u
Reply from %s: bytes=%d time=%.0fms TTL=%d icmp_seq=%u
Rule execution aborted- either local / remote succeeded.
Rule execution aborted- either local / remote succeeded.
X;
X;
%s>
%s>
%s="%s"
%s="%s"
%s='%s'
%s='%s'
version="%s"
version="%s"
encoding="%s"
encoding="%s"
standalone="%s"
standalone="%s"
2.5.4.11
2.5.4.11
1.3.6.1.4.1.311.2.1.12
1.3.6.1.4.1.311.2.1.12
DownloadSingleFile()... url:
DownloadSingleFile()... url:
C:\.jenkins\jobs\PIP2.0_INSTALLER\workspace\release\AskInstaller_1_.pdb
C:\.jenkins\jobs\PIP2.0_INSTALLER\workspace\release\AskInstaller_1_.pdb
RPCRT4.dll
RPCRT4.dll
msi.dll
msi.dll
UxTheme.dll
UxTheme.dll
WinExec
WinExec
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowsHookExW
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCreateKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegCloseKey
RegCloseKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHLWAPI.dll
SHLWAPI.dll
COMCTL32.dll
COMCTL32.dll
MSIMG32.dll
MSIMG32.dll
DeleteUrlCacheEntryW
DeleteUrlCacheEntryW
InternetCrackUrlW
InternetCrackUrlW
HttpSendRequestW
HttpSendRequestW
HttpQueryInfoW
HttpQueryInfoW
HttpOpenRequestW
HttpOpenRequestW
WININET.dll
WININET.dll
URLDownloadToFileW
URLDownloadToFileW
urlmon.dll
urlmon.dll
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
WS2_32.dll
WS2_32.dll
VERSION.dll
VERSION.dll
CryptMsgClose
CryptMsgClose
CertGetNameStringW
CertGetNameStringW
CertFreeCertificateContext
CertFreeCertificateContext
CertFindCertificateInStore
CertFindCertificateInStore
CertCloseStore
CertCloseStore
CryptMsgGetParam
CryptMsgGetParam
CRYPT32.dll
CRYPT32.dll
WINTRUST.dll
WINTRUST.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
zcÃ
zcÃ
.?AUIPIPRulesExecutor@@
.?AUIPIPRulesExecutor@@
.?AV?$IDispatchImpl@UIPIPRulesExecutor@@$1?IID_IPIPRulesExecutor@@3U_GUID@@B$1?LIBID_AskInstallerLib@@3U3@B$0PPPP@$0PPPP@VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$IDispatchImpl@UIPIPRulesExecutor@@$1?IID_IPIPRulesExecutor@@3U_GUID@@B$1?LIBID_AskInstallerLib@@3U3@B$0PPPP@$0PPPP@VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$SODispatchImpl@UIPIPRulesExecutor@@$1?IID_IPIPRulesExecutor@@3U_GUID@@B$1?LIBID_AskInstallerLib@@3U3@B@@
.?AV?$SODispatchImpl@UIPIPRulesExecutor@@$1?IID_IPIPRulesExecutor@@3U_GUID@@B$1?LIBID_AskInstallerLib@@3U3@B@@
.?AUISupportErrorInfo@@
.?AUISupportErrorInfo@@
.?AVCDestroyerAndUrlBinderCallback@CDownloader@@
.?AVCDestroyerAndUrlBinderCallback@CDownloader@@
.?AV?$_IDispEventLocator@$0A@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$_IDispEventLocator@$0A@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$IDispEventSimpleImpl@$0A@V?$CAxWindowEx@VCAxView@@@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$IDispEventSimpleImpl@$0A@V?$CAxWindowEx@VCAxView@@@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.Pf:f\
.Pf:f\
if (typeof Date.prototype.toJSON !== 'function') {
if (typeof Date.prototype.toJSON !== 'function') {
Date.prototype.toJSON = function (key) {
Date.prototype.toJSON = function (key) {
return isFinite(this.valueOf()) ?
return isFinite(this.valueOf()) ?
this.getUTCFullYear() '-'
this.getUTCFullYear() '-'
f(this.getUTCMonth() 1) '-'
f(this.getUTCMonth() 1) '-'
f(this.getUTCDate()) 'T'
f(this.getUTCDate()) 'T'
f(this.getUTCHours()) ':'
f(this.getUTCHours()) ':'
f(this.getUTCMinutes()) ':'
f(this.getUTCMinutes()) ':'
f(this.getUTCSeconds()) 'Z' : null;
f(this.getUTCSeconds()) 'Z' : null;
String.prototype.toJSON =
String.prototype.toJSON =
Number.prototype.toJSON =
Number.prototype.toJSON =
Boolean.prototype.toJSON = function (key) {
Boolean.prototype.toJSON = function (key) {
return this.valueOf();
return this.valueOf();
'"' : '\\"',
'"' : '\\"',
'\\': '\\\\'
'\\': '\\\\'
escapable.lastIndex = 0;
escapable.lastIndex = 0;
return escapable.test(string) ? '"' string.replace(escapable, function (a) {
return escapable.test(string) ? '"' string.replace(escapable, function (a) {
'\\u' ('0000' a.charCodeAt(0).toString(16)).slice(-4);
'\\u' ('0000' a.charCodeAt(0).toString(16)).slice(-4);
function str(key, holder) {
function str(key, holder) {
// Produce a string from holder[key].
// Produce a string from holder[key].
k, // The member key.
k, // The member key.
value = holder[key];
value = holder[key];
typeof value.toJSON === 'function') {
typeof value.toJSON === 'function') {
value = value.toJSON(key);
value = value.toJSON(key);
value = rep.call(holder, key, value);
value = rep.call(holder, key, value);
if (Object.prototype.toString.apply(value) === '[object Array]') {
if (Object.prototype.toString.apply(value) === '[object Array]') {
length = value.length;
length = value.length;
// Join all of the elements together, separated with commas, and wrap them in
// Join all of the elements together, separated with commas, and wrap them in
v = partial.length === 0 ? '[]' : gap ?
v = partial.length === 0 ? '[]' : gap ?
'[\n' gap partial.join(',\n' gap) '\n' mind ']' :
'[\n' gap partial.join(',\n' gap) '\n' mind ']' :
'[' partial.join(',') ']';
'[' partial.join(',') ']';
length = rep.length;
length = rep.length;
partial.push(quote(k) (gap ? ': ' : ':') v);
partial.push(quote(k) (gap ? ': ' : ':') v);
// Otherwise, iterate through all of the keys in the object.
// Otherwise, iterate through all of the keys in the object.
if (Object.prototype.hasOwnProperty.call(value, k)) {
if (Object.prototype.hasOwnProperty.call(value, k)) {
// Join all of the member texts together, separated with commas,
// Join all of the member texts together, separated with commas,
v = partial.length === 0 ? '{}' : gap ?
v = partial.length === 0 ? '{}' : gap ?
'{\n' gap partial.join(',\n' gap) '\n' mind '}' :
'{\n' gap partial.join(',\n' gap) '\n' mind '}' :
'{' partial.join(',') '}';
'{' partial.join(',') '}';
if (typeof JSON.stringify !== 'function') {
if (typeof JSON.stringify !== 'function') {
JSON.stringify = function (value, replacer, space) {
JSON.stringify = function (value, replacer, space) {
// that can replace values, or an array of strings that will select the keys.
// that can replace values, or an array of strings that will select the keys.
typeof replacer.length !== 'number')) {
typeof replacer.length !== 'number')) {
throw new Error('JSON.stringify');
throw new Error('JSON.stringify');
// Make a fake root object containing our value under the key of ''.
// Make a fake root object containing our value under the key of ''.
if (typeof JSON.parse !== 'function') {
if (typeof JSON.parse !== 'function') {
JSON.parse = function (text, reviver) {
JSON.parse = function (text, reviver) {
function walk(holder, key) {
function walk(holder, key) {
var k, v, value = holder[key];
var k, v, value = holder[key];
if (Object.prototype.hasOwnProperty.call(value, k)) {
if (Object.prototype.hasOwnProperty.call(value, k)) {
return reviver.call(holder, key, value);
return reviver.call(holder, key, value);
// Parsing happens in four stages. In the first stage, we replace certain
// Parsing happens in four stages. In the first stage, we replace certain
cx.lastIndex = 0;
cx.lastIndex = 0;
if (cx.test(text)) {
if (cx.test(text)) {
text = text.replace(cx, function (a) {
text = text.replace(cx, function (a) {
('0000' a.charCodeAt(0).toString(16)).slice(-4);
('0000' a.charCodeAt(0).toString(16)).slice(-4);
// We split the second stage into 4 regexp operations in order to work around
// We split the second stage into 4 regexp operations in order to work around
.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, '@')
.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, '@')
.replace(/"[^"\\\n\r]*"|true|false|null|-?\d (?:\.\d*)?(?:[eE][ \-]?\d )?/g, ']')
.replace(/"[^"\\\n\r]*"|true|false|null|-?\d (?:\.\d*)?(?:[eE][ \-]?\d )?/g, ']')
.replace(/(?:^|:|,)(?:\s*\[) /g, ''))) {
.replace(/(?:^|:|,)(?:\s*\[) /g, ''))) {
// JavaScript structure. The '{' operator is subject to a syntactic ambiguity
// JavaScript structure. The '{' operator is subject to a syntactic ambiguity
// In the optional fourth stage, we recursively walk the new structure, passing
// In the optional fourth stage, we recursively walk the new structure, passing
throw new SyntaxError('JSON.parse');
throw new SyntaxError('JSON.parse');
var primaryTlbrID = getURLParameters("PTBPartnerID");
var primaryTlbrID = getURLParameters("PTBPartnerID");
= getURLParameters("STBPartnerID");
= getURLParameters("STBPartnerID");
var pipPartnerID = getURLParameters("PIPPID");
var pipPartnerID = getURLParameters("PIPPID");
var tbType=getURLParameters("tbType");
var tbType=getURLParameters("tbType");
var version=getURLParameters("version");
var version=getURLParameters("version");
var hidePtnrSecondaryOffer=getURLParameters("hideSecondary");
var hidePtnrSecondaryOffer=getURLParameters("hideSecondary");
function getURLParameters(paramName)
function getURLParameters(paramName)
var sURL = window.document.URL.toString();
var sURL = window.document.URL.toString();
if (sURL.indexOf("?") > 0)
if (sURL.indexOf("?") > 0)
var arrParams = sURL.split("?");
var arrParams = sURL.split("?");
var arrURLParams = arrParams[1].split("&");
var arrURLParams = arrParams[1].split("&");
var arrParamNames = new Array(arrURLParams.length);
var arrParamNames = new Array(arrURLParams.length);
var arrParamValues = new Array(arrURLParams.length);
var arrParamValues = new Array(arrURLParams.length);
for (i=0;i
for (i=0;i
var sParam = arrURLParams[i].split("=");
var sParam = arrURLParams[i].split("=");
piprule.setRuleCallback(
piprule.setRuleCallback(
logger.log("\r\n ****** pirule setRule callBackFired : function called is " "Rule name: " ruleName "Number: " arguments.length);
logger.log("\r\n ****** pirule setRule callBackFired : function called is " "Rule name: " ruleName "Number: " arguments.length);
var params = Array.prototype.slice.call(arguments, 1);
var params = Array.prototype.slice.call(arguments, 1);
return window[ruleName].apply(this, params);
return window[ruleName].apply(this, params);
logger.log("\r\n ****** inside load " e.message " Rule name: " ruleName);
logger.log("\r\n ****** inside load " e.message " Rule name: " ruleName);
logger.log("\r\n ****** Load Function Error " e.message);
logger.log("\r\n ****** Load Function Error " e.message);
hXXp://VVV.JSON.org/json2.js
hXXp://VVV.JSON.org/json2.js
2011-02-23
2011-02-23
See hXXp://VVV.JSON.org/js.html
See hXXp://VVV.JSON.org/js.html
See hXXp://javascript.crockford.com/jsmin.html
See hXXp://javascript.crockford.com/jsmin.html
JSON.stringify(value, replacer, space)
JSON.stringify(value, replacer, space)
will be passed the key associated with the value, and this will be
will be passed the key associated with the value, and this will be
Date.prototype.toJSON = function (key) {
Date.prototype.toJSON = function (key) {
return this.getUTCFullYear() '-'
return this.getUTCFullYear() '-'
f(this.getUTCMonth() 1) '-'
f(this.getUTCMonth() 1) '-'
f(this.getUTCDate()) 'T'
f(this.getUTCDate()) 'T'
f(this.getUTCHours()) ':'
f(this.getUTCHours()) ':'
f(this.getUTCMinutes()) ':'
f(this.getUTCMinutes()) ':'
f(this.getUTCSeconds()) 'Z';
f(this.getUTCSeconds()) 'Z';
You can provide an optional replacer method. It will be passed the
You can provide an optional replacer method. It will be passed the
key and value of each member, with this bound to the containing
key and value of each member, with this bound to the containing
such that only members with keys listed in the replacer array are
such that only members with keys listed in the replacer array are
JSON.stringify(undefined) returns undefined.
JSON.stringify(undefined) returns undefined.
text = JSON.stringify(['e', {pluribus: 'unum'}]);
text = JSON.stringify(['e', {pluribus: 'unum'}]);
text = JSON.stringify(['e', {pluribus: 'unum'}], null, '\t');
text = JSON.stringify(['e', {pluribus: 'unum'}], null, '\t');
text = JSON.stringify([new Date()], function (key, value) {
text = JSON.stringify([new Date()], function (key, value) {
return this[key] instanceof Date ?
return this[key] instanceof Date ?
'Date(' this[key] ')' : value;
'Date(' this[key] ')' : value;
JSON.parse(text, reviver)
JSON.parse(text, reviver)
transform the results. It receives each of the keys and values,
transform the results. It receives each of the keys and values,
myData = JSON.parse(text, function (key, value) {
myData = JSON.parse(text, function (key, value) {
/^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2}(?:\.\d*)?)Z$/.exec(value);
/^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2}(?:\.\d*)?)Z$/.exec(value);
return new Date(Date.UTC( a[1], a[2] - 1, a[3], a[4],
return new Date(Date.UTC( a[1], a[2] - 1, a[3], a[4],
myData = JSON.parse('["Date(09/09/2001)"]', function (key, value) {
myData = JSON.parse('["Date(09/09/2001)"]', function (key, value) {
value.slice(0, 5) === 'Date(' &&
value.slice(0, 5) === 'Date(' &&
value.slice(-1) === ')') {
value.slice(-1) === ')') {
d = new Date(value.slice(5, -1));
d = new Date(value.slice(5, -1));
getUTCMinutes, getUTCMonth, getUTCSeconds, hasOwnProperty, join,
getUTCMinutes, getUTCMonth, getUTCSeconds, hasOwnProperty, join,
objectModel.initialized = false;
objectModel.initialized = false;
if (objectModel.initialized === false && typeof window !== "undefined" &&
if (objectModel.initialized === false && typeof window !== "undefined" &&
typeof window.external !== "undefined") {
typeof window.external !== "undefined") {
_logger = window.external.GetObject("logger");
_logger = window.external.GetObject("logger");
logger.log = function(var1) {
logger.log = function(var1) {
return _logger.log(var1);
return _logger.log(var1);
logger.error = function(var1) {
logger.error = function(var1) {
return _logger.error(var1);
return _logger.error(var1);
logger.debug = function(var1) {
logger.debug = function(var1) {
return _logger.debug(var1);
return _logger.debug(var1);
logger.info = function(var1) {
logger.info = function(var1) {
return _logger.info(var1);
return _logger.info(var1);
logger.warn = function(var1) {
logger.warn = function(var1) {
return _logger.warn(var1);
return _logger.warn(var1);
logger.group = function(var1) {
logger.group = function(var1) {
return _logger.group(var1);
return _logger.group(var1);
logger.dir = function(var1) {
logger.dir = function(var1) {
return _logger.dir(var1);
return _logger.dir(var1);
logger.error(x);
logger.error(x);
browser = window.external.GetObject("browserinfo");
browser = window.external.GetObject("browserinfo");
system = window.external.GetObject("system");
system = window.external.GetObject("system");
piprule = window.external.GetObject("piprule");
piprule = window.external.GetObject("piprule");
pipclient = window.external.GetObject("pipclient");
pipclient = window.external.GetObject("pipclient");
};PAvar regsistryPathx64 = "HKEY_LOCAL_MACHINE\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\";
};PAvar regsistryPathx64 = "HKEY_LOCAL_MACHINE\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\";
var registryPathx86 = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\";
var registryPathx86 = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\";
var FIREFOX="firefox";
var FIREFOX="firefox";
var CHROME="Google Chrome";
var CHROME="Google Chrome";
var unsupportedBrowser = "2:Unsupported default browser";
var unsupportedBrowser = "2:Unsupported default browser";
var IneligibleChrome = "3:Ineligible Chrome";
var IneligibleChrome = "3:Ineligible Chrome";
var UnsupportedOSXP64bit = "11:Unsupported OS XP 64 bit";
var UnsupportedOSXP64bit = "11:Unsupported OS XP 64 bit";
var AnchorFreeUnsupportedOS = "18: AnchorFree unsupported OS XP or Vista 64bit ";
var AnchorFreeUnsupportedOS = "18: AnchorFree unsupported OS XP or Vista 64bit ";
var AudialsOfferNotEligibleUnsupportedOSXP32orVista64bit = "20: Audials offer not eligible as unsupported OS XP 32 or Vista 64 bit";
var AudialsOfferNotEligibleUnsupportedOSXP32orVista64bit = "20: Audials offer not eligible as unsupported OS XP 32 or Vista 64 bit";
var OldClientAskSecureOfferNotSupported = "24:Old Client AskSecure offer not supported";
var OldClientAskSecureOfferNotSupported = "24:Old Client AskSecure offer not supported";
var inputBrowserTypeNotSupported = "27:Input Browser Type is NOT Supported";
var inputBrowserTypeNotSupported = "27:Input Browser Type is NOT Supported";
var inputIEBrowserVersionNotSupported = "28:IE Browser Version Is NOT Supported";
var inputIEBrowserVersionNotSupported = "28:IE Browser Version Is NOT Supported";
var inputCRBrowserVersionNotSupported = "29:CR Browser Version Is NOT Supported";
var inputCRBrowserVersionNotSupported = "29:CR Browser Version Is NOT Supported";
var inputFFBrowserVersionNotSupported = "30:FF Browser Version Is NOT Supported";
var inputFFBrowserVersionNotSupported = "30:FF Browser Version Is NOT Supported";
"WCL2","ACDS","ADS","AF3-SRS","AGH","ALSV5-DL","AM2","AM3","AMG","APLV5","APL1V5","APL2V5","ATR","ATU","ATU-DL","ATU-ASK","ATU-QBD","ATU-SRS","AXBX","BBY","BBY-SRS","BBY2","BBY2-SRS","BCC","BCPAP","BUD","BLP-DL","BGM","BOO","BOO2","BS","BT-SRS-T3","BT-T1","BT-T2","BT-T3","BT-ASK-T4","BUD","BW","C2P","CCS","CDS","CDS2","CDS3","CDS4","CEBV5","CFTPV5","CFTP2V5","CIE","CLA","CLM-DL","CNB","CNET","CNET2","CNET3","CPUID-DL","CPUID-ST","CS","CS-ST","CS2","CS3","CWN","DAT","DDI","DDIS","DDIS2","DGY","DIG-A","DIG-N","DIG-OFF","DIG-ON","DIG-P","DIG-S","DNA","DNA2","DPO","DVDX","DVDX2","EAC","F-CT","F-ET","FAC","FF2-DL","FJS","FKR","FLV","FM","FTB","FTB2","FTB3","FW-ASK","FW-QBD","FW-SRS","FWT","FW2V5","FXTV5-DL","GAM4","GAM-ASK-T4","GAM-SRS","GAM-SRS-T3","GAM-QBD","GAM-T1","GAM-T2","GAM-T3","GET-SRS","GET2-SRS","GET3-SRS","GGSV5","GGSV5-DL","GOM","GYG","HIY-SRS","HULU","ICM-SRS","IEAK9","IMB","IMB-DL","IMT","JDR","JMYV5","KG-ASK","KYT","LMW","LMW2","LMW3","LMW4","LMW-BETA","LMW-BETA2","LOL","LPLV5","LUC","MDG","MEB","MGN","MGX","MMB","MMG","MOV","MOV-DL","MP3","MP3DS","MP3FB","MP3P2","MP3R-ASK","MP3R-DL","MP3R-QBD","MP3R-SRS","MP3R4","MP3R5","MP3R6","MP3SF","MP3SW","MP3TR","MP3SD","MPC","MPC2","MROV5","MYC","MYC-ASK","MYC-DL","MYC-SRS","MYC-QBD","NG1V5","NG2V5","NG3V5","NG4V5","NSC-S","NSC-O","NSC-E","NSC-P","NSC-A","NSC-N","NSC-NS","NR1V5","NRV5","NXZ","ORJ-SAT","ORJ2","ORJ2-SAT","OSUB","OTV5","OVO","PCH","PDF","PDF2","PDO","PFN","PLF3","PLF4","PLTV5","PLTV5-DL","PLTV5-DL2","POS","POS2","PTF","PTJ","PTV2","PTV2-DL","PTV5","QSYS","RAD","S99","SBES","SCV5","SDT","SE","SF","SKR","SNAPT","SNP-ST","SP","SP2","SPC","SPT","SRFV5","SS2V5","SS3V5","STC2","STC4","STC-SRS","STC2-SRS","STC3-SRS","STC4-SRS","STK","STK2","STK3","STK4","TEMU","THE","TKR","TM","TMN2","TTB","TTR","TVTYV5","UKT","UNI","URS","VDJ","VRS","VD","VD-DL","VZ3","WBG-DL","WBG-ST","WBM2","WBV5-DL","WCL","WCLV5","WCL2V5","WCR","WCV5","WME","WSV5","WZP","YLC","ZMR","ZTV","ZTV-DL","FBK","FB-BETA","FB-PRO","FB-APP","FB-ASK","FB-OD","FB-SEM","MDF","MDF-BETA","NRO","NRO2","NRO3","UTR","UTR2","WID","WID-BETA"]}
"WCL2","ACDS","ADS","AF3-SRS","AGH","ALSV5-DL","AM2","AM3","AMG","APLV5","APL1V5","APL2V5","ATR","ATU","ATU-DL","ATU-ASK","ATU-QBD","ATU-SRS","AXBX","BBY","BBY-SRS","BBY2","BBY2-SRS","BCC","BCPAP","BUD","BLP-DL","BGM","BOO","BOO2","BS","BT-SRS-T3","BT-T1","BT-T2","BT-T3","BT-ASK-T4","BUD","BW","C2P","CCS","CDS","CDS2","CDS3","CDS4","CEBV5","CFTPV5","CFTP2V5","CIE","CLA","CLM-DL","CNB","CNET","CNET2","CNET3","CPUID-DL","CPUID-ST","CS","CS-ST","CS2","CS3","CWN","DAT","DDI","DDIS","DDIS2","DGY","DIG-A","DIG-N","DIG-OFF","DIG-ON","DIG-P","DIG-S","DNA","DNA2","DPO","DVDX","DVDX2","EAC","F-CT","F-ET","FAC","FF2-DL","FJS","FKR","FLV","FM","FTB","FTB2","FTB3","FW-ASK","FW-QBD","FW-SRS","FWT","FW2V5","FXTV5-DL","GAM4","GAM-ASK-T4","GAM-SRS","GAM-SRS-T3","GAM-QBD","GAM-T1","GAM-T2","GAM-T3","GET-SRS","GET2-SRS","GET3-SRS","GGSV5","GGSV5-DL","GOM","GYG","HIY-SRS","HULU","ICM-SRS","IEAK9","IMB","IMB-DL","IMT","JDR","JMYV5","KG-ASK","KYT","LMW","LMW2","LMW3","LMW4","LMW-BETA","LMW-BETA2","LOL","LPLV5","LUC","MDG","MEB","MGN","MGX","MMB","MMG","MOV","MOV-DL","MP3","MP3DS","MP3FB","MP3P2","MP3R-ASK","MP3R-DL","MP3R-QBD","MP3R-SRS","MP3R4","MP3R5","MP3R6","MP3SF","MP3SW","MP3TR","MP3SD","MPC","MPC2","MROV5","MYC","MYC-ASK","MYC-DL","MYC-SRS","MYC-QBD","NG1V5","NG2V5","NG3V5","NG4V5","NSC-S","NSC-O","NSC-E","NSC-P","NSC-A","NSC-N","NSC-NS","NR1V5","NRV5","NXZ","ORJ-SAT","ORJ2","ORJ2-SAT","OSUB","OTV5","OVO","PCH","PDF","PDF2","PDO","PFN","PLF3","PLF4","PLTV5","PLTV5-DL","PLTV5-DL2","POS","POS2","PTF","PTJ","PTV2","PTV2-DL","PTV5","QSYS","RAD","S99","SBES","SCV5","SDT","SE","SF","SKR","SNAPT","SNP-ST","SP","SP2","SPC","SPT","SRFV5","SS2V5","SS3V5","STC2","STC4","STC-SRS","STC2-SRS","STC3-SRS","STC4-SRS","STK","STK2","STK3","STK4","TEMU","THE","TKR","TM","TMN2","TTB","TTR","TVTYV5","UKT","UNI","URS","VDJ","VRS","VD","VD-DL","VZ3","WBG-DL","WBG-ST","WBM2","WBV5-DL","WCL","WCLV5","WCL2V5","WCR","WCV5","WME","WSV5","WZP","YLC","ZMR","ZTV","ZTV-DL","FBK","FB-BETA","FB-PRO","FB-APP","FB-ASK","FB-OD","FB-SEM","MDF","MDF-BETA","NRO","NRO2","NRO3","UTR","UTR2","WID","WID-BETA"]}
a = a.split('.');
a = a.split('.');
b = b.split('.');
b = b.split('.');
l = Math.min(a.length, b.length);
l = Math.min(a.length, b.length);
return a.length - b.length;
return a.length - b.length;
var versionresult=cmpVersions(clientversion,"2.6.8.0");
var versionresult=cmpVersions(clientversion,"2.6.8.0");
if(window.navigator.userAgent.indexOf('WOW64')>-1 || window.navigator.platform=='Win64')
if(window.navigator.userAgent.indexOf('WOW64')>-1 || window.navigator.platform=='Win64')
function isSupportedOS() {
function isSupportedOS() {
if (window.navigator.appVersion.indexOf("Windows NT 5.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 5.2") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.2") != -1 ) {
if (window.navigator.appVersion.indexOf("Windows NT 5.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 5.2") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.2") != -1 ) {
for (var i=0; i
for (var i=0; i
if(partnerID == jsonString.makeofferdisabled[i]){
if(partnerID == jsonString.makeofferdisabled[i]){
unsupportedBrowser = IneligibleChrome;
unsupportedBrowser = IneligibleChrome;
var key;
var key;
for (key in checkObj) {
for (key in checkObj) {
incumbentPartners = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\AskPartnerNetwork\\Toolbar\\shared\\","tbsinstalled",0);
incumbentPartners = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\AskPartnerNetwork\\Toolbar\\shared\\","tbsinstalled",0);
incumbentPartners = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\shared\\","tbsinstalled",0);
incumbentPartners = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\shared\\","tbsinstalled",0);
incumbentPartnerIDs = incumbentPartners.split(",");
incumbentPartnerIDs = incumbentPartners.split(",");
for(var j=0; j
for(var j=0; j
if(tlbrID == jsonString.blocklistedPartners[j]) {
if(tlbrID == jsonString.blocklistedPartners[j]) {
if(incPartners.length = 4) {
if(incPartners.length = 4) {
for(var k=0; k
for(var k=0; k
if(incumbentTbType.toLowerCase().startsWith("vanilla") && tbType.toLowerCase().startsWith("vanilla")){
if(incumbentTbType.toLowerCase().startsWith("vanilla") && tbType.toLowerCase().startsWith("vanilla")){
var productVersion =system.getProductVersion(productCode);
var productVersion =system.getProductVersion(productCode);
var registryValue=system.getRegValue(registryPath,regValue,n);
var registryValue=system.getRegValue(registryPath,regValue,n);
if (window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.2") != -1 )
if (window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.2") != -1 )
defaultbrowserAppPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice","Progid",0);
defaultbrowserAppPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice","Progid",0);
defaultbrowserPath = "HKEY_CLASSES_ROOT\\" defaultbrowserAppPath "\\shell\\open\\command\\";
defaultbrowserPath = "HKEY_CLASSES_ROOT\\" defaultbrowserAppPath "\\shell\\open\\command\\";
default_browser = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Clients\\StartMenuInternet\\","",0);
default_browser = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Clients\\StartMenuInternet\\","",0);
default_browser = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Clients\\StartMenuInternet\\","",0)
default_browser = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Clients\\StartMenuInternet\\","",0)
default_browser = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Classes\\http\\shell\\open\\command\\","",0);
default_browser = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Classes\\http\\shell\\open\\command\\","",0);
default_browser = pipgetRegValue("HKEY_CLASSES_ROOT\\http\\shell\\open\\command\\","",0);
default_browser = pipgetRegValue("HKEY_CLASSES_ROOT\\http\\shell\\open\\command\\","",0);
function isSupportedBrowser(partnerID) {
function isSupportedBrowser(partnerID) {
if (window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.2") != -1 ) {
if (window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 6.2") != -1 ) {
defaultbrowserAppPath=pipgetRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice","Progid",0);
defaultbrowserAppPath=pipgetRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice","Progid",0);
defaultbrowserPath="HKEY_CLASSES_ROOT\\" defaultbrowserAppPath "\\shell\\open\\command\\";
defaultbrowserPath="HKEY_CLASSES_ROOT\\" defaultbrowserAppPath "\\shell\\open\\command\\";
defaultBrowser = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Clients\\StartMenuInternet\\","",0);
defaultBrowser = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Clients\\StartMenuInternet\\","",0);
defaultBrowser = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Clients\\StartMenuInternet\\","",0)
defaultBrowser = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Clients\\StartMenuInternet\\","",0)
defaultBrowser=pipgetRegValue("HKEY_CURRENT_USER\\Software\\Classes\\http\\shell\\open\\command\\","",0);
defaultBrowser=pipgetRegValue("HKEY_CURRENT_USER\\Software\\Classes\\http\\shell\\open\\command\\","",0);
defaultBrowser=pipgetRegValue("HKEY_CLASSES_ROOT\\http\\shell\\open\\command\\","",0);
defaultBrowser=pipgetRegValue("HKEY_CLASSES_ROOT\\http\\shell\\open\\command\\","",0);
if(defaultBrowser.toLowerCase().indexOf("firefox.exe") > -1){
if(defaultBrowser.toLowerCase().indexOf("firefox.exe") > -1){
defBrowser =FIREFOX;
defBrowser =FIREFOX;
if(defaultBrowser.toLowerCase().indexOf("iexplore.exe") > -1 ){
if(defaultBrowser.toLowerCase().indexOf("iexplore.exe") > -1 ){
if(defaultBrowser.toLowerCase().indexOf("chrome") > -1 && makeoffer(partnerID)) {
if(defaultBrowser.toLowerCase().indexOf("chrome") > -1 && makeoffer(partnerID)) {
defBrowser =CHROME;
defBrowser =CHROME;
n=defaultBrowser.lastIndexOf("\\");
n=defaultBrowser.lastIndexOf("\\");
defBrowser=defaultBrowser.substring(n,defaultBrowser.length-1);
defBrowser=defaultBrowser.substring(n,defaultBrowser.length-1);
defBrowser=defBrowser.replace(/[^\w\s]/gi, '');
defBrowser=defBrowser.replace(/[^\w\s]/gi, '');
unsupportedBrowser=unsupportedBrowser defBrowser;
unsupportedBrowser=unsupportedBrowser defBrowser;
var checkV5Installed = getProductVersion("{86D4B82A-ABED-442A-BE86-96357B70F4FE}");
var checkV5Installed = getProductVersion("{86D4B82A-ABED-442A-BE86-96357B70F4FE}");
for(var i=0; i
for(var i=0; i
if((incumbentTlbrList[i].indexOf("-SAT") > -1 && satTlbrID.indexOf("-SAT")> -1)) {
if((incumbentTlbrList[i].indexOf("-SAT") > -1 && satTlbrID.indexOf("-SAT")> -1)) {
partnerid.value=incumbentTlbrList[i];
partnerid.value=incumbentTlbrList[i];
if (!isSupportedOS()) return false;
if (!isSupportedOS()) return false;
if(!isSupportedBrowser(primaryTlbrID)){
if(!isSupportedBrowser(primaryTlbrID)){
return getReasonCode(unsupportedBrowser);
return getReasonCode(unsupportedBrowser);
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\AskToolbar\\Macro","tb",0);
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\AskToolbar\\Macro","tb",0);
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\AskToolbar\\Macro","tb",0);
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\AskToolbar\\Macro","tb",0);
if(!isSupportedBrowser(primaryTlbrID))
if(!isSupportedBrowser(primaryTlbrID))
this.value="";
this.value="";
if(!isSupportedBrowser(satTlbrID))
if(!isSupportedBrowser(satTlbrID))
v6SatInstalled=v6SatInstalled " " partnerid.value;
v6SatInstalled=v6SatInstalled " " partnerid.value;
var getIEversion=browser.ieVersion;
var getIEversion=browser.ieVersion;
parseInt(isIE9extnenabled,2)=system.getRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Approved Extensions","{D4027C7F-154A-4066-A1AD-4243D8127440}",0);
parseInt(isIE9extnenabled,2)=system.getRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Approved Extensions","{D4027C7F-154A-4066-A1AD-4243D8127440}",0);
toolbarDisableFlag = system.getRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{D4027C7F-154A-4066-A1AD-4243D8127440}","Flags",0);
toolbarDisableFlag = system.getRegValue("HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{D4027C7F-154A-4066-A1AD-4243D8127440}","Flags",0);
if(e.message =="CSystemUtil::getRegValue Failed : UnSupported Variant Type of 3"){
if(e.message =="CSystemUtil::getRegValue Failed : UnSupported Variant Type of 3"){
if(e.message =="CSystemUtil::getRegValue Failed : UnSupported Variant Type of 0"){
if(e.message =="CSystemUtil::getRegValue Failed : UnSupported Variant Type of 0"){
if(defBrowser.toLowerCase() == FIREFOX) return true;
if(defBrowser.toLowerCase() == FIREFOX) return true;
if(window.navigator.appVersion.indexOf("Windows NT 5.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 5.2") != -1 ||(window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 && is64Bit())){
if(window.navigator.appVersion.indexOf("Windows NT 5.1") != -1 || window.navigator.appVersion.indexOf("Windows NT 5.2") != -1 ||(window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 && is64Bit())){
return AnchorFreeUnsupportedOS;
return AnchorFreeUnsupportedOS;
AFRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\HotspotShield","Publisher",0);
AFRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\HotspotShield","Publisher",0);
AFRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\HotspotShield","Publisher",0);
AFRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\HotspotShield","Publisher",0);
if(window.navigator.appVersion.indexOf("Windows NT 5.1") != -1 || (window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 && is64Bit())){
if(window.navigator.appVersion.indexOf("Windows NT 5.1") != -1 || (window.navigator.appVersion.indexOf("Windows NT 6.0") != -1 && is64Bit())){
return AudialsOfferNotEligibleUnsupportedOSXP32orVista64bit;
return AudialsOfferNotEligibleUnsupportedOSXP32orVista64bit;
var DPRegistryPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\DealPly","InstallStatus",0);
var DPRegistryPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\DealPly","InstallStatus",0);
if(!isEmpty(DPRegistryPath) && DPRegistryPath.toLowerCase() =="ok"){
if(!isEmpty(DPRegistryPath) && DPRegistryPath.toLowerCase() =="ok"){
var UBRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Uniblue\\SpeedUpMyPC","InstalledLocation",0);
var UBRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Uniblue\\SpeedUpMyPC","InstalledLocation",0);
var PTRegistryPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Paltalk","InstallerAppDir",0);
var PTRegistryPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\Paltalk","InstallerAppDir",0);
var SFRegistryPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\AppDataLow\\Software\\superfish","InstallStatus",0);
var SFRegistryPath = pipgetRegValue("HKEY_CURRENT_USER\\Software\\AppDataLow\\Software\\superfish","InstallStatus",0);
if(!isEmpty(SFRegistryPath) && SFRegistryPath.toLowerCase() =="ok"){
if(!isEmpty(SFRegistryPath) && SFRegistryPath.toLowerCase() =="ok"){
if(!v6SaturationToolbarOfferFlag &&!showSecondaryOffer &&(primaryTlbrID.toLowerCase().indexOf("myc") > -1 || satTlbrID.toLowerCase().indexOf("myc-sat") > -1)){
if(!v6SaturationToolbarOfferFlag &&!showSecondaryOffer &&(primaryTlbrID.toLowerCase().indexOf("myc") > -1 || satTlbrID.toLowerCase().indexOf("myc-sat") > -1)){
var SCRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Speedchecker Limited\\PC Speed Up","Uninstaller",0);
var SCRegistryPath = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Speedchecker Limited\\PC Speed Up","Uninstaller",0);
if(window.navigator.appVersion.indexOf("Windows NT 5.1") != -1){
if(window.navigator.appVersion.indexOf("Windows NT 5.1") != -1){
winServicePackRegValue=pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","CSDVersion",0);
winServicePackRegValue=pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","CSDVersion",0);
if(window.navigator.appVersion.indexOf("Windows NT 5.2") != -1) {
if(window.navigator.appVersion.indexOf("Windows NT 5.2") != -1) {
reasonString = UnsupportedOSXP64bit;
reasonString = UnsupportedOSXP64bit;
cpuSpeed = system.getRegValue("HKLM\\Hardware\\Description\\System\\Centralprocessor\\0","~MHZ",0);
cpuSpeed = system.getRegValue("HKLM\\Hardware\\Description\\System\\Centralprocessor\\0","~MHZ",0);
physicalMemory=(system.getTotalPhysicalMemory());
physicalMemory=(system.getTotalPhysicalMemory());
diskFreeSize = system.getDiskFreeSize();
diskFreeSize = system.getDiskFreeSize();
var nortonToolbarKey;
var nortonToolbarKey;
nortonToolbarKey = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Toolbar","{A13C2648-91D4-4bf3-BC6D-0079707C4389}",0);
nortonToolbarKey = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Toolbar","{A13C2648-91D4-4bf3-BC6D-0079707C4389}",0);
if(isEmpty(nortonToolbarKey)){
if(isEmpty(nortonToolbarKey)){
nortonToolbarKey = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Toolbar","{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}",0);
nortonToolbarKey = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Toolbar","{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}",0);
nortonToolbarKey = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar","{A13C2648-91D4-4bf3-BC6D-0079707C4389}",0);
nortonToolbarKey = pipgetRegValue("HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar","{A13C2648-91D4-4bf3-BC6D-0079707C4389}",0);
if(!isEmpty(nortonToolbarKey)){
if(!isEmpty(nortonToolbarKey)){
logger.log("\r\n******************Norton Toolbar Installed****************");
logger.log("\r\n******************Norton Toolbar Installed****************");
partnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\AskPartnerNetwork\\Toolbar\\";
partnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\AskPartnerNetwork\\Toolbar\\";
partnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\";
partnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\";
for(var i=0; i
for(var i=0; i
if(installedPartners[i].startsWith(partner)){
if(installedPartners[i].startsWith(partner)){
toolbarID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\AskToolbar\\Macro","tb",0);
toolbarID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\AskToolbar\\Macro","tb",0);
toolbarID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\AskToolbar\\Macro","tb",0);
toolbarID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\AskToolbar\\Macro","tb",0);
if(toolbarID.startsWith(partnerids)){
if(toolbarID.startsWith(partnerids)){
for(var i=0; i
for(var i=0; i
String.prototype.startsWith = function(prefix) {
String.prototype.startsWith = function(prefix) {
return this.indexOf(prefix) === 0;
return this.indexOf(prefix) === 0;
function clientSupported() {
function clientSupported() {
var versionValue=cmpVersions(version,"2.6.12.1");
var versionValue=cmpVersions(version,"2.6.12.1");
if(!clientSupported()){
if(!clientSupported()){
return getReasonCode(OldClientAskSecureOfferNotSupported);
return getReasonCode(OldClientAskSecureOfferNotSupported);
Offers.Check = function (offer_id)
Offers.Check = function (offer_id)
offers_gen_params = offers_gen_params || JSON.parse(pipclient.getOffers());
offers_gen_params = offers_gen_params || JSON.parse(pipclient.getOffers());
if (!this.cache)
if (!this.cache)
this.cache = [];
this.cache = [];
for (var i = 0; i
for (var i = 0; i
var ttt = offers_gen_params.offers[i].id;
var ttt = offers_gen_params.offers[i].id;
var t_obj = {id : offers_gen_params.offers[i].id};
var t_obj = {id : offers_gen_params.offers[i].id};
this.cache.push(t_obj);
this.cache.push(t_obj);
for (var i = 0; i
for (var i = 0; i
if (this.cache[i].id === offer_id)
if (this.cache[i].id === offer_id)
if (this.cache[i].result)
if (this.cache[i].result)
} // Offers.Check
} // Offers.Check
Offers.RetrieveResult = function (offer_id)
Offers.RetrieveResult = function (offer_id)
return this.cache[i].result;
return this.cache[i].result;
} // Offers.RetrieveResult
} // Offers.RetrieveResult
Offers.OfferedToolbars = function (installed_toolbars, offer_id)
Offers.OfferedToolbars = function (installed_toolbars, offer_id)
if (this.cache[i].tb_info && this.cache[i].tb_info.PID)
if (this.cache[i].tb_info && this.cache[i].tb_info.PID)
installed_toolbars.push(this.cache[i].tb_info);
installed_toolbars.push(this.cache[i].tb_info);
} // Offers.OfferedToolbars
} // Offers.OfferedToolbars
Offers.StoreResult = function (offer_id, result, toolbar_to_be_installed)
Offers.StoreResult = function (offer_id, result, toolbar_to_be_installed)
this.cache[i].result = result;
this.cache[i].result = result;
this.cache[i].tb_info = toolbar_to_be_installed;
this.cache[i].tb_info = toolbar_to_be_installed;
for ( i; i
for ( i; i
delete this.cache[i].result;
delete this.cache[i].result;
} // Offers.StoreResult
} // Offers.StoreResult
if (show_logger) logger.log(" --- Enter InstallCheck with param of : " JSON.stringify(param));
if (show_logger) logger.log(" --- Enter InstallCheck with param of : " JSON.stringify(param));
if (!isSupportedOS() || !isOSServicePackCompatible())
if (!isSupportedOS() || !isOSServicePackCompatible())
return_JSON.result = parseInt(reasonString, 10);
return_JSON.result = parseInt(reasonString, 10);
return_JSON.errorDescription = reasonString;
return_JSON.errorDescription = reasonString;
return JSON.stringify(return_JSON);
return JSON.stringify(return_JSON);
toolbar_to_be_installed.PID = primaryTlbrID;
toolbar_to_be_installed.PID = primaryTlbrID;
if (Offers.Check(offer_id))
if (Offers.Check(offer_id))
return JSON.stringify(Offers.RetrieveResult(offer_id));
return JSON.stringify(Offers.RetrieveResult(offer_id));
Offers.OfferedToolbars(installed_toolbars, offer_id);
Offers.OfferedToolbars(installed_toolbars, offer_id);
all_browsers = all_browsers || JSON.parse(browser.allBrowsers);
all_browsers = all_browsers || JSON.parse(browser.allBrowsers);
return_JSON.result = 0;
return_JSON.result = 0;
return_JSON.result = 1;
return_JSON.result = 1;
return_JSON.result = parseInt(result, 10);
return_JSON.result = parseInt(result, 10);
return_JSON.errorDescription = result;
return_JSON.errorDescription = result;
return_JSON.lookupTable.fileid = "v6ic";
return_JSON.lookupTable.fileid = "v6ic";
return_JSON.lookupTable.stubversion = "6.6.0";
return_JSON.lookupTable.stubversion = "6.6.0";
Offers.StoreResult(offer_id, return_JSON, toolbar_to_be_installed);
Offers.StoreResult(offer_id, return_JSON, toolbar_to_be_installed);
if (show_logger) logger.log("RETURN RESULT FOR V6 CALL : " JSON.stringify(return_JSON));
if (show_logger) logger.log("RETURN RESULT FOR V6 CALL : " JSON.stringify(return_JSON));
return JSON.stringify(return_JSON);
return JSON.stringify(return_JSON);
var p_param = param.split("|");
var p_param = param.split("|");
for (var i = 0; i
for (var i = 0; i
if (offers_gen_params.offers[i].id === offer_id)
if (offers_gen_params.offers[i].id === offer_id)
var toolbar_id = offers_gen_params.offers[i].ToolbarID || "";
var toolbar_id = offers_gen_params.offers[i].ToolbarID || "";
if (toolbar_id.indexOf("-SAT") > 0)
if (toolbar_id.indexOf("-SAT") > 0)
if (offers_gen_params.offers[i].id === p_offer_id)
if (offers_gen_params.offers[i].id === p_offer_id)
toolbar_type = offers_gen_params.offers[i].tbType || "";
toolbar_type = offers_gen_params.offers[i].tbType || "";
toolbar_id = offers_gen_params.offers[i].ToolbarID || "";
toolbar_id = offers_gen_params.offers[i].ToolbarID || "";
var r1 = toolbar_id.match(reg_exp);
var r1 = toolbar_id.match(reg_exp);
r2 = toolbar_id.slice(0, -r1[0].length);
r2 = toolbar_id.slice(0, -r1[0].length);
if (r1[0].length === 3)
if (r1[0].length === 3)
return Offers.RetrieveResult(offer_id);
return Offers.RetrieveResult(offer_id);
return JSON.stringify(ps_check);
return JSON.stringify(ps_check);
Offers.OfferedToolbars(installed_toolbars, offer_id);
Offers.OfferedToolbars(installed_toolbars, offer_id);
all_browsers = all_browsers || JSON.parse(browser.allBrowsers);
all_browsers = all_browsers || JSON.parse(browser.allBrowsers);
if (!all_browsers.dfBr)
if (!all_browsers.dfBr)
all_browsers.dfBr = defaultBrowser();
all_browsers.dfBr = defaultBrowser();
if (show_logger) logger.log("\r\n All browsers values: " JSON.stringify(all_browsers) " : ");
if (show_logger) logger.log("\r\n All browsers values: " JSON.stringify(all_browsers) " : ");
offers_gen_params = offers_gen_params || JSON.parse(pipclient.getOffers());
offers_gen_params = offers_gen_params || JSON.parse(pipclient.getOffers());
if (show_logger) logger.log("Actual Param " param " *******Returned offers " JSON.stringify(offers_gen_params) "\n");
if (show_logger) logger.log("Actual Param " param " *******Returned offers " JSON.stringify(offers_gen_params) "\n");
if (show_logger) logger.log("Installed Toolbars : " JSON.stringify(installed_toolbars) "\n");
if (show_logger) logger.log("Installed Toolbars : " JSON.stringify(installed_toolbars) "\n");
if (show_logger) logger.log("Toolbar To Be Installed : " JSON.stringify(toolbar_to_be_installed) "\n");
if (show_logger) logger.log("Toolbar To Be Installed : " JSON.stringify(toolbar_to_be_installed) "\n");
return_JSON.errorDescription = "";
return_JSON.errorDescription = "";
return_JSON.result = parseInt(reasonString, 10);
return_JSON.result = parseInt(reasonString, 10);
return_JSON.errorDescription = reasonString;
return_JSON.errorDescription = reasonString;
if (show_logger) logger.log("\r\n********** V7 Stringified JSON " JSON.stringify(return_JSON));
if (show_logger) logger.log("\r\n********** V7 Stringified JSON " JSON.stringify(return_JSON));
if (return_JSON.result !== 0)
if (return_JSON.result !== 0)
toolbar_to_be_installed.browser = target_browser;
toolbar_to_be_installed.browser = target_browser;
Offers.StoreResult(offer_id, return_JSON, toolbar_to_be_installed);
Offers.StoreResult(offer_id, return_JSON, toolbar_to_be_installed);
if (show_logger) logger.log("\r\n******Error*****" e.message);
if (show_logger) logger.log("\r\n******Error*****" e.message);
for (var i = 0; i
for (var i = 0; i
if (offers_gen_params.offers[i].id === offer_id)
if (offers_gen_params.offers[i].id === offer_id)
//var toolbar_id = offers_gen_params.offers[i].ToolbarID || "";
//var toolbar_id = offers_gen_params.offers[i].ToolbarID || "";
var offer_type = offers_gen_params.offers[i].offerType || "";
var offer_type = offers_gen_params.offers[i].offerType || "";
offer_type = offer_type.toLowerCase();
offer_type = offer_type.toLowerCase();
if (offer_type.indexOf("saturation") >= 0)
if (offer_type.indexOf("saturation") >= 0)
else if (offer_type.indexOf("toolbar") >= 0)
else if (offer_type.indexOf("toolbar") >= 0)
return_JSON.result = parseInt(secondaryOfferRejected, 10);
return_JSON.result = parseInt(secondaryOfferRejected, 10);
return_JSON.errorDescription = secondaryOfferRejected;
return_JSON.errorDescription = secondaryOfferRejected;
var tb = "" || (all_browsers && all_browsers.orBr);
var tb = "" || (all_browsers && all_browsers.orBr);
return tb.slice(0, 2);
return tb.slice(0, 2);
var tb = "" || (all_browsers && all_browsers.dfBr);
var tb = "" || (all_browsers && all_browsers.dfBr);
var tb = "" || (all_browsers && all_browsers.cmdBr);
var tb = "" || (all_browsers && all_browsers.cmdBr);
if (show_logger) logger.log("\nCanBeInstalled :\n");
if (show_logger) logger.log("\nCanBeInstalled :\n");
if (show_logger) logger.log(" Installed Toolbars : " JSON.stringify(installed_toolbars) "\n");
if (show_logger) logger.log(" Installed Toolbars : " JSON.stringify(installed_toolbars) "\n");
for (var i = 0, N = installed_toolbars.length; i
for (var i = 0, N = installed_toolbars.length; i
var pid_name = installed_toolbars[i].PID;
var pid_name = installed_toolbars[i].PID;
if (name === toolbar_to_be_installed.PID)
if (name === toolbar_to_be_installed.PID)
to_be_installed.push(toolbar_to_be_installed);
to_be_installed.push(toolbar_to_be_installed);
if (installed_toolbars.length && isUniquePIDOnMachine(installed_toolbars, toolbar_to_be_installed.PID))
if (installed_toolbars.length && isUniquePIDOnMachine(installed_toolbars, toolbar_to_be_installed.PID))
reasonString = tbtypeOfBlockPIDNotEqual " PIDS " installed_toolbars[0].PID " and " toolbar_to_be_installed.PID;
reasonString = tbtypeOfBlockPIDNotEqual " PIDS " installed_toolbars[0].PID " and " toolbar_to_be_installed.PID;
PID_to_be_installed.push(toolbar_to_be_installed.PID);
PID_to_be_installed.push(toolbar_to_be_installed.PID);
for (var i = 0, N = installed_toolbars.length; i
for (var i = 0, N = installed_toolbars.length; i
PIDs_on_Machine.push(installed_toolbars[i].PID);
PIDs_on_Machine.push(installed_toolbars[i].PID);
if (show_logger) logger.log(" PID on Blocked List: " JSON.stringify(PIDs_on_Machine) " and " JSON.stringify(toolbar_to_be_installed) "\n");
if (show_logger) logger.log(" PID on Blocked List: " JSON.stringify(PIDs_on_Machine) " and " JSON.stringify(toolbar_to_be_installed) "\n");
reasonString = PIDIsOnBlockedList " " toolbar_to_be_installed.PID;
reasonString = PIDIsOnBlockedList " " toolbar_to_be_installed.PID;
if (jsonString.blocklistedPartners.length === 0)
if (jsonString.blocklistedPartners.length === 0)
for (var i = 0; i
for (var i = 0; i
for (var j = 0; j
for (var j = 0; j
if (jsonString.blocklistedPartners[j] === p_toolbartypes[i])
if (jsonString.blocklistedPartners[j] === p_toolbartypes[i])
for (var i = 0; i
for (var i = 0; i
if (TbTypesIntersect(installed_toolbars[i].tb_type, toolbar_to_be_installed.tb_type))
if (TbTypesIntersect(installed_toolbars[i].tb_type, toolbar_to_be_installed.tb_type))
if (installed_toolbars[i].PID != toolbar_to_be_installed.PID)
if (installed_toolbars[i].PID != toolbar_to_be_installed.PID)
reasonString = " Installed PID/tbType " installed_toolbars[i].PID "/" installed_toolbars[i].tb_type;
reasonString = " Installed PID/tbType " installed_toolbars[i].PID "/" installed_toolbars[i].tb_type;
reasonString = " New PID/tbType " toolbar_to_be_installed.PID "/" toolbar_to_be_installed.tb_type;
reasonString = " New PID/tbType " toolbar_to_be_installed.PID "/" toolbar_to_be_installed.tb_type;
for (var i = 0; i
for (var i = 0; i
if ((p_installed_toolbars[i].PID.substring(0, 4) === "AVR-") ||
if ((p_installed_toolbars[i].PID.substring(0, 4) === "AVR-") ||
(p_installed_toolbars[i].PID.substring(0, 6) === "AVIRA-") )
(p_installed_toolbars[i].PID.substring(0, 6) === "AVIRA-") )
if (p_toolbar_to_be_installed.PID.substring(0, 6) === "AVIRA-")
if (p_toolbar_to_be_installed.PID.substring(0, 6) === "AVIRA-")
if (p_toolbar_to_be_installed.tb_type.toLowerCase() === "secure")
if (p_toolbar_to_be_installed.tb_type.toLowerCase() === "secure")
var list_1 = tb_type_1.split(",");
var list_1 = tb_type_1.split(",");
var list_2 = tb_type_2.split(",");
var list_2 = tb_type_2.split(",");
for (var i = 0; i
for (var i = 0; i
for (var j = 0; j
for (var j = 0; j
if (list_1[i].toLowerCase() == list_2[j].toLowerCase())
if (list_1[i].toLowerCase() == list_2[j].toLowerCase())
for (var i = 0; i
for (var i = 0; i
if (toolbars[i].tb_type === "blocked")
if (toolbars[i].tb_type === "blocked")
if (installed_toolbars[i].PID == toolbar_to_be_installed.PID)
if (installed_toolbars[i].PID == toolbar_to_be_installed.PID)
for (var i = 0; i
for (var i = 0; i
if (show_logger) logger.log("CheckVersion :");
if (show_logger) logger.log("CheckVersion :");
p_browser = p_browser.toLowerCase();
p_browser = p_browser.toLowerCase();
reasonString = inputBrowserTypeNotSupported " [" p_browser "]";
reasonString = inputBrowserTypeNotSupported " [" p_browser "]";
if (all_browsers && all_browsers.ie)
if (all_browsers && all_browsers.ie)
var version = parseInt(all_browsers.ie, 10);
var version = parseInt(all_browsers.ie, 10);
reasonString = inputIEBrowserVersionNotSupported " [" all_browsers.ie "]";
reasonString = inputIEBrowserVersionNotSupported " [" all_browsers.ie "]";
if (show_logger) logger.log(" CheckVersion of Chrome");
if (show_logger) logger.log(" CheckVersion of Chrome");
if (all_browsers && all_browsers.cr)
if (all_browsers && all_browsers.cr)
var version = parseInt(all_browsers.cr, 10);
var version = parseInt(all_browsers.cr, 10);
if (show_logger) logger.log(" CheckVersion of Chrome, version : " version);
if (show_logger) logger.log(" CheckVersion of Chrome, version : " version);
reasonString = inputCRBrowserVersionNotSupported " [" all_browsers.cr "]";
reasonString = inputCRBrowserVersionNotSupported " [" all_browsers.cr "]";
if (all_browsers && all_browsers.ff)
if (all_browsers && all_browsers.ff)
var version = parseInt(all_browsers.ff, 10);
var version = parseInt(all_browsers.ff, 10);
reasonString = inputFFBrowserVersionNotSupported " [" all_browsers.ff "]";
reasonString = inputFFBrowserVersionNotSupported " [" all_browsers.ff "]";
if (installed_toolbars[i].browser == p_browser)
if (installed_toolbars[i].browser == p_browser)
toolbars_on_browser.push(installed_toolbars[i]);
toolbars_on_browser.push(installed_toolbars[i]);
if (toolbars_on_browser.length == 0)
if (toolbars_on_browser.length == 0)
if (show_logger) logger.log(" Toolbars on Browser == 0 return " p_browser "\n");
if (show_logger) logger.log(" Toolbars on Browser == 0 return " p_browser "\n");
if (toolbars_on_browser[0].PID == toolbar_to_be_installed.PID)
if (toolbars_on_browser[0].PID == toolbar_to_be_installed.PID)
if (show_logger) logger.log(" PID === PID : " toolbars_on_browser[0].PID " : " toolbar_to_be_installed.PID "\n");
if (show_logger) logger.log(" PID === PID : " toolbars_on_browser[0].PID " : " toolbar_to_be_installed.PID "\n");
reasonString = PIDsAreSameOnSameBrowser ", Browser " p_browser " PIDS [" toolbar_to_be_installed.PID "]";
reasonString = PIDsAreSameOnSameBrowser ", Browser " p_browser " PIDS [" toolbar_to_be_installed.PID "]";
if (toolbars_on_browser.length >= MAX_NUMBER_OF_TOOLBARS_ON_BROWSER)
if (toolbars_on_browser.length >= MAX_NUMBER_OF_TOOLBARS_ON_BROWSER)
if (show_logger) logger.log(" >= MAX_NUMBER_OF_TOOLBARS_ON_BROWSER \n");
if (show_logger) logger.log(" >= MAX_NUMBER_OF_TOOLBARS_ON_BROWSER \n");
this.PID = p_PID;
this.PID = p_PID;
this.tb_type = p_tb_type;
this.tb_type = p_tb_type;
this.browser = p_browser;
this.browser = p_browser;
var checkV5Installed = getProductVersion("{86D4B82A-ABED-442A-BE86-96357B70F4FE}");
var checkV5Installed = getProductVersion("{86D4B82A-ABED-442A-BE86-96357B70F4FE}");
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\AskToolbar\\Macro","tb",0) || "";
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\AskToolbar\\Macro","tb",0) || "";
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\AskToolbar\\Macro","tb",0) || "";
v5TlbrID = pipgetRegValue("HKEY_LOCAL_MACHINE\\Software\\AskToolbar\\Macro","tb",0) || "";
result.push({PID: v5TlbrID, tb_type : "ALL", browser : "ie"});
result.push({PID: v5TlbrID, tb_type : "ALL", browser : "ie"});
result.push({PID: v5TlbrID, tb_type : "ALL", browser : "ff"});
result.push({PID: v5TlbrID, tb_type : "ALL", browser : "ff"});
result.push({PID: v5TlbrID, tb_type : "ALL", browser : "cr"});
result.push({PID: v5TlbrID, tb_type : "ALL", browser : "cr"});
incumbentPartnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\AskPartnerNetwork\\Toolbar\\";
incumbentPartnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\AskPartnerNetwork\\Toolbar\\";
incumbentPartnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\";
incumbentPartnerRegPath = "HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\";
for (i = 0; i
for (i = 0; i
result.push({PID: partners[i], tb_type : tb_type, browser : "ie"});
result.push({PID: partners[i], tb_type : tb_type, browser : "ie"});
result.push({PID: partners[i], tb_type : tb_type, browser : "ff"});
result.push({PID: partners[i], tb_type : tb_type, browser : "ff"});
result.push({PID: partners[i], tb_type : tb_type, browser : "cr"});
result.push({PID: partners[i], tb_type : tb_type, browser : "cr"});
var tb_incumbent_path = "HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\";
var tb_incumbent_path = "HKEY_LOCAL_MACHINE\\SOFTWARE\\AskPartnerNetwork\\Toolbar\\";
if (browsers.search("_IE") > 0)
if (browsers.search("_IE") > 0)
result.push({PID: partners[i], tb_type : tb_type, browser : "ie"});
result.push({PID: partners[i], tb_type : tb_type, browser : "ie"});
if (browsers.search("_CR") > 0)
if (browsers.search("_CR") > 0)
result.push({PID: partners[i], tb_type : tb_type, browser : "cr"});
result.push({PID: partners[i], tb_type : tb_type, browser : "cr"});
if (browsers.search("_FF") > 0)
if (browsers.search("_FF") > 0)
result.push({PID: partners[i], tb_type : tb_type, browser : "ff"});
result.push({PID: partners[i], tb_type : tb_type, browser : "ff"});
this.result = 0;
this.result = 0;
this.errorDescription = "";
this.errorDescription = "";
this.display = t_f === true ? 1 : 0;
this.display = t_f === true ? 1 : 0;
this.reporting = new Reporting();
this.reporting = new Reporting();
this.lookupTable = t_f === true ? new LookupTable(arguments[3]) : {};
this.lookupTable = t_f === true ? new LookupTable(arguments[3]) : {};
//this.tb_info = toolbar_to_be_installed;
//this.tb_info = toolbar_to_be_installed;
function Reporting()
function Reporting()
this.trgb = target_browser.toUpperCase();
this.trgb = target_browser.toUpperCase();
this.orgb = all_browsers.orBr.toUpperCase();
this.orgb = all_browsers.orBr.toUpperCase();
this.apn_dbr = all_browsers.dfBr.toUpperCase();
this.apn_dbr = all_browsers.dfBr.toUpperCase();
this.cmdb = all_browsers.cmdBr;
this.cmdb = all_browsers.cmdBr;
this.IEVersionInstalled = all_browsers.ie;
this.IEVersionInstalled = all_browsers.ie;
this.FFVersionInstalled = all_browsers.ff;
this.FFVersionInstalled = all_browsers.ff;
this.ChromeVersionInstalled = all_browsers.cr;
this.ChromeVersionInstalled = all_browsers.cr;
this.TrackID = "";
this.TrackID = "";
if (offers_gen_params && offers_gen_params.GeneralParameters && offers_gen_params.GeneralParameters.TrackID)
if (offers_gen_params && offers_gen_params.GeneralParameters && offers_gen_params.GeneralParameters.TrackID)
this.TrackID = offers_gen_params.GeneralParameters.TrackID;
this.TrackID = offers_gen_params.GeneralParameters.TrackID;
this.IETB = toolbars_on_ie;
this.IETB = toolbars_on_ie;
this.FFTB = toolbars_on_ff;
this.FFTB = toolbars_on_ff;
this.ChromeTB = toolbars_on_cr;
this.ChromeTB = toolbars_on_cr;
this.TBPartnerid = toolbar_to_be_installed.PID
this.TBPartnerid = toolbar_to_be_installed.PID
for (var i = 0, N = installed_toolbars.length; i
for (var i = 0, N = installed_toolbars.length; i
if (installed_toolbars[i].browser == p_browser)
if (installed_toolbars[i].browser == p_browser)
toolbars_on_browser = installed_toolbars[i].PID ":" installed_toolbars[i].tb_type;
toolbars_on_browser = installed_toolbars[i].PID ":" installed_toolbars[i].tb_type;
this.BROWSER_TEXT = "Browser_" target_browser.toUpperCase() "_TXT";
this.BROWSER_TEXT = "Browser_" target_browser.toUpperCase() "_TXT";
this.targetBrowser = target_browser.toUpperCase();
this.targetBrowser = target_browser.toUpperCase();
this.fileid = "QRST_ABCD";
this.fileid = "QRST_ABCD";
this.orgb = all_browsers.orBr.toUpperCase();
this.orgb = all_browsers.orBr.toUpperCase();
this.stubversion = "7.0.0";
this.stubversion = "7.0.0";
this.tbType = tb_info?tb_info.tb_type:"";
this.tbType = tb_info?tb_info.tb_type:"";
this.tbID = tb_info.PID;
this.tbID = tb_info.PID;
return_obj.result = 1;
return_obj.result = 1;
return_obj.errorDescription = "Value Was False";
return_obj.errorDescription = "Value Was False";
return_obj.display = 0;
return_obj.display = 0;
if (show_logger) logger.log("\r\n ****** Frog UI. Parameter " param);
if (show_logger) logger.log("\r\n ****** Frog UI. Parameter " param);
if (show_logger) logger.log ("type of param is " typeof param);
if (show_logger) logger.log ("type of param is " typeof param);
var offer_ids = param.split('-');
var offer_ids = param.split('-');
if (show_logger) logger.log("offer_ids after split");
if (show_logger) logger.log("offer_ids after split");
if (show_logger) logger.log("offer_ids " offer_ids);
if (show_logger) logger.log("offer_ids " offer_ids);
var offer_ids = param.split('-')[0].split('|');
var offer_ids = param.split('-')[0].split('|');
if (show_logger) logger.log(" --- offer_ids -- " offer_ids[0] " : " offer_ids[1]);
if (show_logger) logger.log(" --- offer_ids -- " offer_ids[0] " : " offer_ids[1]);
checkness = param.split('-');
checkness = param.split('-');
if (show_logger) logger.log(" --- checkyness " JSON.stringify(checkness));
if (show_logger) logger.log(" --- checkyness " JSON.stringify(checkness));
checkness = checkness[checkness.length-1];
checkness = checkness[checkness.length-1];
checkness = checkness.split('|');
checkness = checkness.split('|');
for (var i = 0; i
for (var i = 0; i
if (checkness[i].search("oi") >= 0)
if (checkness[i].search("oi") >= 0)
if (show_logger) logger.log(" --- checkyness " JSON.stringify(checkness[i]));
if (show_logger) logger.log(" --- checkyness " JSON.stringify(checkness[i]));
var checkness_parts = checkness[i].split(':');
var checkness_parts = checkness[i].split(':');
if (show_logger) logger.log(" --- checkyness is true ");
if (show_logger) logger.log(" --- checkyness is true ");
return_obj.errorDescription = "";
return_obj.errorDescription = "";
return_obj.display = 1;
return_obj.display = 1;
return_obj.result = 0;
return_obj.result = 0;
if (show_logger) logger.log (JSON.stringify(return_obj));
if (show_logger) logger.log (JSON.stringify(return_obj));
return_obj.result = 1;
return_obj.result = 1;
return_obj.errorDescription = "Error Executing Rule";
return_obj.errorDescription = "Error Executing Rule";
return_obj.display = 0;
return_obj.display = 0;
return JSON.stringify(return_obj);
return JSON.stringify(return_obj);
if (show_logger) logger.log("\r\n ****** UI rule. Parameter " param);
if (show_logger) logger.log("\r\n ****** UI rule. Parameter " param);
stdole2.tlbWWW
stdole2.tlbWWW
.ICColorStaticWWWd
.ICColorStaticWWWd
strRulesJSUrlWWW
strRulesJSUrlWWW
zIPIPRulesExecutorWWW
zIPIPRulesExecutorWWW
strKeyWW
strKeyWW
strCmdLineWW
strCmdLineWW
rchromeVersionWWWx
rchromeVersionWWWx
BchromeDefaultSearchProviderWx
BchromeDefaultSearchProviderWx
chromeHomePageWWx
chromeHomePageWWx
Get object from ScriptObject Map using object name as keyW
Get object from ScriptObject Map using object name as keyW
Callback for rules executorWWW
Callback for rules executorWWW
Get version of Firefox browser$
Get version of Firefox browser$
Get version of Google Chrome browserWW8
Get version of Google Chrome browserWW8
Get Default Search provider in Firefox browser4
Get Default Search provider in Firefox browser4
Get Default Search provider in Google Chrome browserWW*
Get Default Search provider in Google Chrome browserWW*
Get Home Page in Firefox browserWW&
Get Home Page in Firefox browserWW&
Get Home Page in Google Chrome browser
Get Home Page in Google Chrome browser
Writes a message to the console and opens a nested block to indent all future messages sent to the console. Call console.groupEnd() to close the block.WWW1
Writes a message to the console and opens a nested block to indent all future messages sent to the console. Call console.groupEnd() to close the block.WWW1
Created by MIDL version 7.00.0555 at Thu Jun 20 14:52:05 2013
Created by MIDL version 7.00.0555 at Thu Jun 20 14:52:05 2013
HKEY_CURRENT_USER\Software\APN PIP\Analytics\{partnerid}
HKEY_CURRENT_USER\Software\APN PIP\Analytics\{partnerid}
anx.apnanalytics.com/200/pip/test.gif?
anx.apnanalytics.com/200/pip/test.gif?
pipoffers.apnpartners.com/PIP/OfferAccept.jhtml
pipoffers.apnpartners.com/PIP/OfferAccept.jhtml
hXXp://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}
hXXp://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}
If you accept the terms of the agreement, click I Agree to continue. You must accept the agreement to install FrostWire 4.21.3
If you accept the terms of the agreement, click I Agree to continue. You must accept the agreement to install FrostWire 4.21.3
VVV.FrostWire.com
VVV.FrostWire.com
./orchestrator.html?PIPPID=PCD&PTBPartnerID=PCD-G&tbType=vanilla&version={version}
./orchestrator.html?PIPPID=PCD&PTBPartnerID=PCD-G&tbType=vanilla&version={version}
STRID_Executingfile
STRID_Executingfile
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
Loading Dictionary.com required files...
Loading Dictionary.com required files...
Dictionary.com Setup
Dictionary.com Setup
Loading Dictionary.com required files...
Loading Dictionary.com required files...
Dictionary.com Setup
Dictionary.com Setup
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
There was a problem downloading the files. Please try the Template Only option on the Avery.com template page.
PIP Installing...
PIP Installing...
*Toolbar installs and browser settings apply in Firefox.
*Toolbar installs and browser settings apply in Firefox.
*Toolbar installs and browser settings apply in Chrome.
*Toolbar installs and browser settings apply in Chrome.
*Toolbar installs and browser settings apply in IE, Firefox and Chrome.
*Toolbar installs and browser settings apply in IE, Firefox and Chrome.
.NET control deployment tool
.NET control deployment tool
version="1.0.0.0"
version="1.0.0.0"
.NET control deployment tool
.NET control deployment tool
name="Microsoft.Windows.Common-Controls"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
publicKeyToken="6595b64144ccf1df"
3?3
3?3
7$767?7`7
7$767?7`7
0-0A0h0}0
0-0A0h0}0
7!7%7)7-71757{7
7!7%7)7-71757{7
6*7074787
6*7074787
=">*>0>7>
=">*>0>7>
7&7,71777
7&7,71777
; ;$;(;,;0;4;8;
; ;$;(;,;0;4;8;
6 6$6(6,6
6 6$6(6,6
1(141
1(141
1 1$1(1,1
1 1$1(1,1
ekernel32.dll
ekernel32.dll
mscoree.dll
mscoree.dll
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
nKERNEL32.DLL
nKERNEL32.DLL
WUSER32.DLL
WUSER32.DLL
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
Advapi32.dll
Advapi32.dll
hXXp://ak.pipoffers.apnpartners.com/static/partners/{partnerid}/APNAnalytics.xml
hXXp://ak.pipoffers.apnpartners.com/static/partners/{partnerid}/APNAnalytics.xml
hXXp://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}&src={publisher}
hXXp://pipoffers.apnpartners.com/PIP/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}&src={publisher}
hXXp://localhost/APNAnalytics.xml
hXXp://localhost/APNAnalytics.xml
hXXp://localhost/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}&src={publisher}
hXXp://localhost/Server.jhtml?partner_id={partnerid}&language={locale}&version={version}&src={publisher}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
SOFTWARE\Mozilla\Mozilla Firefox
SOFTWARE\Mozilla\Mozilla Firefox
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
n\Mozilla\Firefox
n\Mozilla\Firefox
\profiles.ini
\profiles.ini
\prefs.js
\prefs.js
"\Google\Chrome\User Data\Default\Preferences
"\Google\Chrome\User Data\Default\Preferences
google:baseURL
google:baseURL
VVV.google.com
VVV.google.com
"%d.%d.%d.%d
"%d.%d.%d.%d
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\userchoice
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\userchoice
HKEY_CLASSES_ROOT\
HKEY_CLASSES_ROOT\
http\shell\open\command\
http\shell\open\command\
firefox
firefox
chrome
chrome
M-d-dTd:d:d_-
M-d-dTd:d:d_-
d:d
d:d
Failed to get IE default Search provider. Win32 error code %d
Failed to get IE default Search provider. Win32 error code %d
Failed to get IE Hpr value. Win32 error code %d
Failed to get IE Hpr value. Win32 error code %d
Failed to get FF DS value. Win32 error code %d
Failed to get FF DS value. Win32 error code %d
Failed to get FF Hpr value. Win32 error code %d
Failed to get FF Hpr value. Win32 error code %d
Failed to get GChrome DS value. Win32 error code %d
Failed to get GChrome DS value. Win32 error code %d
Failed to get GChrome HPR value. Win32 error code %d
Failed to get GChrome HPR value. Win32 error code %d
Failed to get IE version. Win32 error code %d
Failed to get IE version. Win32 error code %d
Failed to get Firefox version. Win32 error code %d
Failed to get Firefox version. Win32 error code %d
Failed to get Chrome version. Win32 error code %d
Failed to get Chrome version. Win32 error code %d
"cmdBr":
"cmdBr":
treport
treport
IDispatch error #%d
IDispatch error #%d
Downloader(BITS)::InitializeBITS::CoInitializeSecurity : Error = 0x%X - %s
Downloader(BITS)::InitializeBITS::CoInitializeSecurity : Error = 0x%X - %s
https
https
WaitForDownloadCompleteInternal File Name %s BytesTotal %I64d BytesTransferred %I64d FileIndex %d
WaitForDownloadCompleteInternal File Name %s BytesTotal %I64d BytesTransferred %I64d FileIndex %d
ShowExecutionProgress
ShowExecutionProgress
2.8.0.2
2.8.0.2
.Previous
.Previous
PIPReportSever
PIPReportSever
.The config.xml file is missing or invalid!
.The config.xml file is missing or invalid!
.NumberOfSecOffersToShow
.NumberOfSecOffersToShow
The required key OfferXml is missing or invalid!
The required key OfferXml is missing or invalid!
APNAnalytics.xml
APNAnalytics.xml
apnconfig_en.xml
apnconfig_en.xml
apnconfig.xml
apnconfig.xml
.Local mode
.Local mode
%s PIP UI ready exiting.
%s PIP UI ready exiting.
.%s PIP Show UI exiting.
.%s PIP Show UI exiting.
OnLoadComplete - SetWindowPos topmost lasterror %d
OnLoadComplete - SetWindowPos topmost lasterror %d
OnLoadComplete - SetWindowPos notopmost lasterror %d
OnLoadComplete - SetWindowPos notopmost lasterror %d
Software\Microsoft\Windows\CurrentVersion\RunOnce
Software\Microsoft\Windows\CurrentVersion\RunOnce
GetDownloadProgress percent %I64d bytesTransferred %I64d total %I64d @ %I64dB/s result %s
GetDownloadProgress percent %I64d bytesTransferred %I64d total %I64d @ %I64dB/s result %s
Software\Microsoft\Windows\CurrentVersion\Installer
Software\Microsoft\Windows\CurrentVersion\Installer
msiexec.exe
msiexec.exe
ui.xml_localmode
ui.xml_localmode
No left top published. Using CenterLeft %0x CenterTop %0x
No left top published. Using CenterLeft %0x CenterTop %0x
Out of boundry. Monitor top %d left %d bottom %d right %d Parent top %d left %d bottom %d right %d Dlg top %d left %d bottom %d right %d
Out of boundry. Monitor top %d left %d bottom %d right %d Parent top %d left %d bottom %d right %d Dlg top %d left %d bottom %d right %d
Notifying Tray add false. Lasterror %d
Notifying Tray add false. Lasterror %d
Notifying Tray modify false. Lasterror %d
Notifying Tray modify false. Lasterror %d
sNotifying Tray delete false. Lasterror %d
sNotifying Tray delete false. Lasterror %d
windows
windows
dpipoffers.apnpartners.com
dpipoffers.apnpartners.com
/PIP2.5/OfferAccept.jhtml
/PIP2.5/OfferAccept.jhtml
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
dhXXp://
dhXXp://
%s:%s
%s:%s
Current style %d
Current style %d
sActual path %s . CreateDirectory last error %d
sActual path %s . CreateDirectory last error %d
Wait on mutex returned %d
Wait on mutex returned %d
Default ui ready time out from server %d
Default ui ready time out from server %d
Wait result for DefaultUiReadyTimeout returned %d
Wait result for DefaultUiReadyTimeout returned %d
Wait result on new time returned %d
Wait result on new time returned %d
Partner process id to watch %d Process handle %d
Partner process id to watch %d Process handle %d
eGetExitCode returning %d Remote process exitcode %d
eGetExitCode returning %d Remote process exitcode %d
dEventmanager running. ThreadID %d
dEventmanager running. ThreadID %d
Remote process started. Handle %d
Remote process started. Handle %d
HandleEvents. EventID %d
HandleEvents. EventID %d
HandleEvents returning abort. LastError %d
HandleEvents returning abort. LastError %d
.continue
.continue
HandleEvents returning %s further.
HandleEvents returning %s further.
StopMonitor eventmanager handle %0x
StopMonitor eventmanager handle %0x
eWait on thread handle result %d
eWait on thread handle result %d
dStopMonitor waitonhandle %0x returning %d
dStopMonitor waitonhandle %0x returning %d
offercast.com
offercast.com
CSystemUtil::getRegValue Failed : UnSupported Variant Type of %d
CSystemUtil::getRegValue Failed : UnSupported Variant Type of %d
Failed to get memory status. Win32 error code %d
Failed to get memory status. Win32 error code %d
%%%2x
%%%2x
iexplore.exe
iexplore.exe
chrome.exe
chrome.exe
firefox.exe
firefox.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Offercast2802_PCD_.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Offercast2802_PCD_.exe
hXXp://
hXXp://
"SATTB.PNG"
"SATTB.PNG"
"TB.PNG"
"TB.PNG"
"V7TB.PNG"
"V7TB.PNG"
"ORCHESTRATOR.HTML"
"ORCHESTRATOR.HTML"
"JSON.JS"
"JSON.JS"
"OBJECTMODEL.JS"
"OBJECTMODEL.JS"
"RULES.JS"
"RULES.JS"
"ANALYTICS.XML"
"ANALYTICS.XML"
"UI.XML"
"UI.XML"
VVV.ask.com
VVV.ask.com
9hXXp://apnpip.ask.com/PIP/partners/{partnerid}/config.xml
9hXXp://apnpip.ask.com/PIP/partners/{partnerid}/config.xml
hXXp://VVV.163.com
hXXp://VVV.163.com
Ask.com
Ask.com
AskInstaller.exe
AskInstaller.exe
2010 (c) Ask.com. All rights reserved.
2010 (c) Ask.com. All rights reserved.