Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 301c88cae3b189bb4c65ff97cb810d1e
SHA1: b3836879a3744ebc5c30a4c6b347f044d39be03a
SHA256: 723423dcfe5f1b468f79f789a475d9585b2d9d367550dc10c7aa7f37c70f143d
SSDeep: 24576:Qhwv6RjKJ7OYu7qgOgJ5yVihLKuovdmPrqiTGdaOcIZb:mxKxgJEViRKd1yr5TKDcy
Size: 941080 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Carambis (MEDIA FOG LTD.)
Created at: 2014-12-18 10:22:46
Analyzed on: Windows7Ada SP1 64-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
APNSetup1.exe:448
TBNotifier.exe:580
vcredist_x86.exe:820
carambis_driver_updater_24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.exe:2764
IdcLdr.exe:1860
IdcLdr.exe:1584
%original file name%.exe:1912
APNSetup.exe:2700
apnmcp.exe:2292
vcredist_x64.exe:3060
Setup.exe:1060
Setup.exe:1840
Offercast2910_NDV_.exe:1904
Offercast2910_NDV_.exe:2988
MsiExec.exe:208
MsiExec.exe:1172
IdcLdr_x64.exe:2888
The Trojan injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process APNSetup1.exe:448 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll (272 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll (561 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\apnmcp.exe (178 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml (308 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1212 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaaadgepjkdffhjbkfjgnnffnfcffbg.json (285 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_F7B10375EAC02BAADDA45DA11949EA52 (1 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe (156 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll (460 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_NDV-SP@apn.ask.com.xpi (765 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (97 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml (2 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\searchhook.dll (73 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\AskToolbarInstaller-12.28.1_NDV-SP.msi (516 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1034.mst (40 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\APN-Stub\NDV-SP\Stb8665fac0-1198-479e-85d6-725d8d40bbe1.log (8720 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1043.mst (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_45BA4D4769FDB8508CEACDC73D403554 (1212 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1049.mst (37 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\common appdata\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx (698 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1041.mst (39 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\Setup[1].ini (808 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1045.mst (37 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1033.mst (13 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml (180 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe (182 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (111 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx (565 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Toolbar.exe (390 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\Setup.ini (155 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1031.mst (43 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1036.mst (41 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\SO.dll (677 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll (11 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll (45 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe (105 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\toolbar.dll (223 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_45BA4D4769FDB8508CEACDC73D403554 (1 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1040.mst (41 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\2070.mst (38 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (171 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\ApnSetup.exe (4545 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll (130 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_F7B10375EAC02BAADDA45DA11949EA52 (1194 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe (114 bytes)
The process TBNotifier.exe:580 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\ProgramData\AskPartnerNetwork\Toolbar\NDV-SP\Updater\Config\Config.31.19.1.0-5.xml (179 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\favicon[1].ico (1150 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{4B94FF28-B18F-4714-9B39-398825D1D9E1}.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apnuosearch.xml (818 bytes)
C:\ProgramData\AskPartnerNetwork\Toolbar\NDV-SP\Updater\Response\Response.31.19.1.0-0.xml (315 bytes)
The process vcredist_x86.exe:820 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\8292de540935f07b706498\3082\SetupResources.dll (18 bytes)
C:\8292de540935f07b706498\2052\LocalizedData.xml (31 bytes)
C:\8292de540935f07b706498\ParameterInfo.xml (62 bytes)
C:\8292de540935f07b706498\1041\LocalizedData.xml (926 bytes)
C:\8292de540935f07b706498\SetupUi.xsd (581 bytes)
C:\8292de540935f07b706498\1036\SetupResources.dll (18 bytes)
C:\8292de540935f07b706498\1040\eula.rtf (3438 bytes)
C:\8292de540935f07b706498\1031\SetupResources.dll (18 bytes)
C:\8292de540935f07b706498\Graphics\Setup.ico (590 bytes)
C:\8292de540935f07b706498\Strings.xml (14 bytes)
C:\8292de540935f07b706498\Graphics\warn.ico (10 bytes)
C:\8292de540935f07b706498\Graphics\Rotate1.ico (894 bytes)
C:\8292de540935f07b706498\Setup.exe (1013 bytes)
C:\8292de540935f07b706498\3082\eula.rtf (2558 bytes)
C:\8292de540935f07b706498\Graphics\Rotate7.ico (894 bytes)
C:\8292de540935f07b706498\1033\eula.rtf (7 bytes)
C:\8292de540935f07b706498\Graphics\Print.ico (1 bytes)
C:\8292de540935f07b706498\3082\LocalizedData.xml (930 bytes)
C:\8292de540935f07b706498\UiInfo.xml (1883 bytes)
C:\8292de540935f07b706498\SplashScreen.bmp (1098 bytes)
C:\8292de540935f07b706498\Graphics\Rotate6.ico (894 bytes)
C:\8292de540935f07b706498\2052\eula.rtf (3430 bytes)
C:\8292de540935f07b706498\SetupEngine.dll (12353 bytes)
C:\8292de540935f07b706498\1042\LocalizedData.xml (737 bytes)
C:\8292de540935f07b706498\1049\SetupResources.dll (172 bytes)
C:\8292de540935f07b706498\vc_red.msi (1604 bytes)
C:\8292de540935f07b706498\1036\LocalizedData.xml (1028 bytes)
C:\8292de540935f07b706498\DHtmlHeader.html (16 bytes)
C:\8292de540935f07b706498\DisplayIcon.ico (1950 bytes)
C:\8292de540935f07b706498\1049\LocalizedData.xml (690 bytes)
C:\8292de540935f07b706498\vc_red.cab (60660 bytes)
C:\8292de540935f07b706498\Graphics\Rotate2.ico (894 bytes)
C:\8292de540935f07b706498\1028\eula.rtf (3039 bytes)
C:\8292de540935f07b706498\SetupUi.dll (4781 bytes)
C:\8292de540935f07b706498\Graphics\SysReqMet.ico (1 bytes)
C:\8292de540935f07b706498\Graphics\stop.ico (10 bytes)
C:\8292de540935f07b706498\1042\eula.rtf (5133 bytes)
C:\8292de540935f07b706498\sqmapi.dll (2482 bytes)
C:\8292de540935f07b706498\1049\eula.rtf (2548 bytes)
C:\8292de540935f07b706498\Graphics (4 bytes)
C:\8292de540935f07b706498\1028\SetupResources.dll (14 bytes)
C:\8292de540935f07b706498\Graphics\Rotate4.ico (894 bytes)
C:\8292de540935f07b706498\Graphics\Rotate3.ico (894 bytes)
C:\8292de540935f07b706498\1031\eula.rtf (2315 bytes)
C:\8292de540935f07b706498\1040\SetupResources.dll (222 bytes)
C:\8292de540935f07b706498\1036\eula.rtf (2994 bytes)
C:\8292de540935f07b706498\1040\LocalizedData.xml (740 bytes)
C:\8292de540935f07b706498\Graphics\Rotate8.ico (894 bytes)
C:\8292de540935f07b706498\Graphics\Rotate5.ico (894 bytes)
C:\8292de540935f07b706498\1033\SetupResources.dll (17 bytes)
C:\8292de540935f07b706498\Graphics\Save.ico (1 bytes)
C:\8292de540935f07b706498\1031\LocalizedData.xml (1388 bytes)
C:\8292de540935f07b706498\1028\LocalizedData.xml (326 bytes)
C:\8292de540935f07b706498\header.bmp (7 bytes)
C:\8292de540935f07b706498\watermark.bmp (5264 bytes)
C:\8292de540935f07b706498\$shtdwn$.req (788 bytes)
C:\8292de540935f07b706498\1041\eula.rtf (2730 bytes)
C:\8292de540935f07b706498 (4 bytes)
C:\8292de540935f07b706498\1041\SetupResources.dll (15 bytes)
C:\8292de540935f07b706498\2052\SetupResources.dll (594 bytes)
C:\8292de540935f07b706498\Graphics\SysReqNotMet.ico (1 bytes)
C:\8292de540935f07b706498\1042\SetupResources.dll (15 bytes)
C:\8292de540935f07b706498\1033\LocalizedData.xml (596 bytes)
The process carambis_driver_updater_24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.exe:2764 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Offercast2910_NDV_.exe (33440 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\nsProcess.dll (12 bytes)
%Program Files% (x86)\Carambis\Driver Updater\htmlayout.dll (31856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\nsDialogs.dll (21 bytes)
%Program Files% (x86)\Carambis\Driver Updater\Win32\Installer.exe (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_EN.ini (6 bytes)
%Program Files% (x86)\Carambis\Driver Updater\CrashSender.exe (20624 bytes)
%Program Files% (x86)\Carambis\Driver Updater\CrashRpt.dll (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_JP.ini (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\ElevatePrivileges.dll (3398 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_IT.ini (7 bytes)
%Program Files% (x86)\Carambis\Driver Updater\imageformats\qico4.dll (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\ioSpecial.ini (28236 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Driver Updater.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_RU.ini (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_ES.ini (8 bytes)
%Program Files% (x86)\Carambis\Driver Updater\dbghelp.dll (33455 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_FR.ini (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\Registry.dll (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\InstallOptions.dll (31 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\execDos.dll (13 bytes)
%Program Files% (x86)\Carambis\Driver Updater\QtNetwork4.dll (33391 bytes)
%Program Files% (x86)\Carambis\Driver Updater\QtGui4.dll (272329 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carambis\Driver Updater\Uninstall.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\vcredist_x86.exe (165566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\LangDLL.dll (13 bytes)
%Program Files% (x86)\Carambis\Driver Updater\sqlite3.dll (8184 bytes)
%Program Files% (x86)\Carambis\Driver Updater\dupdater.exe (131786 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\System.dll (23 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carambis\Driver Updater\Driver Updater.lnk (1 bytes)
%Program Files% (x86)\Carambis\Driver Updater\QtXml4.dll (12088 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_DE.ini (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\installer_translate.ini (6456 bytes)
C:\Users\Public\Desktop\Driver Updater.lnk (1 bytes)
%Program Files% (x86)\Carambis\Driver Updater\x64\Installer.exe (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\modern-wizard.bmp (5520 bytes)
%Program Files% (x86)\Carambis\Driver Updater\QtCore4.dll (76650 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\vcredist_x64.exe (182477 bytes)
%Program Files% (x86)\Carambis\Driver Updater\uninstall.exe (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\welcome.bmp (5520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\modern-header.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx53E.tmp (914302 bytes)
%Program Files% (x86)\Carambis\Driver Updater\libcurl.dll (8184 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\list-bullet.bmp (102 bytes)
The process IdcLdr.exe:1860 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe (857 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll (3073 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll (3361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (845 bytes)
The process IdcLdr.exe:1584 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (114 bytes)
The process %original file name%.exe:1912 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\carambis_driver_updater_24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.exe (5158553 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.txt (512 bytes)
The process APNSetup.exe:2700 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\ProgramData\APN\APN-Stub\NDV-SP\stampbin.dat (8 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\ChromeUtils (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_45BA4D4769FDB8508CEACDC73D403554 (1504 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (696 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_F7B10375EAC02BAADDA45DA11949EA52 (1 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP (4 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\Setup[1].ini (808 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\Setup.ini (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_45BA4D4769FDB8508CEACDC73D403554 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_F7B10375EAC02BAADDA45DA11949EA52 (1480 bytes)
The process vcredist_x64.exe:3060 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\a2bc9aa8af392cd2c7e7be\Graphics\stop.ico (10 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\SysReqNotMet.ico (1 bytes)
C:\a2bc9aa8af392cd2c7e7be\1040\LocalizedData.xml (979 bytes)
C:\a2bc9aa8af392cd2c7e7be\SetupEngine.dll (12353 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Setup.ico (809 bytes)
C:\a2bc9aa8af392cd2c7e7be\3082\SetupResources.dll (18 bytes)
C:\a2bc9aa8af392cd2c7e7be\SplashScreen.bmp (1098 bytes)
C:\a2bc9aa8af392cd2c7e7be\sqmapi.dll (2482 bytes)
C:\a2bc9aa8af392cd2c7e7be\1028\LocalizedData.xml (565 bytes)
C:\a2bc9aa8af392cd2c7e7be\1033\LocalizedData.xml (1027 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate2.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\vc_red.cab (70265 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate8.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate7.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\ParameterInfo.xml (282 bytes)
C:\a2bc9aa8af392cd2c7e7be (4 bytes)
C:\a2bc9aa8af392cd2c7e7be\$shtdwn$.req (788 bytes)
C:\a2bc9aa8af392cd2c7e7be\1031\SetupResources.dll (18 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate6.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\SysReqMet.ico (1 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Save.ico (1 bytes)
C:\a2bc9aa8af392cd2c7e7be\SetupUi.xsd (581 bytes)
C:\a2bc9aa8af392cd2c7e7be\1042\LocalizedData.xml (976 bytes)
C:\a2bc9aa8af392cd2c7e7be\1049\SetupResources.dll (391 bytes)
C:\a2bc9aa8af392cd2c7e7be\vc_red.msi (2392 bytes)
C:\a2bc9aa8af392cd2c7e7be\watermark.bmp (5264 bytes)
C:\a2bc9aa8af392cd2c7e7be\1028\SetupResources.dll (14 bytes)
C:\a2bc9aa8af392cd2c7e7be\3082\LocalizedData.xml (150 bytes)
C:\a2bc9aa8af392cd2c7e7be\DHtmlHeader.html (16 bytes)
C:\a2bc9aa8af392cd2c7e7be\1036\LocalizedData.xml (672 bytes)
C:\a2bc9aa8af392cd2c7e7be\1040\eula.rtf (2985 bytes)
C:\a2bc9aa8af392cd2c7e7be\1033\eula.rtf (7 bytes)
C:\a2bc9aa8af392cd2c7e7be\1041\SetupResources.dll (15 bytes)
C:\a2bc9aa8af392cd2c7e7be\1028\eula.rtf (3478 bytes)
C:\a2bc9aa8af392cd2c7e7be\1042\SetupResources.dll (15 bytes)
C:\a2bc9aa8af392cd2c7e7be\2052\eula.rtf (3141 bytes)
C:\a2bc9aa8af392cd2c7e7be\1049\LocalizedData.xml (909 bytes)
C:\a2bc9aa8af392cd2c7e7be\1036\SetupResources.dll (666 bytes)
C:\a2bc9aa8af392cd2c7e7be\1031\LocalizedData.xml (840 bytes)
C:\a2bc9aa8af392cd2c7e7be\SetupUi.dll (4781 bytes)
C:\a2bc9aa8af392cd2c7e7be\1049\eula.rtf (2867 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics (4 bytes)
C:\a2bc9aa8af392cd2c7e7be\2052\LocalizedData.xml (31 bytes)
C:\a2bc9aa8af392cd2c7e7be\DisplayIcon.ico (1950 bytes)
C:\a2bc9aa8af392cd2c7e7be\header.bmp (7 bytes)
C:\a2bc9aa8af392cd2c7e7be\Setup.exe (1013 bytes)
C:\a2bc9aa8af392cd2c7e7be\UiInfo.xml (1318 bytes)
C:\a2bc9aa8af392cd2c7e7be\1031\eula.rtf (2414 bytes)
C:\a2bc9aa8af392cd2c7e7be\1041\LocalizedData.xml (142 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate3.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate1.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\1033\SetupResources.dll (17 bytes)
C:\a2bc9aa8af392cd2c7e7be\2052\SetupResources.dll (833 bytes)
C:\a2bc9aa8af392cd2c7e7be\3082\eula.rtf (2657 bytes)
C:\a2bc9aa8af392cd2c7e7be\1041\eula.rtf (3169 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\warn.ico (10 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate5.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\1042\eula.rtf (5772 bytes)
C:\a2bc9aa8af392cd2c7e7be\Strings.xml (14 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Print.ico (1 bytes)
C:\a2bc9aa8af392cd2c7e7be\1036\eula.rtf (3123 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate4.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\1040\SetupResources.dll (461 bytes)
The process Setup.exe:1060 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C 2010 x86 Redistributable Setup_20150515_204643649.html (147736 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIE0BE.tmp.html (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup_20150515_204643509.html (51982 bytes)
C:\8292de540935f07b706498\sqmapi.dll (147 bytes)
C:\8292de540935f07b706498\SetupEngine.dll (811 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C 2010 x86 Redistributable Setup_20150515_204643649-MSI_vc_red.msi.txt (158631 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIE18C.tmp.html (27528 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup_20150515_2 (2036 bytes)
The process Setup.exe:1840 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\a2bc9aa8af392cd2c7e7be\SetupEngine.dll (811 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIF6AE.tmp.html (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIF79B.tmp.html (27528 bytes)
C:\a2bc9aa8af392cd2c7e7be\sqmapi.dll (147 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C 2010 x64 Redistributable Setup_20150515_204649296.html (156720 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C 2010 x64 Redistributable Setup_20150515_204649296-MSI_vc_red.msi.txt (149727 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup_20150515_204649140.html (51982 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup_20150515_2 (692 bytes)
The process Offercast2910_NDV_.exe:1904 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\CRPrimary-ext1[1].png (1931 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\IEPrimary-ext.png (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\scrolltext[1].xml (3389 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\IEPrimary-ext[1].png (1929 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\pipcore-min[1].js (37170 bytes)
C:\Users\"%CurrentUserName%"\Documents\APNSetup1.exe (9025 bytes)
C:\Users\"%CurrentUserName%"\Documents\APNSetup.exe (9025 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\APNAnalytics.xml (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\scrolltext.xml (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\orchestrator1[1].htm (1462 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\APNAnalytics[1].xml (583 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CRPrimary-ext1.png (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\install[1].ico (2344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\install.ico (13 bytes)
The process Offercast2910_NDV_.exe:2988 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\OBJECTMODEL.JS (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\JSON.JS (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\SATTB.PNG (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\UI.XML (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\LOADINGSCREEN.PNG (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\V7TB.PNG (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ORCHESTRATOR.HTML (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\TB.PNG (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ANALYTICS.XML (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\RULES.JS (60 bytes)
The process MsiExec.exe:208 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Windows\Installer\MSID013.tmp (208 bytes)
C:\Windows\Installer\MSID143.tmp (208 bytes)
C:\Windows\Installer\MSICDCD.tmp (208 bytes)
C:\Windows\Installer\MSICFC3.tmp (208 bytes)
C:\Windows\Installer\MSID092.tmp (208 bytes)
C:\Windows\Installer\MSID0B2.tmp (208 bytes)
C:\Windows\Installer\MSICDAD.tmp (208 bytes)
C:\Windows\Installer\MSICD0F.tmp (208 bytes)
C:\Windows\Installer\MSICC91.tmp (208 bytes)
C:\Windows\Installer\MSID0D3.tmp (208 bytes)
C:\Windows\Installer\MSID053.tmp (208 bytes)
C:\Windows\Installer\MSICFE4.tmp (208 bytes)
C:\Windows\Installer\MSICD6E.tmp (208 bytes)
C:\Windows\Installer\MSID102.tmp (208 bytes)
C:\Windows\Installer\MSICE0D.tmp (208 bytes)
C:\Windows\Installer\MSID123.tmp (208 bytes)
The process MsiExec.exe:1172 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Windows\Installer\MSID24F.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll (11 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll (1281 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1036.mst (41 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1049.mst (37 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll (1425 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1041.mst (39 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe (2105 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (172 bytes)
C:\Windows\Installer\MSID4C3.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (49 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll (3073 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll (12 bytes)
C:\Windows\Installer\MSID454.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_NDV-SP@apn.ask.com.xpi (5441 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll (3361 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\SO.dll (4545 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1031.mst (43 bytes)
C:\Windows\Installer\MSID1F0.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\common appdata\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx (4545 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1043.mst (41 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1040.mst (41 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml (2 bytes)
C:\Windows\Installer\MSID966.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1034.mst (40 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\2070.mst (38 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\AskToolbarInstaller-12.28.1_NDV-SP.msi (3073 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1033.mst (13 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx (3361 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (14988 bytes)
C:\Windows\Installer\MSID493.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1045.mst (37 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaaadgepjkdffhjbkfjgnnffnfcffbg.json (285 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll (45 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml (308 bytes)
C:\Windows\Installer\MSID2DC.tmp (208 bytes)
C:\Windows\Installer\MSID9B5.tmp (208 bytes)
The process IdcLdr_x64.exe:2888 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll (131 bytes)
Registry activity
The process APNSetup1.exe:448 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "14 B1 4F 02 37 8F D0 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Classes\Local Settings\MuiCache\2F\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4A 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"
"WpadDecisionTime" = "DF 13 6D 3D 37 8F D0 01"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"APN-Stub_NDV-SP" = "C:\ProgramData\APN\APN-Stub\NDV-SP\ApnSetup.exe /install=NDV-SP /dtid=default /trgb=IE /type=vanilla,vanspe /hpr=1 /log /install=NDV-SP /dtid=default /trgb=IE /type=vanilla,vanspe /sa=1 /log /install=NDV-SP /dtid=default /trgb=CR /type=vanilla,vanspe /crcrx=aaaaadgepjkdffhjbkfjgnnffnfcffbg /log /sa=1 /hpr=1 /runonce"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"APN-Stub_NDV-SP"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"APN-Stub_NDV-SP"
The process TBNotifier.exe:580 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableHPGUserGuide" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ff_tb" = "4294967292"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIEDSByPass" = "0"
"switches/enableIENTG" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "7F 37 DB 42 37 8F D0 01"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ff_hpr" = "0"
"cr_countDisabled" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"LastPlatformVersion" = "12.28.1.1293"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"hpr_ff_set" = "0"
"sa_ie" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableHPG" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"dailyconfigupdateime" = "2015-05-15T20:47:47"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableGCStartupPage" = "1"
"switches/enableNTHP" = "1"
"switches/enableGCDefaultSearchGuard" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"cr_nt" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableHPGBurstMode" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4C 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableToolbarCleaner" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ie_browserRestarted" = "0"
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.search.ask.com/?tpid=NDV-SP&o=APN10975&pf=V7&trgb=IE&p2=^B2X^YYYYYY^YY^UA&gct=hp&apn_ptnrs=^B2X&apn_dtid=^YYYYYY^YY^UA&apn_dbr=iexplore.exe_6_10.0.9200.16521&apn_uid=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&itbv=12.28.1.1293&doi=2015-05-15&psv=&pt=tb"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"ie_last_hpr" = "http://www.search.ask.com/?tpid=NDV-SP&o=APN10975&pf=V7&trgb=IE&p2=^B2X^YYYYYY^YY^UA&gct=hp&apn_ptnrs=^B2X&apn_dtid=^YYYYYY^YY^UA&apn_dbr=iexplore.exe_6_10.0.9200.16521&apn_uid=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&itbv=12.28.1.1293&doi=2015-05-15&psv=&pt=tb"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B94FF28-B18F-4714-9B39-398825D1D9E1}]
"ShowSearchSuggestions" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"hpr_ie" = "http://www.search.ask.com/?tpid=NDV-SP&o=APN10975&pf=V7&trgb=IE&p2=^B2X^YYYYYY^YY^UA&gct=hp&apn_ptnrs=^B2X&apn_dtid=^YYYYYY^YY^UA&apn_dbr=iexplore.exe_6_10.0.9200.16521&apn_uid=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&itbv=12.28.1.1293&doi=2015-05-15&psv=&pt=tb"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ie_countDisabled" = "0"
"ie_hpr" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"hpr_cr_set" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"nthp_prev" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"nthp_ie_set" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIEIDC" = "1"
"switches/enableGCRetakeOffer" = "0"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B94FF28-B18F-4714-9B39-398825D1D9E1}]
"URL" = "http://www.search.ask.com/web?tpid=NDV-SP&o=APN10975&pf=V7&p2=^B2X^YYYYYY^YY^UA&gct=&itbv=12.28.1.1293&apn_uid=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&apn_ptnrs=^B2X&apn_dtid=^YYYYYY^YY^UA&apn_dbr=iexplore.exe_6_10.0.9200.16521&doi=2015-05-15&trgb=IE&q={searchTerms}&psv=&pt=tb"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\Shutdown]
"Done" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableFFRestart" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIENTRebuttal" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"sa_cr_set" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableGCEnableAssist" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ff_countEnabled" = "0"
"cr_ds" = "0"
"cr_browserRestarted" = "0"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B94FF28-B18F-4714-9B39-398825D1D9E1}]
"FaviconURL" = "http://www.search.ask.com/favicon.ico"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableFFRevert" = "1"
"switches/enableGCIDC" = "1"
[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"hpr_ie_set" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"iedsgdisable" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"cr_tb" = "4294967292"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"sa_ie_set" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ie_countEnabled" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\Reporting]
"lastUpdateCallLatency" = "999"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"cr_start" = "0"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B94FF28-B18F-4714-9B39-398825D1D9E1}]
"DisplayName" = "Ask Search"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"last_ds" = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableGCRestart" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%SystemRoot%\system32]
"p2pcollab.dll,-8042" = "Peer to Peer Trust"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ie_nt" = "0"
"ff_nt" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "DF 13 6D 3D 37 8F D0 01"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIEDSRebuttal" = "1"
"switches/enableIETakeDSAssist" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ff_crm" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"ierhp" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableGCSideLoad" = "1"
"switches/enableFFToolbarProtection" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"cr_signin" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"ie_tb_set" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIEReacquisition" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"timeinstalled_ie" = "2015-05-15T12:47:44"
"sa_ff_set" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableGC32Rebuttal" = "1"
"switches/enableChromeSearchProtection" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"assetLost" = "Type: REG_SZ, Length: 0"
"cr_countEnabled" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIEToolbarProtection" = "1"
"switches/enableGCStockURLMonitor" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\Shutdown]
"LO" = "65 E7 03 A5 B2 39 74 70 E7 F1 AE 91 F1 E0 AA 3C"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ff_countDisabled" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableGCNewTabGuard" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ie_ds" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\Reporting]
"lastConfigDnldLatency" = "561"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"postinstallreportstate" = "0"
"nthp_ie" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"cr_hb" = "0"
"ff_browserRestarted" = "0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableSmartIDC" = "0"
"switches/enableIEHPRebuttal" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"Comp" = "Type: REG_SZ, Length: 0"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIEDSG" = "0"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B94FF28-B18F-4714-9B39-398825D1D9E1}]
"SuggestionsURL_JSON" = "http://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={searchTerms}"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableFFHPG" = "0"
"switches/enableIERestart" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"timeinstalled" = "2015-05-15T12:47:44"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ie_tb" = "4294967293"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B94FF28-B18F-4714-9B39-398825D1D9E1}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{4B94FF28-B18F-4714-9B39-398825D1D9E1}.ico"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableVNT" = "1"
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B94FF28-B18F-4714-9B39-398825D1D9E1}]
"OSDFileURL" = "file:///C:/Users/adm/AppData/Local/Temp/apnuosearch.xml"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"tbnguid" = "3CBBACF0-15D0-44D7-A238-A35DD11B65B4"
[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%SystemRoot%\system32]
"dnsapi.dll,-103" = "Domain Name System (DNS) Server Trust"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIEDefaultSearchAssist" = "1"
"switches/enableStartSingleBrowser" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following registry key(s):
[HKCU\Software\Classes\Local Settings\MuiCache\2F\52C64B7E]
[HKCU\Software\Classes\Local Settings\MuiCache\2F]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"PreventGCDSReset"
"iedsg_changed"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"ientgdisable"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"hpgdisable"
"last_ds"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\Shutdown]
"Lo"
The process carambis_driver_updater_24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.exe:2764 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\APN PIP\NDV]
"Top" = "235"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater]
"InstallLocation" = "%Program Files% (x86)\Carambis\Driver Updater"
[HKCU\Software\Carambis\Driver Updater]
"subalias" = ""
"PartnerId" = "lbdu"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater]
"URLInfoAbout" = ""
"RegCompany" = "Carambis"
[HKCU\Software\Carambis\Driver Updater\generalSettings]
"Language" = "EN"
[HKCU\Software\APN PIP\NDV]
"Show_UI" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater]
"NoRepair" = "1"
"NoModify" = "1"
"DisplayVersion" = "2.4.1.3369"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\LOADINGSCREEN.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\SATTB.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\TB.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\V7TB.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ORCHESTRATOR.HTML, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\JSON.JS, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\OBJECTMODEL.JS, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\RULES.JS, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ANALYTICS.XML, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\UI.XML, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\nsProcess.dll,"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater]
"DisplayName" = "Carambis Driver Updater"
"DisplayIcon" = "%Program Files% (x86)\Carambis\Driver Updater\dupdater.exe"
"HelpLink" = ""
[HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\goalojoobcfkhddpbjcmhdceeegmaphh]
"update_url" = "http://clients2.google.com/service/update2/crx"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater]
"Publisher" = "MEDIA FOG LTD"
[HKCU\Software\Carambis\Driver Updater\generalSettings]
"scanAtStartupEnabled" = "true"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater]
"UninstallString" = "%Program Files% (x86)\Carambis\Driver Updater\uninstall.exe"
[HKCU\Software\Carambis\Driver Updater]
"VID" = "445"
[HKCU\Software\Carambis\Driver Updater\generalSettings]
"launchProgramAtStartupEnabled" = "true"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater]
"Comments" = "Carambis (MEDIA FOG LTD). All rights reserved."
[HKCU\Software\Carambis\Driver Updater]
"InstallOptions" = "1"
[HKCU\Software\APN PIP\NDV]
"Left" = "606"
"Start_Install" = "1"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Driver Updater" = "%Program Files% (x86)\Carambis\Driver Updater\dupdater.exe -minimized"
The Trojan deletes the following value(s) in system registry:
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Driver Updater"
The process IdcLdr.exe:1860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process %original file name%.exe:1912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process APNSetup.exe:2700 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "14 B1 4F 02 37 8F D0 01"
[HKCU\Software\Classes\Local Settings\MuiCache\2F\52C64B7E\@%SystemRoot%\system32]
"p2pcollab.dll,-8042" = "Peer to Peer Trust"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Classes\Local Settings\MuiCache\2F\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"
[HKCU\Software\Classes\Local Settings\MuiCache\2F\52C64B7E\@%SystemRoot%\system32]
"dnsapi.dll,-103" = "Domain Name System (DNS) Server Trust"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 49 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"
"WpadDecisionTime" = "DF 13 6D 3D 37 8F D0 01"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"APN-Stub_NDV-SP" = "C:\ProgramData\APN\APN-Stub\NDV-SP\ApnSetup.exe /install=NDV-SP /dtid=default /trgb=IE /type=vanilla,vanspe /hpr=1 /log /install=NDV-SP /dtid=default /trgb=IE /type=vanilla,vanspe /sa=1 /log /install=NDV-SP /dtid=default /trgb=CR /type=vanilla,vanspe /crcrx=aaaaadgepjkdffhjbkfjgnnffnfcffbg /log /sa=1 /hpr=1 /runonce"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"APN-Stub_NDV-SP"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"APN-Stub_NDV-SP"
The process apnmcp.exe:2292 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\PackageService]
"lrpt" = "2015-05-15T17:48:46"
[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\PackageService\Register\ApnSetupV6]
"LastCheckTimestamp" = "2015-05-15T17:48:46"
The process Setup.exe:1060 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"
The process Setup.exe:1840 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32]
"dnsapi.dll,-103" = "Domain Name System (DNS) Server Trust"
[HKCU\Software\Classes\Local Settings\MuiCache\2E\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32]
"p2pcollab.dll,-8042" = "Peer to Peer Trust"
The Trojan deletes the following registry key(s):
[HKCU\Software\Classes\Local Settings\MuiCache\2D]
[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
The process Offercast2910_NDV_.exe:1904 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\APN PIP\NDV]
"Top" = "274"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\APN PIP\NDV]
"PIP_Exit_Code" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\APN PIP\NDV]
"PIP_Offers_Exitcode" = ""
"PIP_Offers_Launched" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "14 B1 4F 02 37 8F D0 01"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "14 B1 4F 02 37 8F D0 01"
[HKCU\Software\APN PIP\NDV]
"PIP_Top" = "235"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\LOADINGSCREEN.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\SATTB.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\TB.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\V7TB.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ORCHESTRATOR.HTML, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\JSON.JS, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\OBJECTMODEL.JS, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\RULES.JS, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ANALYTICS.XML, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\UI.XML, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\nsProcess.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\, , \??\C:\Users\"%CurrentUserName%"\Documents\APNSetup.exe,"
[HKCU\Software\APN PIP\NDV]
"PIP_Toolbar_Exitcode" = "APNSetup.exe:55000 | APNSetup1.exe:55000"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\APN PIP\NDV]
"Left" = "617"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"
[HKCU\Software\APN PIP\NDV]
"PIP_UI_Ready" = "1"
"PIP_Left" = "606"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 48 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"
[HKCU\Software\APN PIP\ipc\NDV]
"Uirt" = "20"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\APN PIP\NDV]
"PIP_UI_Complete" = "1"
"PIP_Toolbar_Launched" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKCU\Software\APN PIP\NDV]
"PIP_SkipAll" = "0"
"PIP_Toolbar_Selection" = "hpr:true|ds:true|oi:true"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\APN PIP\NDV]
"Top"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\APN PIP\NDV]
"Left"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\APN PIP\NDV]
"Show_UI"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKCU\Software\APN PIP\ipc\NDV]
"Uirt"
[HKCU\Software\APN PIP\NDV]
"Cancel_PIP"
"Start_Install"
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"PIP"
The process Offercast2910_NDV_.exe:2988 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "14 B1 4F 02 37 8F D0 01"
[HKCU\Software\APN PIP\NDV]
"Top" = "274"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\LOADINGSCREEN.PNG,"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"
[HKCU\Software\APN PIP\NDV]
"Left" = "617"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4B 00 00 00 09 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following registry key(s):
[HKCU\Software\APN PIP\ipc\NDV]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\APN PIP\NDV]
"Top"
"PIP_Exit_Code"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"
[HKCU\Software\APN PIP\NDV]
"Show_UI"
"PIP_Offers_Exitcode"
"PIP_Offers_Launched"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoDetect"
[HKCU\Software\APN PIP\NDV]
"PIP_Top"
"PIP_Toolbar_Exitcode"
"PIP_SkipAll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
[HKCU\Software\APN PIP\NDV]
"PIP_UI_Ready"
"Cancel_PIP"
"PIP_Toolbar_Selection"
"PIP_Offers_Selection"
"PIP_UI_Complete"
"PIP_Toolbar_Launched"
"Left"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
[HKCU\Software\APN PIP\NDV]
"PIP_Left"
[HKCU\Software\APN PIP\ipc\NDV]
"Uirt"
[HKCU\Software\APN PIP\NDV]
"Start_Install"
The process MsiExec.exe:1172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\Toolbar\NDV-SP\Macro]
"dtid" = "^YYYYYY^YY^UA"
"longitude" = "36.25"
"cbid" = "^B2X"
"dsdesc" = "Ask Search"
"dbr" = "iexplore.exe_6_10.0.9200.16521"
"P2" = "^B2X^YYYYYY^YY^UA"
[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\Toolbar\shared]
"TotalTBEverLanded" = "1"
[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\Toolbar\NDV-SP\Macro]
"tb-type" = "vanilla,vanspe"
"qsrc" = "2871"
"Domain" = "www.search.ask.com"
"apnuSwitches" = "0!1!2|3!4!5!6!7!8!9!12|13!14!17|19!20!23!24!25!26!27|28!29|30!31!33!34|35|36|38!39!40!41!44!45|"
"PSV" = ""
"tb-attrib" = "0"
"Guid" = "77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0"
"iedsast" = ""
"location" = "Kharkiv,Ukraine"
"o" = "APN10975"
"l" = "dis"
"gco" = "APN10975cr"
[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\Toolbar\NDV-SP\Info]
"Browsers" = "1_IE"
[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\Toolbar\NDV-SP\Macro]
"iedsgl" = "0"
"latitude" = "50.0"
"trgb" = "IE"
"dssn" = "Ask Search"
"pf" = "V7"
"nthp" = "1"
"slwo" = "0"
"Locale" = "en_US"
[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\Toolbar\shared]
"tbsinstalled" = "NDV-SP"
[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\Toolbar\NDV-SP\Macro]
"dbgrpt" = "0,1"
Dropped PE files
MD5 | File path |
---|---|
d4b69c33199f0df1f4af2cf8b3d01af5 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe |
ca0eb7b9276abf02c421358b74624d83 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Passport.dll |
f5a86c21beda9481877024c7310e2f74 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Passport_x64.dll |
f99218793560b339c053484e4e05c326 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe |
d8afb9a31748bed9e42881cd19fd18ac | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\SO.dll |
e15c6bb651876be555e8f0c123161954 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe |
44d94ed3042f017dc1028c6126a796cf | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe |
8c1fc674241c8b5d2b0fbd93d7725417 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll |
d2d8d500bb9de5bb8d5170e590b2f955 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe |
f8c905c17205c5a9bfe2a23bbca1c816 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe |
3bdb596ba4471ccba2e1cec0d7b908e4 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe |
7dc35908ac8ab97ba98332aea466536a | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll |
aaf4ce19eff7db1b7bafd413496cda4f | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll |
76e3146b2dec6e03ceab9aa672ab4b35 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll |
ab4a62655520bb9d1da87aad0ca35291 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll |
4f1f1783fbd5edce63cd546813e4aafe | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe |
2bb7e9a887f26cdb5c19c76636e85394 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe |
0fc15680e2214d8f535dba9264e8df8e | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll |
0812f64624ac50edaf91c8bd7ae6dcc0 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll |
2eed640a2bc090ef395e135ccd4f0e94 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll |
ca0eb7b9276abf02c421358b74624d83 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll |
f5a86c21beda9481877024c7310e2f74 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll |
d8afb9a31748bed9e42881cd19fd18ac | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll |
e15c6bb651876be555e8f0c123161954 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe |
44d94ed3042f017dc1028c6126a796cf | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe |
8c1fc674241c8b5d2b0fbd93d7725417 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll |
d2d8d500bb9de5bb8d5170e590b2f955 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe |
f8c905c17205c5a9bfe2a23bbca1c816 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe |
3bdb596ba4471ccba2e1cec0d7b908e4 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe |
7dc35908ac8ab97ba98332aea466536a | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll |
aaf4ce19eff7db1b7bafd413496cda4f | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll |
76e3146b2dec6e03ceab9aa672ab4b35 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll |
ab4a62655520bb9d1da87aad0ca35291 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll |
4f1f1783fbd5edce63cd546813e4aafe | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe |
2bb7e9a887f26cdb5c19c76636e85394 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe |
0fc15680e2214d8f535dba9264e8df8e | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll |
0812f64624ac50edaf91c8bd7ae6dcc0 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll |
2eed640a2bc090ef395e135ccd4f0e94 | c:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll |
f71ba7c61956c3a00cee850b98891608 | c:\Program Files (x86)\Carambis\Driver Updater\CrashRpt.dll |
ccd478e4a08bb83db81521fed1e5b88d | c:\Program Files (x86)\Carambis\Driver Updater\CrashSender.exe |
ea37841d5cb8b9a5cab82685a40d7665 | c:\Program Files (x86)\Carambis\Driver Updater\QtCore4.dll |
960bc206b92ef49eede264547a946872 | c:\Program Files (x86)\Carambis\Driver Updater\QtGui4.dll |
e247189e0541907e6d915ef5d48e7bed | c:\Program Files (x86)\Carambis\Driver Updater\QtNetwork4.dll |
f298649615aeb4239d17746d28950bab | c:\Program Files (x86)\Carambis\Driver Updater\QtXml4.dll |
860a39d4d771a77ec5ec9850e112e84a | c:\Program Files (x86)\Carambis\Driver Updater\Win32\Installer.exe |
5c5e3afd499e5146fef1da5ef8a23205 | c:\Program Files (x86)\Carambis\Driver Updater\dbghelp.dll |
d20dcb3663fa7a8052342b1051b73da8 | c:\Program Files (x86)\Carambis\Driver Updater\dupdater.exe |
76f6bfa7c57acd6c83faea94b150e974 | c:\Program Files (x86)\Carambis\Driver Updater\htmlayout.dll |
840c0aad3d67b850f284d7fa14bcd3c1 | c:\Program Files (x86)\Carambis\Driver Updater\imageformats\qico4.dll |
1f90550de4a785daa703c6f4045df1ec | c:\Program Files (x86)\Carambis\Driver Updater\libcurl.dll |
3cb54463ea2c41b8203eb604baf09577 | c:\Program Files (x86)\Carambis\Driver Updater\sqlite3.dll |
0dac2baa7c035c9879082f55661b7429 | c:\Program Files (x86)\Carambis\Driver Updater\uninstall.exe |
ff2e3cfcfd519085389395bf07db341c | c:\Program Files (x86)\Carambis\Driver Updater\x64\Installer.exe |
aac7ed76e8de83f80d866efe99121f2a | c:\Program Files (x86)\Common Files\microsoft shared\VC\msdia100.dll |
b95b713b23abed30f3919c173f7851ef | c:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll |
f8c905c17205c5a9bfe2a23bbca1c816 | c:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe |
3bdb596ba4471ccba2e1cec0d7b908e4 | c:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe |
7dc35908ac8ab97ba98332aea466536a | c:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll |
aaf4ce19eff7db1b7bafd413496cda4f | c:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll |
76e3146b2dec6e03ceab9aa672ab4b35 | c:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll |
ab4a62655520bb9d1da87aad0ca35291 | c:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll |
1f8eb0a08612a515c49bd636b5c987bf | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Offercast2910_NDV_.exe |
d9cb1e2a326a3b29b9c4a6a3ffbfbb3a | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\carambis_driver_updater_24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.exe |
f0438a894f3a7e01a4aae8d1b5dd0289 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\nsProcess.dll |
d4b69c33199f0df1f4af2cf8b3d01af5 | c:\Users\"%CurrentUserName%"\Documents\APNSetup.exe |
d4b69c33199f0df1f4af2cf8b3d01af5 | c:\Users\"%CurrentUserName%"\Documents\APNSetup1.exe |
36d7d05505951f542922df4c725cc57d | c:\Windows\SysWOW64\atl100.dll |
07bccdcc337d393d7db0b2f8fe200b3f | c:\Windows\SysWOW64\mfc100.dll |
8bf73faa44c897c1812f2dacf0eaaf8a | c:\Windows\SysWOW64\mfc100chs.dll |
4ad997573259d5bbf211d9fb2bba3db0 | c:\Windows\SysWOW64\mfc100cht.dll |
5f522204b79025f0d5870076111409f3 | c:\Windows\SysWOW64\mfc100deu.dll |
d21165b7dbcc968cd829c00608f5694e | c:\Windows\SysWOW64\mfc100enu.dll |
81c0790dbd237317e4ba2908f53e045a | c:\Windows\SysWOW64\mfc100esn.dll |
bdb98792ce6c2654f14e1bf47263527b | c:\Windows\SysWOW64\mfc100fra.dll |
3301a48ec56740776326760858936bcd | c:\Windows\SysWOW64\mfc100ita.dll |
6a7f31c6fafea0ef7f17a9b17b247254 | c:\Windows\SysWOW64\mfc100jpn.dll |
b5a093f44e7e5c618a7698839df6583c | c:\Windows\SysWOW64\mfc100kor.dll |
6d163d436251978d14e4c80f33385d76 | c:\Windows\SysWOW64\mfc100rus.dll |
f841f32ad816dbf130f10d86fab99b1a | c:\Windows\SysWOW64\mfc100u.dll |
09ff12bae0eb3e6e688609095390d34b | c:\Windows\SysWOW64\mfcm100.dll |
9bf0cb63876ba82b8178ec733f6510c7 | c:\Windows\SysWOW64\mfcm100u.dll |
03e9314004f504a14a61c3d364b62f66 | c:\Windows\SysWOW64\msvcp100.dll |
67ec459e42d3081dd8fd34356f7cafc1 | c:\Windows\SysWOW64\msvcr100.dll |
631945c6518533a9fadaaa8e98f4ab5b | c:\Windows\SysWOW64\vcomp100.dll |
36d7d05505951f542922df4c725cc57d | c:\Windows\System32\atl100.dll |
07bccdcc337d393d7db0b2f8fe200b3f | c:\Windows\System32\mfc100.dll |
8bf73faa44c897c1812f2dacf0eaaf8a | c:\Windows\System32\mfc100chs.dll |
4ad997573259d5bbf211d9fb2bba3db0 | c:\Windows\System32\mfc100cht.dll |
5f522204b79025f0d5870076111409f3 | c:\Windows\System32\mfc100deu.dll |
d21165b7dbcc968cd829c00608f5694e | c:\Windows\System32\mfc100enu.dll |
81c0790dbd237317e4ba2908f53e045a | c:\Windows\System32\mfc100esn.dll |
bdb98792ce6c2654f14e1bf47263527b | c:\Windows\System32\mfc100fra.dll |
3301a48ec56740776326760858936bcd | c:\Windows\System32\mfc100ita.dll |
6a7f31c6fafea0ef7f17a9b17b247254 | c:\Windows\System32\mfc100jpn.dll |
b5a093f44e7e5c618a7698839df6583c | c:\Windows\System32\mfc100kor.dll |
6d163d436251978d14e4c80f33385d76 | c:\Windows\System32\mfc100rus.dll |
f841f32ad816dbf130f10d86fab99b1a | c:\Windows\System32\mfc100u.dll |
09ff12bae0eb3e6e688609095390d34b | c:\Windows\System32\mfcm100.dll |
9bf0cb63876ba82b8178ec733f6510c7 | c:\Windows\System32\mfcm100u.dll |
03e9314004f504a14a61c3d364b62f66 | c:\Windows\System32\msvcp100.dll |
67ec459e42d3081dd8fd34356f7cafc1 | c:\Windows\System32\msvcr100.dll |
631945c6518533a9fadaaa8e98f4ab5b | c:\Windows\System32\vcomp100.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
APNSetup1.exe:448
TBNotifier.exe:580
vcredist_x86.exe:820
carambis_driver_updater_24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.exe:2764
IdcLdr.exe:1860
IdcLdr.exe:1584
%original file name%.exe:1912
APNSetup.exe:2700
apnmcp.exe:2292
vcredist_x64.exe:3060
Setup.exe:1060
Setup.exe:1840
Offercast2910_NDV_.exe:1904
Offercast2910_NDV_.exe:2988
MsiExec.exe:208
MsiExec.exe:1172
IdcLdr_x64.exe:2888 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll (272 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll (561 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\apnmcp.exe (178 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml (308 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1212 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaaadgepjkdffhjbkfjgnnffnfcffbg.json (285 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_F7B10375EAC02BAADDA45DA11949EA52 (1 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe (156 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll (460 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_NDV-SP@apn.ask.com.xpi (765 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (97 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml (2 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\searchhook.dll (73 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\AskToolbarInstaller-12.28.1_NDV-SP.msi (516 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1034.mst (40 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\APN-Stub\NDV-SP\Stb8665fac0-1198-479e-85d6-725d8d40bbe1.log (8720 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1043.mst (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_45BA4D4769FDB8508CEACDC73D403554 (1212 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1049.mst (37 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\common appdata\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx (698 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1041.mst (39 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\Setup[1].ini (808 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1045.mst (37 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1033.mst (13 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml (180 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe (182 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (111 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx (565 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Toolbar.exe (390 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\Setup.ini (155 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1031.mst (43 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1036.mst (41 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\SO.dll (677 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll (11 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll (45 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe (105 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\toolbar.dll (223 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_45BA4D4769FDB8508CEACDC73D403554 (1 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1040.mst (41 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\2070.mst (38 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (171 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\ApnSetup.exe (4545 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll (130 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_F7B10375EAC02BAADDA45DA11949EA52 (1194 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe (114 bytes)
C:\ProgramData\AskPartnerNetwork\Toolbar\NDV-SP\Updater\Config\Config.31.19.1.0-5.xml (179 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\favicon[1].ico (1150 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{4B94FF28-B18F-4714-9B39-398825D1D9E1}.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apnuosearch.xml (818 bytes)
C:\ProgramData\AskPartnerNetwork\Toolbar\NDV-SP\Updater\Response\Response.31.19.1.0-0.xml (315 bytes)
C:\8292de540935f07b706498\3082\SetupResources.dll (18 bytes)
C:\8292de540935f07b706498\2052\LocalizedData.xml (31 bytes)
C:\8292de540935f07b706498\ParameterInfo.xml (62 bytes)
C:\8292de540935f07b706498\1041\LocalizedData.xml (926 bytes)
C:\8292de540935f07b706498\SetupUi.xsd (581 bytes)
C:\8292de540935f07b706498\1036\SetupResources.dll (18 bytes)
C:\8292de540935f07b706498\1040\eula.rtf (3438 bytes)
C:\8292de540935f07b706498\1031\SetupResources.dll (18 bytes)
C:\8292de540935f07b706498\Graphics\Setup.ico (590 bytes)
C:\8292de540935f07b706498\Strings.xml (14 bytes)
C:\8292de540935f07b706498\Graphics\warn.ico (10 bytes)
C:\8292de540935f07b706498\Graphics\Rotate1.ico (894 bytes)
C:\8292de540935f07b706498\Setup.exe (1013 bytes)
C:\8292de540935f07b706498\3082\eula.rtf (2558 bytes)
C:\8292de540935f07b706498\Graphics\Rotate7.ico (894 bytes)
C:\8292de540935f07b706498\1033\eula.rtf (7 bytes)
C:\8292de540935f07b706498\Graphics\Print.ico (1 bytes)
C:\8292de540935f07b706498\3082\LocalizedData.xml (930 bytes)
C:\8292de540935f07b706498\UiInfo.xml (1883 bytes)
C:\8292de540935f07b706498\SplashScreen.bmp (1098 bytes)
C:\8292de540935f07b706498\Graphics\Rotate6.ico (894 bytes)
C:\8292de540935f07b706498\2052\eula.rtf (3430 bytes)
C:\8292de540935f07b706498\SetupEngine.dll (12353 bytes)
C:\8292de540935f07b706498\1042\LocalizedData.xml (737 bytes)
C:\8292de540935f07b706498\1049\SetupResources.dll (172 bytes)
C:\8292de540935f07b706498\vc_red.msi (1604 bytes)
C:\8292de540935f07b706498\1036\LocalizedData.xml (1028 bytes)
C:\8292de540935f07b706498\DHtmlHeader.html (16 bytes)
C:\8292de540935f07b706498\DisplayIcon.ico (1950 bytes)
C:\8292de540935f07b706498\1049\LocalizedData.xml (690 bytes)
C:\8292de540935f07b706498\vc_red.cab (60660 bytes)
C:\8292de540935f07b706498\Graphics\Rotate2.ico (894 bytes)
C:\8292de540935f07b706498\1028\eula.rtf (3039 bytes)
C:\8292de540935f07b706498\SetupUi.dll (4781 bytes)
C:\8292de540935f07b706498\Graphics\SysReqMet.ico (1 bytes)
C:\8292de540935f07b706498\Graphics\stop.ico (10 bytes)
C:\8292de540935f07b706498\1042\eula.rtf (5133 bytes)
C:\8292de540935f07b706498\sqmapi.dll (2482 bytes)
C:\8292de540935f07b706498\1049\eula.rtf (2548 bytes)
C:\8292de540935f07b706498\1028\SetupResources.dll (14 bytes)
C:\8292de540935f07b706498\Graphics\Rotate4.ico (894 bytes)
C:\8292de540935f07b706498\Graphics\Rotate3.ico (894 bytes)
C:\8292de540935f07b706498\1031\eula.rtf (2315 bytes)
C:\8292de540935f07b706498\1040\SetupResources.dll (222 bytes)
C:\8292de540935f07b706498\1036\eula.rtf (2994 bytes)
C:\8292de540935f07b706498\1040\LocalizedData.xml (740 bytes)
C:\8292de540935f07b706498\Graphics\Rotate8.ico (894 bytes)
C:\8292de540935f07b706498\Graphics\Rotate5.ico (894 bytes)
C:\8292de540935f07b706498\1033\SetupResources.dll (17 bytes)
C:\8292de540935f07b706498\Graphics\Save.ico (1 bytes)
C:\8292de540935f07b706498\1031\LocalizedData.xml (1388 bytes)
C:\8292de540935f07b706498\1028\LocalizedData.xml (326 bytes)
C:\8292de540935f07b706498\header.bmp (7 bytes)
C:\8292de540935f07b706498\watermark.bmp (5264 bytes)
C:\8292de540935f07b706498\$shtdwn$.req (788 bytes)
C:\8292de540935f07b706498\1041\eula.rtf (2730 bytes)
C:\8292de540935f07b706498\1041\SetupResources.dll (15 bytes)
C:\8292de540935f07b706498\2052\SetupResources.dll (594 bytes)
C:\8292de540935f07b706498\Graphics\SysReqNotMet.ico (1 bytes)
C:\8292de540935f07b706498\1042\SetupResources.dll (15 bytes)
C:\8292de540935f07b706498\1033\LocalizedData.xml (596 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Offercast2910_NDV_.exe (33440 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\nsProcess.dll (12 bytes)
%Program Files% (x86)\Carambis\Driver Updater\htmlayout.dll (31856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\nsDialogs.dll (21 bytes)
%Program Files% (x86)\Carambis\Driver Updater\Win32\Installer.exe (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_EN.ini (6 bytes)
%Program Files% (x86)\Carambis\Driver Updater\CrashSender.exe (20624 bytes)
%Program Files% (x86)\Carambis\Driver Updater\CrashRpt.dll (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_JP.ini (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\ElevatePrivileges.dll (3398 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_IT.ini (7 bytes)
%Program Files% (x86)\Carambis\Driver Updater\imageformats\qico4.dll (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\ioSpecial.ini (28236 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Driver Updater.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_RU.ini (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_ES.ini (8 bytes)
%Program Files% (x86)\Carambis\Driver Updater\dbghelp.dll (33455 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_FR.ini (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\Registry.dll (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\InstallOptions.dll (31 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\execDos.dll (13 bytes)
%Program Files% (x86)\Carambis\Driver Updater\QtNetwork4.dll (33391 bytes)
%Program Files% (x86)\Carambis\Driver Updater\QtGui4.dll (272329 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carambis\Driver Updater\Uninstall.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\vcredist_x86.exe (165566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\LangDLL.dll (13 bytes)
%Program Files% (x86)\Carambis\Driver Updater\sqlite3.dll (8184 bytes)
%Program Files% (x86)\Carambis\Driver Updater\dupdater.exe (131786 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\System.dll (23 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carambis\Driver Updater\Driver Updater.lnk (1 bytes)
%Program Files% (x86)\Carambis\Driver Updater\QtXml4.dll (12088 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_DE.ini (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\installer_translate.ini (6456 bytes)
C:\Users\Public\Desktop\Driver Updater.lnk (1 bytes)
%Program Files% (x86)\Carambis\Driver Updater\x64\Installer.exe (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\modern-wizard.bmp (5520 bytes)
%Program Files% (x86)\Carambis\Driver Updater\QtCore4.dll (76650 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\vcredist_x64.exe (182477 bytes)
%Program Files% (x86)\Carambis\Driver Updater\uninstall.exe (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\welcome.bmp (5520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\modern-header.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx53E.tmp (914302 bytes)
%Program Files% (x86)\Carambis\Driver Updater\libcurl.dll (8184 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\list-bullet.bmp (102 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe (857 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll (3073 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll (3361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (845 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\carambis_driver_updater_24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.exe (5158553 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.txt (512 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\stampbin.dat (8 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\stop.ico (10 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\SysReqNotMet.ico (1 bytes)
C:\a2bc9aa8af392cd2c7e7be\1040\LocalizedData.xml (979 bytes)
C:\a2bc9aa8af392cd2c7e7be\SetupEngine.dll (12353 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Setup.ico (809 bytes)
C:\a2bc9aa8af392cd2c7e7be\3082\SetupResources.dll (18 bytes)
C:\a2bc9aa8af392cd2c7e7be\SplashScreen.bmp (1098 bytes)
C:\a2bc9aa8af392cd2c7e7be\sqmapi.dll (2482 bytes)
C:\a2bc9aa8af392cd2c7e7be\1028\LocalizedData.xml (565 bytes)
C:\a2bc9aa8af392cd2c7e7be\1033\LocalizedData.xml (1027 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate2.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\vc_red.cab (70265 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate8.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate7.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\ParameterInfo.xml (282 bytes)
C:\a2bc9aa8af392cd2c7e7be\$shtdwn$.req (788 bytes)
C:\a2bc9aa8af392cd2c7e7be\1031\SetupResources.dll (18 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate6.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\SysReqMet.ico (1 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Save.ico (1 bytes)
C:\a2bc9aa8af392cd2c7e7be\SetupUi.xsd (581 bytes)
C:\a2bc9aa8af392cd2c7e7be\1042\LocalizedData.xml (976 bytes)
C:\a2bc9aa8af392cd2c7e7be\1049\SetupResources.dll (391 bytes)
C:\a2bc9aa8af392cd2c7e7be\vc_red.msi (2392 bytes)
C:\a2bc9aa8af392cd2c7e7be\watermark.bmp (5264 bytes)
C:\a2bc9aa8af392cd2c7e7be\1028\SetupResources.dll (14 bytes)
C:\a2bc9aa8af392cd2c7e7be\3082\LocalizedData.xml (150 bytes)
C:\a2bc9aa8af392cd2c7e7be\DHtmlHeader.html (16 bytes)
C:\a2bc9aa8af392cd2c7e7be\1036\LocalizedData.xml (672 bytes)
C:\a2bc9aa8af392cd2c7e7be\1040\eula.rtf (2985 bytes)
C:\a2bc9aa8af392cd2c7e7be\1033\eula.rtf (7 bytes)
C:\a2bc9aa8af392cd2c7e7be\1041\SetupResources.dll (15 bytes)
C:\a2bc9aa8af392cd2c7e7be\1028\eula.rtf (3478 bytes)
C:\a2bc9aa8af392cd2c7e7be\1042\SetupResources.dll (15 bytes)
C:\a2bc9aa8af392cd2c7e7be\2052\eula.rtf (3141 bytes)
C:\a2bc9aa8af392cd2c7e7be\1049\LocalizedData.xml (909 bytes)
C:\a2bc9aa8af392cd2c7e7be\1036\SetupResources.dll (666 bytes)
C:\a2bc9aa8af392cd2c7e7be\1031\LocalizedData.xml (840 bytes)
C:\a2bc9aa8af392cd2c7e7be\SetupUi.dll (4781 bytes)
C:\a2bc9aa8af392cd2c7e7be\1049\eula.rtf (2867 bytes)
C:\a2bc9aa8af392cd2c7e7be\2052\LocalizedData.xml (31 bytes)
C:\a2bc9aa8af392cd2c7e7be\DisplayIcon.ico (1950 bytes)
C:\a2bc9aa8af392cd2c7e7be\header.bmp (7 bytes)
C:\a2bc9aa8af392cd2c7e7be\Setup.exe (1013 bytes)
C:\a2bc9aa8af392cd2c7e7be\UiInfo.xml (1318 bytes)
C:\a2bc9aa8af392cd2c7e7be\1031\eula.rtf (2414 bytes)
C:\a2bc9aa8af392cd2c7e7be\1041\LocalizedData.xml (142 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate3.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate1.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\1033\SetupResources.dll (17 bytes)
C:\a2bc9aa8af392cd2c7e7be\2052\SetupResources.dll (833 bytes)
C:\a2bc9aa8af392cd2c7e7be\3082\eula.rtf (2657 bytes)
C:\a2bc9aa8af392cd2c7e7be\1041\eula.rtf (3169 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\warn.ico (10 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate5.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\1042\eula.rtf (5772 bytes)
C:\a2bc9aa8af392cd2c7e7be\Strings.xml (14 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Print.ico (1 bytes)
C:\a2bc9aa8af392cd2c7e7be\1036\eula.rtf (3123 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate4.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\1040\SetupResources.dll (461 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C 2010 x86 Redistributable Setup_20150515_204643649.html (147736 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIE0BE.tmp.html (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup_20150515_204643509.html (51982 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C 2010 x86 Redistributable Setup_20150515_204643649-MSI_vc_red.msi.txt (158631 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIE18C.tmp.html (27528 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIF6AE.tmp.html (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIF79B.tmp.html (27528 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C 2010 x64 Redistributable Setup_20150515_204649296.html (156720 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C 2010 x64 Redistributable Setup_20150515_204649296-MSI_vc_red.msi.txt (149727 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup_20150515_204649140.html (51982 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\CRPrimary-ext1[1].png (1931 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\IEPrimary-ext.png (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\scrolltext[1].xml (3389 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\IEPrimary-ext[1].png (1929 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\pipcore-min[1].js (37170 bytes)
C:\Users\"%CurrentUserName%"\Documents\APNSetup1.exe (9025 bytes)
C:\Users\"%CurrentUserName%"\Documents\APNSetup.exe (9025 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\APNAnalytics.xml (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\scrolltext.xml (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\orchestrator1[1].htm (1462 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\APNAnalytics[1].xml (583 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CRPrimary-ext1.png (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\install[1].ico (2344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\install.ico (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\OBJECTMODEL.JS (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\JSON.JS (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\SATTB.PNG (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\UI.XML (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\LOADINGSCREEN.PNG (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\V7TB.PNG (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ORCHESTRATOR.HTML (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\TB.PNG (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ANALYTICS.XML (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\RULES.JS (60 bytes)
C:\Windows\Installer\MSID013.tmp (208 bytes)
C:\Windows\Installer\MSID143.tmp (208 bytes)
C:\Windows\Installer\MSICDCD.tmp (208 bytes)
C:\Windows\Installer\MSICFC3.tmp (208 bytes)
C:\Windows\Installer\MSID092.tmp (208 bytes)
C:\Windows\Installer\MSID0B2.tmp (208 bytes)
C:\Windows\Installer\MSICDAD.tmp (208 bytes)
C:\Windows\Installer\MSICD0F.tmp (208 bytes)
C:\Windows\Installer\MSICC91.tmp (208 bytes)
C:\Windows\Installer\MSID0D3.tmp (208 bytes)
C:\Windows\Installer\MSID053.tmp (208 bytes)
C:\Windows\Installer\MSICFE4.tmp (208 bytes)
C:\Windows\Installer\MSICD6E.tmp (208 bytes)
C:\Windows\Installer\MSID102.tmp (208 bytes)
C:\Windows\Installer\MSICE0D.tmp (208 bytes)
C:\Windows\Installer\MSID123.tmp (208 bytes)
C:\Windows\Installer\MSID24F.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll (11 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll (1281 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1036.mst (41 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1049.mst (37 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll (1425 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1041.mst (39 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe (2105 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (172 bytes)
C:\Windows\Installer\MSID4C3.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (49 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll (3073 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll (12 bytes)
C:\Windows\Installer\MSID454.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_NDV-SP@apn.ask.com.xpi (5441 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll (3361 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\SO.dll (4545 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1031.mst (43 bytes)
C:\Windows\Installer\MSID1F0.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\common appdata\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx (4545 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1043.mst (41 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1040.mst (41 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml (2 bytes)
C:\Windows\Installer\MSID966.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1034.mst (40 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\2070.mst (38 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\AskToolbarInstaller-12.28.1_NDV-SP.msi (3073 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1033.mst (13 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx (3361 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (14988 bytes)
C:\Windows\Installer\MSID493.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1045.mst (37 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaaadgepjkdffhjbkfjgnnffnfcffbg.json (285 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll (45 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml (308 bytes)
C:\Windows\Installer\MSID2DC.tmp (208 bytes)
C:\Windows\Installer\MSID9B5.tmp (208 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"APN-Stub_NDV-SP" = "C:\ProgramData\APN\APN-Stub\NDV-SP\ApnSetup.exe /install=NDV-SP /dtid=default /trgb=IE /type=vanilla,vanspe /hpr=1 /log /install=NDV-SP /dtid=default /trgb=IE /type=vanilla,vanspe /sa=1 /log /install=NDV-SP /dtid=default /trgb=CR /type=vanilla,vanspe /crcrx=aaaaadgepjkdffhjbkfjgnnffnfcffbg /log /sa=1 /hpr=1 /runonce"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Driver Updater" = "%Program Files% (x86)\Carambis\Driver Updater\dupdater.exe -minimized"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnTBMon" = "%Program Files% (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Static Analysis
VersionInfo
Company Name: Carambis (MEDIA FOG LTD.)
Product Name: Carambis Installer
Product Version: 1.0.0.2
Legal Copyright: Carambis (MEDIA FOG LTD.) All rights reserved. 2014
Legal Trademarks:
Original Filename: Carambis Installer
Internal Name: Carambis Installer
File Version: 1.0.0.2
File Description:
Comments:
Language: English (United States)
Company Name: Carambis (MEDIA FOG LTD.)Product Name: Carambis InstallerProduct Version: 1.0.0.2Legal Copyright: Carambis (MEDIA FOG LTD.) All rights reserved. 2014Legal Trademarks: Original Filename: Carambis InstallerInternal Name: Carambis InstallerFile Version: 1.0.0.2File Description: Comments: Language: English (United States)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
UPX0 | 4096 | 1945600 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
UPX1 | 1949696 | 921600 | 921600 | 5.54496 | dbafe97b79c31d9f50b1027c99e2c84d |
.rsrc | 2871296 | 12288 | 12288 | 3.6405 | 4cb2b8e5fd826767e3da8960aa2d46c4 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 3
23ca72049c60fe33bb193cacf6c9f42a
bbf266c299b592fb3394bc51c22fe0c8
5501c5958ab8ecb6c80f51981734d2a3
Network Activity
URLs
URL | IP |
---|---|
hxxp://google.com/ | 173.194.112.40 |
hxxp://a.carambis.com/program_downloader.php | 87.245.204.36 |
hxxp://rudn3.carambis.com/DriverUpdaterSetupA-2.4.1.3369.exe | 87.245.204.39 |
hxxp://e3432.g.akamaiedge.net/static/partners/NDV/APNAnalytics.xml | |
hxxp://a610.b.akamai.net/PIP/Server.jhtml?partner_id=NDV&language=en&version=2.9.1.0 | |
hxxp://e3432.g.akamaiedge.net/static/resources/ochelper/2.9.1.0/ochelper.exe | |
hxxp://e3432.g.akamaiedge.net/static/resources/ui/html/orchestrator1.html?PIPPID=NDV&PTBPartnerID=NDV-SP&STBPartnerID=&tbType=vanilla&version=2.9.1.0&AntiCache=25544 | |
hxxp://e3432.g.akamaiedge.net/static/resources/ui/js/pipcore-min.js?vers=1124 | |
hxxp://e3432.g.akamaiedge.net/static/partners/NDV/images/IEPrimary-ext.png | |
hxxp://e3432.g.akamaiedge.net/static/partners/NDV/scrolltext.xml | |
hxxp://e3432.g.akamaiedge.net/static/partners/NDV/images/CRPrimary-ext1.png | |
hxxp://a90.b.akamai.net/media/toolbar/everest/7.19.0/APNSetup.exe | |
hxxp://a610.b.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f92e6d35e1df3589 | |
hxxp://e3432.g.akamaiedge.net/static/partners/NDV/images/install.ico | |
hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl | |
hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl | |
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl | |
hxxp://a90.b.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9ee72119169be0e6 | |
hxxp://www106.search.ask.com/v7/installed?pid=NDV-SP&dtid=default&cbid=&pf=&pids=&dbr=iexplore.exe_6_10.0.9200.16521&user_lid=409&client=stub | |
hxxp://a1778.b.akamai.net/PIP/OfferAccept.jhtml | |
hxxp://a610.b.akamai.net/media/toolbar/everest/partners/NDV-SP/YY/Setup.ini | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEC9ONDFhvH62dRTT3OxDTqA= | |
hxxp://www187.apnanalytics.com/tr.gif?anxa=APNStub&anxv=7.19.0.44&anxe=OfferCheckEvent&anxr=TwuB1Ilc&reason=offerMadeClean&tb-type=vanilla,vanspe&tpid=NDV-SP&trgb=IE&result=1&ft=install&udbr=iexplore.exe_6_10.0.9200.16521 | |
hxxp://a90.b.akamai.net/media/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z | |
hxxp://www103.apnpartners.com/PIP/OfferAccept.jhtml | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEHS6wwlnORsIJC159/eUSeI= | |
hxxp://www106.search.ask.com/v6/apnu/update?tb=NDV-SP&cbid=^B2X&v=31.19.1.0&r=0&build=0&tbguid=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&id=E49BE05E-944B-42E5-8321-48F1F908ACD8&locale=en_US&dtid=^YYYYYY^YY^UA&os-lang=en&tbv=12.28.1.1293&apn_dbr=iexplore.exe_6_10.0.9200.16521&iev=10.0.9200.16521&ffv=29.0.1&gcv=41.0.2272.118 | |
hxxp://www187.apnanalytics.com/tr.gif?anxa=APNStub&anxv=7.19.0.44&anxe=InstallerEvent&anxp=^B2X^YYYYYY^YY^UA&anxr=tYr5Qosu&ietbs=NDV-SP:vanilla,vanspe&ieVersionInstalled=10.0.9200.16521&apn_dbr=iexplore.exe_6_10.0.9200.16521&userSelection=hp:1;ds:1&defaultSearchChoice=1&reason=offerMadeClean&ffVersionInstalled=29.0.1.5239&osArchitecture=64&tb-type=vanilla,vanspe&installApiAttempts=1&unzippingTime=0.11&ie_hpr=0&msiErrorData=None&browsers=1_IE&osDetail=6.1.1.sp1.x64&anxtv=12.28.1&msiErrorCode=&tpid=NDV-SP&offerCheckTime=0.92&installApiTime=0.28&user_dbr=iexplore.exe_6_10.0.9200.16521&anxt=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&locale=en_US&executionTime=4.95&ie_ds=0&crVersionInstalled=41.0.2272.118&TargetBrowser=IE&msiVersion=5.0.7601.17807&msiExitCode=0&installationResult=success&downloadTime=2.48&setupTime=0.25&homepageChoice=1 | |
hxxp://www187.apnanalytics.com/tr.gif?anxa=TBNotifier&anxv=31.19.1.0&anxt=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&anxtv=12.28.1.1293&anxp=^B2X^YYYYYY^YY^UA&tbnguid=3CBBACF0-15D0-44D7-A238-A35DD11B65B4&cr_tboff=0&cr_nt=0&ie_nt=0&cr_start=0&osArchitecture=64&pid=NDV-SP&apnuBuildNumber=0&cr_hb=0&anxr=Wm5rK7r-&ie_hpr=0&osDetail=6.1.1.sp1.x64&cr_ds=0&anxe=apnuDailyConfig&ff_tboff=0&ie_tboff=0&ff_tbon=0&cr_signin=0&ff_hpr=0&apnuRevisionNumber=0&ie_ds=0&cr_tbon=0&ie_tbon=0&ff_nt=0&ff_crm=-4 | |
hxxp://e11127.g.akamaiedge.net/favicon.ico | |
hxxp://a1859.b.akamai.net/static/toolbar/everest/notifier/not029/notifier10-config.xml?seq=0 | |
hxxp://www187.apnanalytics.com/tr.gif?anxa=APNStub&anxv=7.19.0.44&anxe=InstallerEvent&anxp=&anxr=x2Pu99GY&ietbs=NDV-SP:vanilla,vanspe&cr_tboff=0&ieVersionInstalled=10.0.9200.16521&userSelection=hp:1;ds:1&defaultSearchChoice=1&reason=offerMadeClean&cr_start=-4&ffVersionInstalled=29.0.1.5239&osArchitecture=64&tb-type=vanilla,vanspe&cr_hb=-4&installApiAttempts=1&unzippingTime=0.31&ie_hpr=1&msiErrorData=Installation failure.&browsers=1_IE&osDetail=6.1.1.sp1.x64&anxtv=12.28.1&msiErrorCode=&errorCondition=msiInstallationFailure&tpid=NDV-SP&offerCheckTime=0.83&installApiTime=0.41&user_dbr=iexplore.exe_6_10.0.9200.16521&anxt=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&cr_ds=-4&ff_tboff=0&ff_tbon=0&ie_tboff=0&ff_hpr=-4&executionTime=5.90&ie_ds=0&crVersionInstalled=41.0.2272.118&TargetBrowser=IE&msiVersion=5.0.7601.17807&cr_tbon=0&ie_tbon=0&msiExitCode=2&installationResult=fail&downloadTime=&ff_crm=-4&setupTime=0.19&homepageChoice=1 | |
hxxp://www106.search.ask.com/v6/package?id=ApnSetupV6&version=12.28.1.1293&subpackageid=NDV-SP | |
hxxp://www187.apnanalytics.com/tr.gif?anxa=SilentUpdateService&anxv=21.12.1.2516&anxe=dailyStatusUpdate&anxr=DSQEPu92&platformVersion=12.28.1.1293&packageIDs=ApnSetupV6;NDV-SP | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | |
hxxp://e6845.ce.akamaiedge.net/ThawtePremiumServerCA.crl | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= | |
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= | |
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= | |
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= | 23.52.59.27 |
hxxp://apnmedia.ask.com/media/toolbar/everest/partners/NDV-SP/YY/Setup.ini | 87.245.221.90 |
hxxp://www.search.ask.com/favicon.ico | 23.5.103.215 |
hxxp://anx.apnanalytics.com/tr.gif?anxa=TBNotifier&anxv=31.19.1.0&anxt=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&anxtv=12.28.1.1293&anxp=^B2X^YYYYYY^YY^UA&tbnguid=3CBBACF0-15D0-44D7-A238-A35DD11B65B4&cr_tboff=0&cr_nt=0&ie_nt=0&cr_start=0&osArchitecture=64&pid=NDV-SP&apnuBuildNumber=0&cr_hb=0&anxr=Wm5rK7r-&ie_hpr=0&osDetail=6.1.1.sp1.x64&cr_ds=0&anxe=apnuDailyConfig&ff_tboff=0&ie_tboff=0&ff_tbon=0&cr_signin=0&ff_hpr=0&apnuRevisionNumber=0&ie_ds=0&cr_tbon=0&ie_tbon=0&ff_nt=0&ff_crm=-4 | 74.113.233.187 |
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl | 87.245.221.113 |
hxxp://ak.pipoffers.apnpartners.com/static/partners/NDV/images/install.ico | 23.0.38.19 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= | 23.52.59.27 |
hxxp://ak.pipoffers.apnpartners.com/static/partners/NDV/APNAnalytics.xml | 23.0.38.19 |
hxxp://ak.pipoffers.apnpartners.com/static/resources/ui/html/orchestrator1.html?PIPPID=NDV&PTBPartnerID=NDV-SP&STBPartnerID=&tbType=vanilla&version=2.9.1.0&AntiCache=25544 | 23.0.38.19 |
hxxp://apnmedia.ask.com/media/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z | 87.245.221.90 |
hxxp://ak.pipoffers.apnpartners.com/static/resources/ui/js/pipcore-min.js?vers=1124 | 23.0.38.19 |
hxxp://tbapi.search.ask.com/v6/apnu/update?tb=NDV-SP&cbid=^B2X&v=31.19.1.0&r=0&build=0&tbguid=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&id=E49BE05E-944B-42E5-8321-48F1F908ACD8&locale=en_US&dtid=^YYYYYY^YY^UA&os-lang=en&tbv=12.28.1.1293&apn_dbr=iexplore.exe_6_10.0.9200.16521&iev=10.0.9200.16521&ffv=29.0.1&gcv=41.0.2272.118 | 199.36.100.106 |
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl | 87.245.221.113 |
hxxp://anx.apnanalytics.com/tr.gif?anxa=SilentUpdateService&anxv=21.12.1.2516&anxe=dailyStatusUpdate&anxr=DSQEPu92&platformVersion=12.28.1.1293&packageIDs=ApnSetupV6;NDV-SP | 74.113.233.187 |
hxxp://ak.pipoffers.apnpartners.com/static/partners/NDV/scrolltext.xml | 23.0.38.19 |
hxxp://apnmedia.ask.com/media/toolbar/everest/7.19.0/APNSetup.exe | 87.245.221.90 |
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl | 87.245.221.113 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | 23.52.59.27 |
hxxp://pipoffers.apnpartners.com/PIP/OfferAccept.jhtml | 199.36.100.103 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9ee72119169be0e6 | 87.245.221.90 |
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl | 87.245.221.113 |
hxxp://apnstatic.ask.com/static/toolbar/everest/notifier/not029/notifier10-config.xml?seq=0 | 87.245.221.82 |
hxxp://reporting.offercast.com/PIP/OfferAccept.jhtml | 87.245.221.83 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEC9ONDFhvH62dRTT3OxDTqA= | 23.52.59.27 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | 23.52.59.27 |
hxxp://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEHS6wwlnORsIJC159/eUSeI= | 23.52.59.27 |
hxxp://ak.pipoffers.apnpartners.com/static/resources/ochelper/2.9.1.0/ochelper.exe | 23.0.38.19 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= | 23.52.59.27 |
hxxp://ak.pipoffers.apnpartners.com/static/partners/NDV/images/IEPrimary-ext.png | 23.0.38.19 |
hxxp://offers.offercast.com/PIP/Server.jhtml?partner_id=NDV&language=en&version=2.9.1.0 | 87.245.221.97 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | 23.52.59.27 |
hxxp://ak.pipoffers.apnpartners.com/static/partners/NDV/images/CRPrimary-ext1.png | 23.0.38.19 |
hxxp://tbapi.search.ask.com/v7/installed?pid=NDV-SP&dtid=default&cbid=&pf=&pids=&dbr=iexplore.exe_6_10.0.9200.16521&user_lid=409&client=stub | 199.36.100.106 |
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f92e6d35e1df3589 | 87.245.221.90 |
hxxp://crl.thawte.com/ThawtePremiumServerCA.crl | 23.52.53.163 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= | 23.52.59.27 |
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= | 23.52.59.27 |
hxxp://tbapi.search.ask.com/v6/package?id=ApnSetupV6&version=12.28.1.1293&subpackageid=NDV-SP | 199.36.100.106 |
phn.apnanalytics.com | 74.113.233.187 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=582117, public, no-transform, must-revalidate
Last-Modified: Fri, 15 May 2015 11:30:08 GMT
Expires: Fri, 22 May 2015 11:30:08 GMT
Date: Fri, 15 May 2015 17:50:25 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..20150515113008Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......A..2.....:...:......20150515113008Z....20150522113008Z0...*.H.............A...a3....*72..C.s.......F.L...J..D...%!O.~i..6...Y).4;Z.@.n<>........U.......1.'......p.v..u.i.n.#k..'...lJ .....l..R.".C..IM..dzf"x[@"...O....y\-..).......K.D....T.PS.......J.}>....#..t... W..>.X..lY./....l.0.......!m>!.[\...[k..f.......l;s........HV5......#0...0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.............m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........https://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=0-524287
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA F2Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 0-524287/20700512
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................p.......B...9............@...........................0.......<...@.................................d........./..{..........x.;..............................................................................................text....o.......p.................. ..`.rdata...*.......,...t..............@..@.data....~..........................@....ndata...P(..0...........................rsrc....{..../..|..................@..@.reloc........0.....................@..B........................................................................................................................................................................................................................................................................................................................................U....\.}..t .}.F.E.u..H.....-G..H.P.u..u..u.....@..K...SV.5.-G.W.E.P.u.....@..e...E..E.P.u.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.......P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h..F.W....@..u.W...u....E.P.u.....@._^3.[.....L$...-G...i. @...T.....tUVW.q.3.;5.-G.sD..i. @...D..S.....t.G.....t...O..t .....u...3....3...F. @..;5.-G.r.[_^...U.
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=14155776-14680063
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:43 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMdIZh8fA9eOAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 14155776-14680063/20700512
3C@.....Jj8.-y..R:*d...s......<.pL...3.,.6.p..^".<.....E..ui[..=...h......2.....p..Alj.I.....{.0.c.?.i.T.|.....h.....O.s.9 .m...A....}.....Nw.Q.G...[.f<...z .e.....z....x.&.......<:..A.E...#....6.....L..W<.Dw..w6.\..4C.xF...u.X.9_JQ6;{.%.....s..wB.....-^...... g..S...~*.,...4M<}.u...-.7......M.x.t.....q.I..*5.L..u....Q.2......}...{.`..T.F..d.}N!.)...X.-......qm.xq..-....A.S.J.].i...3gf..)t........A"t@.....`........<.....fVW6.n...%...!v..z..7...-...2..W.....K.r..Kd.L...k.h.....M...H.'...K."J...s..Q.T5.E.....-.c.*3.`.R...qF.^.x..ug...;.xP_w.. ....}...D........4;....~.....g.........j@zI.$hO..*gQ........Y. D....d...........e..J.Z.1...&E..:........HJ...%..F._....B..Q(.*6.#.6........cFU..h=Z...a...|~.^....%..O}..=.M.;).d_/...Z.1X&8X.).M.;SA...?..{......0.D.._w..e..[..>...._'..v$.i8...[.~;P.S..*......M..e.wg......._.yv3...n.%.hR....V..P.. ........1.tX....'..|v.GT......~S.C.....{$.V.....T.].......KF....D)....;.J..t....*.......m...../..f.v.Y.Dn.... .-.>.......>....O.Yo.I...,E...EG.NP.P$L.|........:6fl7F....-...I...0<....Zm6...X.9.<Y..o...Q._y...k../.i,.._.|..!.C..S.[..>.L.....Y.F.=....B.....M.......w........8......S....J..Ly'..4.|.`K.y].O. D........&-U......K^..p.St;_..:.B}.U2.q...s<E.#.L......I...j5$..3..v/B...e.O..m*y(.S..A....m.FKg.#W......6...-...2<......`.....0.9..\..]f.Z......O.W.g._.E..C.....7@..%..Y."...._..,d..) ...{w.r...Ml.$.WY..V....G.Uy.K..\.....XNXJ...u..YlD....2.ml%.?Mwe\...W..z../.$..uw.6[Y....I(5.1.*.KE...R...K.`?&...?....<.[....ig../<`..h@........"!.Z.
<<< skipped >>>
GET /v7/installed?pid=NDV-SP&dtid=default&cbid=&pf=&pids=&dbr=iexplore.exe_6_10.0.9200.16521&user_lid=409&client=stub HTTP/1.1
User-Agent: APN-Stub
Host: tbapi.search.ask.com
HTTP/1.1 200 OK
Date: Fri, 15 May 2015 17:47:38 GMT
Server: Apache
Content-Length: 1750
Connection: close
Content-Type: text/xml;charset=UTF-8
<?xml version="1.0" encoding="UTF-8"?>.<options id="NDV-SP"><option id="dtid" value="^YYYYYY^YY^UA" client="macro"/>.<option id="location" value="Kharkiv,Ukraine" client="macro"/>.<option id="reason" value="allowV7Install" client="stub"/>.<option id="p2" value="^B2X^YYYYYY^YY^UA" client="macro"/>.<option id="locale" value="en_US" client="macro"/>.<option id="dbr" value="iexplore.exe_6_10.0.9200.16521" client="macro"/>.<option id="nthp" value="1" client="macro"/>.<option id="nthp" value="1" client="msi"/>.<option id="cbid" value="^B2X" client="macro"/>.<option id="apnuSwitches" value="0!1!2|3!4!5!6!7!8!9!12|13!14!17|19!20!23!24!25!26!27|28!29|30!31!33!34|35|36|38!39!40!41!44!45|" client="macro"/>.<option id="domain" value="VVV.search.ask.com" client="macro"/>.<option id="proceed" value="yes" client="stub"/>.<option id="iedsast" value="" client="macro"/>.<option id="longitude" value="36.25" client="macro"/>.<option id="iedsgl" value="0" client="macro"/>.<option id="dbgrpt" value="0,1" client="macro"/>.<option id="eieds" value="" client="stub"/>.<option id="dssn" value="Ask Search" client="macro"/>.<option id="gco" value="APN10975cr" client="macro"/>.<option id="slwo" value="0" client="macro"/>.<option id="o" value="APN10975" client="macro"/>.<option id="cr_crx_flow" value="1" client="msi"/>.<option id="l" value="dis" client="macro"/>.<option id="tb-type" value="v
<<< skipped >>>
GET / HTTP/1.1
Host: google.com
Accept: */*
User-Agent: Carambis Downloader
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=xDBWVf2JIcmG8QfM2IAg
Content-Length: 260
Date: Fri, 15 May 2015 17:45:40 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=1
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=xDBWVf2JIcmG8QfM2IAg">here</A>...</BODY></HTML>....
GET /v6/apnu/update?tb=NDV-SP&cbid=^B2X&v=31.19.1.0&r=0&build=0&tbguid=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&id=E49BE05E-944B-42E5-8321-48F1F908ACD8&locale=en_US&dtid=^YYYYYY^YY^UA&os-lang=en&tbv=12.28.1.1293&apn_dbr=iexplore.exe_6_10.0.9200.16521&iev=10.0.9200.16521&ffv=29.0.1&gcv=41.0.2272.118 HTTP/1.1
User-Agent: APNU
Host: tbapi.search.ask.com
HTTP/1.1 200 OK
Date: Fri, 15 May 2015 17:47:47 GMT
Server: Apache
Content-Length: 315
Connection: close
Content-Type: text/xml;charset=UTF-8
<?xml version="1.0" encoding="UTF-8"?>.<notifier><config><revision>5</revision>.<url>hXXp://apnstatic.ask.com/static/toolbar/everest/notifier/not029/notifier10-config.xml</url>.</config>.<switches value="0!1!2|3!4!5!6!7!8!9!12|13!14!17|19!20!23!24!25!26!27|28!29|30!31!33!34|35|36|38!39!40!41!44!45|"/>.</notifier>...
GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f92e6d35e1df3589 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT
If-None-Match: "804047d4e66d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT
ETag: "804047d4e66d01:0"
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:45 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..Cache-Control: max-age=86400..Date: Fri, 15 May 2015 17:46:45 GMT..Connection: keep-alive..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1762
content-transfer-encoding: binary
Cache-Control: max-age=398443, public, no-transform, must-revalidate
Last-Modified: Wed, 13 May 2015 08:25:17 GMT
Expires: Wed, 20 May 2015 08:25:17 GMT
Date: Fri, 15 May 2015 17:47:39 GMT
Connection: keep-alive
0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..20150513082517Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313..R...%V.......K3.....20150513082517Z....20150520082517Z0...*.H.............%.....g]...B..R....[..@.h.5......]t...U0.e.23 CKd....Jz..Lg'kg....r.l.3.R.]..s.(.l.....!..7.@.^.........SZ.P..<|..j.Wp>.5y..0F.e..?......>.A$6t..GV......Ie.Q7.......:.U..xR..uU4Y...W<.n......3.Y..D...S.]..y/..o...a.]N|..Z..}.&oG.,...t.....J..3.x6j.b..L,.O.....0...0...0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 30.."0...*.H.............0...............2&..PL...,..2....:..tH...`JG.%..*...s.c%...?t..J..0.q....~..k@X.l.i....0..kk..h.9"1.5?..s.....3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J.....@2$"..$l.B.......D.ye..(..2.........@...... ...."... E..0M,..b{.^..s'....f.6.pr4.J........'j..........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...http://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0!..U....0...0.1.0...U....TGV-B-2760...U......;O}a.!..u...au..eUNp0...U.#..0.....e......0..C9...3130...*.H.............(.&..Dgr.Ve.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEC9ONDFhvH62dRTT3OxDTqA= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=520781, public, no-transform, must-revalidate
Last-Modified: Thu, 14 May 2015 18:25:23 GMT
Expires: Thu, 21 May 2015 18:25:23 GMT
Date: Fri, 15 May 2015 17:47:39 GMT
Connection: keep-alive
0..........0..... .....0......0...0......N$p...v....1.;..vn....20150514182523Z0s0q0I0... ...................F....0.yV......{&.K......&......./N41a.~.u....CN.....20150514182523Z....20150521182523Z0...*.H.............d.....c]Q...%..... rL.~...;.R~..5......k....E.}...a..p....dR{!.....%5%.4r<kY2....'3.....m.D.S.2..Y..LQ-.....,'._..O.b..k_?@.o........[|.'`.....`Y.l.wr.a......:#y..=H...Rl%.}.Z.C?.>R.$..p...@o.%kw...@.. .....4xX..u=..J..TxQImj......x.%..6.s7...E....\...j.ys....0...0...0............F...I]A(M..s@.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........q<...A...#......A...u..Lz.............o..D.vQ%..s.......f....e../jI.d.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p....M/.. ..;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L...5.o..o..{..}.........%e.....N..._i........*Bc....:yQg.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H..............-..^.........f.P`...s.....8.....V.......... .... B.(@-)6.
<<< skipped >>>
GET /media/toolbar/everest/partners/NDV-SP/YY/Setup.ini HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: apnmedia.ask.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
ETag: "51d09284be2c59b1d8810969f08ae139:1430741174"
Last-Modified: Mon, 04 May 2015 07:26:11 GMT
Accept-Ranges: bytes
Content-Length: 3508
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:38 GMT
Connection: keep-alive
[Startup]..CmdLine=..DefaultOffer=..XpiInstall=..Require=OS_Requirement..[Product]..ProductName=Ask Toolbar..msi=hXXp://apnmedia.ask.com/media/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z..Languages=1031;1033;1034;1036;1040;1041;1043;1045;1049;2070..Criteria=prod..UpgradeCode={A7585BA7-0A75-7786-6895-A758B7FFFFFF}..ProductCode={4E44562D-5350-006A-76A7-A758B70C1C01}..CmdLine=..Logging=voicewarmup..Type=vanilla,vanspe..[OS_Requirement]..Criteria=os..ProductName=Windows XP..[Windows XP]..PlatformID=2..MajorVersion=5..MinorVersion=1..ServicePackMajor=2..[Reporting]..Url=hXXp://phn.apnanalytics.com/tr.gif..UrlOC=hXXp://phn.apnanalytics.com/tr.gif?anxa=APNStub&anxe=OfferCheckEvent&anxr={anxr}&anxt={anxt}&partnerTrack={dtid}&anxv={anxv}&bb={bb}&cr_ds={cr_ds}&cr_hb={cr_hb}&cr_start={cr_start}&cr_tboff={cr_tboff}&cr_tbon={cr_tbon}&crtbs={crtbs}&ff_crm={ff_crm}&ff_hpr={ff_hpr}&ff_tboff={ff_tboff}&ff_tbon={ff_tbon}&fftbs={fftbs}&ft={ft}&ie_ds={ie_ds}&ie_hpr={ie_hpr}&ie_tboff={ie_tboff}&ie_tbon={ie_tbon}&ietbs={ietbs}&orgb={orgb}&reason={reason}&result={result}&tb-type={tb-type}&tpid={tpid}&trgb={trgb}&udbr={udbr}&wft={wft}..UrlInst=hXXp://phn.apnanalytics.com/tr.gif?anxa=APNStub&anxe=InstallerEvent&anxp={anxp}&anxr={anxr}&anxt={anxt}&anxtv={anxtv}&anxv={anxv}&apn_dbr={dbr}&bb={bb}&browsers={brws}&cr_ds={cr_ds}&cr_hb={cr_hb}&cr_start={cr_start}&cr_tboff={cr_tboff}&cr_tbon={cr_tbon}&crtbs={crtbs}&crVersionInstalled={crv}&defaultSearchChoice={sa}&downloadTime={dwt}&errorCondition={errReason}&executionTime
<<< skipped >>>
GET /program_downloader.php HTTP/1.1
Host: a.carambis.com
Accept: */*
partnerId:lbdu
product:du
User-Agent: Carambis Downloader
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 15 May 2015 17:45:40 GMT
Content-Type: text/html
Content-Length: 2010
Connection: keep-alive
Keep-Alive: timeout=15
X-Source-ID: 6
Set-Cookie: __utmd=V/XMJFVWMMRidh9PA 81Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
{"servers":["http:\/\/rudn3.carambis.com\/","http:\/\/rudn2.carambis.com\/"],"fileurl":"DriverUpdaterSetupA-2.4.1.3369.exe","filename":"driverupdater.exe","version":"2.4.1.3369","filesize":"20700512","sha1-block-size":524288,"sha1":"24bf3170a264d8d90ee6b9abe3abd7acd0c5f668","sha1-parts":["c1988350393187c049bf4aa2953da6c220d18fa0","de54504bbdbdd66fbe0d975e5fa78a331d0e549f","33557ab08074ec93cdee9f1ab80e0cb494e9f2fe","c0304abc250e1fc7309830a5317937fb20a3605c","e5b904d3f0636b28c4d088f01ec64554db2501c7","bb3e2cb56f43f41ae504add1955dfce7efa027ee","85ee82ef7a6c6d7531ec9dead719dfc4899aa5b2","21142df58839c29baf08b4cc82cb981c1225acb9","c3e4ca02e1c4b6f1ce58d50a4000d4688f1f39cf","c83f90dbe2cb7ff30cad2c727313b0b7091c884c","0d1bfd9fb58de827304b6247242f5606d9091558","6ac4b833f7f94033b7d7aa024cc9f15b918502d0","0d8f330f3e2402f7e50550996045e8377012526e","6dfb046c61319634e1be9dcee8ceeb69edd84fbd","3ce979f105c4edfe381e40b8921d0d8aa1c53379","c383cf482e3a3ee8a17421c41d1976f0712cc6a3","dd1747ad54ac978d2f12a62c4a85b81c01331c2d","657d1a977dbe11515b7ca1ffc8fe1e900ff9315f","2ed75daea431e4d027251ff7871852d0ffd3060f","9efdb8be05d21718e8e36c96e0c7134bbec58339","f42b47812f5c49c355504fc521f6fde1ea0ec309","5bf3ad4c67f249e537eeaaf814cb45e664e8fc2f","6a1304db5fb06a1db8b6925e287fa1517dbc320f","0e4a635995d4e3f4730fd1a0e7ffb073a09d0aa9","f6dc877822b0fe5d59dbbfc777c9beb013e4e7db","a7715e12ae349dce85200f92e7d493a6377dc5ab","13ab843f98dfc5c522bc96fb37adfecd3124e953","23c5f9abdf98a89380f8b6b7140a77eb5f32b7a2","ec031b9d24c729f7de1ec6c7f8992d4b10114e7f",
<<< skipped >>>
POST /PIP/OfferAccept.jhtml HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: APNInstaller
Host: pipoffers.apnpartners.com
Content-Length: 388
Connection: Keep-Alive
Cache-Control: no-cache
&anxa=APNPIP&anxv=2.9.1.0&anxd=2015-05-15T20:45:58.745 02:00&anxe=PIPStats&anxpt=windows&anxpv=7&anxf=&anxw=1716&anxh=901&anxcd=32&app=&anxr=0F6FB5061AC8442F9FD902F5D0C10304&partnerID=NDV&exitCode=0&WFType=Local&funnelID=6F2CFEE7-8EF2-450A-95D1-0527FDB6FBFF&machineID=&InitializationEx=124&DlgInitEx=110&uiDl=0&ConfigEx=0&orchestratorDl=109&v7installCheckerEx=219&ParseUiEx=234&LoadEx=358
HTTP/1.1 200 OK
Date: Fri, 15 May 2015 17:47:40 GMT
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
hostname: dfprdapnpipcl4.df.jabodo.com
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain
HEAD /media/toolbar/everest/7.19.0/APNSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: apnmedia.ask.com
HTTP/1.1 200 OK
Server: Apache
ETag: "d4b69c33199f0df1f4af2cf8b3d01af5:1418692429"
Last-Modified: Tue, 16 Dec 2014 01:06:51 GMT
Accept-Ranges: bytes
Content-Length: 662424
Content-Type: application/octet-stream
Date: Fri, 15 May 2015 17:46:24 GMT
Connection: keep-alive
....
GET /media/toolbar/everest/7.19.0/APNSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 16 Dec 2014 01:06:51 GMT
User-Agent: Microsoft BITS/7.5
Host: apnmedia.ask.com
HTTP/1.1 200 OK
Server: Apache
ETag: "d4b69c33199f0df1f4af2cf8b3d01af5:1418692429"
Last-Modified: Tue, 16 Dec 2014 01:06:51 GMT
Accept-Ranges: bytes
Content-Length: 662424
Content-Type: application/octet-stream
Date: Fri, 15 May 2015 17:46:24 GMT
Connection: keep-alive
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u..>1..m1..m1..m.K.m9..m8..m(..m8..m...m8..m...m/..m6..m.K.m...m1..mE..m8..m...m/..m0..m8..m0..mRich1..m........PE..L......T.....................|....................@.......................................@..............................................8.......................U..................................`n..@...................x...@....................text............................... ..`.rdata.."v.......x..................@..@.data........ ...(..................@....rsrc....8.......:...&..............@..@.reloc...............`..............@..B................................................................................................................................................................................................................................................................................................................................................j.h.@F.d.....PV..-H.3.P.D$.d......t$..D$......D$....P..0.F..P.......F..D$...D$$...P.8....L$(...j.j.....F..D$,j.j.Q.F..F......F.........F..F...u.....F..F..D$...D$.....P........I........P.B....D$......D$ ....H........J........P.B......L$.d......Y^...........V........D$..t.V.O........^.....V...F...0.F...t.P....F..F.....H........J........P.B....F.....H........J^........P.B.............j.h.RF.d.....P..B...x.....-H.3...$.B..SUVW..-H.3.P..$.B..d.......$.B.....D$..F..D$...3.;.......j8.L$<SQ.....h......$....3.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1453
content-transfer-encoding: binary
Cache-Control: max-age=338275, public, no-transform, must-revalidate
Last-Modified: Tue, 12 May 2015 15:45:26 GMT
Expires: Tue, 19 May 2015 15:45:26 GMT
Date: Fri, 15 May 2015 17:50:20 GMT
Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....20150512154526Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..eR&.....Y.)..".\....20150512154526Z....20150519154526Z0...*.H.............b{Wu..(..........-S...B.H....7`a..5...>>.~)..MN..d..>....J.....x.....{......Z.....|.m..&F..{._...'y....-w.....53...e.f..I....@....T.O..7...0.L.....t .q...E.=t.......?...};7...!.....V...........S...b......7L.h...k$t....Q^.>ol%(P..9..[;......'..\.kGMC...........0...0...0..3......./...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 30.."0...*.H.............0..........'......Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; ).....0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|o....S..v.).).....r.v.qo$......C.V!....@.h#qh...u1T.].G0.]E...=._...... ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D...........e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=394017, public, no-transform, must-revalidate
Last-Modified: Wed, 13 May 2015 07:15:14 GMT
Expires: Wed, 20 May 2015 07:15:14 GMT
Date: Fri, 15 May 2015 17:50:20 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..20150513071514Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5........M.s.Q~...@?j.......20150513071514Z....20150520071514Z0...*.H................:.o..%.'...}.K..V......A...:.&....r0.....7s<T&..>..co!....(.kt.,.Vu...h#.(U. 7...........&.......x.z.hC...M>..........n......{.u....d........V....3.%.`(.;*W7...(H....D......._.0?`.........F.5...../?..K.....z.}Y.....9s...<p....{".O0...w.........dQ.u....;...#0...0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.............m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://www.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010
<<< skipped >>>
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 05:02:25 GMT
If-None-Match: "a1132b8ef65d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Tue, 24 Mar 2015 05:02:25 GMT
ETag: "a1132b8ef65d01:0"
Cache-Control: max-age=900
Date: Fri, 15 May 2015 17:47:15 GMT
Connection: keep-alive
....
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 07 Mar 2015 06:01:44 GMT
If-None-Match: "dde36a309c58d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Sat, 07 Mar 2015 06:01:44 GMT
ETag: "dde36a309c58d01:0"
Cache-Control: max-age=900
Date: Fri, 15 May 2015 17:47:16 GMT
Connection: keep-alive
....
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 05 Mar 2015 06:01:35 GMT
If-None-Match: "cf2633d6957d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Thu, 05 Mar 2015 06:01:35 GMT
ETag: "cf2633d6957d01:0"
Cache-Control: max-age=900
Date: Fri, 15 May 2015 17:47:16 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Modified: Thu, 05 Mar 2015 06:01:35 GMT..ETag: "cf2633d6957d01:0"..Cache-Control: max-age=900..Date: Fri, 15 May 2015 17:47:16 GMT..Connection: keep-alive..
GET /v7/installed?pid=NDV-SP&dtid=default&cbid=&pf=&pids=&dbr=iexplore.exe_6_10.0.9200.16521&user_lid=409&client=stub HTTP/1.1
User-Agent: APN-Stub
Host: tbapi.search.ask.com
HTTP/1.1 200 OK
Date: Fri, 15 May 2015 17:47:38 GMT
Server: Apache
Content-Length: 1750
Connection: close
Content-Type: text/xml;charset=UTF-8
<?xml version="1.0" encoding="UTF-8"?>.<options id="NDV-SP"><option id="dtid" value="^YYYYYY^YY^UA" client="macro"/>.<option id="location" value="Kharkiv,Ukraine" client="macro"/>.<option id="reason" value="allowV7Install" client="stub"/>.<option id="p2" value="^B2X^YYYYYY^YY^UA" client="macro"/>.<option id="locale" value="en_US" client="macro"/>.<option id="dbr" value="iexplore.exe_6_10.0.9200.16521" client="macro"/>.<option id="nthp" value="1" client="macro"/>.<option id="nthp" value="1" client="msi"/>.<option id="cbid" value="^B2X" client="macro"/>.<option id="apnuSwitches" value="0!1!2|3!4!5!6!7!8!9!12|13!14!17|19!20!23!24!25!26!27|28!29|30!31!33!34|35|36|38!39!40!41!44!45|" client="macro"/>.<option id="domain" value="VVV.search.ask.com" client="macro"/>.<option id="proceed" value="yes" client="stub"/>.<option id="iedsast" value="" client="macro"/>.<option id="longitude" value="36.25" client="macro"/>.<option id="iedsgl" value="0" client="macro"/>.<option id="dbgrpt" value="0,1" client="macro"/>.<option id="eieds" value="" client="stub"/>.<option id="dssn" value="Ask Search" client="macro"/>.<option id="gco" value="APN10975cr" client="macro"/>.<option id="slwo" value="0" client="macro"/>.<option id="o" value="APN10975" client="macro"/>.<option id="cr_crx_flow" value="1" client="msi"/>.<option id="l" value="dis" client="macro"/>.<option id="tb-type" value="v
<<< skipped >>>
GET /v6/package?id=ApnSetupV6&version=12.28.1.1293&subpackageid=NDV-SP HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: APNMCP
Host: tbapi.search.ask.com
HTTP/1.1 200 OK
Date: Fri, 15 May 2015 17:48:46 GMT
Server: Apache
Content-Length: 106
Connection: close
Content-Type: text/xml;charset=UTF-8
<?xml version="1.0" encoding="UTF-8"?>.<packages><package id="ApnSetupV6" version="12.28.1"/>.</packages>...
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEHS6wwlnORsIJC159/eUSeI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: sf.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=527099, public, no-transform, must-revalidate
Last-Modified: Thu, 14 May 2015 20:10:32 GMT
Expires: Thu, 21 May 2015 20:10:32 GMT
Date: Fri, 15 May 2015 17:47:42 GMT
Connection: keep-alive
0..........0..... .....0......0...0......N$p...v....1.;..vn....20150514201032Z0s0q0I0... ...................F....0.yV......{&.K......&.......t...g9..$-y...I.....20150514201032Z....20150521201032Z0...*.H.............U.....{8.W.45..e.f..3........_..V...E..a.g....=....}.'h^v..O.p..:.p.....n...I\....m.. ....M....v.2...g.1.._.W..7.R....._..............c...w..}."[...........J.E........@..|t.9g;,.R..)..d6.V.U..*!x...m.A...$..R...r...w....?.}.G....A....s...6.n[.......3.3yI.a....0...0...0............F...I]A(M..s@.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........q<...A...#......A...u..Lz.............o..D.vQ%..s.......f....e../jI.d.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p....M/.. ..;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L...5.o..o..{..}.........%e.....N..._i........*Bc....:yQg.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H..............-..^.........f.P`...s.....8.....V.......... .... B.(@-)6.Rf....
<<< skipped >>>
HEAD /media/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: apnmedia.ask.com
HTTP/1.1 200 OK
Server: Apache
ETag: "3761a6f47f7e2af478c4f71a6850cc22:1430741174"
Last-Modified: Mon, 04 May 2015 07:26:11 GMT
Accept-Ranges: bytes
Content-Length: 2859809
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:39 GMT
Connection: keep-alive
....
GET /media/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 04 May 2015 07:26:11 GMT
User-Agent: Microsoft BITS/7.5
Host: apnmedia.ask.com
HTTP/1.1 200 OK
Server: Apache
ETag: "3761a6f47f7e2af478c4f71a6850cc22:1430741174"
Last-Modified: Mon, 04 May 2015 07:26:11 GMT
Accept-Ranges: bytes
Content-Length: 2859809
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:40 GMT
Connection: keep-alive
7z..'...Cb.... .....%............h3...0w`...*@.%...P..".~...,?u.'.^...Y.03.qY|[i.wp..\_..s..A.Oj=|...J.y=.......>5...8.h._%.[....P...$.E|;D....o!...e..^...R.. *..C.A...(....F...E.F.y...L...Lw.l:...G..4.G."..`.>._..\.G....2..F[/f.......uA...l..~..j.....]vL.q...g.}...k .K.1...<.jF........!....1^...M..$.8... ..pkJ.. .)...0r.....V%^.w.....P...Ue......g%...s@.....l..N... H.O..z.........O(.......~."..y...G6.u.Q...@.4.`aTYK.'q......_,..t<....h.....3A..K%.....7v.&..IxIs9.^.;......!..|7......."..K...).1".BUvrx)....a.........t....2....k~.lO;..9.|..2....x.An]...<!C7.j{.x}....5...O.\..m.2..].))..~.$.j.P.p.0_M.T.'...."...E......}.4]..-t.6%_..&G,..s..N..,~.ViHq|.....i.....I.........c..>....(..W.8.V6.e........Z._..3.sN.',.a..VU=.z.f.h.......f....6.....0.r..$"..{^...x.VF=b]A_..0...*L...W.S=...V.....#...vOg..>.t..U.....@.S........%n..~jM.]..P...V/v.S.JK:d..x^....!....<.....\EA.l...bs".....m.....09-.....1.W...#..w..ZY.^..Pl...M.U.l..u.... .....9&..H..6.4....c..0Q.O.>....c.8M!.... ...W.i.......M.K=.:.."<......-v.3Uhnv.. .fg.....y.6.9....q(..}..v...q[..uh.."`6.O.e.G..8w...5r.t....[...!..=... ......4...7.....G.g....../JF........./X........N"F......(.|..,...-...Y.....I.U.........}.k.9@O5..7..w`.i....w..i.R)..*.t....s.Z.mK..PR..~1q._..uT..6..9....E.r.v41.....w.....'....<..<.B............{.v.d.....&.^..l..z...Rz......t...7...K..@0;M....u.z...}.M$..M;{|5....I...3..q.f...w..Q..<_M*.mO.i.~.../-c..*...aV.[...}.5...2pj..1.p.C.nY.........J..v.(.......WEN:..N.X.r.{.1.{...Q>`F.O....gyv../.......v.A...
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=5767168-6291455
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA FwAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 5767168-6291455/20700512
.8..K1......7..kN...1..P.;.v.C.Y..z@.W..?3H..so...._.;...t...E.>7K.U.....-xE.[..?n....z..$.*...jHU4......J-....G...L'..!*.n`V....D.u.wb#S..d%.. ......D...yg...nm.^..g}.RDF..%*`[JH,...=uE/...>d.....w........x........@.H*.0z.8...Nc..cO..>....zY.._1.,'.n...lB.p....a..........xs....2.#0........(<.#......C.N........^T.....:}.f.... og.j`Mc....W....y.2f....I,>..&...0-...2[...&...M....o.cj.v.R.n.q.w~..(..!...?.....A.!....b7.n<..~..-_.-.>C..t...F..}.e& ......T..IWK..y..a..y.*gct......@/.....}i..m...%.'|./...6...g......:..MX..X.V....w..7.E.*...?E......v.t..C.S.N.6q."...^....7...Zu._....'.....M..@Mb.T.}Q.. ,...|7_.BG..hFl.C...d...z.F...fAL.......@......%{./..k"Fcm..Z..&'..l...Z"..R|...b......R....$..\.>..P..1..T..b..R7.y..5.c...tJj3....[.....C...w6.....C.Q.Gp|........p?B.....<.9CR....3......x....l........7........>..._.... ...w.} 7 ...\@o.9 .u...9...1...i...(...A.j...0.,m...z.$.d.3.~.4.........L&...!.P...x3i.b2.j..!.S.t.HL..#...}Y2..._m.v..E..Qd..*.....OV3.>bT...[.;...&XA....y....1S...........B.9..t.T.f.zq..)..a....H..%...|t*....VF.o.Hf... .&....cNL.E.7F[/.h...:X......I.s^b.R..2./;K.@_<;....4`kr.K.#.`........c........q......f-....&4.....GM"C....P.....D.nV...z......`...Q............u..I.9*.w..B<.1.............~.O.....V..r...........y........_1)..F./=..$..1...C=........t....s...}.......Jm...p..!k..j.0.F@ .......<.^UC.(]n.2_....6.....EP,-....a_{.h..k. .8. .F..........%.j.D.^..H..m.hh.. .!._.`CaS.I&...".!.....G$.....z.P.z.@.8.a....Dl7B.....b.].S.B...<...J.^..|..4x...!.>.k....>
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=11010048-11534335
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=18350080-18874367
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
<<< skipped >>>
GET /static/partners/NDV/APNAnalytics.xml HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 29 Apr 2014 20:12:45 GMT
ETag: "87a7d-a10-4f8340e13a940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1084
Content-Type: application/xml
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:45:59 GMT
Connection: keep-alive
...........V.n.6.}/..`.@.j ......x}..6p._... .e.VC..I.q....o.....E3g8.3..J.....G*d.....'.."...Xup...9....%.. x#.}...... .....`.....J.....(8.G.....`....}R7q.."..X......#EJ.M|~..^~a.>^v..4_.U...]..,...Z.ga;..........`8...F...yBW.Tb...........d2.......n.3.%..u.#4N.w.....Sy.\......G......\.).p8.0..I.g..)....M.!.k.t......Zm..W...O...h..&.l..pT..b...z.K:...C....m....w=..f...........s...TL...%..,.P^........}.>..R..A..{]*..ft.......Y.N6._.....h....0jQ?%.N.s;l..|<....J.4...U.<....{..R;u.-H\..Lb.#{...|..(.f..4F.L.-.,...W.)..K..L.| i....l...g..j....R}..ES..2....9.nf!.a..Dc.a.o..8.."....T.gF& A.........U..I.v.B.....yo.........JPWC.A.....6.-D.T...f.....T.1t(.i..6......n......w...x..e......7.......`...].J.RVN...|j.......G...7...........`..X.......J.h..J6z.0F...2.%#.....^-...5OM.K'..R...\0#....Y..d.}m.{c..V_.Z..\.k...3. !~.....?a.r....@J.B...w.....jcD.R.Q`^{..F........r;.F...c{.......V#.Rxqb.VO*l.,.....@.a......]l.Z........:../H....h.E.....C..A.WCs..x$... =.SGY7...]#......vm.....$Nl.g6.(...c.?.|.......,2X"..`.]....Q..c.......0.t..T.......w.-.. ...#..0..s..r..1...=L..T...............HTTP/1.1 200 OK..Server: Apache..Last-Modified: Tue, 29 Apr 2014 20:12:45 GMT..ETag: "87a7d-a10-4f8340e13a940"..Accept-Ranges: bytes..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Length: 1084..Content-Type: application/xml..Cache-Control: max-age=86400..Date: Fri, 15 May 2015 17:45:59 GMT..Connection: keep-alive.............V.n.6.}/..`.@.j ......x}..6p._... .e.VC..I.q....o.....E3g8.3..J.....G*d.....'.."...Xup...9....%.. x#.}..
<<< skipped >>>
GET /static/resources/ochelper/2.9.1.0/ochelper.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 244
Content-Type: text/html; charset=iso-8859-1
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:00 GMT
Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL /static/resources/ochelper/2.9.1.0/ochelper.exe was not found on this server.</p>.</body></html>.....
GET /static/resources/ui/html/orchestrator1.html?PIPPID=NDV&PTBPartnerID=NDV-SP&STBPartnerID=&tbType=vanilla&version=2.9.1.0&AntiCache=25544 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 30 Apr 2014 20:45:11 GMT
ETag: "3dd42-3244-4f8489fe8a3c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4244
Content-Type: text/html
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:00 GMT
Connection: keep-alive
...........[mo.H......tZ..@2....dr...jg.m2...VjL.:16k.!(.._....Ir{..pH..]U]]].TU...../?..?.....o..Nb7..#.z.N.F....\J........OW._........%...|..8.....f...%.kt..fJ.Hb%b.i.4..t #..AJ..nW|...4B.FMU.....\*..|%cPr....j.w2.H.$.D N...8...#...'.>.mx\T.'.z..4...B.....i./NO..j..j......\..j].(h...:.F5.L.....u.5[-qV...QL..v..s...T2.S..@8.0....,.|..3...q.z..N.UI..~...0....8zOk...(..,. ...$........g|.~n. ..`Z].........*.!-...Cp..YK.=........6%...r.@tw0L........9::......#o...?~M..:L^........W...Wt........<..yx...Qw...Q. .r. ..8l..p..cox...?~....L."...D.&.. #.n,\.......H.FE"N...&...K6w.c..........Sy........^.A.......`x..p....s.n..m..^......6&.'..S.{.p...T@....X.!..B?.Q...$.tS..x......}..J.A~ V.#..KO.k.D...s..b!.0.1.tP...D .............KW.....`B:gC..63...S..X....U..U..............r:..d.;.e9.F.X...u...r;.)ha4t.......f. ....80. z....HP......d.M.!..w.y...b.k..i.:..A....d......&.73.)... ...,.'*J..2.'.,.LexQ8.4....V.-...L...V....8_..<...{[%. .e.........eb_.S3 ... .V..*.Y..h.....d.ua..bt....?.6.....I.......b...{@b.j.....#..#,...R?...........VK..q..*.K...,.....Ns...)...p$f3.2..h@.F.d.....&....g..(;8j...-.y.ie:...n...B!.Ba &.~Ob...z:1...X..vg.r,... ...p...>#t...c@%.0...||'f.. .Q........@98.[.%. .C...M...-.......NE.1W=.9...u......2.0"...p.*26.R....`....vEj1..f)#..qx...:...........]S.$..nn.X@.......Ed.F...LN...7T.,.HG.q.4.....tF.3Q.GP......Z..d..5.Fi[k...".....l..r..]I.<.!.B8A.}.....5c.....Q...J.......B..!.&OM\...L.zH.j%...[...;4.D2..T..'>..h.k..5.....j..l.'.Nm....k..A..q..Su..3...J..m....u...>...;.5r.dx]rx;T.z..M(.w.
<<< skipped >>>
GET /PIP/Server.jhtml?partner_id=NDV&language=en&version=2.9.1.0 HTTP/1.1
User-Agent: APNPIP
Host: offers.offercast.com
HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/xml;charset=UTF-8
Date: Fri, 15 May 2015 17:45:59 GMT
Content-Length: 19290
Connection: keep-alive
<?xml version="1.0" encoding="UTF-8"?><root><OwnerInformation><owner><name>APN</name><organization>APN Toolbar</organization></owner></OwnerInformation><GeneralParameters><Height>389</Height><Width>503</Width><bgcolor>F1E9E1</bgcolor><dlg_transparency>255</dlg_transparency><defaultLanguage>en</defaultLanguage><ShowOfferScreensOnly>false</ShowOfferScreensOnly><MessageUser>false</MessageUser><BalloonIconPath>hXXp://ak.pipoffers.apnpartners.com/static/partners/{partnerid}/images/install.ico</BalloonIconPath><TrayTipTime>2000</TrayTipTime><PreviousX>270</PreviousX><PreviousY>39</PreviousY><NextX>181</NextX><NextY>39</NextY><CancelX>94</CancelX><CancelY>39</CancelY><CancelDeclinesOffer>true</CancelDeclinesOffer><RetryTimeout>300</RetryTimeout><NumberOfSecOffersToShow>0</NumberOfSecOffersToShow><Orchestrator>hXXp://ak.pipoffers.apnpartners.com/static/resources/ui/html/orchestrator1.html?PIPPID=NDV&PTBPartnerID=NDV-SP&STBPartnerID=&tbType=vanilla&version={version}</Orchestrator><CBID>ALJ</CBID><TrackID>default</TrackID><geo>UA</geo><HidePrevious>false</HidePrevious><optintextsize>12</optintextsize><PartnerKey>149</PartnerKey><ProgressBarCan
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=524288-1048575
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA F0Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 524288-1048575/20700512
%..W...L. m.L..f.>l~.........\....u......@a.....)..y\..Ab....gp.D.....V;.....U...u..F...7.[<4......O...".../.MyL..j.w.....u)V..d.78.... qwlL~......?9C.tg...w........W2.\%JT~P..#.......Q..Xg....2.<......P/m&..m......c...}...1.#U..-..9@.......#.JxV.....D...mW.Nu^.....5..$...".sT.*A...,!..^%]..GP...R........s.,T..c...}...;4....6. ..9..V..$Y.(..n...9...j.......d.....#..^.9...-ZJ..mrL..)P..........q.RqY......Eg..........._.'....f..Q\.`...9..J..&.J.. ...f..........d.,...I).<.}...Q.........J1%V......... ........naM%..@.t..8.DJc....Km.=.pY.Xz...........B.....4..........6.M..%aMV.V.6<..f......j.h..l..,'~.. ..,..]..m..kRr..,.z...E.(...W.......A....d.7....o...&..........~v...R..@~=l. U@.GF........3....[.k_'......m...(..r....}f'..._.LA.e..}.......Wa..EFjtmu..z.N.;3.9.N.x.VY..j.Z .4.jo|.....\W.... ..du...2>i../#,.?....t.}%j._..^=c...a.......Q&$.i...r.C.P..6....eb.o....}.Q.xJ..~......>)..mR.^n^........c..hk..6.f.]....W....K....]2.5.:.....d...n..:6fr......=......"........Yc.E...X.zhxK...ey.......=.`..z}PTO.f....Y$F*.^...v&..jV...W..m.|b.....c......7UOr...9#a.m....hj4j.^3.A..1.b.rxE.H#..*].xU..H.}D....P.J.....gJY.:.R@;.....bm.......V1.>......g..2r.j... K}Y.0.. ....H.<M._...e.*......... ..P..`"...x.........&.%..z...l....Ys..N^.....;3... ..Zfp.."...6.dt.x..v9.7[Cn..a....#ED..y9.Xu... .7.v.b7..R..S.$....=."K..C.Ka.E..r..#`.N....g..fZ.}.Yd..?...>ir...I.....NL.|.4.U..z.k..r..u....[..;..kR.zf.].:...Q.".g...k.E.*./.KJ7n.>d...v.....3. ....M...".......x.R..e.1a.1.0.r....]..v......<#....>..o,O/%.-.
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=9961472-10485759
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=3670016-4194303
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA FzAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 3670016-4194303/20700512
/N....9.....*..\..r..lz.....=..ck.%.i. ..U..O'... .C`.7......d.U..~.|:.5....p.>Ki.)....tE(...........g..b..8.J.9.._..u.;...O. .1. RN..w...B.$..x ....|,...V.#........ ..C....8_..-.N...4S..~....k.....R....wY$.G........|.H..U.f.^.f...}l..uN;/..W..*V.D*.[.13.....x...*....5.....3..:..k.p.._...>qkH.......5".#<....xM...l3l....Ca...j...)..sW.P..$]F;a...........E.......QJh.I;....... .....b...q.....u.6....../... J@......T [.;....gj..[4V.......' ......A.....F,...2!....jA.v.*6.3.S>.p.m>%V.......YF.O!@[0.}...G...H0..W...J.a..K....<..K.[.M.7.....O......!'..../v,....Sx.^=..<. ..7....E.....5"3..7.C.....&..|L.b.y....t..c...i....... ...?.,.....r.&...I`U...........%*..P......QDf~U..j~rs.....x...[..lwT-....M.?.aL.(..^........._....w.&gFd^IF..O..Q@.n../.......0k_.v.. ..6.`.x....g...^Oo...?...A........9.P_..|0....k....G2n....{pnfK}L.B A...@Gz....>.#A....H}^W.Po.-..w.`Q2.mO.q'.XK4......D..LE...6..K.......r...~..s.f28...B...V7>T.f....R*e.Q.FAd.xE...<.........i^b...^.....@.....BeH..w.v..........J...Q.......=...p...q.{..x.. .........)q.q.38.zt....h.....2 .@....C..<.f.....={.S..v.0E. ..%y<........f7..7.....5.j.R...y".....[....@...HY....i....nr..3"\...A.......;Ki.].Po....=k...Q..n...{..{el..u.^.`.....d.y..f.o...~B/'..R(..'??...$..x1..[.......i>G..q.w.@....}.........n.?. Qq>.#....E.O.]..f....<...."...>.....2...O.]F.._.Y2/.P......im.c..}..]..3..0c.=x.K..m.\..W....[&.bl....|9........./9D.P.2.t..(....3..u).8...I.rD.s.r.G.".|..9.D.V.f.k.P`fB_....M..[.o.cW&... C[x_......=..{...s.a..K../.W..<..q
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=14680064-15204351
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?9ee72119169be0e6 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Feb 2015 00:37:01 GMT
If-None-Match: "80b4d90ca4fd01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Feb 2015 00:37:01 GMT
ETag: "80b4d90ca4fd01:0"
Cache-Control: max-age=604800
Date: Fri, 15 May 2015 17:47:16 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Tue, 24 Feb 2015 00:37:01 GMT..ETag: "80b4d90ca4fd01:0"..Cache-Control: max-age=604800..Date: Fri, 15 May 2015 17:47:16 GMT..Connection: keep-alive..
HEAD /media/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: apnmedia.ask.com
HTTP/1.1 200 OK
Server: Apache
ETag: "3761a6f47f7e2af478c4f71a6850cc22:1430741174"
Last-Modified: Mon, 04 May 2015 07:26:11 GMT
Accept-Ranges: bytes
Content-Length: 2859809
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:39 GMT
Connection: keep-alive
....
GET /media/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 04 May 2015 07:26:11 GMT
User-Agent: Microsoft BITS/7.5
Host: apnmedia.ask.com
HTTP/1.1 200 OK
Server: Apache
ETag: "3761a6f47f7e2af478c4f71a6850cc22:1430741174"
Last-Modified: Mon, 04 May 2015 07:26:11 GMT
Accept-Ranges: bytes
Content-Length: 2859809
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:40 GMT
Connection: keep-alive
7z..'...Cb.... .....%............h3...0w`...*@.%...P..".~...,?u.'.^...Y.03.qY|[i.wp..\_..s..A.Oj=|...J.y=.......>5...8.h._%.[....P...$.E|;D....o!...e..^...R.. *..C.A...(....F...E.F.y...L...Lw.l:...G..4.G."..`.>._..\.G....2..F[/f.......uA...l..~..j.....]vL.q...g.}...k .K.1...<.jF........!....1^...M..$.8... ..pkJ.. .)...0r.....V%^.w.....P...Ue......g%...s@.....l..N... H.O..z.........O(.......~."..y...G6.u.Q...@.4.`aTYK.'q......_,..t<....h.....3A..K%.....7v.&..IxIs9.^.;......!..|7......."..K...).1".BUvrx)....a.........t....2....k~.lO;..9.|..2....x.An]...<!C7.j{.x}....5...O.\..m.2..].))..~.$.j.P.p.0_M.T.'...."...E......}.4]..-t.6%_..&G,..s..N..,~.ViHq|.....i.....I.........c..>....(..W.8.V6.e........Z._..3.sN.',.a..VU=.z.f.h.......f....6.....0.r..$"..{^...x.VF=b]A_..0...*L...W.S=...V.....#...vOg..>.t..U.....@.S........%n..~jM.]..P...V/v.S.JK:d..x^....!....<.....\EA.l...bs".....m.....09-.....1.W...#..w..ZY.^..Pl...M.U.l..u.... .....9&..H..6.4....c..0Q.O.>....c.8M!.... ...W.i.......M.K=.:.."<......-v.3Uhnv.. .fg.....y.6.9....q(..}..v...q[..uh.."`6.O.e.G..8w...5r.t....[...!..=... ......4...7.....G.g....../JF........./X........N"F......(.|..,...-...Y.....I.U.........}.k.9@O5..7..w`.i....w..i.R)..*.t....s.Z.mK..PR..~1q._..uT..6..9....E.r.v41.....w.....'....<..<.B............{.v.d.....&.^..l..z...Rz......t...7...K..@0;M....u.z...}.M$..M;{|5....I...3..q.f...w..Q..<_M*.mO.i.~.../-c..*...aV.[...}.5...2pj..1.p.C.nY.........J..v.(.......WEN:..N.X.r.{.1.{...Q>`F.O....gyv../.......v.A...
<<< skipped >>>
GET /ThawtePremiumServerCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.thawte.com
HTTP/1.1 200 OK
Server: Apache
ETag: "4c1a38495b5906e320a1b3da59f43ffb:1431680746"
Last-Modified: Fri, 15 May 2015 09:05:46 GMT
Date: Fri, 15 May 2015 17:50:21 GMT
Content-Length: 6467
Connection: keep-alive
Content-Type: application/pkix-crl
0..?0...0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Cape Town1.0...U....Thawte Consulting cc1(0&..U....Certification Services Division1!0...U....Thawte Premium Server CA1(0&..*.H........premium-server@thawte.com..150515090053Z..150525090053Z0...0!....T..W...p.[..%...100322161038Z0!...!P..6{.lS.@...5..130927150657Z0!...Da\v..........%..130920062728Z0!...>.e..-...s[.2I...140418142220Z0!........d.{#E..9`...130926061856Z0!....6..q.'tT..1.Q...130926062249Z0!............>..i....130528164218Z0!..........#.P.......130716072254Z0!.....%.......R......100801221434Z0!.....M..HK.....x....130926060355Z0!....k."..z......64..130919082450Z0!...W..._....%..I....130926063253Z0!..._._~gq.I.)q6@g...131025034600Z0!.....=X>...]..h5@...130920130332Z0!... .(........n.S...130923202627Z0!.....:...B..=]Hsx_..130920011556Z0!....>.ITt.Aw%*I.....130918091937Z0!...U...z7.....UK.n..150330151829Z0!..........1S..Pp....130925105017Z0!.......x.G.....=....130926064912Z0!....d....... ..=....130911111649Z0!.....f.....F."E.....100527143439Z0!.......B...Y..;..S..130925185558Z0!..........G.1.......100624153158Z0!...=.;...........`..130924105544Z0!....e..8..3...h1[|..130905162920Z0!...d.[,tpLq..o.; ...100528183707Z0!...c.$.?.._..4..O...130905193529Z0!......V..T].Y..:|...130304224528Z0!....Xy..MnW.G..f.t..130810133109Z0!.....c.8..vX....ue..130930185946Z0!...o. ...a4?...s3...140409095630Z0!..._...!?Y.K..3..K..130929003638Z0!...aa].!.ya..)......130930170744Z0!........h....xf..Y..130523222209Z0!...,.:E...8H>N...o..13092606
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=4194304-4718591
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA F3Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 4194304-4718591/20700512
.........._}..z..9..OG^S~.o:5I-......G..... ....Q.l*.n@.........\.M..md}..j./J.t7.v..J.0...|.TR..0.r.oB.D..9.\t ..._.|..sH...).]xl. .t....h. ....O...u2.W.c.gJ..N.-..Us.....4......j<..f!.....s.`..[m..D..p.5h=........HwQ'... )..ef........6u......y..h?....#..\\.K|P.....R...$..Z.1....t...z...x......7... 6F.0.SH....H....xR... ...YlU.V...IK..0N.$F1-I..k....c...L.&..........g...;...-(1..,.F8.S......m....M..Qs.@.$[. ..S[&..]e..$ .y.p....C...U.8...Ir. >5..E......,.)'@.r..U.N4-..fu....F....$..A......Y.cM....xp./...>....\..52.m...T3nQ.N.*.'..E.....!K'...N.....@.p.....S.RB.Q..[......xm-....... ^..-../G..]h]7.#........d...l...V....:....%..;.k..............:<1.............wi.Ua.........y....JbaD...... ..#..".3].k.z-.k...u....7.F.....'"......m.l;.^B.....{.&'U.r..~:..z;q....6k...&])........v...j].9#...w'.n..b...#...........h...._.(.....Hzf'|...9`.......z..JR.../}.M.Kt....-s<..n.j.c3..[|.m...)....\0.....K..=....lTL4Q....\k.....xGL...wq.....Q.....J,.e. ..y............_.. .oi........P`......6.. .....]....;.:......WxI..EL.0....Y.zEO..8..v..]A|..|.n.\d...,.)r...~..%O.{.p..c.d....R......[.......6...H.M.....T..i .W.f8.:W...:=_............p...a.........7...P '....vY.a.j...@]....S..Z#...(....=f...Qa.l......5m........p....}o(.........fY......B.e.......e@*...s..I....L...j.Y.....d.sb.p.HL...9[..a...w8.9dG.Y#....C.P.){.W..n...........c......|V. ...Vp~..a#....N.'-......... ....f....F.d.}..c..H_..$.bg.F.B.[...j%^...2...?.vX}....kl..._..F-}e.hr.a....$.......3...!.i.F....E.Q<].R;>.-.....g....'.q....../.x.xc..S..U....Y.D.{.
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=12582912-13107199
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:43 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMdIZh8fA9eJAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 12582912-13107199/20700512
...'.R;U....?..#..k.*mo ........K?v..N5`f.o......@^.Kq{.. ..?fr........{ 6.oNV.x..)W...n.1bl.r.:x\....a./.EM$Tm..K..J.......g..|.;.c.(u2..*.....%~P.K&.2.[ .S.v.&.......;U.}t..}.(c"Fe.u...).....\.Q...SK....%.x.fc<".sw...E...........b...r.M.V.0.!nK.{....-...dQx..5^....-Nw...g...-..S.a....YV...$p.g.;.O..~....w\.`;.<...<.)$...^.....9.e:.#.:0...#.WH.9.@..-.U..bfs.n ......6M!P..|....e.j.:.,.hi....5.R...o...g..G.5.1...._.9. .....}t.......J.dd.e.l.3..C..,..#F...vuI.....04... ;..P......I...y..V.A.<...[....V.*..,A.hS....9K.o.....0.?..<...{..........&..* .!.f..C.-..j..A.(....p...D....L......E.1.I......./.(.l..)E.=]..^.!!.x......C.,.1./i..L/r.......d;..",$.U`2...[..z.e.\....T. .....N...Q.......(o....J!.......%.P......mloL.....V..J55.....;..^..zpQ......?U(Vk n......E.2X.@....y.b....8..Bf%. .4..]......Mq.17.{...|..U.......g.8y.....Y..4y..}#$I.".N...\..b..U.:.wd.,]_}./.0....5.$=DQ...Lhj^AD...x.....M.9.(%.r...1....^.6.{.[..O6s.....'.!!..(&T....f...sp.....d@ ].V8.W..$.#J7.r....L.k..^....$.a:....=]3.&o..o.1.u...x..\x>\....q.l..'............f..R.\...|.....0..}T'.z..}.]w.R2H....dp|..m\.J<S...4.L.....oP.........-L..5....1..V?P[=........".sq<.ih.&...p~.b....<....5.M.!..5..*........(.y.R-....;...yF\..8..8..........*.K..Z..K...u....z.9/....C..p.o,.s..x......?.j.w.V.7.....}..G....|4.h!...UF......s[...&k.. n.d6$......X.v........((.-..o6..ECSkh/KN.k....cg....}a.$3N.zj...X/<.. x5....._.>.{.CKoRa. ...,A..J.Ei...T n..e....:V...4?.!..\2.).....(%[xBm.t.T.1.......Q....)@ }.U...A.UP....P5X.....O"..I......n..)tE.
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=20447232-20700511
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
<<< skipped >>>
GET /static/toolbar/everest/notifier/not029/notifier10-config.xml?seq=0 HTTP/1.1
User-Agent: APNU
Host: apnstatic.ask.com
HTTP/1.1 200 OK
Server: Apache
ETag: "1e470a718ce4bc066d5cd9ed5219b7b9:1430241811"
Last-Modified: Tue, 28 Apr 2015 16:48:49 GMT
Accept-Ranges: bytes
Content-Length: 188662
Content-Type: application/xml
Date: Fri, 15 May 2015 17:47:48 GMT
Connection: keep-alive
<?xml version="1.0" encoding="utf-8"?>..<toolbar blankmacro="^">.. <properties>.. <property name="stdCat-tbtypes" value="vanilla;vanilla-sec"></property>.. <property name="FF-MaxNavSearchDepth" value="4"></property>.. <property name="StartSingleBrowser" value="0"></property>.. <property name="IEDSA-display-style" value="0"></property>.. <property name="HPG-max-showcount" value="1"></property>.. <property name="HPG-max-protectcount" value="3"></property>.. <property name="HPG-burst-duration" value="70"></property>.. <property name="HPG-quiet-duration" value="10"></property>.. <property name="HPG-reset-interval-seconds" value="86400"></property>.. <property name="HPG-white-list" value="*.google.*;google.*;*.ask.*;ask.*;*.avira.com"></property>.. <property name="HPG-prompt-hide-interval-seconds" value="7"></property>.. <property name="HPG-logo-mode" value="1"></property><!-- 0: none, 1: cobrand.ico, 2: gear -->.. <property name="HPG-guide-offer-report-delay" value="3600"></property><!-- seconds of delay between guide dialog response and checking for home page change. -->.. <property name="apnurevision" value="5"></property>.. <property name="hours-delay-update-call" value="0"></property>.. <property name="landing-page" value="hXXp://apnstatic.ask.com/static
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEHS6wwlnORsIJC159/eUSeI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: sf.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=527099, public, no-transform, must-revalidate
Last-Modified: Thu, 14 May 2015 20:10:32 GMT
Expires: Thu, 21 May 2015 20:10:32 GMT
Date: Fri, 15 May 2015 17:47:42 GMT
Connection: keep-alive
0..........0..... .....0......0...0......N$p...v....1.;..vn....20150514201032Z0s0q0I0... ...................F....0.yV......{&.K......&.......t...g9..$-y...I.....20150514201032Z....20150521201032Z0...*.H.............U.....{8.W.45..e.f..3........_..V...E..a.g....=....}.'h^v..O.p..:.p.....n...I\....m.. ....M....v.2...g.1.._.W..7.R....._..............c...w..}."[...........J.E........@..|t.9g;,.R..)..d6.V.U..*!x...m.A...$..R...r...w....?.}.G....A....s...6.n[.......3.3yI.a....0...0...0............F...I]A(M..s@.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........q<...A...#......A...u..Lz.............o..D.vQ%..s.......f....e../jI.d.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p....M/.. ..;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L...5.o..o..{..}.........%e.....N..._i........*Bc....:yQg.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H..............-..^.........f.P`...s.....8.....V.......... .... B.(@-)6.Rf....
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=1048576-1572863
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA FxAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 1048576-1572863/20700512
Ud.WB.cR%..."j..w...I]...(.Mc...\.".!"|...-%...}..Mr.#...].e....&...-.....@W.z:...{.K..;.u.YO..&...r%.<5.\...Knz...NP.*...A.4.;..4...=./...B...............&u.1~... 9.kv./.'Mm..P.d.....Jv.R.f.<R=......>...8...J.ze.lx.v.s6x.n.7..dh..Z.C.....!.]$....)5(.y.F.d........%..).?...o"....."..(d...>7`......,N(...p.....y.]E.\..8)!V3 ....E..).8...d..]n.......(.......[.|D..Vn..........-8'~.D...*...B.<.....t.......w...S..<B.Jt.}S.U...U.%o..-Z.5A..7....)..qO..6@.X.~...2..;P.!u3.$.r..}.I.f...c.2k...?..A()..C.:...g~e...........)r.c.f.&....$.y..h..rdf6...n^....T........3....W..).0......uNx..J.....eC.B#.....2..Qml.....3..Q5.B`^sW^0..45....'...D.4...j..........B$`.....-...e.$ .!....V.,...;.'.t......8.<5....m.p.4D...V..``..F.l.t..]).....R}z...A...V......K.[;S....P/......Y.7.?....@...y[ ...XT.. u...l<d0...a..II....z<..B...xA.9.....rK}<;c..]7r..Yu.......SI.Fst..h.t.Iq .Z..H.e....IqU;..s...j....z.0..Xf.A..m3.!...CY........i.......#.S...Zy..q...s..zi.0O......r..?*..F{.%0..p.g*`....p.....d.w....1.Y .3k.,.......A.O...2 ....T%.US......d........V5...R.. g:.P....}.h......PZ2En..]....)..\.B.|.f.....:.$g.5.-..`z....H....w..U.:.j...E.QB.....x.c......:..C.P.l.W4...2..@u.!"`...2..u..z.1.....N=Y.Y.:0.f`.R.5....u..l^.....9.OqWWW...H..Q..}..H....&..j..vR.....'...).Q.....f[j.....\o...66.......!. ......^..|.".N..9(...g....h.....v<...SE...c..L.Y.U.q.....J..{...T'..4.'3...JoU`...O.xA.9A.B.(.m.el.4.%..y.hgP.cW.0.`.z.5..j6.c......x![{?..uYPc&..G,uC.zQ..O...7....n.................2..NM.../)......>...) ....QM....0...j...?
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=7864320-8388607
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
<<< skipped >>>
GET /media/toolbar/everest/partners/NDV-SP/YY/Setup.ini HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: apnmedia.ask.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
ETag: "51d09284be2c59b1d8810969f08ae139:1430741174"
Last-Modified: Mon, 04 May 2015 07:26:11 GMT
Accept-Ranges: bytes
Content-Length: 3508
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:38 GMT
Connection: keep-alive
[Startup]..CmdLine=..DefaultOffer=..XpiInstall=..Require=OS_Requirement..[Product]..ProductName=Ask Toolbar..msi=hXXp://apnmedia.ask.com/media/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z..Languages=1031;1033;1034;1036;1040;1041;1043;1045;1049;2070..Criteria=prod..UpgradeCode={A7585BA7-0A75-7786-6895-A758B7FFFFFF}..ProductCode={4E44562D-5350-006A-76A7-A758B70C1C01}..CmdLine=..Logging=voicewarmup..Type=vanilla,vanspe..[OS_Requirement]..Criteria=os..ProductName=Windows XP..[Windows XP]..PlatformID=2..MajorVersion=5..MinorVersion=1..ServicePackMajor=2..[Reporting]..Url=hXXp://phn.apnanalytics.com/tr.gif..UrlOC=hXXp://phn.apnanalytics.com/tr.gif?anxa=APNStub&anxe=OfferCheckEvent&anxr={anxr}&anxt={anxt}&partnerTrack={dtid}&anxv={anxv}&bb={bb}&cr_ds={cr_ds}&cr_hb={cr_hb}&cr_start={cr_start}&cr_tboff={cr_tboff}&cr_tbon={cr_tbon}&crtbs={crtbs}&ff_crm={ff_crm}&ff_hpr={ff_hpr}&ff_tboff={ff_tboff}&ff_tbon={ff_tbon}&fftbs={fftbs}&ft={ft}&ie_ds={ie_ds}&ie_hpr={ie_hpr}&ie_tboff={ie_tboff}&ie_tbon={ie_tbon}&ietbs={ietbs}&orgb={orgb}&reason={reason}&result={result}&tb-type={tb-type}&tpid={tpid}&trgb={trgb}&udbr={udbr}&wft={wft}..UrlInst=hXXp://phn.apnanalytics.com/tr.gif?anxa=APNStub&anxe=InstallerEvent&anxp={anxp}&anxr={anxr}&anxt={anxt}&anxtv={anxtv}&anxv={anxv}&apn_dbr={dbr}&bb={bb}&browsers={brws}&cr_ds={cr_ds}&cr_hb={cr_hb}&cr_start={cr_start}&cr_tboff={cr_tboff}&cr_tbon={cr_tbon}&crtbs={crtbs}&crVersionInstalled={crv}&defaultSearchChoice={sa}&downloadTime={dwt}&errorCondition={errReason}&executionTime
<<< skipped >>>
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.search.ask.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
ETag: "c8786bc5b30ddb35ef1bb7acd9422223:1405974749"
Last-Modified: Mon, 21 Jul 2014 20:32:29 GMT
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: image/x-icon
Expires: Fri, 15 May 2015 17:47:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 15 May 2015 17:47:48 GMT
Connection: keep-alive
............ .h.......(....... ..... .....................................................................................................................................................................PP..................00..pp..............................@@......................................@@..........................................................................................``......MM..............................@@..........................................MM..............................................__..............^^......~~......................``..PP..............................................................................``..................................PP..................................``..........................................................qq..@@..............@@..................pp..................@@......................................@@..............................``.. ....................................................................................................................................................................................................................................
POST /PIP/OfferAccept.jhtml HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: APNInstaller
Host: reporting.offercast.com
Content-Length: 764
Connection: Keep-Alive
Cache-Control: no-cache
&anxa=APNPIP&anxv=2.9.1.0&anxd=2015-05-15T20:45:59.25 02:00&anxe=PIPOutcome&anxpt=windows&anxpv=7&anxf=&anxw=1716&anxh=901&anxcd=32&app=&anxr=02464E952E8B4C52852FF96CC7A2B7FA&pipPartnerName=NDV&machineID=&funnelID=47D75D93-6888-48D0-998D-36007C52334B&CBID=ALJ&campaignID=&ioID=&placementID=&WFType=Remote&offerCount=0&offerType=Toolbar&offerProvider=APNV7&offerScreenVersion=default&userAcceptance=true&userUIChoice=Next&installerLaunched=NoAttempt&downloadStatus=NoAttempt&downloadTime=1&errorCondition=0&reasonCode=0&reasonString=&ChromeTB=&ChromeVersionInstalled=41.0.2272.118&FFTB=&FFVersionInstalled=29.0.1&IETB=&IEVersionInstalled=9.10.9200.16521&TBPartnerid=NDV-SP&TrackID=default&apn_dbr=IE_10.0.9200.16521&cmdb=&orgb=&trgb=IE&userSelection=hpr:1;ds:1;oi:1
HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
hostname: dubprdapnpipcl3.dub.jabodo.com
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:38 GMT
Content-Length: 0
Connection: keep-alive
....
POST /PIP/OfferAccept.jhtml HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: APNInstaller
Host: reporting.offercast.com
Content-Length: 770
Connection: Keep-Alive
Cache-Control: no-cache
&anxa=APNPIP&anxv=2.9.1.0&anxd=2015-05-15T20:45:59.25 02:00&anxe=PIPOutcome&anxpt=windows&anxpv=7&anxf=&anxw=1716&anxh=901&anxcd=32&app=&anxr=02464E952E8B4C52852FF96CC7A2B7FA&pipPartnerName=NDV&machineID=&funnelID=47D75D93-6888-48D0-998D-36007C52334B&CBID=ALJ&campaignID=&ioID=&placementID=&WFType=Remote&offerCount=1&offerType=Toolbar&offerProvider=APNV7&offerScreenVersion=default&userAcceptance=true&userUIChoice=Next&installerLaunched=Success&downloadStatus=Success&downloadTime=1&errorCondition=0&reasonCode=0&reasonString=&ChromeTB=&ChromeVersionInstalled=41.0.2272.118&FFTB=&FFVersionInstalled=29.0.1&IETB=NDV-SP:vanilla,vanspe&IEVersionInstalled=9.10.9200.16521&TBPartnerid=NDV-SP&TrackID=default&apn_dbr=IE_10.0.9200.16521&cmdb=&orgb=&trgb=CR&userSelection=oi:1
HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
hostname: dubprdapnpipcl7.dub.jabodo.com
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:39 GMT
Content-Length: 0
Connection: keep-alive
....
POST /PIP/OfferAccept.jhtml HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: APNInstaller
Host: reporting.offercast.com
Content-Length: 555
Connection: Keep-Alive
Cache-Control: no-cache
&anxa=APNPIP&anxv=2.9.1.0&anxd=2015-05-15T20:45:59.25 02:00&anxe=PIPOutcome&anxpt=windows&anxpv=7&anxf=&anxw=1716&anxh=901&anxcd=32&app=&anxr=02464E952E8B4C52852FF96CC7A2B7FA&pipPartnerName=NDV&machineID=&funnelID=47D75D93-6888-48D0-998D-36007C52334B&CBID=ALJ&campaignID=&ioID=&placementID=&WFType=Remote&offerCount=-1&offerType=Toolbar&offerProvider=APNV7&offerScreenVersion=default&userAcceptance=false&userUIChoice=NoAttempt&installerLaunched=NoAttempt&downloadStatus=NoAttempt&downloadTime=-1&errorCondition=0&reasonCode=0&reasonString=&userSelection=
HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
hostname: dubprdapnpipcl6.dub.jabodo.com
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:39 GMT
Content-Length: 0
Connection: keep-alive
....
POST /PIP/OfferAccept.jhtml HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: APNInstaller
Host: reporting.offercast.com
Content-Length: 585
Connection: Keep-Alive
Cache-Control: no-cache
&anxa=APNPIP&anxv=2.9.1.0&anxd=2015-05-15T20:45:59.25 02:00&anxe=PIPOutcome&anxpt=windows&anxpv=7&anxf=&anxw=1716&anxh=901&anxcd=32&app=&anxr=02464E952E8B4C52852FF96CC7A2B7FA&pipPartnerName=NDV&machineID=&funnelID=47D75D93-6888-48D0-998D-36007C52334B&CBID=ALJ&campaignID=&ioID=&placementID=&WFType=Remote&offerCount=-1&offerType=Toolbar&offerProvider=APNV7&offerScreenVersion=default&userAcceptance=false&userUIChoice=NoAttempt&installerLaunched=NoAttempt&downloadStatus=NoAttempt&downloadTime=-1&errorCondition=0&reasonCode=68&reasonString=Target browser offer rejected&userSelection=
HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
hostname: dubprdapnpipcl3.dub.jabodo.com
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:39 GMT
Content-Length: 0
Connection: keep-alive
....
POST /PIP/OfferAccept.jhtml HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: APNInstaller
Host: reporting.offercast.com
Content-Length: 290
Connection: Keep-Alive
Cache-Control: no-cache
&anxa=APNPIP&anxv=2.9.1.0&anxd=2015-05-15T20:45:59.25 02:00&anxe=PIPAttempt&anxpt=windows&anxpv=7&anxf=&anxw=1716&anxh=901&anxcd=32&app=&anxr=02464E952E8B4C52852FF96CC7A2B7FA&status=0&UIReadyTime=2949&pipPartnerName=NDV&WFType=Remote&funnelID=47D75D93-6888-48D0-998D-36007C52334B&machineID=
HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
hostname: dubprdapnpipcl1.dub.jabodo.com
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:39 GMT
Content-Length: 0
Connection: keep-alive
....
POST /PIP/OfferAccept.jhtml HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: APNInstaller
Host: reporting.offercast.com
Content-Length: 566
Connection: Keep-Alive
Cache-Control: no-cache
&anxa=APNPIP&anxv=2.9.1.0&anxd=2015-05-15T20:45:59.25 02:00&anxe=PIPStats&anxpt=windows&anxpv=7&anxf=&anxw=1716&anxh=901&anxcd=32&app=&anxr=02464E952E8B4C52852FF96CC7A2B7FA&partnerID=NDV&exitCode=0&WFType=Remote&funnelID=47D75D93-6888-48D0-998D-36007C52334B&machineID=&InitializationEx=94&APNAnalyticsDl=296&DlgInitEx=296&uiDl=578&ConfigEx=578&orchestratorDl=31&ochelperDl=266&isTargetChromeBrowserEx=889&isTargetIEFFBrowserEx=0&isTargetChromeBrowserEx=0&ParseUiEx=1170&IEPrimary-extDl=266&scrolltextDl=249&CRPrimary-ext1Dl=250&LoadEx=2559&uiReady=2949&installDl=352
HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
hostname: dubprdapnpipcl1.dub.jabodo.com
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:39 GMT
Content-Length: 0
Connection: keep-alive
GET /tr.gif?anxa=SilentUpdateService&anxv=21.12.1.2516&anxe=dailyStatusUpdate&anxr=DSQEPu92&platformVersion=12.28.1.1293&packageIDs=ApnSetupV6;NDV-SP HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: APNMCP
Host: anx.apnanalytics.com
HTTP/1.1 204 No Content
Server: nginx/1.0.10
Date: Fri, 15 May 2015 17:48:47 GMT
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Cache-Control: max-age=0
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=572910, public, no-transform, must-revalidate
Last-Modified: Fri, 15 May 2015 08:55:33 GMT
Expires: Fri, 22 May 2015 08:55:33 GMT
Date: Fri, 15 May 2015 17:50:34 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..20150515085533Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5..........^.3@..cL.1.......20150515085533Z....20150522085533Z0...*.H.............s....@...m......Q..>......P..4....7._8tr.. ..U^9.C...np...F!6...~G..T....p.d.x:. ..V%gz..'.`....%%y...#....j.....O.....JFM......... ..u%v...L..]...}...B.R..r...H.P.5Q.b.s..fX.....4....d...NL={3..Z..4.....|1......)..X6....<..W.e.T..FE...%.-#.s....|.l..$...7...#0...0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.............m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=2097152-2621439
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA FvAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 2097152-2621439/20700512
{.O0.~Q*.)........`...5..wCP.z....,..i.........Hk...~.....s...........(tA...H\..%."G~n....Rr.j"...8... ...['.I.....]...O.o!Vm.c.C.f..VdH6.Z-&.y5..:........~.....=*.......|..e...`z.|1=L}...x....c....dO...?9oC)`.u$....<.*J;.z!.Z!....o..I....!......B'..^..e......q.).......4..)%L.dv.2D%....4-.7..../..tFe..G.*agE>....ADZ....J...d..=.....#.....Ifm{....h............c05..EQMK....Q..\...'..0Fs.....r...L.ny".sDL.O...|a...cP'.>{ ..2......T...>Ne.1.W.q!..k......zr.........B..:`./.........<z..6.^.X........aG.>...%.P.G.b....ISH..-..qT..............N......fG.9.5.....P)..[Y..;..a.,...D..~?..4W8%...,J....m.4...,.<;pX.<H.. .JO.....M..M..f..`.=.............<{..u..X...c...f....4r......W Y-...J.....jE..o.3...._...X..a.1.-BS..fP.F.....uu....4....z..)\=..U.....V...Q.AN$..3.,B........g.... ..?...(...3<..p.r..]....^..Z.O .z..T..&t.q. .....$...cY...."..|.:...H.<`..6'.]N...v!#.k.b.e)&....... .........X...i..7./.....\e). o<.#L..T....NW.h.......Cr..u.XX...jD.]..J...B.p:...k...Vy.l".Z..h....p"_../y.3jx..N..::..>..%.....}a.N......B......{J.7....W.G..1.3..u.Z.J.. ...ms..m...W.v..{..C.].).v'.....,8.ah.....D.&.pM=..QL^vX. d...F.izy}s...2...B....Asnr..L.K d^.bR #.\.e....B..o..k..Z}........t..v.n......d[.t@C.d...e....[..:.O.......)1x..g6G.k.4d.....k...j.Y,...;Mv. P...o......M<...g.....8 .r......X...[ .m.).`........x.9..[o..;...ef{]..B...M.&a......D7?V....r........$... \..Bn#..2?Kt...... .2..<....yg...l..A..9..@Upsi.7....Q.... Z...PT.......)...u.x..t.D$..v8...O.......$.4f.q..s.s...e6.....s:q..t.s}....(.
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=7340032-7864319
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVm1B9TA8qLAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 7340032-7864319/20700512
..Y...Q#.o...,j.'p.}....H.#q...Z..MP.....N.B...5zS...E.5.#.......0M?../.Y..g....g.Rl.A...eR.cK....?...J....t.............l.(..U.....N.!{..C..==......w.U....{J...7..v....[.{..!..z.G.\:2.<.0..o.h-U..V.`.;3A..m...W......n...`.r....5...}..LZ.B..2KC~.%.......... ....Q.A...<y.., i..Lt.....t.b..`.Q.....B/.u..x..`^3..s@.c..!t...2..Bp2Rm.:...$.......#..o4 .a5..@,..........=.....D%j.F./.,...0]......\.L?i...Eh...hf<y._f..V.......u8..I.=.7.....^..\..y&7....Q.......V..._7.a.L...,M..P;......p...b.)...>t.<..i].....h....L.I.$.jL.........J.e**^.....F}......P.L.......Q...x.b~...H......o6.V.\S.2|..Q4..q.}=[..P....L......i.M["...f..tcL........E...s.e#.....H/\.......2}....'...f.em...B..p........s....eum...> $.....O..9.M.(,6..:......#.........B.r.....,........$........I....h..u[4.-..9..~l.....H*.c..\.i..UpV..9S.0... ....w.Ji....I6..U.....-.....x.1..;.rkY(.F.....&....K..L..=`.,d5#.9C...bP..c........'. .fK.....aafUw|.H..F.R.2R#m..YZ _z.....)......y...|.<...y.X.h.8..a0(.2.....$... ...U.%S../.....Z.z..F...2q.c........\d.c.......y.....{..........H.fC.....m?..vVAJ.r@...P..L...D........i%.....~7,O..pN....t....dS)..!.U.../.!Yu.jK.X..m#9..R..k1.<.W.2..(8.<1j.9,7.......RP.....H....e.4.......QT.....l...E..1R....@..P.M..t$.PI.)...l5r..yW...c..@..5h...x...V.DK....{...3......~..t.|....=.*..ZV..........*..d......!.2........3...tK...........8>..J.`.3....4.{#.#.Z...0h..L..w7A.r.?:.1.....O...X...<u..&.F&ou.M..:.j$...J.N....J........Qq..y......|`.....W!..7..2...-.t<....C..ds._F..>.M...w..VR.=k...:q...S..9Y.......
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=8912896-9437183
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:42 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMZplB9fA F7Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 8912896-9437183/20700512
=u.<n...7..Y...T....F...J.Pd...=G~j;.$...._.....l<.h...'......./....W;..o....!0.Y.Uc!..........M.w.p..n`.......z.A~..#.L.z:.......=......./.E{kFiy$...:...L.\......|S)......&....Q=..ky.j.\!..._.W.5.`...N.f...[T...?.h..>...|V...... ..!..}...".....6....I...L..*N.j.&jV....).A)L...HalqR[?f...q..R.........C%.?F.}..X..6|.I.5...Jvy...w1.......T.D}l.d.#...@L.Cp=..U.!.4c......-L.....z`}...-9.b=[.QG..;.]f.XX.....#..u.'...4.......9l.01..Xqs.(.......T,.vH.-...a./..........(.."o.......t.....,..Pl.D..*..^...j;f.".....>&8..j.b...!..:.}..R..D.}\...gD .......>....~..c..O.cW..a.RR.7....`...H...w,_. b....pQ'..N.6..?..rk.J..`..E..U..z.......y..{.......*k-.."4.k.{..D.G)..`s...p..c"..~...B.........!..[[.6"....(......w....x'.J.D..-.IN.0.nc..Y=...X.O........dh...p. ymTp....x.......qt.j7NKx...qb"..s...'K....<.51...k.).j..(......Q.5L...N.I.......`....W.;....q......*j!........T..Q.T....Qi(.....5......6'\.k..Q....K./gS..Z...@V[.#.l.o.V..?....1e.>.*-..o..J..?.,..b...v5e.......&$.hlY...g..........Kp... ./...F.....v....>....F......h}....p_...lM......8j*H.S.......A....B. *V..:...J....Yq......:.y3..3..p..."J.9.~L)^N.....j..u..Aq.J..#..hce.......@...e....zK....,..#VA.1iA pv...N...^a38`<..e..j..^...A.....*..$.d....#."..gX.TnYwQ....R#r}...j.}W......q.5.{.\.b......)gd..!.E..~..7|....Su......3..p.n..;...N..|..%.[.U...T...2...%.#....s..]o....YxGW....ZQ.|.z|...M.e..p4f..R.....B.N.......T..;...z.-.....j..(H.-.).d.....R..r@...../n.(........a1....WN.2~xT\(..........A.."..V...L..G......r.x..hO(6r ..e'.."..n.s.tA.2....QMt(.O.....
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=10485760-11010047
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:42 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMZIZh8fA9eDAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 10485760-11010047/20700512
..PW.7..|..........L.....q....H.l.k:..e.5.`<...R[C...,..oUP;.........Cb.R.H:,.......s.x.....thT".\.}.......".....$...D..)...We.K....'g.? ...wZ..1.YLv......E.f.H........B3a=._..-....p.]..N.F.2.........@..g.M...e...%5P...$..#.:.n...pX....Q.W3c*.8....rp:.c.U...q.rYe.1. {P.xn ..2".`;.>..P$..wU.Z...;....6...p..."..@@Mu....J....l.Xz...B...f|n.......\.SahH...J.[.4.......P.*I....,.7x.AW.3$#.......~.T.>..G. .8`...1..S...uJ ..?c..t.Qp.....Q...mA.,/.GYo......->.A[.s;#<..<..W.s.@).O.....8.{.........dK..h..r..Y..>...2W....U[..vz c'.Yk..?i. .....FXD&....&.[W.../o.. .A^..}.R.x.w.Z[..O D........Y........G~65`.@W*N{!..Os......c...j.......9O..( R...\...._[Bp[I.K|GM..... ....G..-....T.F.L".?..W.......s,q....DK......_E=RN..."#F..h.9..&.-..'.r....C...?...b.>..u|).....D........i...#.e.....Q.n...EV>.-].C...!...s.l|...T..E...8A.|f.D...1..Q2.e.....Sv.5...P....d....L.a.td..._....|^.h....!.....F]h.|.!.x.ak..}q....G5|B..f..........u*y...p.T.:...V.X> NaP....{....8..9?....!i..F....dr*.Q@0P.I.~{z.(...:.....~..x.'=..%..:..%... ..........z.......s#..:.9......!%I=..~r..@t\.3..o...>....{.B....t...I.......A9..K$K..^.RW..K.1#....x\..d.-..q..V1........^...............Z~.....J..i.%)...}.......3....}....m]..._..u.&8. ...x....a..\..U).|<].....I8..5~.D]...$.T.;_.....[..B.?...7.S.5.....iH)...y:\zQ`.a..v..............Z......c.O.T........e..R...b.$)#J. .....x*g39_._.z*>.g#.}[j..7L.; utI.....Y.A.@W....0..O.......mB.........x...g.y...j<.I....i....|......nUu........s.g-].f..4..q..I..U.$.)J`..5,#..U.....@..<Uf..T[.
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=13107200-13631487
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=18874368-19398655
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:44 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMhIZh8fA9esAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 18874368-19398655/20700512
!....3.)..C.8.d..A.W..=U(k]..@...[>.4....n..-...R.k...'...{WC...Uf..._.M.F!.B.W/.a3...|k..C$.~.*....C..t.5....W.58....i...u.l.}...#b..V.c=.... mE.9.......ZM..{.X.:t.g.....a.[...>.l...H.&Fn!..Y..v..... .2.......t...9.M$.@(.I.K..W.s.`.K.}..u..B.%.}...^.a..........i..[`..s.1Z.gZ.w.....@....$:ZX.......e.2..............*...<.....(....[.6G.{....ylh..r..61'Pw....5....y..7..e. ,~7.....O...g>....<...."...n..G...U.Wv&..hu.no..^./....F.G.....................L...j..o...m.#.A..G....X......lC.6.:.....$p..B.~.(7\.j|.[....!.....L.#..TQ..(...*X,.~..L..b.. ..kbK.".K..=3.}j./._.~}s2.........V......n.d..N.wq.y..:..!z.fHz..2...y....y...ct...>C.............z.....VS ?..k.......\..9!n....G.l..*2..S..&S....}.p.Y.@.SZj..'S.sQ...$...o...K..!.......p.,".~.........!.@l.~....h.....q.s..G{..sH....,k.3.`..d.C.^..^.w.q.............Ve.-4-..e...S..q*....^.._.2=...?.\iS........@&..DY.&l.{.../4....#".=J...n.=..j....B....'3.]."..g.JB...I.....F.R.|....>.o..i.....i...T..:#.~...C...KJU.:............{.-.G.....t....L..G..-c].#b.[.Q.^.k.i...K...Y.......:Q'.R.4.t@.......^O........5..v.....y....~ 4{VP.s`...S......u.....)..~J..>0 ].m0.bw.6...e..r........zS.D....&a...=y...-............h.^. .A...9.....J....W..".. F8u0]9A.^"... .h..!...o.......i7.......$.9..?..).p.....TIG..X.s!58..";..."gQ.z..,j..K......<..}zM..... ...W.}.....\N.#....z..?\.......!R..Wd..8..`L.k)..W..(.1.NL-.^.Y...]'....g`c...]...w..%O...D....MbAAr .@..,.Lz~.....0...^..;3@..3.Fz.J.O..M..~.G.....K..z.......V.E..[\.9x.._.... ....WM...D...WQ..........VV....2...~..A....K
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=3145728-3670015
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA FyAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 3145728-3670015/20700512
.....G.X...z... ...vC#h.g..1{.S.....1...".Sz.V.Z.....X.......H..94&...H.....%....&.G.../.]`....x.N.......<...|.....tS.....'...nY....=V....Y.y..8.....L....S.bcwB.9Ko.S<^}..w..=.............Z .K.HE.8~..H...D..?O...........c.o.. .K.......It..UHqg...}.._.[}-B...iG...}i....m.-......d...Z..........p.a.w..,...6&....Y.......}y..l..VbWS..4h.Q.J.......w...`..A)..3.?..vx7hd>........hSH5*.T.Z..I..8.pe......m...%.....}.....h..c#.A.nU..?..{!...J..H...`..[..z..e...x...._..m.0...D(,...2I............~.I^.<....*. M`..mL'.s..].6...".[.q..3.Ig..Y......`..V{.1.......y...p/........\?\....X....... .O.f.t.....6.Zd...=8i...Z2.W;...}a....IvJT.g.q.0.O.p[.`..gP.{.*...`.....H........D5..,........,3...v ...r....O.2..A..R.f..........e.........%..Z..I..........n....]l-..@.'.r......O...<.L .G.D..n.6........$....;..seq....6..N..( .......[..3].R.(.B.n..~...8....C.@_..6[.c.m;6.....^....Tw...d....YOp.X&.....J@%........B...j(......J.n..v:.%H.m.v..,....n.....R.......!.0.....^...'7AR;.r%..8..............xK.........l.....~m..mH..q........-/o......N......"..o&%h; ..!.s.2....Sd.0...........2.d..~t..=.(w-.C..o38a>..7.....N.........{.U.......|W...J.je.X|..:..p......?._..q..5.g..<.VY`...{Uw.).Vh.8eW.Vye.6>.g.s.%.....1..w6,......(...g......6.#.......x.^4|.......B%.......L.....s.......;.m.........df.......*.,.....8qgQ.N.J^1.S..X.M..-.&.1[.m.n_i..{!......R.DE...n]*~.B.2.....5h.....I..H.Zt:..5R...I-^OtL.% .U"kB...M.b....A....B..y.`2.j.H}q^... .....\c."....uReK^..-..6..r..G..({....V.,5..#.V!x...?Y.....D.7.....m p.Z.....I.^H.:..f ....{.d
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=16777216-17301503
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:43 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMdIZh8fA9eVAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 16777216-17301503/20700512
.?....lMJ&._X^LX.|...<.r#5.'."0.O..i....R....%...w._.. @l=jl/=..6......p.k....i../d1.25.%.#.@].J..i.(......L..)...ws....\Z.X......R"z........ ..`.....[*P.. ]m.Ci<..M.V.N...7......6.q......l.`..4Lt-x..Q.1..,...6...-..2.C.*.Ek..sY...r.`X....$...Gwk-.0....g. ....;...=9.....'..G..C..GXP`...te....=....D..d.../..&4;..u..%.a:yL....C..m...)K...^....x..t...8}`...\e........M.Ao...:T..D.#.X...;;...G....Hh.x9..g....7Y..'d(Zr....X.uii...u...(.....D.....Jh.."...FT..[..].(...k.@.g\l....p.z_O...yd..W......o....'....2f...D.]T.#.l7.........us.to.5e.C..0..{.%$....E>.Y<?..y....f.........R..r6...uwD5..k&.....9....=h.B.!.5.....*C......[..J..c....f.A&...............V(..(._.....a|.k....#P#...~.d&.o.gl.L`.Dbo. .....G$ld.O..,0......q..x..YTc..d..F...S.&.......v...=.96.)H..Z..y...T.....%......../...Rk[......cD1...2R......Hj......u....E5.Qb..,.6....p#..= ..F4~.$'.....?..l}..Iq..d...tz........M..... .r.v.....4..%Yn...:..X..n.....e....Q.z...z..X...`.|/..Y...bHZ .s...@2A...MLP....@.\.....8w.P....W.Bdue9Rf.P~!.... ..y..Z.D..5]q..3.".;...t`%.Wi..q..>]...J...A?..........By)5.V.b$...,.@"......d3W.={I....U{........<........ .*w....0....Xw..ZT3e.cq......NNN.|.A3....|3..e.....$2..0I.2....v.._.......}..8....N_...T.u"..%..:.TC... B.......#m............K.x....H...._.......f4._.*.:.x..^......V.l. X.(/.k.....@..3<..%...........N....7%F-?b...j.s.3B^...M.....HP.H......\y7.#....m..3..'...].x...F.....=/....P.:...(./K......."........clP..Juz.n|R.!s3F...K|./7.Gi...9......9..I.P.N.......e2..RI...y....A.n.A.`......t.!R.....b^.%.5!..9..Y.;.4
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=5242880-5767167
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA F4Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 5242880-5767167/20700512
....O.A=..a..l..E..)......t..2N.x S'N.....v..\.s.K.........x..>_.....(b..<Nb,50gC.....h.R....g|W..i....4...... i.u...}\8x.w..d..2w...4...i[V.!.|k.&.......;.....;.zQ.C....e.....kn.....:.-*..b.2T...&.......}-n...#..&h...1..o.w....az........|.\3Y..U..........k..e..8....|h?Y...9.....O)4.y...R$.P......!6K.jC.1l..M...p[[.m...........=.3...\a.. Y..:.....3.(Y..[....0.........y.YL....D...e...Yp.0)..!|...rC.^kt..}.c(. ....'.\..0..... =......B....bq....p.@M..&N..e...ll.M.K.....4....r.1nq..Q(q...^.U...$?/..`.A....r.@.s.:JZ,.. ..e..}d.V.....:.......1...1uDac.....k..-..H..,%.p.@.9.a..|...!.P..t....v.Y..`.GQ8t@_.Hu@..}....K ....zM.<..e.:..Z..mN.v....f....IHR.K..n;.".?k.N....*.p.%....!.w.[.....|Q.......w....m..2.|....".}a...%.B.e.h,.8......e.`#8.t.s(.b..3 9r.2.).3...7y.|?.".].1jL.p.UZ.dpY...,..8y...4....h6.k.R....\CZ...G...)8..d.}...C...[..,./.....2...oo9....,..].Q............../i.".tJ...y..F.f.x..*\%.....Y..V..O.T.v.(c....,..^...V......K...;....q.........D....ff.4.io.... .&<8.P...f.....8........[.....]/.f.f|...).....`..P..)....;Jy...y6..0C.E..b..5(...g.W7`.I.....Z.....G.v.ZV............/.-E.$..G...`6...J....<...Q.z ......l^ZU......y...p2_PU..{K/I..t..V}7.<T......c......rHN.l.9.6.....;.....ey..9.{(..m........./.h&.4{]x..9..~n..q..7....|.k.Q....M!D..^..R.J..?ZH.Oz:.....6H..........K&6<. ..s......={h.EU ?w.p...b... .b..PD....4...,..M&gd.u .]..2".....z..`u.....r..Yf..-...2..KbsGH..ueYVU...i.]$.......<.......~..`.$HQ....?.j.I.\.\H;....f........p.$...{..e...n;V39v..X.d....;.,....c....-}m.kxP..2.d.{........M.
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=17301504-17825791
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:43 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMdIZh8fA9ekAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 17301504-17825791/20700512
F..{.h.|......).....C..T.u.0.*...}*.....~H..5k...4.e..g.i.k.......#~.b.:WUw.R....n.9{.A1.5.}..)E#.jx.]W......"RX*...:=.QY#.%8.4...18.zg.......[*....]._........^V#6I=..N.............4P..Cae.........h6s..M....I.m...j..W.5.t..7...-......k.W.Z..7..Ml7..I..r^..m...A.%.,...S......5..I..o......,.1.....>...N......:).....coJ......p.k......i.$...i.. &}..|M.kxn........b.Ir(.#...Y}..]v....J1..|Y...\...DO .._....AOA7.....=......e..X. ,'.pV.....v<z.....1|.}3.......X...H....3..=?...i.k....=.m....<.(_..m..o...V!....|1...n.&.....q..hl..r...d%..P."...{.c,........Lt?2.y....[...V..c0...~.nYa.y...3_R#L..........5....1 ..._Z....Ms7..j."..m. ..2?...M.x8..^9..g..o...<j...ur.4n;P..?.3A.Tu(.v..._:......)..A...].V..-.yj.....H...b....mE:.-..../`R. .... Q.....H.....e......`Sy4...~W.*hZ..&JC.4).*^..q.$.B....Q..p:.........S..L.Q........~~.0..;..L....~...(.....E.#.......N4.......}..%VT.........G..........`(..yZ.:R.g..Zphs.....`.&..AP#"F...Lx.........A.....2....J0.A.&.#'...g.....i...E.Z~..8.....9..............d....,tra.2s...ouo3..|e.e..H.0"f9....yG18,h\.K`...`yY.......8.s.B...r*I..z1.k.....}.TP^..Y....Vj....d...)...|.f .. .=P.....of..C....%].?.hv._2....3p.%.D.eAY.r.W.Z.....3..T......r`G0d..Xr..n...%4..t.........J.... .Nq..WF......WKJ.....@. .I.[.1`.....tV.b...P^.......8...d..c.....~$.*Q..*..54.Udk.`....:.i.BI./.y.........^>.@...@.>.a.6....7....6......> ..@...$Z...." ...1.9E.I.^..?........8.........rJ..-.l."....r.TG.y.f..... ..?X..}.bb....:......(!Y..-^',.\...?.L'T... ..{.<.].'...iT.....=.R...9_..[......|!pvRz.\.,g.Eb(
<<< skipped >>>
GET /static/resources/ui/js/pipcore-min.js?vers=1124 HTTP/1.1
Accept: */*
Referer: hXXp://ak.pipoffers.apnpartners.com/static/resources/ui/html/orchestrator1.html?PIPPID=NDV&PTBPartnerID=NDV-SP&STBPartnerID=&tbType=vanilla&version=2.9.1.0&AntiCache=25544
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8o DAV/2 mod_jk/1.2.32
Last-Modified: Thu, 04 Dec 2014 02:25:38 GMT
ETag: "18001-fe23-5095aad044c80"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14120
Content-Type: application/javascript
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:01 GMT
Connection: keep-alive
...........}k[...._q..'..V..h...\)....@.V...-.K........~ft..k..}.>..!6.4.F...h4.S..1'.........(.(..O.?..{...u...x.m]].{......>.....R.6.....;.k...n......j....//M......\................~........<.R..LE.e......Y..ww.....:...tLC..3....Cu.r.%.|$dj......3.k....,..1U.....y.kw........:....tV4.a......X......}Q....c..M=k)..|i:ss).~,f.c:.S........=..Rc...&.dce.;.Q/.]...6Yh...n.Q)]=..I..:1..-.3./.......r...tS.!..1....{..7.....{......\.....[H...r._....^...|..-M}....o{..Q._.$.,....O..M..{...*...#..{?V...L..wG...l.<>..F.31.........h....C6~l|...W!.%]........?J.K.CRg@...d..6..d...`.~bX.l-.C@n..#...,..`X..{.M...w..j.......{D_.\..8.T@..........X........?-@.d..h8....v$6......O.......i)...p.9./..5...0kW......c_......_................:.....J0-=x4.......(I..H.s...|6.W......{N....Y.E..Z...E.....W...:.&..X......$'.U|..h..J"....4....kr."d.....2.....[....C7M...W0Q..$..3...I?3N........v..x.....o..>o.T..|.m.U"^<h@..T..u...........=.|/....*....y.f-.HqJ.....T>..#-..?4.;K....t.%p..4......@n.]...-....F..1\.....;....b......8..7.......-.s..K.........M..i;.9\...A..T. .Vh...$....1...P@.O.d.~|Ha. ....I..z.....?}p-].u.[.y8sA.y8...,L..C.Y$..g..........0:.(.c.X..OcX.Q.f.0...f.F|....\m.Om... ..r\.>.,.Q..D.D.......*&.j...p.....B.{Mc.. A..|.....*..C.!.P%.b..1...TD...ceX (.8 ......._....6..:^.A.I.I...Q<.=...g.S....u...b1q`............`.Y[<..;....p..u.J.U.T*.TJk..$.~..7a.z.&{.7.vz.7......`...9..^.'#..\.... rz3.1."..T2.C...T .D3.. P.G.......R.z.......a....nW....p..[.Z!...%.z...s....FoLDz.......:...J...*/.j.*..". A.WR....H2..
<<< skipped >>>
GET /static/partners/NDV/images/IEPrimary-ext.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sat, 28 Jun 2014 08:30:57 GMT
ETag: "921f4-2818-4fce13eb91240"
Accept-Ranges: bytes
Content-Length: 10264
Content-Type: image/png
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:01 GMT
Connection: keep-alive
.PNG........IHDR.......:.....1..8....PLTE.........\..hil......B..P.....g.. St....N....k........p..-......OH.........Sj.......T..(......w....:..z.....~..5v...F...SRT......o...................r...(k.........................O.....=..................S................:...........v.....].......p.....w...................z........}.Lu....#.....>......3V...".....".....b...........79;.................5......6..w..b..k...........u.................-../.....*..?..&.................-..9......o.......h........Z..................w................>..*..%..J!*.D8...n........&...i..k\...W..............M............<....1...........A...... "<W......./J..........Z...................................m..............J\w........................~.............................!l.....u..................n.....K............!x...|GYP...$.IDATx...Ok"...q..M....LD.E(.M...`...V.JB.w*...U.........S&v....-...P.b.].....3.Y. O.~..:...L2\............S..8~.....Y..v.g......M./.>9..o_....fS.J.R.U..c.g.......}...."....Gg.f........-.{ ..Z6.t<?.'=...........G...-.".G...A>./e.[....Ij#.....|....Cq[..p:.f..0..uS.. ~..\g.L......s....I..G#.a.).;...n.....S...^......A.1..........X.%f..A.)t..p..#.`0...l.....>...."..9.7.....? ....mq.0G."8........:....;....8...."......m.:.7......{1'.....U..:[.Mt.{z..t...rv>..S|...mqs#7..m9.[k...q..S4..R..!.P.X.^.f....m.zB.....}qr.8.Z..>.?..y..?X?.o.O ....npyE..#.... .W.sW...1...e.....ssY.,.m.....gW..8...W.N.n...."..~.Y..Ju.".. .)..qq6.......DZnp1.L:...o........z........1...,....:..0X.B.9..M./"v....C.....
<<< skipped >>>
GET /static/partners/NDV/scrolltext.xml HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sat, 19 Jul 2014 00:24:03 GMT
ETag: "5c652-609b-4fe80e419aec0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8789
Content-Type: application/xml
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:01 GMT
Connection: keep-alive
...........\[s.H.~.....~i;B.]5=.=./K.U...n.].G!.P...]......%S)..g.6b_....'O..w...dh.......F....q.~6..?x4.S\}...?-.ie.6......Y..uZ.f...CeKs.&6...oJkw6.......*21.e S....M%c..X...1]2..'..2 .d.boWf.b.......h...Ed....)Js.Tx6.Y..9..x...g.Wu.e....`..Av...bf...V3.k.R......)5?`.z....._S...........L.d...k.."[.%.)7.|....o........,... s:7...\....q..G....[]..s....w."M....?..K........bU.;.s...i.b...... ....E........t.z..........h[1d.......k.R4......1i..).R0[:......f.......C.SJ.....H-3~.....Z........LsKdZ.Z.......!...A#~..-qfW.R...i.....{m..)m.6*^.?76'r.GB.8.l..C'.....s.......qR.O.?K.....3.....7.G....HIW..B....<w.3.BZ.........*].......I9...;.....,.@L>r.,.>......n._....R.x.<.^..../...o5.uz..x#...y..!...-. pl.T..e...*.....Y7%_..&e.....M........Uv...$..zF.*.J..^.6.....W{..{*q.........!.DHl.fY..5.mG.l..4.07yB..,.....7....J.......$.4..g....V../X.4..:n.....l[..>.Xg.^o.FL........3....b.T.......#:.......:......\........L...M.y............Ae^.>.....F.^'.t.*..s\..Y..S._%q^u......6I.i.C.....U.Q.].|v....Ho.hQ/".<.Q5.Yv.t]g........d..[...lB.CX.....E.lE"H..D.|..a..diXl.=.-..9.y..=sW.Z.....@,.....Oq...!..`.u..ps....:Mz.....y..A...xY4....S......SgB.....B...Ix..Kz...X.gUa........./....Y.......,{.V.u...(.....k....W..'^..~.(t.;...6.{h...cW...Z.y..d.*..|.....eJ.>....,...`.z.N._....'8./j..r.9...6F..."q=!....~........O....Sw.%[..u.-....E.#........J....$......]Z.@.F.IQ.... .~2jx...J.=......^c.}vb.d.N...0{.*.u...A.o.....:"...X0......"3..f./...3<.@..u....7@K".....2;.q....B.....*..<../\...."..5.._...:^F..I..Q.b......V...!
<<< skipped >>>
GET /static/partners/NDV/images/CRPrimary-ext1.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 17 Sep 2014 05:35:11 GMT
ETag: "87a90-2528-5033c3b4741c0"
Accept-Ranges: bytes
Content-Length: 9512
Content-Type: image/png
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:01 GMT
Connection: keep-alive
.PNG........IHDR.......:.....1..8....PLTE...Z......z..<........[Q.......ca......yyy.....z.....2.......E9;.[....)9.....G.................0N}\.........`........................O...........y..................................y........................................................ghjy....................e................................NNN...........DJ..............{.............................r.......K............U.*s.................W........:...n..........c........=l........Yw.....................b.....m..::;....................H...............R........y..........................6.................................=...3...........................ap....j..(.............x`.....(v. x.......I[v..........."..l6.9......g....................q............OSf........x..)B.............f m.........x.z........H.l 5..!.IDATx....n.H...m..W}.........=..("CX.....(l..*.." l! EHm-.....N9.$=.r......). .....qCq.*T....@...o....Q....,.Y.u.*...........u.....J......B.S.7B=Q......z...2....o......./..-....!...>.........XOD..3:.?.#......./..@~'^.........;...I....2...(..Mg2]g~....:.......(......B..H..$q.N.....,H;6...hQ........T...\.S.......T.<...A\.4....6F).h`......\...&.O.'.b.......I.. q^q...p..8....G.k.-.{.....2..r....<._.x.....J....P.`.........K..7.....r~%..rC.gR.....\.W..P`..z..fk.9."..33.e.....qY*.`..Q.m...8w.q.).?....{...c.._.....C...%.?...... .....!b......B..1wk...6.......;..I9.\.o.....8.=....z...).S.b.|.8N..v.T\L.z.C.I:.M..|&....3............an.....k..ul(b...}.&...../......<..^.oF....x|..i.. ...q8....u.Gr............
<<< skipped >>>
GET /static/partners/NDV/images/install.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 29 Aug 2012 18:08:44 GMT
ETag: "36009-364e-4c86b730b0300"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9367
Content-Type: image/x-icon
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:53 GMT
Connection: keep-alive
...........{w\....q..N...M.&}3.fu.i..=..v.8..8Nb;.c.....A..@B.@B.b........0 ....{.c...1...#pC.......w...s.{.=.....#.l.Mp..w.E.o.p')......G.Y..C...O..p.&*.Z...0{ .SO.....v.u....f...........G....a..<..^....;`=... 0p5..r#..IJ=A.. .&.E=..Y...;A.......S m.|....6......G.....5}..!.oX.d=.n..X............u..5&t..vpr...........}....B..)8..9..:.....3.&.O..0.q.....)K...X).........Jw.6.. <.auG...."...j|.eN.u.....cN..........)...B.......R..R...........8.....O.N%..E. .%C. ...t.)M.NU....!....1.......j.q..!...|........8..(.,.a=..K.......2Ro.H...L$.Rq=H .A%..EM44......-.BPJ.!.5.D.QP.I.|9..:R Z...E...<.)..V......F.....P ..S9.50A......MMB8.R..... ......6>..... ..s.`n/.U_.(.j..@.."..........t.......:.`....T.i,.$..@ .......~........u.P.....A.C.79.h[.J...F%.5.......m .R.L=..v h[..lU.R......4Jh..C....Nh..@...=....e..C7.z{`...........!3h..A?1...6..3B........j....`.....4.LYal..V....9.3.'.g......t..?..(6f]..'.9.....k.G...........g...#....dCj.k... [.z,...o.Q,=.O/.l.c..._..j#=!....n....O}...S...>}W<..o.>?q..q...>.....[...O.;........{~..6.b....'.....'~vK4.v7.....'..s.<..}......~....(.|.8.hD....|...v.......aQ~.Z....'.......IIi.7....-......I....p..=.d(YJ...j<...7..............y........H.y.Z.Z.{........I.s...<...o..N}...y..7Q........\.o.j.L.].oY........@R...I.^.....I.\.t..$.SR...Q..W..n.G[{..*..~'O............_....kx.m.P........ .`..__.Ck|=...o..a......../..QH.....e...y..'.o.~<.......6......O..mo......W......p4`7..|.{.{....p....u..<.~.A...8...q.U`.~.b.....6Hs..........d......2....c..~.g...s.38.9.Q..x7...&
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=4718592-5242879
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA FuAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 4718592-5242879/20700512
..)-..Y....,s.k......Gz`.....r.....d.... x.3K...B...:9......|........6O.X.W....Pq..CK.....d..W4.e.@B..g...F.<..{.yH.G2J..%M.M........L..Q..%..G?.&8).^.&KSo>./ s............. .7.[.]..Z.Cr.>$3 /r.h...@ ]:>.'...=..&......d......yb..By.&.5 ...x.q2...M....{...2..=c.j.1.Znp..._....My..R.{F6.P..!.....$....r'Ly?.Ht...m.~...$...i....Ec...p^1.....j....>,.....:....B...B..k..[.9..M..Lg.._.e......O...._........3....5.<.kZ.y]...}.'.N`nl=.4C.%..`<r@.OU...s.1A....*.f.).$P|2......R...w.....A.......!P....A....|......D8O.L.4...I.g..d..p...k...L..<....!|F...9).....Zw..42rE..#....Uc#t.T...>...}1.h.7:w.c..BX..T.....t.k....A.t..r....^4um....O....ycE....n.....E%.Xd..(...O!.TQ....V..a........<..........Y.....B:.u;.0e.1..L;~.7{ .~.)2y.......W.........$[.k....ry.{....T..fNX..#.{P.YC..5....*...........],c...;.mh...8..Z..9..(.T......a....gn*m..'"........K.b..I;..Y.8....M.6L....Y.1.W..!.... ....V.1z..*5o...2...5R.U..c;.j>.4....W}..{&U........K.jl....|.h.G..A.6Z.{..%...k.$..f>...Y.....>.F4M....4o..}..Q......G....".....!.f.......!|.A.........4(...yF.-...V2.O...u1.....8...Z.S..^..:c...`q_.M...=..Os.#v.ZM.`..1..l._.zj......x..(.sK.@.j..U.u.;.I...f?.n.H.f.@....Zo{.....P5..:L;..j.Z....H.P..../...H7D.&.6.EcH.....J.u:2.7s P.]lt@c.....%w..3.(9..!......_. ....a....M..(..w6. .d(k-.w.ij.m..8.<...w6I..u.G....Z...I.8B.<.c.W/.....vj.j..~2f;..\.vF........O(<k.eE.;.0&Y.N./.g...l.w.q0.;.f.......(........aVh.v.*^....ZE...[...;....3...V .......3U.3..d..\........Z.Yr..)...n...'.M..p.. .9.g..^(.....{.u.d...Hu..r.%C
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=6815744-7340031
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVm1B9TA8qKAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 6815744-7340031/20700512
5\.o.`.. .)09!....M,W"...t.D@.k..:..X...lU...43M...L..d..h..5.([...c....:_..y.......2..,A..%....W...WU..DV-..^......IT..\...u..'.Q?so.^e.....f#.k....1..--.....A...5.5.......x@.....*...k....m.'.W=....:.....u>..I...v ...1BS.-...K..8....-l.Pc.j........m<.9q..H.y%..{.h.. .......b......*..{.p..jDn.;.@.4.....ck7..P....-..W.@..&{.g..-..x..'..zB(._.1.F...dEsv.3..g.5.[A...B..F... `...]..5m.]....'...W..d<...(Pm../..u. ...I#)....=!..6...~n9.2u...Cx|po........|..]..Hm.!!...~d.j.7d........9.Z=..zE.@..p.-.2M9..'.p.....M..]..?r.C.\|.h..V...~.............I..0....m`.I...g.O.[....r.<..(.&....Gwv.$.A.,G.Pm...].b..... .{.N.........&.$GI...PB\..>R.U'b..C...m.. {..U!8..<........PD@..2j.~-<<.!..3*..........TH2.F.,..............a....Kp.}...{..j_.co...Ip.......n.C.....!t.QnH...=q.-3..V...<@.......7........H.......7..."..o.....x..@I...2tY.o....A.Yf...n%.p........".`d%2.. e...0......~...._..FR....ov~{....q...d..{...].......tCL...b:....e...Q<.......~.x....)...~...=.'........6?O.s.{P.<.....P...Q..."..[0.......U.ua.G.7..z..9......"C..%....w..64Kd..<9..L.L.s.d.w...q..]..3......"...8l...H#M.......h7..........\\..(;WH....4.W..K.....W.....T.!.z.].N.....Jl4o.Q..@....e...s......F.../1..7....'.rHb...3..hZv........<.Y.]...j.7.`BRu..>...95.dC.o.......2......'^w....I.......L4.....t...g.Q.(7.S . . .Y......#..^...di......<...N?.\..".jp....P........E...1....j...}...T.L.C.^.,.E.B..e..2...gSM...[S..~b...I...V.....%.{..u.Y...||............u..LG....q#.....&=7.:.....`.m....B.'C.9*voCR-4...@..b 6s..t7.".J.:=...:...
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=9437184-9961471
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:42 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMZIZh8fA9eAAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 9437184-9961471/20700512
P.F .yp.g2..t......3.oW...N...G_.6f<V.hU.7.h..{tt........;G....".o.|..L1....}...Ti....,C.,y[..ss.A.&.^$.kf...........F..XT.}.o......a.%n.o1N.3w......./,gv.3U.S#.....gSc.*..a.J.K..'0.Cm...K2.C6..t......r...o.....B.6.f."1)....vuG..!`.bu.4..8...0T..Y.B....~7..8..O.q#(D......7$........@.".{...Q......x.i...(.H)..t.{..t.E.x...<2LY..g..Lc.H....5.;.(=.1Z...r....B.`......1.\r6!....;.F..=.F}..i!a...j...D...f..........n.R.V`.ya.UwV..xq.K-.....G..CxC..4.A.l..=.`...\.g.....W4P^.}..[......Cv6..?.9.U,Z.z,..........b..O..]`....%%.@....F%X.....XO......%D.!......$..B.5....@.3.) [.TF@?.&b_.:......c.\...~./.Q..=... .*X._. h. .5...[.|.....FE.9..Y...C.w|KT..r.j..:.qCA...._.P...3....V.;.LQ.X..!B..1..<w..#F....h...p.b.).....i.c.0.,....}v}q..6M.m........TT.p... 9../...d}.e.@...{ 1U.&,.qDV1.j..f.......V..........r#R.....,d"...KZ.q....H.....t".}s.A....T.....s.5)k[t...z=..]J....:7....w..o:..M...m.....n.Gq.a.B.f9<...E....K.......l.K..o.f...k.E..tZ......a-.V.....*............B..-P\Gi.YE....}....p...U.....p7.`./..._....v6...'...3..}.jv.2.t.~k"..,..'!.;..`xb.P..Lc..E"a.j....../K..-..].N....D.A...r^B... . ..4..e...(.O.V.....KLs....x....3.r..h..iz5.^. O......Z...LH"L...f.s..o68...5E....eler..0]...m......H.......'`.......z..M....."..TaFP.......w..,...C.....U.P.#W.-E@U....K..B.......e28.$.......P882.v.....C....Z..'z."o.|..-9k..7.......S`K55..p....Vv........Q..8........oY].X[.a.S..AUc/.n%......*.!..^.9.-.I5...V...Cc*y...W.l7.g....3.PH@....wz.w.`...~........6.#..G.i^..s..br......GhhG ...0@...I_. L.....J_..nd.......0&.9..-TsgYMON.eY.!2..
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=11534336-12058623
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=13631488-14155775
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=15728640-16252927
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:43 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMdTmR84A JGAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 15728640-16252927/20700512
...}n....7.e...;....W....Z...G.....SS.E....q......#......`a.q....<.1U.\i.d,"}.m($..'./.]........W..=I....B./.....R[.Brsho..6...r...b.67,..E..g..Uz....&o"..9..].....3jy.^...._g7.5p.rl!...6.S.A....jv.7U8...&.)x..F....j.})=...s.....S!q...D#zhK....FN..&.......<.....]|.....h.(.....VOY..&....:..@../-.......N..'..o....!...2&...-..0.Z#i..:0..Si.nWyz..e.1.....8."..r(YRA..X..@...'.....*.v..u....Mj...vX..$WhK...e` 6y......k..i3..l.....R...l..C)...azo.is.a.R....u.$A.L.$.3./=...)....5...z..(?.J ..ly.9lU..Q....`.)..{...B......A..l..d^.s....b6.....*y...[E. ...%d../8).b....(..{.)'K,8-Z.....=]V[.o,..qs.W...z..N.....74I.i.. .VK..R?...<.X......{m.n...S.'..A........^....Q"KhB..KC....ws.....Ey..&y7.]>..A..?9...^...gUl....d...w0.......Jo\M....k.......e..<..P.H...`....\i....6)}...........}e.......*Q..~m...1..B.uyHC.I.vA..RU.\.A..|.....R.8.g..E..._.B..c%.t....{.2~........}..7z.......?w.O..eS..........S....y.).H)..3.3.9#....?*...'...qn..7.P*_...q...G....0..HA.w.X..C ........E.....o...v...@B:..B.......c.......t.....E..w...~L......l...C.|.. F...#k.......[...j..Y.......KE]A..u{.Y.b....c...#D..gQu....".s.S.....T..}D.N:<..kr.Z..h....h......C.n....u..o.........7p..I|9o.K..,../....45we.3.....k,.>.....<...R.........7...<........}..x...J..Df.@...ll...u/.'.Ci..i.d...n........^w.L..d.abY..%...j.l.o..!.X..~.,>5..s._.....j.6$..g:4p..."&U......'....o#Y...(....!%.._..Y_..d9..7.e........g!....x...#...4y........p.M.[.T..>....Z>c....."S.....#Q\U.-.x...U!;.=..kP..M.. ......Kz...[....O.....i...QZ...O.......L.'.G.....[."
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=17825792-18350079
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:43 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMdIZh8fA9emAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 17825792-18350079/20700512
.......I6.....}1.T0...nQ..0Y,Dp.X....c.J.7..q...sV...V..~.....>.|...w...s%...>,...Z........%.#....Z..l. ....8Zf.b..... .^U..C.$.>K.W(.b8V.....z.@..Md......1.4H.."4)f_....].*1~=.X...j..b(.......y.Bu....p...#.V...8....yLiC.T.E^"..1....i.......w..[....P.IY..Hwe,*$..w.%.........^.......g..#.y.x......y....%.`............t.`.^}V.\..0..wc.=./i.... ?v[J...0.........a..<..:... R#.o_.'.(.... P.r......Y....X.....y...<..n.mS..hB_. . ...<...o..b.................u......F....E...;..H..6...~?...p0..'7....l.a..6T2.HY..^I..A.(......?.^...pQ.3.......D.X............zK.H...b..c..a........%O..e...c.....v..C".[W...4U.=.o..@..:L..:#..)&.....n.b`.4\K.Q.l.dgJ...})b.i....y..._\...k.ar`.W..8..6Q.i....6.5;..FK........`m.].cMmE..UO..e..k..;a}(..0J..X..........=5....H.k.........e^F.....wd.8..... .`.OB."abI[..5@....U..../bTG...O....f8...t..;. .D.|.....c.W.A.|j.b^A^....Nf./27.........aT\.q.....uQ.....Y.......q...[*..c..".....H....;.G.k........U.M.'.BXda....i\....C0AS....5....6.....Q.t..I...d....e.5....O.j...*._..\'.g.y}3*......n..e..=...3.Ma>C.f........pqc...9..W...-...q.\M@[..K?.(.....%.....a.6....~Y.$n..N....Ot..6@o...\R.Sq.F.`u.b.......q#..8US...3~Z~|xu.<.F..p.W.W.q...)......0....q5Q..WHY/..r..`....!].'.a..]{.........S..%..3.:.....{S^.H...R...........d.4.&..V.\7..C.<.....7...&..............0.oeu......4$R_(u........#.Y.NR....k.:.......I......C....(d.M..=.?...[I;..V]..{..XXp.\.H.M...x..w4......uE......o....T...'.....S.Z.>*....-.r..R.<..c.%.3..v.^......@.....9.X."T.n8O?j...$;.$$...l.n.-;4...Wv....r......_!.....
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=19398656-19922943
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1552
content-transfer-encoding: binary
Cache-Control: max-age=604093, public, no-transform, must-revalidate
Last-Modified: Fri, 15 May 2015 17:35:11 GMT
Expires: Fri, 22 May 2015 17:35:11 GMT
Date: Fri, 15 May 2015 17:50:34 GMT
Connection: keep-alive
0..........0..... .....0......0...0........C...4N...@..6...v...20150515173511Z0s0q0I0... .........z`.V.<N.v...TM)(.r...L_.6....a"I9....J.8........c..uU..$.;.....20150515173511Z....20150522173511Z0...*.H..............L...NI}..* >........K.J..RH..\..f...jN..,.%.....ye'..#...Q?..EUs..`q..]G9....(...~.m..5.....2G."{.d_L...a....,.-8%6z..u..E.....z^.%b.=.....yV.x7...|e.>.<.HJ-.D._yHM.j!..w..2...-..o...*U.plj[...hd......>V. ....K.'|.,.6....C.W..4.G.3.:?..w..~.|...b..-..f.0....50..10..-0..........y.P}~.EY....T]. 0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1<0:..U...3Class 3 Public Primary Certification Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For authorized use only1.0...U....VeriSign Trust Network0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G2 OCSP Responder Certificate 30.."0...*.H.............0..........6..]......w';.r........I..c..4.... .........TyW......hd_.....!C.k......SE<?o.H.. .me.c..9N.&....e.^-..a.....i\:..*."..u...|....".Nf3.~.L...QW...p.....-]UV8U...J&.<./.G.....I...4.T....#I*.i.E0\..~q$.I.......X?G....f.t......v.l.U.Ld.I...B.....=...Sf...H.s.........0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U....0...0.1.0...U....TGV-B-2740...*.H............1.`...i.....H.C.i.9~.i..Z.r.*$..(./.ag9.....J.Q.~.`.$?b..C....<.h.........d&....3.kV.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=591226, public, no-transform, must-revalidate
Last-Modified: Fri, 15 May 2015 14:00:41 GMT
Expires: Fri, 22 May 2015 14:00:41 GMT
Date: Fri, 15 May 2015 17:50:34 GMT
Connection: keep-alive
0..........0..... .....0......0...0......%bn.$..5.......?'4....20150515140041Z0s0q0I0... ........N.E.~.?Q.n.j<a.....3...>c."t..d.1..#....M...
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1762
content-transfer-encoding: binary
Cache-Control: max-age=398392, public, no-transform, must-revalidate
Last-Modified: Wed, 13 May 2015 08:25:17 GMT
Expires: Wed, 20 May 2015 08:25:17 GMT
Date: Fri, 15 May 2015 17:47:39 GMT
Connection: keep-alive
0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..20150513082517Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313..R...%V.......K3.....20150513082517Z....20150520082517Z0...*.H.............%.....g]...B..R....[..@.h.5......]t...U0.e.23 CKd....Jz..Lg'kg....r.l.3.R.]..s.(.l.....!..7.@.^.........SZ.P..<|..j.Wp>.5y..0F.e..?......>.A$6t..GV......Ie.Q7.......:.U..xR..uU4Y...W<.n......3.Y..D...S.]..y/..o...a.]N|..Z..}.&oG.,...t.....J..3.x6j.b..L,.O.....0...0...0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 30.."0...*.H.............0...............2&..PL...,..2....:..tH...`JG.%..*...s.c%...?t..J..0.q....~..k@X.l.i....0..kk..h.9"1.5?..s.....3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J.....@2$"..$l.B.......D.ye..(..2.........@...... ...."... E..0M,..b{.^..s'....f.6.pr4.J........'j..........0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...http://VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0......0!..U....0...0.1.0...U....TGV-B-2760...U......;O}a.!..u...au..eUNp0...U.#..0.....e......0..C9...3130...*.H.............(.&..Dgr.Ve.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEC9ONDFhvH62dRTT3OxDTqA= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=520688, public, no-transform, must-revalidate
Last-Modified: Thu, 14 May 2015 18:25:23 GMT
Expires: Thu, 21 May 2015 18:25:23 GMT
Date: Fri, 15 May 2015 17:47:39 GMT
Connection: keep-alive
0..........0..... .....0......0...0......N$p...v....1.;..vn....20150514182523Z0s0q0I0... ...................F....0.yV......{&.K......&......./N41a.~.u....CN.....20150514182523Z....20150521182523Z0...*.H.............d.....c]Q...%..... rL.~...;.R~..5......k....E.}...a..p....dR{!.....%5%.4r<kY2....'3.....m.D.S.2..Y..LQ-.....,'._..O.b..k_?@.o........[|.'`.....`Y.l.wr.a......:#y..=H...Rl%.}.Z.C?.>R.$..p...@o.%kw...@.. .....4xX..u=..J..TxQImj......x.%..6.s7...E....\...j.ys....0...0...0............F...I]A(M..s@.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........q<...A...#......A...u..Lz.............o..D.vQ%..s.......f....e../jI.d.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p....M/.. ..;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L...5.o..o..{..}.........%e.....N..._i........*Bc....:yQg.........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H..............-..^.........f.P`...s.....8.....V.......... .... B.(@-)6.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1396
content-transfer-encoding: binary
Cache-Control: max-age=556404, public, no-transform, must-revalidate
Last-Modified: Fri, 15 May 2015 04:20:07 GMT
Expires: Fri, 22 May 2015 04:20:07 GMT
Date: Fri, 15 May 2015 17:50:21 GMT
Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0......Qw.}`.Z8...JV...r@z...20150515042007Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q..%Qq.........w.O.....20150515042007Z....20150522042007Z0...*.H.............QqmKa.v.@..M..wQ.y.,*..u..C...V..G@.[....BwQg.J.m._.]....2..0c%...v6.!_...!..~.b.-$..EF..7..;#:.J=.0... ...o>......]'.. .....M...k......d......{2.t../) .5-..]..=..2.uvK..S2.5p!hF......?..Ck...1^.{.......C>.0..X....N......o....>k}..h.L.H...d!v...0..Q..:...k....0...0...0..y.......^..........N...)0...*.H........0J1.0...U....US1.0...U....Thawte, Inc.1$0"..U....Thawte Code Signing CA - G20...150303000000Z..150601235959Z0Y1.0...U....US1.0...U....Thawte, Inc.1301..U...*Thawte Code Signing CA - G2 OCSP Responder0.."0...*.H.............0............).Z.......O.~.l...,\.3.".'.'W .ih./..}OA...K...HJd....K^..<.....-.rWJ.j.U.._......W.../.6....J.y.u-.\...2..U.52B.>...=F...RbR.y.zm.......{b.bj....Y..J..m...*=.^......V.}p......rmA......9.L ...{?.g.-Y............8...k.$.:.5..6#4..F.#....t.B.8.O)'F.p).........d0b0...U....0.0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32450...*.H..............C.....8.Aw.{....`...y1N...W4M..M.J.3~..7#}..X..:x..5....$...Z^%.?6..e...}I.)....... .A.w......_...B..j.T..Yu.o.....g....H....q.Ju.SA`K.....~..O_.....S....I>..O.X..E.......]...y..L..F....K......../...._XSk6.:a};.?`...:^.....p....4Z.3L;.......t....>.....j....
<<< skipped >>>
GET /tr.gif?anxa=TBNotifier&anxv=31.19.1.0&anxt=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&anxtv=12.28.1.1293&anxp=^B2X^YYYYYY^YY^UA&tbnguid=3CBBACF0-15D0-44D7-A238-A35DD11B65B4&cr_tboff=0&cr_nt=0&ie_nt=0&cr_start=0&osArchitecture=64&pid=NDV-SP&apnuBuildNumber=0&cr_hb=0&anxr=Wm5rK7r-&ie_hpr=0&osDetail=6.1.1.sp1.x64&cr_ds=0&anxe=apnuDailyConfig&ff_tboff=0&ie_tboff=0&ff_tbon=0&cr_signin=0&ff_hpr=0&apnuRevisionNumber=0&ie_ds=0&cr_tbon=0&ie_tbon=0&ff_nt=0&ff_crm=-4 HTTP/1.1
User-Agent: APNU
Host: anx.apnanalytics.com
HTTP/1.1 204 No Content
Server: nginx/1.0.10
Date: Fri, 15 May 2015 17:47:48 GMT
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Cache-Control: max-age=0
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=2621440-3145727
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA FtAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 2621440-3145727/20700512
6.i.,u....Q............=.......U.8.....e.I.ZrjbZ..K.Ci.7s*ab...vY..c.f.. ........./\[..>.D.C.....K0.^...e.N.su.T3...[.....{....].[.."?I."..g..E....r...*]sn]w..L.(*.......&so..b.j.......h.P.{.G.....4.y%%f......#..e.&.....sp~.g...."kBs.......hf..4I6..O..D....R..y....[ut.5&..[}.?...K6S.[. y.B.......;..A.h......-.R).,.[...&......hY.-t../....9.. ....9...<.W..q.m]m...=s..t`..Mj...]U.w{..)3..@6.!..~.$.%.y..]..T...#u..Q.3.W.j'....kI.......@!.C!....(...a....K...|.b.G...b.m..5p9).I..O.....v.'D..q......|..P...<..i..)q.......PN.G....O3............x..._...(.".:v{-..#.H)..:b.Pw["./e..|...l.c....BP.(t...`...... ..B.w....p...b..... `.......Z..X..o)r.m.>. .v...U..lz5S,?.O..<....S@...S..Q...-l>.ur6.z...D.......~E.%...'..Iu...].).c...............=....zM.ry..\...3y.7.C.....r....Z.~...H.J..<r.5.............B.5...!n..f.....N.}>8..x3]k.....F..G....L..:=U%._$.4......~G..66....v.G........9.Ta.. .k.b...H..T2Ye=...j..w....M........NW .?.n..........M<e.....cG.3E.Nc.......A....>........9...ka....V.0.ge-]D.QA.i:..=2...x..d.%6.=\.1j.8.e$...aj......9c.....Kh....w.....^..f..i..... *.:I.c}.d..F3.......E..0..=Q..Sk.@..B9.......D...uuH(...\.u...@.S.".K...T..F..R.|.'f6..Ap....EUqz]..]...&.......L'..8-...5..$$.8.-,..\]z_.A...?..=!?.a...].p.... amm.Ob...AL".z({..../A...._...G.3..../^b;..dA.c..BM....7...?.-..qn.H.-...a.D...$.$)}..~H....W.r..-.E.G....l.^....K)..S.Q_%...i..2.2).U...2.3!.L.7`..\.....q.U!...).<...3.J9.|2f..~.U.."....X.o.|>.*s(EV...D0..C.(A..i..d"(.0C.........RH..e.yD.>w8.....v)%.7.q...n4G....A..Q..u
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=6291456-6815743
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVm1B9TA8qJAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 6291456-6815743/20700512
].S`:JwEn[.1.K(9......}.p...=.. .5}.b...J..Q.>a..n../e. Z...s.v.x.B....1..._9g..gs).?...3.1.Q.|?;I(. e...I.....d|.TF...h)y.U.......`.AP|J.{@j1.>..".ut...{K....`.1i..6O..S.._.. a.zzj...4.d.*.....E..*.O...i..=.M.Cx>u....;.r.-..3]...X..{......2..:....P.Y...-..V..#....(..\.........~ 'J...u....R.........T..q......"...cy.......G.Y.#..rt~,...x.t.'..3q`...u%.._..O......?0....%.4..<..l....D....x%...G....U0k.z.{....E%.,I...!..D.l.:..bn7......y.........'..S.B..._%..d>...(|.$R8`... s.o.5.j.$..s......$.....[i..p.x.T._HLQ.FO.}.>........A(.&..tM....3.4y....b.........8....\C.....C..Yau...D!. .k2../.Q...e.....]...y.M.V......sW.q...&{..0..xUT...@J\o....{......4..?...........f1JyV.M../.1#&fR...'\..6.\q.8z..[.........a..BXDL..4..bN>a.G....`_.....7.@..m..;3.].A. .Y=.....z.?E...(......@a5V.../.......E...b..t."......uO....c......'~,.vD..<.;Z)!.......>n5..j.^..MXiz.P..M.....S.....>8 ~...q...C.....CrZn....M.!.......CN....,......G<\.8.$>...0...O.o..!...B.6.I....I..e.....X.....'......N..1.%.22..-M...x...cK..P3..c.|C.<.2.&...=f.J.i4R.....8 ..(./7...&I.....9^.7;.a.Q...E.......A.D........-H|.l......n..(..0/...=.#,9..7cC[..U>.g@...bz....k24.Ql..D<-M.q.....g............].W1...........OB. .9..q.g.!.R.z.d%.~.M:.....G..(H....-.....9.....s ..@...e..........:[....M$./wT....$......E.i.].V..l.z..D.....X..F..4[....c.c.z...v...M\.......H~g$...........@..L.]'...m....,...R.....O7.......#...`.liH.Z@..S(...sA.$o.Sj......(.....U...C..U...1.....1...^...=...{....>.7lA9I.8....I._ .Gm..g-vto._.....Q.Z.RWW.z?.....
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=8388608-8912895
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=1572864-2097151
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA F1Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 1572864-2097151/20700512
=.6...l..4r.Z1.D.......I........Ae.te[mU.FQ.....H7.#.=..B).r.R.n.r....!....w(/....2.Nlm.\-.......m....6.,g.....D.GD...o!....f..p,:..0.l.#..-.`.F *.LGV.{..m..Z@.X.. ...M..d..|=..H.....V|..n.y..s....)/..L...!.:.Cz?..P.e....... .XAF..C..|6.*J .6()..$-.......Z...*%....._^.G.w....../.&..g..d:J.6j#qJ.g.......S..u........j....L...7 t.&d....^.;5d}....RW..S7.go..q^...2H...U..'\...._o.(_.....e.!..|3$....(.....S....(>...m....y7E.F...[0....2.....;...(.w.-~..2%F..;`..p.o<.L....tv.Y.....T..#..1......~..j/A..<..Y...U..c..l..b....ov..Q.M....SR./.uH..PZ.9....x.F..DP.......]..z.Ll{.l..R.....H.s..~........O...a..ar.`Z.t....=....$...b...-.- .M.|..q........M...Jl%....}.m.........%...wB/..'......S..m.......l<....H.".....)<....^.,...p.@"...C.8......=dH..............C.}.f.....h[..........VR.{.....$[;.f .A&.c.L.K.?].L@...c..x..s....C......."Qd&.o.a.....6...s....>...961Bo.JA8I..u.......S.{.l.#.'.......>.jn...c...u~..t8.c...wr..]..@JA..s..U7..L.J..._.$........7w...n94.O..E..{.S..q.!|s...iN..K. .G.....r...H.....S5h2....H..a...=....Kz.y-...{W....C`.*p,HV.Cn...Q.....`........B.PU..&..z.6....t.`..bt.....u...e.l.......4....D..........,......4..._.......d..2.......zr-.r.G.yr^...........r...f.....J.JI...&...~....#..l.,.....9.6....O.>.....g......@d.o..?4.=.....Q..{#.......|.(..d<-..o...~.v.GQh......u]6....%.7.}U.@_.V..KO:0*.>W3.}W}.j{6.]...$.M..w.s.......!t. ......\.{..&%.H..6`t.......y..l...g.d..].5..3..&....5...sv..7.1..s[.6FI)..e.q}.)..H.6.Q....../...!.A.......5..W.(Js...c._.W.n.......K..e....,]a.s"...'.L..}t..
<<< skipped >>>
GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=12058624-12582911
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader
<<< skipped >>>
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Tue, 14 Apr 2015 05:02:07 GMT
Accept-Ranges: bytes
ETag: "2711f7277076d01:0"
Server: Microsoft-IIS/8.5
VTag: 279782516600000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Fri, 15 May 2015 17:50:24 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..150413163223Z..150713045223Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......Z0... .....7......150712164223Z0...*.H.............WK....e.\.-.n......./......."]..E!.. //=...[....w... ..........#...[.l.J..f|..... .s......w...J._.......3.[..#.z....ko.I..Q{....e.nV......F..d}..rF\H.jlH]dQ.E....x......W............j....&L. 2.$.?...X?.#.(.....pK.v.......y..r....t......=.AW......K.G.gJD.b...
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
apnmcp.exe_2292:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
RegOpenKeyTransactedW
RegOpenKeyTransactedW
1.3.6.1.4.1.311.2.1.12
1.3.6.1.4.1.311.2.1.12
2.5.4.11
2.5.4.11
operator
operator
GetProcessWindowStation
GetProcessWindowStation
C:\Jenkins\workspace\TOOLBAR_PACKAGE\IE_CORE_SRC\Release\apnmcp.pdb
C:\Jenkins\workspace\TOOLBAR_PACKAGE\IE_CORE_SRC\Release\apnmcp.pdb
KERNEL32.dll
KERNEL32.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
USER32.dll
USER32.dll
ReportEventW
ReportEventW
RegCloseKey
RegCloseKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
RegOpenKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
ADVAPI32.dll
ADVAPI32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
SHLWAPI.dll
SHLWAPI.dll
WinHttpCloseHandle
WinHttpCloseHandle
WinHttpSetOption
WinHttpSetOption
WinHttpCrackUrl
WinHttpCrackUrl
WinHttpReadData
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSendRequest
WinHttpOpenRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpConnect
WinHttpOpen
WinHttpOpen
WINHTTP.dll
WINHTTP.dll
WTSAPI32.dll
WTSAPI32.dll
USERENV.dll
USERENV.dll
CertGetNameStringW
CertGetNameStringW
CryptMsgClose
CryptMsgClose
CertCloseStore
CertCloseStore
CertFreeCertificateContext
CertFreeCertificateContext
CertFindCertificateInStore
CertFindCertificateInStore
CryptMsgGetParam
CryptMsgGetParam
CRYPT32.dll
CRYPT32.dll
WINTRUST.dll
WINTRUST.dll
msi.dll
msi.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
.?AV?$CAtlExeModuleT@VCAPNMCPModule@@@ATL@@
.?AV?$CAtlExeModuleT@VCAPNMCPModule@@@ATL@@
.?AVCUrlHelper@@
.?AVCUrlHelper@@
1.HKe
1.HKe
.?AVCReportServiceTask@@
.?AVCReportServiceTask@@
zcÃ
zcÃ
> >$>(>,>
> >$>(>,>
: :$:(:,:0:4:8:<:>
: :$:(:,:0:4:8:<:>
WM_WEBQUIT
WM_WEBQUIT
WM_UPDATE_CHROME
WM_UPDATE_CHROME
{FBA0990C-6A6D-49FC-BAA6-DE0A50F68C49}
{FBA0990C-6A6D-49FC-BAA6-DE0A50F68C49}
{F80EB12B-281E-4CE7-994E-0A9A5E3DD332}
{F80EB12B-281E-4CE7-994E-0A9A5E3DD332}
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Updater\TBNotifier.exe
Updater\TBNotifier.exe
2355446a-53e8-45c7-b1d4-fdffe06a5037
2355446a-53e8-45c7-b1d4-fdffe06a5037
5bb9aa39-5f0a-4dfc-b1d3-e4939db3b0bd
5bb9aa39-5f0a-4dfc-b1d3-e4939db3b0bd
kernel32.dll
kernel32.dll
%s\{%s}
%s\{%s}
hXXp://tbapi.search.ask.com/v6/package?id={id}&version={version}&subpackageid={subpackageid}
hXXp://tbapi.search.ask.com/v6/package?id={id}&version={version}&subpackageid={subpackageid}
CmdArgs
CmdArgs
Ask.com
Ask.com
Advapi32.dll
Advapi32.dll
d-d-dTd:d:d
d-d-dTd:d:d
Global\%s
Global\%s
winlogon.exe
winlogon.exe
%s\%s\%s
%s\%s\%s
%s\%s
%s\%s
cmdargs
cmdargs
invokeurl
invokeurl
{FBA0990C-6A6D-49FC-BAA6-DE0A50F68C49}
{FBA0990C-6A6D-49FC-BAA6-DE0A50F68C49}
hXXp://anx.apnanalytics.com/tr.gif
hXXp://anx.apnanalytics.com/tr.gif
Global\{41B49C4F-9B93-44EA-B055-81DC25DE82CF}
Global\{41B49C4F-9B93-44EA-B055-81DC25DE82CF}
explorer.exe
explorer.exe
KERNEL32.DLL
KERNEL32.DLL
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
mscoree.dll
mscoree.dll
WUSER32.DLL
WUSER32.DLL
\\.\pipe\7A65E986-1D15-4F19-88BE-66EF148EB099
\\.\pipe\7A65E986-1D15-4F19-88BE-66EF148EB099
\\.\pipe\BD333C6E-0F54-4A8E-98F0-F1198C063CD0
\\.\pipe\BD333C6E-0F54-4A8E-98F0-F1198C063CD0
3C598FC9-4B6F-49E5-9E33-90A1F5FFAC1E
3C598FC9-4B6F-49E5-9E33-90A1F5FFAC1E
A6971D8B-D15B-4F20-BE74-1DBB5EA64D9A
A6971D8B-D15B-4F20-BE74-1DBB5EA64D9A
%Program Files% (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
%Program Files% (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
21.12.1.2516
21.12.1.2516
APNMCP.exe
APNMCP.exe
TBNotifier.exe_580:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
<:>
<:>
t8Ht.HHt#
t8Ht.HHt#
.uJFf
.uJFf
u.jHZ
u.jHZ
,3,3,,456
,3,3,,456
SShOP
SShOP
tLHt.Ht
tLHt.Ht
8%u(j
8%u(j
~%x#hh
~%x#hh
u"SSh
u"SSh
j.Yf;
j.Yf;
_tcPVj@
_tcPVj@
r%f;M
r%f;M
.PjRW
.PjRW
Lpt.VotF%qt
Lpt.VotF%qt
RegOpenKeyTransactedW
RegOpenKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
RegDeleteKeyExW
RegCreateKeyTransactedW
RegCreateKeyTransactedW
%s[%d]: %s
%s[%d]: %s
SQLITE_OK
SQLITE_OK
SQLITE_ERROR
SQLITE_ERROR
SQLITE_INTERNAL
SQLITE_INTERNAL
SQLITE_PERM
SQLITE_PERM
SQLITE_ABORT
SQLITE_ABORT
SQLITE_BUSY
SQLITE_BUSY
SQLITE_LOCKED
SQLITE_LOCKED
SQLITE_NOMEM
SQLITE_NOMEM
SQLITE_READONLY
SQLITE_READONLY
SQLITE_INTERRUPT
SQLITE_INTERRUPT
SQLITE_IOERR
SQLITE_IOERR
SQLITE_CORRUPT
SQLITE_CORRUPT
SQLITE_NOTFOUND
SQLITE_NOTFOUND
SQLITE_FULL
SQLITE_FULL
SQLITE_CANTOPEN
SQLITE_CANTOPEN
SQLITE_PROTOCOL
SQLITE_PROTOCOL
SQLITE_EMPTY
SQLITE_EMPTY
SQLITE_SCHEMA
SQLITE_SCHEMA
SQLITE_TOOBIG
SQLITE_TOOBIG
SQLITE_CONSTRAINT
SQLITE_CONSTRAINT
SQLITE_MISMATCH
SQLITE_MISMATCH
SQLITE_MISUSE
SQLITE_MISUSE
SQLITE_NOLFS
SQLITE_NOLFS
SQLITE_AUTH
SQLITE_AUTH
SQLITE_FORMAT
SQLITE_FORMAT
SQLITE_RANGE
SQLITE_RANGE
SQLITE_ROW
SQLITE_ROW
SQLITE_DONE
SQLITE_DONE
CPPSQLITE_ERROR
CPPSQLITE_ERROR
SELECT id, userDisabled, appDisabled FROM addon where id like '%ask.com'
SELECT id, userDisabled, appDisabled FROM addon where id like '%ask.com'
SELECT id, userDisabled FROM addon where id like '%ask.com'
SELECT id, userDisabled FROM addon where id like '%ask.com'
prefs.js
prefs.js
UPDATE meta SET value='%q' WHERE key='Default Search Provider ID';
UPDATE meta SET value='%q' WHERE key='Default Search Provider ID';
UPDATE keywords SET url='%q' WHERE id=%q;
UPDATE keywords SET url='%q' WHERE id=%q;
UPDATE meta SET value='%q' WHERE key='Default Search Provider ID Backup';
UPDATE meta SET value='%q' WHERE key='Default Search Provider ID Backup';
DELETE FROM keywords WHERE short_name='%q';
DELETE FROM keywords WHERE short_name='%q';
DELETE FROM keywords WHERE short_name='Ask' AND keyword='ask.com' AND prepopulate_id=0;
DELETE FROM keywords WHERE short_name='Ask' AND keyword='ask.com' AND prepopulate_id=0;
{favicon_url}
{favicon_url}
{instant_url}
{instant_url}
{keyword}
{keyword}
{search_terms_replacement_key}
{search_terms_replacement_key}
{url}
{url}
{suggest_url}
{suggest_url}
{alternate_urls}
{alternate_urls}
UPDATE keywords SET url='%q' AND suggest_url='%q' WHERE id=%q
UPDATE keywords SET url='%q' AND suggest_url='%q' WHERE id=%q
UPDATE keywords SET url='%q' WHERE id=%q
UPDATE keywords SET url='%q' WHERE id=%q
SELECT value FROM meta WHERE key='Default Search Provider ID'
SELECT value FROM meta WHERE key='Default Search Provider ID'
SELECT short_name, keyword, url, suggest_url FROM keywords WHERE id=%d
SELECT short_name, keyword, url, suggest_url FROM keywords WHERE id=%d
keyword
keyword
suggest_url
suggest_url
SELECT short_name, Keyword, Url, suggest_url FROM keywords WHERE id=
SELECT short_name, Keyword, Url, suggest_url FROM keywords WHERE id=
SELECT short_name FROM keywords WHERE id=
SELECT short_name FROM keywords WHERE id=
SELECT short_name, keyword, url, prepopulate_id FROM keywords WHERE id=
SELECT short_name, keyword, url, prepopulate_id FROM keywords WHERE id=
select value from ItemTable where key like '%pref_new_tab_off_by_user%'
select value from ItemTable where key like '%pref_new_tab_off_by_user%'
select keyword, url from keywords where prepopulate_id = 4
select keyword, url from keywords where prepopulate_id = 4
Web Data
Web Data
2.5.4.11
2.5.4.11
1.3.6.1.4.1.311.2.1.12
1.3.6.1.4.1.311.2.1.12
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
operator
operator
GetProcessWindowStation
GetProcessWindowStation
d-d-d d:d:d
d-d-d d:d:d
d:d:d
d:d:d
d-d-d
d-d-d
922337203685477580
922337203685477580
RowKey
RowKey
%s\etilqs_
%s\etilqs_
OsError 0x%x (%u)
OsError 0x%x (%u)
invalid page number %d
invalid page number %d
2nd reference to page %d
2nd reference to page %d
Failed to read ptrmap key=%d
Failed to read ptrmap key=%d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
%d of %d pages missing from overflow list starting at %d
failed to get page %d
failed to get page %d
freelist leaf count too big on page %d
freelist leaf count too big on page %d
Page %d:
Page %d:
unable to get the page. error code=%d
unable to get the page. error code=%d
sqlite3BtreeInitPage() returns error code %d
sqlite3BtreeInitPage() returns error code %d
On tree page %d cell %d:
On tree page %d cell %d:
On page %d at right child:
On page %d at right child:
Corruption detected in header on page %d
Corruption detected in header on page %d
Corruption detected in cell %d on page %d
Corruption detected in cell %d on page %d
Multiple uses for byte %d of page %d
Multiple uses for byte %d of page %d
Fragmented space is %d byte reported as %d on page %d
Fragmented space is %d byte reported as %d on page %d
Page %d is never used
Page %d is never used
Pointer map page %d is referenced
Pointer map page %d is referenced
Outstanding page count goes from %d to %d during this analysis
Outstanding page count goes from %d to %d during this analysis
keyinfo(%d
keyinfo(%d
%s(%d)
%s(%d)
%s-mjX
%s-mjX
unable to use function %s in the requested context
unable to use function %s in the requested context
cannot open savepoint - SQL statements in progress
cannot open savepoint - SQL statements in progress
no such savepoint: %s
no such savepoint: %s
cannot %s savepoint - SQL statements in progress
cannot %s savepoint - SQL statements in progress
cannot rollback transaction - SQL statements in progress
cannot rollback transaction - SQL statements in progress
cannot commit transaction - SQL statements in progress
cannot commit transaction - SQL statements in progress
sqlite_temp_master
sqlite_temp_master
sqlite_master
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s
database table is locked: %s
database table is locked: %s
cannot open virtual table: %s
cannot open virtual table: %s
cannot open view: %s
cannot open view: %s
no such column: "%s"
no such column: "%s"
cannot open indexed column for writing
cannot open indexed column for writing
cannot open value of type %s
cannot open value of type %s
misuse of aliased aggregate %s
misuse of aliased aggregate %s
%s: %s.%s.%s
%s: %s.%s.%s
%s: %s.%s
%s: %s.%s
%s: %s
%s: %s
not authorized to use function: %s
not authorized to use function: %s
%r %s BY term out of range - should be between 1 and %d
%r %s BY term out of range - should be between 1 and %d
too many terms in %s BY clause
too many terms in %s BY clause
Expression tree is too large (maximum depth %d)
Expression tree is too large (maximum depth %d)
variable number must be between ?1 and ?%d
variable number must be between ?1 and ?%d
too many SQL variables
too many SQL variables
too many columns in %s
too many columns in %s
%.*s"%w"%s
%.*s"%w"%s
sqlite_rename_table
sqlite_rename_table
sqlite_rename_trigger
sqlite_rename_trigger
%s OR name=%Q
%s OR name=%Q
there is already another table or index with this name: %s
there is already another table or index with this name: %s
sqlite_
sqlite_
table %s may not be altered
table %s may not be altered
view %s may not be altered
view %s may not be altered
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
sqlite_sequence
sqlite_sequence
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_altertab_%s
sqlite_altertab_%s
sqlite_stat1
sqlite_stat1
CREATE TABLE %Q.sqlite_stat1(tbl,idx,stat)
CREATE TABLE %Q.sqlite_stat1(tbl,idx,stat)
DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q
DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q
SELECT idx, stat FROM %Q.sqlite_stat1
SELECT idx, stat FROM %Q.sqlite_stat1
too many attached databases - max %d
too many attached databases - max %d
database %s is already in use
database %s is already in use
unable to open database: %s
unable to open database: %s
no such database: %s
no such database: %s
cannot detach database %s
cannot detach database %s
database %s is locked
database %s is locked
sqlite_detach
sqlite_detach
sqlite_attach
sqlite_attach
%s %T cannot reference objects in database %s
%s %T cannot reference objects in database %s
illegal return value (%d) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY
illegal return value (%d) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY
access to %s.%s.%s is prohibited
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
object name reserved for internal use: %s
there is already an index named %s
there is already an index named %s
too many columns on %s
too many columns on %s
duplicate column name: %s
duplicate column name: %s
default value of column [%s] is not constant
default value of column [%s] is not constant
table "%s" has more than one primary key
table "%s" has more than one primary key
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
CREATE %s %.*s
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE TABLE %Q.sqlite_sequence(name,seq)
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
table %s may not be dropped
table %s may not be dropped
use DROP TABLE to delete table %s
use DROP TABLE to delete table %s
use DROP VIEW to delete view %s
use DROP VIEW to delete view %s
DELETE FROM %s.sqlite_sequence WHERE name=%Q
DELETE FROM %s.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
foreign key on %s should reference only one column of table %T
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
number of columns in foreign key does not match the number of columns in the referenced table
unknown column "%s" in foreign key definition
unknown column "%s" in foreign key definition
indexed columns are not unique
indexed columns are not unique
table %s may not be indexed
table %s may not be indexed
views may not be indexed
views may not be indexed
virtual tables may not be indexed
virtual tables may not be indexed
there is already a table named %s
there is already a table named %s
index %s already exists
index %s already exists
sqlite_autoindex_%s_%d
sqlite_autoindex_%s_%d
table %s has no column named %s
table %s has no column named %s
CREATE%s INDEX %.*s
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
no such index: %S
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q
DELETE FROM %Q.%s WHERE name=%Q
DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q
DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q
unable to identify the object to be reindexed
unable to identify the object to be reindexed
no such collation sequence: %s
no such collation sequence: %s
table %s may not be modified
table %s may not be modified
cannot modify %s because it is a view
cannot modify %s because it is a view
sqlite_version
sqlite_version
table %S has %d columns but %d values were supplied
table %S has %d columns but %d values were supplied
%d values for %d columns
%d values for %d columns
table %S has no column named %s
table %S has no column named %s
%s.%s may not be NULL
%s.%s may not be NULL
PRIMARY KEY must be unique
PRIMARY KEY must be unique
sqlite3_extension_init
sqlite3_extension_init
unable to open shared library [%s]
unable to open shared library [%s]
no entry point [%s] in shared library [%s]
no entry point [%s] in shared library [%s]
error during initialization: %s
error during initialization: %s
automatic extension loading failed: %s
automatic extension loading failed: %s
foreign_key_list
foreign_key_list
*** in database %s ***
*** in database %s ***
unsupported encoding: %s
unsupported encoding: %s
malformed database schema (%s)
malformed database schema (%s)
%s - %s
%s - %s
unsupported file format
unsupported file format
SELECT name, rootpage, sql FROM '%q'.%s
SELECT name, rootpage, sql FROM '%q'.%s
database schema is locked: %s
database schema is locked: %s
unknown or unsupported join type: %T %T%s%T
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
a NATURAL join may not have an ON or USING clause
cannot have both ON and USING clauses in the same join
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
cannot join using column %s - column not present in both tables
%s.%s
%s.%s
%s:%d
%s:%d
ORDER BY clause should come after %s not before
ORDER BY clause should come after %s not before
LIMIT clause should come after %s not before
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
SELECTs to the left and right of %s do not have the same number of result columns
no such index: %s
no such index: %s
sqlite_subquery_%p_
sqlite_subquery_%p_
no such table: %s
no such table: %s
sqlite3_get_table() called with two or more incompatible queries
sqlite3_get_table() called with two or more incompatible queries
cannot create %s trigger on view: %S
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
cannot create INSTEAD OF trigger on table: %S
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
no such trigger: %S
no such trigger: %S
-- TRIGGER %s
-- TRIGGER %s
no such column: %s
no such column: %s
PRAGMA vacuum_db.synchronous=OFF
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
vtable constructor failed: %s
vtable constructor failed: %s
vtable constructor did not declare schema: %s
vtable constructor did not declare schema: %s
no such module: %s
no such module: %s
table %s: xBestIndex returned an invalid plan
table %s: xBestIndex returned an invalid plan
at most %d tables in a join
at most %d tables in a join
cannot use index: %s
cannot use index: %s
TABLE %s
TABLE %s
%s AS %s
%s AS %s
%s WITH INDEX %s
%s WITH INDEX %s
%s VIA MULTI-INDEX UNION
%s VIA MULTI-INDEX UNION
%s USING PRIMARY KEY
%s USING PRIMARY KEY
%s VIRTUAL TABLE INDEX %d:%s
%s VIRTUAL TABLE INDEX %d:%s
%s ORDER BY
%s ORDER BY
unable to close due to unfinished backup operation
unable to close due to unfinished backup operation
SQL logic error or missing database
SQL logic error or missing database
large file support is disabled
large file support is disabled
no such vfs: %s
no such vfs: %s
SQLite format 3
SQLite format 3
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
CREATE TABLE sqlite_master(
CREATE TABLE sqlite_master(
sql text
sql text
3.6.11
3.6.11
CREATE TEMP TABLE sqlite_temp_master(
CREATE TEMP TABLE sqlite_temp_master(
C:\Jenkins\workspace\TOOLBAR_PACKAGE\DEFENSE_SRC\APNU\Release\TBNotifier.pdb
C:\Jenkins\workspace\TOOLBAR_PACKAGE\DEFENSE_SRC\APNU\Release\TBNotifier.pdb
msi.dll
msi.dll
WTSAPI32.dll
WTSAPI32.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
CreateDialogIndirectParamW
CreateDialogIndirectParamW
EnumChildWindows
EnumChildWindows
GetAsyncKeyState
GetAsyncKeyState
keybd_event
keybd_event
EnumWindows
EnumWindows
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
SetWindowsHookExW
SetWindowsHookExW
UnhookWindowsHookEx
UnhookWindowsHookEx
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegDeleteKeyW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegFlushKey
RegFlushKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
UrlCreateFromPathW
UrlCreateFromPathW
SHDeleteKeyW
SHDeleteKeyW
SHEnumKeyExW
SHEnumKeyExW
SHCopyKeyW
SHCopyKeyW
SHLWAPI.dll
SHLWAPI.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
GdiplusShutdown
GdiplusShutdown
gdiplus.dll
gdiplus.dll
MSIMG32.dll
MSIMG32.dll
PSAPI.DLL
PSAPI.DLL
CryptMsgGetParam
CryptMsgGetParam
CertFindCertificateInStore
CertFindCertificateInStore
CertGetNameStringW
CertGetNameStringW
CryptMsgClose
CryptMsgClose
CertCloseStore
CertCloseStore
CertFreeCertificateContext
CertFreeCertificateContext
CRYPT32.dll
CRYPT32.dll
VERSION.dll
VERSION.dll
InternetCrackUrlW
InternetCrackUrlW
HttpOpenRequestW
HttpOpenRequestW
HttpSendRequestW
HttpSendRequestW
HttpQueryInfoW
HttpQueryInfoW
InternetCanonicalizeUrlW
InternetCanonicalizeUrlW
WININET.dll
WININET.dll
WINTRUST.dll
WINTRUST.dll
OLEACC.dll
OLEACC.dll
COMCTL32.dll
COMCTL32.dll
GetCPInfo
GetCPInfo
zcÃ
zcÃ
.?AVCppSQLite3Exception@@
.?AVCppSQLite3Exception@@
.?AVCppSQLite3Query@@
.?AVCppSQLite3Query@@
.?AVCppSQLite3DB@@
.?AVCppSQLite3DB@@
.?AV?$CBaseMonitor@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@W4_enumEventCode@APNU@@@APNU@@
.?AV?$CBaseMonitor@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@W4_enumEventCode@APNU@@@APNU@@
.?AVCDbgReport@APNU@@
.?AVCDbgReport@APNU@@
.?AVCDbgReporting_GC32DSReset@APNU@@
.?AVCDbgReporting_GC32DSReset@APNU@@
.?AV?$CRuntimeConstant@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PAV?$CAtlMap@PAHHV?$CElementTraits@PAH@ATL@@V?$CElementTraits@H@2@@2@@APNU@@
.?AV?$CRuntimeConstant@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PAV?$CAtlMap@PAHHV?$CElementTraits@PAH@ATL@@V?$CElementTraits@H@2@@2@@APNU@@
.?AVCSendHttpMonitor@APNU@@
.?AVCSendHttpMonitor@APNU@@
.?AUISupportErrorInfo@@
.?AUISupportErrorInfo@@
.?AVCTBMonReporting@APNU@@
.?AVCTBMonReporting@APNU@@
.?AVCTBMonReportingData@APNU@@
.?AVCTBMonReportingData@APNU@@
.?AVCTBMonReportingManager@APNU@@
.?AVCTBMonReportingManager@APNU@@
.?AVCTBMonReportingService@APNU@@
.?AVCTBMonReportingService@APNU@@
.?AVCTBMonV5Reporting@APNU@@
.?AVCTBMonV5Reporting@APNU@@
.?AVCTBMonV6Reporting@APNU@@
.?AVCTBMonV6Reporting@APNU@@
.?AV?$CRuntimeConstant@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@V12@@APNU@@
.?AV?$CRuntimeConstant@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@V12@@APNU@@
.?AV?$CAtlExeModuleT@VCUpdaterModule@@@ATL@@
.?AV?$CAtlExeModuleT@VCUpdaterModule@@@ATL@@
.?AVCRegistryKeyChangeMonitor@APNU@@
.?AVCRegistryKeyChangeMonitor@APNU@@
ForceRemove {09F7A6CC-6128-477B-A41D-D76F43E105C2} = s 'TBMonAutomation Class'
ForceRemove {09F7A6CC-6128-477B-A41D-D76F43E105C2} = s 'TBMonAutomation Class'
val ServerExecutable = s '%MODULE_RAW%'
val ServerExecutable = s '%MODULE_RAW%'
TypeLib = s '{ADEF8FEB-F99D-414A-B3F5-0C0CAA0FF25A}'
TypeLib = s '{ADEF8FEB-F99D-414A-B3F5-0C0CAA0FF25A}'
8'!'[(#(^"
8'!'[(#(^"
6464767
6464767
' @959}
' @959}
.KK=%0>KK-
.KK=%0>KK-
.wvbc
.wvbc
Paint.NET v3.5.87;
Paint.NET v3.5.87;
]|.PG
]|.PG
_.DXXd
_.DXXd
:*.LEJ
:*.LEJ
Paint.NET v3.5.100
Paint.NET v3.5.100
hiTXtXML:com.adobe.xmp
hiTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
.Tb@Tt%
.Tb@Tt%
"L.qwV
"L.qwV
" id="W5M0MpCehiHzreSzNTczkc9d"?> `L
" id="W5M0MpCehiHzreSzNTczkc9d"?> `L
" id="W5M0MpCehiHzreSzNTczkc9d"?> czSD
" id="W5M0MpCehiHzreSzNTczkc9d"?> czSD
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
-'~'&|(#|#
-'~'&|(#|#
%|%0u0%
%|%0u0%
%S>d{p
%S>d{p
.LW:vA
.LW:vA
.xI{lr
.xI{lr
stdole2.tlbWWW
stdole2.tlbWWW
Created by MIDL version 7.00.0555 at Mon Apr 20 18:23:29 2015
Created by MIDL version 7.00.0555 at Mon Apr 20 18:23:29 2015
5$5)5/595?5
5$5)5/595?5
9Â9
9Â9
0:1g1r1-2
0:1g1r1-2
6u7u7
6u7u7
1'1>1\1~1
1'1>1\1~1
77z7
77z7
;";,;7;&
;";,;7;&
6b6f6s6
6b6f6s6
5&5.555\5
5&5.555\5
77X7
77X7
4_5X5p5
4_5X5p5
9&:8:{:7;
9&:8:{:7;
"0(0,00040
"0(0,00040
= = =6=>=
= = =6=>=
7*71777=7
7*71777=7
4$4(4,404
4$4(4,404
; ;$;(;,;0;4;8;
; ;$;(;,;0;4;8;
3 3$3(3,3034383
3 3$3(3,3034383
1 1$1(1,1
1 1$1(1,1
,5054585
,5054585
? ?$?(?,?0?4?8?@?
? ?$?(?,?0?4?8?@?
;,;8;\;|;
;,;8;\;|;
4 5@5`5|5
4 5@5`5|5
; ;
; ;
8 8$8(8,8
8 8$8(8,8
1$1@1\1|1
1$1@1\1|1
%d:%s
%d:%s
XXXXXX
XXXXXX
%s%s%s
%s%s%s
Global\{FBA0990C-6A6D-49FC-BAA6-DE0A50F68C49}
Global\{FBA0990C-6A6D-49FC-BAA6-DE0A50F68C49}
Global\{F80EB12B-281E-4CE7-994E-0A9A5E3DD332}
Global\{F80EB12B-281E-4CE7-994E-0A9A5E3DD332}
Global\{41B49C4F-9B93-44EA-B055-81DC25DE82CF}
Global\{41B49C4F-9B93-44EA-B055-81DC25DE82CF}
id:%ld|index:%d|viewmode:%d|HWND:%d|shown:%d
id:%ld|index:%d|viewmode:%d|HWND:%d|shown:%d
http:
http:
SOFTWARE\AskPartnerNetwork\Toolbar\%s
SOFTWARE\AskPartnerNetwork\Toolbar\%s
https:
https:
WM_UPDATE_CHROME
WM_UPDATE_CHROME
Google\Chrome\User Data\Default\Preferences
Google\Chrome\User Data\Default\Preferences
Google\Chrome\User Data\Default\Protected Preferences
Google\Chrome\User Data\Default\Protected Preferences
Google\Chrome\User Data\Default\Secure Preferences
Google\Chrome\User Data\Default\Secure Preferences
Advapi32.dll
Advapi32.dll
.ask.com)
.ask.com)
{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
https
https
CreateOpenSearchServiceFromFile - InstallService failed: hr=%d, URL: %s
CreateOpenSearchServiceFromFile - InstallService failed: hr=%d, URL: %s
CreateOpenSearchServiceFromFile - UrlCreateFromPath failed: hr=%d
CreateOpenSearchServiceFromFile - UrlCreateFromPath failed: hr=%d
CreateOpenSearchServiceFromFile - CoCreateInstance failed: hr=%d
CreateOpenSearchServiceFromFile - CoCreateInstance failed: hr=%d
IERTUTIL.DLL
IERTUTIL.DLL
Url[@type="text/html"]
Url[@type="text/html"]
Url[@type="application/x-suggestions json"]
Url[@type="application/x-suggestions json"]
%s\%s
%s\%s
FaviconUrl
FaviconUrl
SuggestionURL_JSON
SuggestionURL_JSON
.ask.com
.ask.com
MozillaWindowClass
MozillaWindowClass
Chrome_WidgetWin_1
Chrome_WidgetWin_1
kernel32.dll
kernel32.dll
CBrowserRestartManager::ShutdownBrowser, FindWindow failed for class %s
CBrowserRestartManager::ShutdownBrowser, FindWindow failed for class %s
CBrowserRestartManager::ShutdownBrowser, OpenProcess failed for process id %d
CBrowserRestartManager::ShutdownBrowser, OpenProcess failed for process id %d
CBrowserRestartManager::ShutdownBrowser, TerminateProcess failed for process id %d
CBrowserRestartManager::ShutdownBrowser, TerminateProcess failed for process id %d
CBrowserRestartManager::ShutdownBrowser, shutdown sucessful for class %s
CBrowserRestartManager::ShutdownBrowser, shutdown sucessful for class %s
CBrowserRestartManager::ShutdownBrowser, shutdown timeout for class %s
CBrowserRestartManager::ShutdownBrowser, shutdown timeout for class %s
CBrowserRestartManager::ShellExThreadProc, Restart %s failed (%d)
CBrowserRestartManager::ShellExThreadProc, Restart %s failed (%d)
CBrowserRestartManager::ShellExThreadProc, Restart %s succeeded
CBrowserRestartManager::ShellExThreadProc, Restart %s succeeded
\chrome.exe
\chrome.exe
SOFTWARE\Mozilla\Mozilla Firefox
SOFTWARE\Mozilla\Mozilla Firefox
%s\%s\Main
%s\%s\Main
PathToExe
PathToExe
Internet Explorer\iexplore.exe
Internet Explorer\iexplore.exe
CBrowserRestartManager::ShutDownIE, IsIERestartEnable return FALSE for PID = %s
CBrowserRestartManager::ShutDownIE, IsIERestartEnable return FALSE for PID = %s
CBrowserRestartManager::ShutDownIE, after InternalShutdownIE bssIE=%d
CBrowserRestartManager::ShutDownIE, after InternalShutdownIE bssIE=%d
CBrowserRestartManager::ShutDownFF, IsFFRestartEnable return FALSE for PID = %s
CBrowserRestartManager::ShutDownFF, IsFFRestartEnable return FALSE for PID = %s
CBrowserRestartManager::ShutDownFF, after InternalShutdownFF bssFF=%d
CBrowserRestartManager::ShutDownFF, after InternalShutdownFF bssFF=%d
CBrowserRestartManager::ShutDownGC, IsGCRestartEnable return FALSE for PID = %s
CBrowserRestartManager::ShutDownGC, IsGCRestartEnable return FALSE for PID = %s
CBrowserRestartManager::ShutDownGC, after InternalShutdownGC bssGC=%d
CBrowserRestartManager::ShutDownGC, after InternalShutdownGC bssGC=%d
CBrowserRestartManager::StartGC, CreateThread ok dwThreadId = %d
CBrowserRestartManager::StartGC, CreateThread ok dwThreadId = %d
CBrowserRestartManager::IsRestartEnable, No dispatch for PID = %s
CBrowserRestartManager::IsRestartEnable, No dispatch for PID = %s
CBrowserRestartManager::IsRestartEnable, No CServerSwitches for PID = %s
CBrowserRestartManager::IsRestartEnable, No CServerSwitches for PID = %s
CBrowserRestartManager::IsRestartEnable, dwRestart = %d
CBrowserRestartManager::IsRestartEnable, dwRestart = %d
CBrowserRestartManager::GetBrowserShouldStartStatus, after GetRecentPartnerToolbarPerBrowser for IE PID = %s
CBrowserRestartManager::GetBrowserShouldStartStatus, after GetRecentPartnerToolbarPerBrowser for IE PID = %s
CBrowserRestartManager::GetBrowserShouldStartStatus, after GetRecentPartnerToolbarPerBrowser for FF PID = %s
CBrowserRestartManager::GetBrowserShouldStartStatus, after GetRecentPartnerToolbarPerBrowser for FF PID = %s
CBrowserRestartManager::GetBrowserShouldStartStatus, after GetRecentPartnerToolbarPerBrowser for GC PID = %s
CBrowserRestartManager::GetBrowserShouldStartStatus, after GetRecentPartnerToolbarPerBrowser for GC PID = %s
CBrowserRestartManager::GetBrowserShouldStartStatus, IE, FF, GC = %d, %d, %d
CBrowserRestartManager::GetBrowserShouldStartStatus, IE, FF, GC = %d, %d, %d
CBrowserRestartManager::SetForegroundWindowInternal2, hWndGC is NULL, nCount=%d
CBrowserRestartManager::SetForegroundWindowInternal2, hWndGC is NULL, nCount=%d
reporting
reporting
shell32.dll
shell32.dll
*Mozilla
*Mozilla
GetHPR failed to load content from prefs.js
GetHPR failed to load content from prefs.js
browser.startup.homepage
browser.startup.homepage
GetHPR(%s) returns %d
GetHPR(%s) returns %d
GetHPR() will use default value: %s
GetHPR() will use default value: %s
IsUserDisabledNewTab failed to load content from prefs.js
IsUserDisabledNewTab failed to load content from prefs.js
extensions.%s.pref_new_tab_off_by_user
extensions.%s.pref_new_tab_off_by_user
browser.search.selectedEngine
browser.search.selectedEngine
browser.search.order.1
browser.search.order.1
//SearchPlugin/Url[@type='text/html']
//SearchPlugin/Url[@type='text/html']
//SearchPlugin/os:Url[@type='text/html']
//SearchPlugin/os:Url[@type='text/html']
//OpenSearchDescription/Url[@type='text/html']
//OpenSearchDescription/Url[@type='text/html']
%s\*.xml
%s\*.xml
%s\Mozilla Firefox\browser\searchplugins
%s\Mozilla Firefox\browser\searchplugins
%s\searchplugins
%s\searchplugins
CFFBrowserInfo::GetDefaultSearchUrl() Failed to load prefs.js settings.
CFFBrowserInfo::GetDefaultSearchUrl() Failed to load prefs.js settings.
CFFBrowserInfo::GetDefaultSearchUrl() Failed to load search extensions.
CFFBrowserInfo::GetDefaultSearchUrl() Failed to load search extensions.
browser.search.defaultenginename
browser.search.defaultenginename
browser.search.order.2
browser.search.order.2
browser.search.order.3
browser.search.order.3
browser.search.countryCode
browser.search.countryCode
CFFBrowserInfo::GetDefaultSearchUrl Need to use default value.
CFFBrowserInfo::GetDefaultSearchUrl Need to use default value.
CFFBrowserInfo::GetDefaultSearchUrl userLanguageID = %d (russian is %d)
CFFBrowserInfo::GetDefaultSearchUrl userLanguageID = %d (russian is %d)
CFFBrowserInfo::GetDefaultSearchUrl This is a russian FF with default setting.
CFFBrowserInfo::GetDefaultSearchUrl This is a russian FF with default setting.
CFFBrowserInfo::GetDefaultSearchUrl strName = %s, strUrl = %s
CFFBrowserInfo::GetDefaultSearchUrl strName = %s, strUrl = %s
hXXp://{domain}/favicon.ico
hXXp://{domain}/favicon.ico
hXXp://{domain}/?o={o}&l={l}
hXXp://{domain}/?o={o}&l={l}
Ask.com
Ask.com
Convenient tools and links to make your web surfing more enjoyable
Convenient tools and links to make your web surfing more enjoyable
data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8AxcXmOmpqtZkKCZH6BwaN/wcGjf8KCor6amq1mY PxXH6 vsD////AP///wD///8A////AP///wD///8Afn7PgwAAhf8CAo3/CAi0/wEBp/8CAqz/BQSv/wYFrv8HBpv/BwaL/3d3t4v8/P0B////AP///wD///8AurrmRAkJvv95ecn/GRlv/wAAqf8DA8P/AwN9/wAAhP8AAHb/AQGX/wMDl/8EA5P/AQCG/7293kL///8A////AA8Ou/UAAMv//////8PB v8AAGT/lZXQ/6Cgs///////MzPT/yYmd/8vL4L/AAB2/woKcf8HB3D/tbXbSv///wATEsv/AADe/yMj5//6 v7/////////// AgLr/LS3b/83N9v//////jIyl/319nP//////AABz/wMDi//k5PEZFBPR ERD9P8FBeb/q6v//7Gxvv//////T0 y/xAQwv//////gYHu/8LC4f//////Xl6p/wAAof8FBZn/fHy hYCA5H5oZ //SUf0/ysr9f///////////zw8s///////nZ2w/wAAfv/Z2ff//////0ZGe/8AAHn/Bga5/woKkvj8/P0BHBzQ/Vta9f8FBef/mJf7//////8VFZ3/QkPu//////82Nsb/lpbq/7u7u///////GRmg/wAAuf8FBZ//////ALy87UISEtH/CQjp/z08 P//////NTSn/wAA5f8NDu//AADw/7W1////////JCSt/ysr//8AAL3/DAym9////wD///8AxsbwOAUFzf8AAN//gH/r/0RD2f8MCun/BgXm/wUF5f Kiv///////wAAfP8AAOf/BQXC/5KS227///8A////AP///wD///8AenrghQwMyPMVFN7/DAvb/xQT4P8FBeX/T07o/9jY6v8ICLX/AADH/zk5yMn///8A////AP///wD///8A////AP///wDGxvA4mprlZEhJ0bYaGsnpGhrJ6RoayeloZ GjdXXkkcTE7jr///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A//8AAP//AADgfwAAgA8AAIAHAAAAAwAAAAEAAAAAAACAAAAAgAAAAMAAAADgAQAA8AEAAP4HAAD//wAA//8AAA==
data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8AxcXmOmpqtZkKCZH6BwaN/wcGjf8KCor6amq1mY PxXH6 vsD////AP///wD///8A////AP///wD///8Afn7PgwAAhf8CAo3/CAi0/wEBp/8CAqz/BQSv/wYFrv8HBpv/BwaL/3d3t4v8/P0B////AP///wD///8AurrmRAkJvv95ecn/GRlv/wAAqf8DA8P/AwN9/wAAhP8AAHb/AQGX/wMDl/8EA5P/AQCG/7293kL///8A////AA8Ou/UAAMv//////8PB v8AAGT/lZXQ/6Cgs///////MzPT/yYmd/8vL4L/AAB2/woKcf8HB3D/tbXbSv///wATEsv/AADe/yMj5//6 v7/////////// AgLr/LS3b/83N9v//////jIyl/319nP//////AABz/wMDi//k5PEZFBPR ERD9P8FBeb/q6v//7Gxvv//////T0 y/xAQwv//////gYHu/8LC4f//////Xl6p/wAAof8FBZn/fHy hYCA5H5oZ //SUf0/ysr9f///////////zw8s///////nZ2w/wAAfv/Z2ff//////0ZGe/8AAHn/Bga5/woKkvj8/P0BHBzQ/Vta9f8FBef/mJf7//////8VFZ3/QkPu//////82Nsb/lpbq/7u7u///////GRmg/wAAuf8FBZ//////ALy87UISEtH/CQjp/z08 P//////NTSn/wAA5f8NDu//AADw/7W1////////JCSt/ysr//8AAL3/DAym9////wD///8AxsbwOAUFzf8AAN//gH/r/0RD2f8MCun/BgXm/wUF5f Kiv///////wAAfP8AAOf/BQXC/5KS227///8A////AP///wD///8AenrghQwMyPMVFN7/DAvb/xQT4P8FBeX/T07o/9jY6v8ICLX/AADH/zk5yMn///8A////AP///wD///8A////AP///wDGxvA4mprlZEhJ0bYaGsnpGhrJ6RoayeloZ GjdXXkkcTE7jr///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A//8AAP//AADgfwAAgA8AAIAHAAAAAwAAAAEAAAAAAACAAAAAgAAAAMAAAADgAQAA8AEAAP4HAAD//wAA//8AAA==
hXXp://VVV.ask.com/?o={o}&l={l}
hXXp://VVV.ask.com/?o={o}&l={l}
keyword.URL
keyword.URL
extensions.asktb.ff-original-keyword-url
extensions.asktb.ff-original-keyword-url
extensions.%s.my-keyword-url
extensions.%s.my-keyword-url
extensions.%s.previous-keyword-url
extensions.%s.previous-keyword-url
extensions.APN_TB.first-previous-keyword-url
extensions.APN_TB.first-previous-keyword-url
\ask-search.xml
\ask-search.xml
CFFBrowserInfo::SetOpenSearch - loadPrefJSContent Failed: %s
CFFBrowserInfo::SetOpenSearch - loadPrefJSContent Failed: %s
ask-search.xml
ask-search.xml
askcom.xml
askcom.xml
search-results.xml
search-results.xml
CFFBrowserInfo::SetOpenSearch - CreateDirectory Failed (%d): %s
CFFBrowserInfo::SetOpenSearch - CreateDirectory Failed (%d): %s
CFFBrowserInfo::SetOpenSearch - GetOpenSearchProviderName Failed: %s
CFFBrowserInfo::SetOpenSearch - GetOpenSearchProviderName Failed: %s
CFFBrowserInfo::SetOpenSearch - WriteFile Failed (%d): %s
CFFBrowserInfo::SetOpenSearch - WriteFile Failed (%d): %s
search.json
search.json
CFFBrowserInfo::loadPrefJSContent(%d) default profile path is empty.
CFFBrowserInfo::loadPrefJSContent(%d) default profile path is empty.
\prefs.js
\prefs.js
prefs.js.new
prefs.js.new
prefs.js.bak
prefs.js.bak
\Mozilla\Firefox\profiles.ini
\Mozilla\Firefox\profiles.ini
CFFBrowserInfo::GetDefaultProfilePath() ini file returns %s as profile to use.
CFFBrowserInfo::GetDefaultProfilePath() ini file returns %s as profile to use.
profiles.ini
profiles.ini
extensions.json
extensions.json
/addons[%d]/id
/addons[%d]/id
ask.com
ask.com
/addons[%d]/userDisabled
/addons[%d]/userDisabled
/addons[%d]/appDisabled
/addons[%d]/appDisabled
GetAskToolbarCountFromJson: File not found: %s
GetAskToolbarCountFromJson: File not found: %s
GetAskToolbarCountFromJson: File read failed for %s
GetAskToolbarCountFromJson: File read failed for %s
GetAskToolbarCountFromJson: json changenode failed for %s
GetAskToolbarCountFromJson: json changenode failed for %s
GetAskToolbarCountFromJson: jsonIF.GetArray failed for %s
GetAskToolbarCountFromJson: jsonIF.GetArray failed for %s
GetAskToolbarCountFromJson: json GetObject failed for %s
GetAskToolbarCountFromJson: json GetObject failed for %s
'extensions.sqlite
'extensions.sqlite
OpenFirefoxExtensionDB: File not found: %s
OpenFirefoxExtensionDB: File not found: %s
OpenFirefoxExtensionDB: Not able to open firefox extension sqlite
OpenFirefoxExtensionDB: Not able to open firefox extension sqlite
browser.search.order.%d
browser.search.order.%d
Software\AskPartnerNetwork\Toolbar\%s\Info
Software\AskPartnerNetwork\Toolbar\%s\Info
intl.locale.matchOS
intl.locale.matchOS
general.useragent.locale
general.useragent.locale
extensions.xpiState
extensions.xpiState
error getting provider name: %s
error getting provider name: %s
hXXp://%s
hXXp://%s
Firefox
Firefox
MozillaDialogClass
MozillaDialogClass
Options - Mozilla Firefox
Options - Mozilla Firefox
CStartUpDispatch::doFFPostInstallTB calling ShutDownFF pid = %s
CStartUpDispatch::doFFPostInstallTB calling ShutDownFF pid = %s
doFFPostInstallHpr() - bNeedToSetV6FFHpr=%d, bV6FFHprAlreadySet=%d
doFFPostInstallHpr() - bNeedToSetV6FFHpr=%d, bV6FFHprAlreadySet=%d
doFFPostInstallHpr() - bNeedToSetV5FFHpr=%d
doFFPostInstallHpr() - bNeedToSetV5FFHpr=%d
CStartUpDispatch::doFFPostInstallHpr calling ShutDownFF with pid %s
CStartUpDispatch::doFFPostInstallHpr calling ShutDownFF with pid %s
doFFPostInstallSa() - bNeedToSetV6FFSa=%d, bV6FFSaAlreadySet=%d
doFFPostInstallSa() - bNeedToSetV6FFSa=%d, bV6FFSaAlreadySet=%d
doFFPostInstallSa() - bNeedToSetV5FFSa=%d
doFFPostInstallSa() - bNeedToSetV5FFSa=%d
CStartUpDispatch::doFFPostInstallSa - Pid %s - bNeedToSetV6FFSa=%d, HasTargetBrowser=%d
CStartUpDispatch::doFFPostInstallSa - Pid %s - bNeedToSetV6FFSa=%d, HasTargetBrowser=%d
CStartUpDispatch::doFFPostInstallSa calling ShutDownFF with pid %s
CStartUpDispatch::doFFPostInstallSa calling ShutDownFF with pid %s
CStartUpDispatch::SetFFSa: %s - Detected FF34 - seting OpenSearch only
CStartUpDispatch::SetFFSa: %s - Detected FF34 - seting OpenSearch only
Software\%s
Software\%s
homepageurl
homepageurl
CStartUpDispatch::doFFPostInstallHpr() -- Home page is not Ask, so save it for revert on uninstall: ->%s
CStartUpDispatch::doFFPostInstallHpr() -- Home page is not Ask, so save it for revert on uninstall: ->%s
CStartUpDispatch::doFFPostInstallHpr() -- Save the installed value for FF Homepage: %s
CStartUpDispatch::doFFPostInstallHpr() -- Save the installed value for FF Homepage: %s
CStartUpDispatch::doFFPostInstallHpr() -- Failed to get the post install backup key.
CStartUpDispatch::doFFPostInstallHpr() -- Failed to get the post install backup key.
CStartUpDispatch::BackupFFSa strSearchNameJustSet = %s, strDefaultEngineNameJustSet %s
CStartUpDispatch::BackupFFSa strSearchNameJustSet = %s, strDefaultEngineNameJustSet %s
Not able to startup Rebuttal Manager: failed to register for event %s.
Not able to startup Rebuttal Manager: failed to register for event %s.
CFFRebutManager::ProcessEvent() - unexpected event code: %d
CFFRebutManager::ProcessEvent() - unexpected event code: %d
CFFRebutManager::OnPrefsJSChange() failed to get Firefox home page.
CFFRebutManager::OnPrefsJSChange() failed to get Firefox home page.
CFFRebutManager::OnBrowserStop - User changed to: %s
CFFRebutManager::OnBrowserStop - User changed to: %s
Start monitoring %s. (hWnd = %d)
Start monitoring %s. (hWnd = %d)
OnForegroundWindowChange - Firefox window NOT detected: %s (%s, %s)
OnForegroundWindowChange - Firefox window NOT detected: %s (%s, %s)
register for close window event: %s
register for close window event: %s
CFFRebutManager::RetakeHP() -- set FF HP to %s
CFFRebutManager::RetakeHP() -- set FF HP to %s
MonitorForFFStop -- waiting for process %d
MonitorForFFStop -- waiting for process %d
setupFFHPRDialogs(): m_nFFDialogOpenCount = %d
setupFFHPRDialogs(): m_nFFDialogOpenCount = %d
CRebutManager::OnTimerExpired() for timer: %s
CRebutManager::OnTimerExpired() for timer: %s
31.0.0.0
31.0.0.0
macros.json
macros.json
favicon_url
favicon_url
hXXp://VVV.ask.com/favicon.ico
hXXp://VVV.ask.com/favicon.ico
originating_url
originating_url
manifest\chrome_settings_overrides\search_provider\search_url
manifest\chrome_settings_overrides\search_provider\search_url
search_url
search_url
manifest\chrome_settings_overrides\homepage
manifest\chrome_settings_overrides\homepage
manifest\chrome_url_overrides\newtab
manifest\chrome_url_overrides\newtab
new_tab_url
new_tab_url
r%s\%s\Info
r%s\%s\Info
hXXp://ss.websearch.%s.com/query?li=ff&sstype=prefix&q={searchTerms}
hXXp://ss.websearch.%s.com/query?li=ff&sstype=prefix&q={searchTerms}
hXXp://VVV.search-results.com/favicon_ms_search-results.ico
hXXp://VVV.search-results.com/favicon_ms_search-results.ico
hXXp://VVV.ask.com/web?q={searchTerms}
hXXp://VVV.ask.com/web?q={searchTerms}
manifest\chrome_settings_overrides\startup_pages
manifest\chrome_settings_overrides\startup_pages
CGCBrowserInfo::SetHPR() -- Failed to read Preferences file: %s
CGCBrowserInfo::SetHPR() -- Failed to read Preferences file: %s
CGCBrowserInfo::SetHPR() -- Failed to replace "gct=hp" in startup URL: %s
CGCBrowserInfo::SetHPR() -- Failed to replace "gct=hp" in startup URL: %s
CGCBrowserInfo::SetHPR() -- Failed to add %s as a startup page.
CGCBrowserInfo::SetHPR() -- Failed to add %s as a startup page.
bChoiceExists = %d, iChoice = %d
bChoiceExists = %d, iChoice = %d
OpenChromeDB: Not able to get GC default profile DB path
OpenChromeDB: Not able to get GC default profile DB path
OpenChromeDB: File not found: %s
OpenChromeDB: File not found: %s
OpenChromeDB: Not able to open chrome sqlite in temp folder
OpenChromeDB: Not able to open chrome sqlite in temp folder
CGCBrowserInfo::OpenChromeDB return OK
CGCBrowserInfo::OpenChromeDB return OK
SetGCDS: Not able to backup GC web data
SetGCDS: Not able to backup GC web data
SetGCDS: Not able to open chrome sqlite in temp folder
SetGCDS: Not able to open chrome sqlite in temp folder
SetGCDS: Failed to insert Ask search provider into web data
SetGCDS: Failed to insert Ask search provider into web data
SearchKeyword
SearchKeyword
SearchUrl
SearchUrl
SearchSugUrl
SearchSugUrl
SELECT * FROM keywords WHERE (
SELECT * FROM keywords WHERE (
keyword LIKE '%s'
keyword LIKE '%s'
Failed to find the specified entry in keywords for keyword %s
Failed to find the specified entry in keywords for keyword %s
icon_url
icon_url
instant_url
instant_url
search_terms_replacement_key
search_terms_replacement_key
}alternate_urls
}alternate_urls
SetKeywordEntry: Not able to remove current Ask Search provider settings
SetKeywordEntry: Not able to remove current Ask Search provider settings
CGCBrowserInfo::PreventDSReset() -- can't find ask.com
CGCBrowserInfo::PreventDSReset() -- can't find ask.com
CGCBrowserInfo::PreventDSReset() -- ask.com is default - no update for silent update
CGCBrowserInfo::PreventDSReset() -- ask.com is default - no update for silent update
VVV.ask.com
VVV.ask.com
CGCBrowserInfo::PreventDSReset() -- UpdateSearchProviderUrl for id=%d failed, url=%s
CGCBrowserInfo::PreventDSReset() -- UpdateSearchProviderUrl for id=%d failed, url=%s
CGCBrowserInfo::PreventDSReset() -- UpdateSearchProviderUrl for id=%d successful, url=%s
CGCBrowserInfo::PreventDSReset() -- UpdateSearchProviderUrl for id=%d successful, url=%s
CGCBrowserInfo::PreventDSReset() -- SetSafeDefaultSearch for id=%d successful
CGCBrowserInfo::PreventDSReset() -- SetSafeDefaultSearch for id=%d successful
\Web Data.pdsreset
\Web Data.pdsreset
\Web Data
\Web Data
CGCBrowserInfo::UpdatePrefDSProvider() -- Failed to read Preferences file: %s
CGCBrowserInfo::UpdatePrefDSProvider() -- Failed to read Preferences file: %s
short_url
short_url
CGCBrowserInfo::PreventDSReset() -- SetSafeDefaultSearch for id=%d failed
CGCBrowserInfo::PreventDSReset() -- SetSafeDefaultSearch for id=%d failed
INSERT INTO keywords (%s) VALUES (%s);
INSERT INTO keywords (%s) VALUES (%s);
l%sGoogle\Chrome\User Data
l%sGoogle\Chrome\User Data
Local\Google\Chrome\Application\chrome.exe
Local\Google\Chrome\Application\chrome.exe
Google\Chrome\Application\chrome.exe
Google\Chrome\Application\chrome.exe
%u.%u.%u.%u
%u.%u.%u.%u
CGCBrowserInfo::IsChromeSignedIn - Chrome user is signed in
CGCBrowserInfo::IsChromeSignedIn - Chrome user is signed in
CGCBrowserInfo::IsChromeSignedIn - Chrome user is NOT signed in
CGCBrowserInfo::IsChromeSignedIn - Chrome user is NOT signed in
***CGCBrowserInfo::GetCurrentDfltSearchId, nDefaultSearchId=%d, strKeyword=%s, bIsAskId=%d, strSearchUrl=%s, bIsStock=%d
***CGCBrowserInfo::GetCurrentDfltSearchId, nDefaultSearchId=%d, strKeyword=%s, bIsAskId=%d, strSearchUrl=%s, bIsStock=%d
/session/startup_urls/
/session/startup_urls/
/session/urls_to_restore_on_startup/
/session/urls_to_restore_on_startup/
search.ask.com
search.ask.com
/extensions/chrome_url_overrides/newtab/
/extensions/chrome_url_overrides/newtab/
/default_search_provider/search_url
/default_search_provider/search_url
/extensions/settings/%s/manifest/update_url
/extensions/settings/%s/manifest/update_url
/extensions/settings/%s/manifest/name
/extensions/settings/%s/manifest/name
Failed to set to %d
Failed to set to %d
CGCBrowserInfo::GetStartupPages - Failed to locate node %s in the DOM.
CGCBrowserInfo::GetStartupPages - Failed to locate node %s in the DOM.
/extensions/settings/%s/state
/extensions/settings/%s/state
/extensions/settings/%s
/extensions/settings/%s
/extensions/settings/%s/ack_prompt_count
/extensions/settings/%s/ack_prompt_count
manifest\chrome_settings_overrides\search_provider\name
manifest\chrome_settings_overrides\search_provider\name
Failed to read Preferences file: %s
Failed to read Preferences file: %s
CGCPreferencesReader::LoadAssets() -- Failed to read Preferences file: %s
CGCPreferencesReader::LoadAssets() -- Failed to read Preferences file: %s
CGCBrowserInfo::LoadAssets() -- Failed to find/load extension ID's: %s
CGCBrowserInfo::LoadAssets() -- Failed to find/load extension ID's: %s
/extensions/settings/%s/active_permissions/api/
/extensions/settings/%s/active_permissions/api/
/extensions/settings/%s/manifest/chrome_settings_overrides/homepage
/extensions/settings/%s/manifest/chrome_settings_overrides/homepage
/extensions/settings/%s/preferences/default_search_provider.enabled
/extensions/settings/%s/preferences/default_search_provider.enabled
/extensions/settings/%s/manifest/chrome_settings_overrides/search_provider/
/extensions/settings/%s/manifest/chrome_settings_overrides/search_provider/
/extensions/settings/%s/manifest/chrome_settings_overrides/startup_pages/
/extensions/settings/%s/manifest/chrome_settings_overrides/startup_pages/
/extensions/settings/%s/manifest/chrome_url_overrides/newtab
/extensions/settings/%s/manifest/chrome_url_overrides/newtab
/extensions/settings/%s/preferences/session.restore_on_startup
/extensions/settings/%s/preferences/session.restore_on_startup
%s\Local Storage\chrome-extension_%s_%d.localstorage
%s\Local Storage\chrome-extension_%s_%d.localstorage
SELECT id FROM keywords WHERE keyword='%s'
SELECT id FROM keywords WHERE keyword='%s'
CGCBrowserInfo::GetHPR() -- Failed to read Preferences file: %s
CGCBrowserInfo::GetHPR() -- Failed to read Preferences file: %s
/extensions/settings/%s/from_webstore
/extensions/settings/%s/from_webstore
/default_search_provider/keyword
/default_search_provider/keyword
br.ask.com
br.ask.com
uk.ask.com
uk.ask.com
Google Chrome
Google Chrome
%s\Chrome
%s\Chrome
ReInitialize Chrome Defense
ReInitialize Chrome Defense
\AskPartnerNetwork\Toolbar\%s\
\AskPartnerNetwork\Toolbar\%s\
google:baseURL
google:baseURL
CStartUpDispatch::doGCPostInstallTB calling ShutDownGC pid = %s
CStartUpDispatch::doGCPostInstallTB calling ShutDownGC pid = %s
doGCPostInstallHpr() - bNeedToSetV6GCHpr=%d, bV6GCHprAlreadySet=%d
doGCPostInstallHpr() - bNeedToSetV6GCHpr=%d, bV6GCHprAlreadySet=%d
doGCPostInstallHpr() - bNeedToSetV5GCHpr=%d
doGCPostInstallHpr() - bNeedToSetV5GCHpr=%d
CStartUpDispatch::doGCPostInstallHpr calling ShutDownGC with pid %s
CStartUpDispatch::doGCPostInstallHpr calling ShutDownGC with pid %s
doGCPostInstallHpr() - Chrome is running
doGCPostInstallHpr() - Chrome is running
doGCPostInstallSa() - bNeedToSetV6GCSa=%d, bV6GCSaAlreadySet=%d
doGCPostInstallSa() - bNeedToSetV6GCSa=%d, bV6GCSaAlreadySet=%d
doGCPostInstallSa() - bNeedToSetV5GCSa=%d
doGCPostInstallSa() - bNeedToSetV5GCSa=%d
CStartUpDispatch::doGCPostInstallSa calling ShutDownGC with pid %s
CStartUpDispatch::doGCPostInstallSa calling ShutDownGC with pid %s
CStartUpDispatch::setGCHpr() - call SetHPR for GC browser (Allow startup pages = %d).
CStartUpDispatch::setGCHpr() - call SetHPR for GC browser (Allow startup pages = %d).
CStartUpDispatch::setGCSa (%d,%s,%d)
CStartUpDispatch::setGCSa (%d,%s,%d)
CStartUpDispatch::setGCSa: Not able to get GC keyword url
CStartUpDispatch::setGCSa: Not able to get GC keyword url
CStartUpDispatch::setGCSa GetSearchProviderInfo returned false, pattern = %s
CStartUpDispatch::setGCSa GetSearchProviderInfo returned false, pattern = %s
CStartUpDispatch::setGCSa GetSearchProviderInfo return true, strProviderName = %s
CStartUpDispatch::setGCSa GetSearchProviderInfo return true, strProviderName = %s
CStartUpDispatch::setGCSa ReplaceUrlHost() called
CStartUpDispatch::setGCSa ReplaceUrlHost() called
setGCSA strNewKWUrl = %s
setGCSA strNewKWUrl = %s
CStartUpDispatch::setGCSa SetKeywordEntry() called
CStartUpDispatch::setGCSa SetKeywordEntry() called
Failed to add record to keyword table for short_name Ask Search, shortname=%s, kw=%s, url=%s
Failed to add record to keyword table for short_name Ask Search, shortname=%s, kw=%s, url=%s
CStartUpDispatch::setGCSa UpdateSearchProviderUrl() called. id = %d
CStartUpDispatch::setGCSa UpdateSearchProviderUrl() called. id = %d
SetGCSa: error while updating ask.com url and ss, id=%d, url=%s
SetGCSa: error while updating ask.com url and ss, id=%d, url=%s
SetGCSa: successfully update ask.com url and ss, id=%d, url=%s
SetGCSa: successfully update ask.com url and ss, id=%d, url=%s
CStartUpDispatch::setGCSa SetSafeDefaultSearch failed, id=%d
CStartUpDispatch::setGCSa SetSafeDefaultSearch failed, id=%d
\Web Data.ppostinstall
\Web Data.ppostinstall
CStartUpDispatch::setGCSa SetSafeDefaultSearch successful, id=%d
CStartUpDispatch::setGCSa SetSafeDefaultSearch successful, id=%d
GetSearchIDFromKeyword(%d,%s) failed.
GetSearchIDFromKeyword(%d,%s) failed.
SetSafeDefaultSearch(%d) failed.
SetSafeDefaultSearch(%d) failed.
SetSafeDefaultSearch(%d) successful.
SetSafeDefaultSearch(%d) successful.
SetGCSa: Not able to build keyword insert statement
SetGCSa: Not able to build keyword insert statement
\Chrome
\Chrome
web?l=dis&
web?l=dis&
\Web Data.pmonitor
\Web Data.pmonitor
GCUpdateSearchURL
GCUpdateSearchURL
A third-party application is forcing your home page to be set to {COMPETITOR_URL}. If you do not want to have this URL as your home page, you should manually change it.
A third-party application is forcing your home page to be set to {COMPETITOR_URL}. If you do not want to have this URL as your home page, you should manually change it.
Clicking on 'Yes' will open a web page with the instructions.
Clicking on 'Yes' will open a web page with the instructions.
GuideOfferReport
GuideOfferReport
hXXp://apnstatic.ask.com/static/hpds/en/reset-settings/index.html#na1
hXXp://apnstatic.ask.com/static/hpds/en/reset-settings/index.html#na1
{COMPETITOR_URL}
{COMPETITOR_URL}
hXXp://
hXXp://
%d.%d.%d
%d.%d.%d
HPG Init: not able to load HPR settings: %s, isV5=%d
HPG Init: not able to load HPR settings: %s, isV5=%d
loadPartnerNTGSettings: not able to load NTG settings for pid: %s
loadPartnerNTGSettings: not able to load NTG settings for pid: %s
%s\%s\Macro
%s\%s\Macro
Users manually change IE newtab setting. NTG is disable - IE dialog opened: %d, close time: %d
Users manually change IE newtab setting. NTG is disable - IE dialog opened: %d, close time: %d
IdcLdr.exe
IdcLdr.exe
\AskPartnerNetwork\Toolbar\Updater\%s
\AskPartnerNetwork\Toolbar\Updater\%s
{DF8AB633-6D92-4535-A5F9-134FB8DF60AB}
{DF8AB633-6D92-4535-A5F9-134FB8DF60AB}
{154E4B05-E5D4-4BAE-982D-ECB1C2E1B46B}
{154E4B05-E5D4-4BAE-982D-ECB1C2E1B46B}
Ask.com
Ask.com
OLEACC.DLL
OLEACC.DLL
CIEBrowserInfo::GetPartnerIESearchGuid - Failed to open SearchScopes Registry (%d): %s
CIEBrowserInfo::GetPartnerIESearchGuid - Failed to open SearchScopes Registry (%d): %s
CIEBrowserInfo::GetPartnerIESearchGuid - Failed to open SearchScopes Entry (%d): %s
CIEBrowserInfo::GetPartnerIESearchGuid - Failed to open SearchScopes Entry (%d): %s
CIEBrowserInfo::MigrateV5DefaultSearch(%s,%s,%s) - called
CIEBrowserInfo::MigrateV5DefaultSearch(%s,%s,%s) - called
CIEBrowserInfo::MigrateV5DefaultSearch - Failed to open SearchScopes Registry (%d): %s
CIEBrowserInfo::MigrateV5DefaultSearch - Failed to open SearchScopes Registry (%d): %s
CIEBrowserInfo::MigrateV5DefaultSearch - Failed to open SearchScopes Entry (%d): %s
CIEBrowserInfo::MigrateV5DefaultSearch - Failed to open SearchScopes Entry (%d): %s
CIEBrowserInfo::MigrateV5DefaultSearch - Failed to query URL value (%d)
CIEBrowserInfo::MigrateV5DefaultSearch - Failed to query URL value (%d)
CIEBrowserInfo::MigrateV5DefaultSearch - O code found and URL was updated
CIEBrowserInfo::MigrateV5DefaultSearch - O code found and URL was updated
CIEBrowserInfo::MigrateV5SearchHook - Failed to open Search Hook Registry (%d): %s
CIEBrowserInfo::MigrateV5SearchHook - Failed to open Search Hook Registry (%d): %s
CIEBrowserInfo::MigrateV5SearchHook - Error loading from registry: %d
CIEBrowserInfo::MigrateV5SearchHook - Error loading from registry: %d
{00000000-6E41-4FD3-8538-502F5495E5FC}
{00000000-6E41-4FD3-8538-502F5495E5FC}
CIEBrowserInfo::MigrateV5SearchHook - Failed deleting reg value (%d):
CIEBrowserInfo::MigrateV5SearchHook - Failed deleting reg value (%d):
apnuosearch.xml
apnuosearch.xml
CreateOpenSearchService - Xml file: %s
CreateOpenSearchService - Xml file: %s
CIEBrowserInfo::SaveUserPrefs - Failed to open SearchScopes Registry (%d): %s
CIEBrowserInfo::SaveUserPrefs - Failed to open SearchScopes Registry (%d): %s
CIEBrowserInfo::SaveUserPrefs - Failed to query DefaultScope(%d)
CIEBrowserInfo::SaveUserPrefs - Failed to query DefaultScope(%d)
CIEBrowserInfo::SaveUserPrefs - Failed to open Updater key (%d): %s
CIEBrowserInfo::SaveUserPrefs - Failed to open Updater key (%d): %s
CIEBrowserInfo::SaveUserPrefs - Failed to query setting (%d): %s
CIEBrowserInfo::SaveUserPrefs - Failed to query setting (%d): %s
Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.exe
Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.exe
EnumInternetExplorerServer found hwnd=%d
EnumInternetExplorerServer found hwnd=%d
EnumTabWindowClass found hwnd=%d
EnumTabWindowClass found hwnd=%d
RevertIENewTabFeature(%d) -- called
RevertIENewTabFeature(%d) -- called
RevertIENewTabFeature() found: %s[%s] = %d
RevertIENewTabFeature() found: %s[%s] = %d
RevertIENewTabFeature() failed to read: %s[%s]
RevertIENewTabFeature() failed to read: %s[%s]
InstallIENewTabFeature() found that major version is %d
InstallIENewTabFeature() found that major version is %d
hXXps://
hXXps://
WasToolbarEnabledOrDisabled - strCOMGuid = %s
WasToolbarEnabledOrDisabled - strCOMGuid = %s
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
WasToolbarEnabledOrDisabled - Needed Flags detected: %x
WasToolbarEnabledOrDisabled - Needed Flags detected: %x
WasToolbarEnabledOrDisabled - Needed Flags not set: %x
WasToolbarEnabledOrDisabled - Needed Flags not set: %x
WasToolbarEnabledOrDisabled - IE %d detected - No flags yet - assume enabled
WasToolbarEnabledOrDisabled - IE %d detected - No flags yet - assume enabled
WasToolbarEnabledOrDisabled - IE %d detected - No setting yet - assume enabled
WasToolbarEnabledOrDisabled - IE %d detected - No setting yet - assume enabled
WasToolbarEnabledOrDisabled - Error %d while opening: %s
WasToolbarEnabledOrDisabled - Error %d while opening: %s
CLSID\%s\InprocServer32
CLSID\%s\InprocServer32
Adding Name:%s, Value:%s
Adding Name:%s, Value:%s
Invoegtoepassingen beheren
Invoegtoepassingen beheren
CIEDSGDispatch::ReInitialize - Settings = bSuccess:%d, bLoadComplete:%d
CIEDSGDispatch::ReInitialize - Settings = bSuccess:%d, bLoadComplete:%d
CIEDSGDispatch::HandleCustomEvent - Detected ReInitialize event: %s
CIEDSGDispatch::HandleCustomEvent - Detected ReInitialize event: %s
dsg Init: not able to load IEDSG settings for partner: %s
dsg Init: not able to load IEDSG settings for partner: %s
IEPostInstallComplete - performing PostInstall operations
IEPostInstallComplete - performing PostInstall operations
CStartUpDispatch::doIEPostInstallTB calling ShutDownIE pid = %s
CStartUpDispatch::doIEPostInstallTB calling ShutDownIE pid = %s
doIEPostInstallHpr() - bNeedToSetV6IEHpr=%d, bV6IEHprAlreadySet=%d
doIEPostInstallHpr() - bNeedToSetV6IEHpr=%d, bV6IEHprAlreadySet=%d
CStartUpDispatch::doIEPostInstallHpr IsPlatformOverride returned TRUE - don't take HP: %s
CStartUpDispatch::doIEPostInstallHpr IsPlatformOverride returned TRUE - don't take HP: %s
CStartUpDispatch::doIEPostInstallHpr GetIEStatus = %d
CStartUpDispatch::doIEPostInstallHpr GetIEStatus = %d
CStartUpDispatch::doIEPostInstallSa() - bV6UserSelectSa = %d
CStartUpDispatch::doIEPostInstallSa() - bV6UserSelectSa = %d
CStartUpDispatch::doIEPostInstallSa() - didPartnerSetIEChrome false
CStartUpDispatch::doIEPostInstallSa() - didPartnerSetIEChrome false
CStartUpDispatch::doIEPostInstallSa - No search to set - calling WaitForIEPostInstallOperations
CStartUpDispatch::doIEPostInstallSa - No search to set - calling WaitForIEPostInstallOperations
doIEPostInstallSa() - bNeedToSetV6IESa=%d, bV6IESaAlreadySet=%d, bV6IEChromeAlreadySet=%d
doIEPostInstallSa() - bNeedToSetV6IESa=%d, bV6IESaAlreadySet=%d, bV6IEChromeAlreadySet=%d
CStartUpDispatch::doIEPostInstallSa - IsPlatformOverride returned TRUE - don't take HP: %s
CStartUpDispatch::doIEPostInstallSa - IsPlatformOverride returned TRUE - don't take HP: %s
CStartUpDispatch::doIEPostInstallSa - GetIEStatus = %d
CStartUpDispatch::doIEPostInstallSa - GetIEStatus = %d
doIEPostInstallNthp() found partner %s
doIEPostInstallNthp() found partner %s
Not able to set IE sa: missing required component: ie-postinstall in the client config.xml
Not able to set IE sa: missing required component: ie-postinstall in the client config.xml
SetIESa - CheckFollowupReport
SetIESa - CheckFollowupReport
SetIESa - CheckFollowupReport - user did not choose Ask - disable DSG
SetIESa - CheckFollowupReport - user did not choose Ask - disable DSG
SetIESa - PersistSearchParams(%s) failed.
SetIESa - PersistSearchParams(%s) failed.
SetIESa - SetOpenSearchDefaultUsingByPass returned status = %s
SetIESa - SetOpenSearchDefaultUsingByPass returned status = %s
CStartUpDispatch::setIESa - 7. Wait for IE to run to handle PostInstall Operations
CStartUpDispatch::setIESa - 7. Wait for IE to run to handle PostInstall Operations
CStartUpDispatch::InitiatePostInstallCompleteOPeration - IE7 search set - IE running - calling IEPostInstallComplete
CStartUpDispatch::InitiatePostInstallCompleteOPeration - IE7 search set - IE running - calling IEPostInstallComplete
CStartUpDispatch::InitiatePostInstallCompleteOPeration - IE7 search set - calling WaitForIEPostInstallOperations
CStartUpDispatch::InitiatePostInstallCompleteOPeration - IE7 search set - calling WaitForIEPostInstallOperations
Settings will be changed back to Ask upon Firefox' restart.
Settings will be changed back to Ask upon Firefox' restart.
When you installed the %s, you agreed to change your Internet Explorer search settings. Unfortunately, the process was not completed.
When you installed the %s, you agreed to change your Internet Explorer search settings. Unfortunately, the process was not completed.
Would you like to set your %s to %s now? You can change back your settings at any time.
Would you like to set your %s to %s now? You can change back your settings at any time.
{D4027C7F-154A-4066-A1AD-4243D8127440}
{D4027C7F-154A-4066-A1AD-4243D8127440}
This feature helps you stay in control of your Firefox's settings by avoiding unwanted changes by third-party applications.
This feature helps you stay in control of your Firefox's settings by avoiding unwanted changes by third-party applications.
hXXp://help.ask.com/link/portal/30015/30018/ArticleFolder/11/Ask-com-Browser-Toolbar
hXXp://help.ask.com/link/portal/30015/30018/ArticleFolder/11/Ask-com-Browser-Toolbar
%sUNAVAILABLE
%sUNAVAILABLE
%sSELECTED
%sSELECTED
%sFOCUSED
%sFOCUSED
%sPRESSED
%sPRESSED
%sCHECKED
%sCHECKED
%sMIXED
%sMIXED
%sINDETERMINATE
%sINDETERMINATE
%sREADONLY
%sREADONLY
%sHOTTRACKED
%sHOTTRACKED
%sDEFAULT
%sDEFAULT
%sEXPANDED
%sEXPANDED
%sCOLLAPSED
%sCOLLAPSED
%sBUSY
%sBUSY
%sFLOATING
%sFLOATING
%sMARQUEED
%sMARQUEED
%sANIMATED
%sANIMATED
%sINVISIBLE
%sINVISIBLE
%sOFFSCREEN
%sOFFSCREEN
%sSIZEABLE
%sSIZEABLE
%sMOVEABLE
%sMOVEABLE
%sSELFVOICING
%sSELFVOICING
%sFOCUSABLE
%sFOCUSABLE
%sSELECTABLE
%sSELECTABLE
%sLINKED
%sLINKED
%sTRAVERSED
%sTRAVERSED
%sMULTISELECTABLE
%sMULTISELECTABLE
%sEXTSELECTABLE
%sEXTSELECTABLE
%sLOW
%sLOW
%sMEDIUM
%sMEDIUM
%sHIGH
%sHIGH
%sPROTECTED
%sPROTECTED
%sVALID
%sVALID
x-osid:1:search:%{%s%}
x-osid:1:search:%{%s%}
Home Page / New Tab - Set to %s
Home Page / New Tab - Set to %s
Default Search - Set to %s
Default Search - Set to %s
CRebutManager::Shutdown() m_bStop = %d
CRebutManager::Shutdown() m_bStop = %d
CRebutManager::InializeHPRebut() Found a partner with FF HP Rebut enabled: %s
CRebutManager::InializeHPRebut() Found a partner with FF HP Rebut enabled: %s
CRebutManager::Reinitialize - Disabled because switch %d is active
CRebutManager::Reinitialize - Disabled because switch %d is active
CRebutManager::SendReport Failed to find dispatch for Pid: %s
CRebutManager::SendReport Failed to find dispatch for Pid: %s
CRebutManager::IsAskHomePage - Failed to get IE home page url
CRebutManager::IsAskHomePage - Failed to get IE home page url
CRebutManager::RebuttalAllowed - Less than %d (elapsed = %d) hours since last displayed
CRebutManager::RebuttalAllowed - Less than %d (elapsed = %d) hours since last displayed
CRebutManager::RebuttalAllowed - More than %d hours since last displayed
CRebutManager::RebuttalAllowed - More than %d hours since last displayed
CRebutManager::StartRebutTimer(%d) - m_bRebutTimerRunning = %d
CRebutManager::StartRebutTimer(%d) - m_bRebutTimerRunning = %d
VVV.asksearch.com
VVV.asksearch.com
SearchBetter.com
SearchBetter.com
ask.com;*.ask.*
ask.com;*.ask.*
CStartUpDispatch::StartIESearchSetupTimer for PID:%s aborted - IsIEOSearchPend = FALSE
CStartUpDispatch::StartIESearchSetupTimer for PID:%s aborted - IsIEOSearchPend = FALSE
CStartUpDispatch::StartIESearchSetupTimer - bDidUserAction = %s, SKIP_SEARCH = %s
CStartUpDispatch::StartIESearchSetupTimer - bDidUserAction = %s, SKIP_SEARCH = %s
setiechrome
setiechrome
CStartUpDispatch::StartIESearchSetupTimer - Register for IEEnableComplete for PID:%s
CStartUpDispatch::StartIESearchSetupTimer - Register for IEEnableComplete for PID:%s
CStartUpDispatch::TimerCheckIESearchSetup - strXML = %s
CStartUpDispatch::TimerCheckIESearchSetup - strXML = %s
CStartUpDispatch::TimerCheckIESearchSetup (bIEEnableShowing NOT showing) - calling InitiateIESearchSetup - SKIP_SEARCH = %s
CStartUpDispatch::TimerCheckIESearchSetup (bIEEnableShowing NOT showing) - calling InitiateIESearchSetup - SKIP_SEARCH = %s
RemoteCheckIESearchSetup calling InitiateIESearchSetup (PID:%s, HWND:0x%x)
RemoteCheckIESearchSetup calling InitiateIESearchSetup (PID:%s, HWND:0x%x)
%s\Offers
%s\Offers
%s\%s\Offers
%s\%s\Offers
%Y-%m-%d %H:%M:%S
%Y-%m-%d %H:%M:%S
CStartUpDispatch::InitiateIESearchSetup - PID: %s - SKIP_SEARCH Detected!
CStartUpDispatch::InitiateIESearchSetup - PID: %s - SKIP_SEARCH Detected!
InitiateIESearchSetup - found IE, starting chrome install thread
InitiateIESearchSetup - found IE, starting chrome install thread
CStartUpDispatch::InitiateIESearchSetup - Register for IEEnableComplete for PID:%s
CStartUpDispatch::InitiateIESearchSetup - Register for IEEnableComplete for PID:%s
StartUpDispatch ProcessEvent - detected IEEnableComplete - starting 2 sec timer (PID:%s, HWND:0x%x)
StartUpDispatch ProcessEvent - detected IEEnableComplete - starting 2 sec timer (PID:%s, HWND:0x%x)
Firefox or Google Chrome process ended.
Firefox or Google Chrome process ended.
CStartupDispatch::ProcessEvent - V6APNUShutdownPath triggered - ExitCode=%d
CStartupDispatch::ProcessEvent - V6APNUShutdownPath triggered - ExitCode=%d
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
?anxa=%s
?anxa=%s
&anxv=%s
&anxv=%s
&anxt=%s
&anxt=%s
&anxtv=%s
&anxtv=%s
&anxp=%s
&anxp=%s
FireFox
FireFox
GoogleChrome
GoogleChrome
ReportingData.dat
ReportingData.dat
CTBMonReportingManager Thread Not able to stop worker thread after waiting for 10 seconds
CTBMonReportingManager Thread Not able to stop worker thread after waiting for 10 seconds
%s\%s\%s
%s\%s\%s
postinstallreportstate
postinstallreportstate
newtab.html
newtab.html
%d-d-dTd:d:d
%d-d-dTd:d:d
*.ask.*;search.avira.com
*.ask.*;search.avira.com
FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF
FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF
&%s=%s
&%s=%s
PreUninstallOperation(%s)
PreUninstallOperation(%s)
CUninstallBrowserService::RevertSettings - GetPostInstallBackupRegKey failed!
CUninstallBrowserService::RevertSettings - GetPostInstallBackupRegKey failed!
CUninstallBrowserService::RevertFFSettings() Read FFHP_inst = %s
CUninstallBrowserService::RevertFFSettings() Read FFHP_inst = %s
CUninstallBrowserService::RevertFFSettings() strFFHomePage = %s
CUninstallBrowserService::RevertFFSettings() strFFHomePage = %s
CUninstallBrowserService::RevertFFSettings() FFHP_inst has same domain as current home page: %s
CUninstallBrowserService::RevertFFSettings() FFHP_inst has same domain as current home page: %s
RevertFFSettings() strInstSelectedEngine=%s, strCurrSelectedSearchEngine=%s, strCurrDefaultEngineName=%s
RevertFFSettings() strInstSelectedEngine=%s, strCurrSelectedSearchEngine=%s, strCurrDefaultEngineName=%s
Search AssetRevert = %s
Search AssetRevert = %s
After FF search revert search is: %s
After FF search revert search is: %s
ffsa_kwurl_prev
ffsa_kwurl_prev
iesa_chromeguid_prev
iesa_chromeguid_prev
99999.99999.99999.99999
99999.99999.99999.99999
TBNotifier.log
TBNotifier.log
(]:])
(]:])
%s-%s
%s-%s
%d.%d.%d.%d
%d.%d.%d.%d
User32.dll
User32.dll
{7FAA2206-8045-48C4-819E-8B5BD6A15678}
{7FAA2206-8045-48C4-819E-8B5BD6A15678}
TBNotifier.exe version %s built: Apr 20 2015, 18:24:48
TBNotifier.exe version %s built: Apr 20 2015, 18:24:48
CmdLine
CmdLine
Launch %s?
Launch %s?
Failed to Launched: %s
Failed to Launched: %s
NotifySwitchesChanged - broadcasting switch change for partner: %s
NotifySwitchesChanged - broadcasting switch change for partner: %s
%Y-%m-%d
%Y-%m-%d
%s%s\%s\%s
%s%s\%s\%s
%s\%s\%s\%s
%s\%s\%s\%s
0.0.0
0.0.0
m_pTBMonReportingService->Shutdown complete
m_pTBMonReportingService->Shutdown complete
SOFTWARE\AskPartnerNetwork\Toolbar\%s\Info
SOFTWARE\AskPartnerNetwork\Toolbar\%s\Info
CDispatchManager::setDoneCode() Create key: %s
CDispatchManager::setDoneCode() Create key: %s
CDispatchManager::setDoneCode() Set done code to %d
CDispatchManager::setDoneCode() Set done code to %d
CDispatchManager::setDoneCode() returns: %d
CDispatchManager::setDoneCode() returns: %d
GetLatestGCStartupPage() - look at kill switch for %s
GetLatestGCStartupPage() - look at kill switch for %s
GetLatestGCStartupPage() - skip %s, eSS_EnableGCStartupPage = %d
GetLatestGCStartupPage() - skip %s, eSS_EnableGCStartupPage = %d
GetLatestGCStartupPage() - eSS_EnableGCStartupPage = %d
GetLatestGCStartupPage() - eSS_EnableGCStartupPage = %d
GetLatestGCStartupPage() - skip %s, version too low
GetLatestGCStartupPage() - skip %s, version too low
GetLatestGCStartupPage() - %s is newer
GetLatestGCStartupPage() - %s is newer
CDispatchManager::GetLatestGCStartupPage() - Failed to open key at path = %s
CDispatchManager::GetLatestGCStartupPage() - Failed to open key at path = %s
{browser-lang}
{browser-lang}
not able to open process to monitor: %d
not able to open process to monitor: %d
lastsetiechromepid
lastsetiechromepid
Software\AskPartnerNetwork\Toolbar\Updater\Chrome
Software\AskPartnerNetwork\Toolbar\Updater\Chrome
iexplore.exe
iexplore.exe
firefox.exe
firefox.exe
chrome.exe
chrome.exe
chromeReporting
chromeReporting
chromeSetAskSearch
chromeSetAskSearch
chrome_launcher.exe
chrome_launcher.exe
googleupdate.exe
googleupdate.exe
googleupdateondemand.exe
googleupdateondemand.exe
Safari.exe
Safari.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice
Software\Classes\http\shell\open\command
Software\Classes\http\shell\open\command
http\shell\open\command
http\shell\open\command
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe
Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe
Software\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe
Software\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
setup.exe
setup.exe
updater.exe
updater.exe
Mozilla
Mozilla
hXXp://websearch.ask.com/redirect?client=ff&src=kw&tb={tb}&o={o}&locale={locale}&apn_uid={id}&apn_ptnrs={cbid}&apn_sauid={said}&apn_dtid={dtid}&psv={psv}&q=
hXXp://websearch.ask.com/redirect?client=ff&src=kw&tb={tb}&o={o}&locale={locale}&apn_uid={id}&apn_ptnrs={cbid}&apn_sauid={said}&apn_dtid={dtid}&psv={psv}&q=
hXXp://websearch.search-results.com/redirect?client=ff&src=kw&tb={tb}&o={o}&locale={locale}&apn_uid={id}&apn_ptnrs={cbid}&apn_sauid={said}&apn_dtid={dtid}&psv={psv}&q=
hXXp://websearch.search-results.com/redirect?client=ff&src=kw&tb={tb}&o={o}&locale={locale}&apn_uid={id}&apn_ptnrs={cbid}&apn_sauid={said}&apn_dtid={dtid}&psv={psv}&q=
hXXp://websearch.ask.com/redirect?client=cr&src=kw&tb={tb}&o={o}&locale={locale}&apn_uid={id}&apn_ptnrs={cbid}&apn_sauid={said}&apn_dtid={dtid}&psv={psv}&q={{searchTerms}}
hXXp://websearch.ask.com/redirect?client=cr&src=kw&tb={tb}&o={o}&locale={locale}&apn_uid={id}&apn_ptnrs={cbid}&apn_sauid={said}&apn_dtid={dtid}&psv={psv}&q={{searchTerms}}
hXXp://websearch.search-results.com/redirect?client=cr&src=kw&tb={tb}&o={o}&locale={locale}&apn_uid={id}&apn_ptnrs={cbid}&apn_sauid={said}&apn_dtid={dtid}&psv={psv}&q={{searchTerms}}
hXXp://websearch.search-results.com/redirect?client=cr&src=kw&tb={tb}&o={o}&locale={locale}&apn_uid={id}&apn_ptnrs={cbid}&apn_sauid={said}&apn_dtid={dtid}&psv={psv}&q={{searchTerms}}
hXXp://websearch.%s.com/apnu/update?tb={tb}&cbid={cbid}&v={apnuversion}&r={apnurevision}&build={build}&tbguid={guid}&id={apnuguid}&locale={locale.underscore}&dtid={dtid}&browser-name={browser-name}&browser-version={browser-version}&browser-lang={browser-lang}&ielu={ielu}&fflu={fflu}&tbv={version}&apn_dbr={apn_dbr}&emc={emc}&umc=&dp={overlay-dp}&ds={overlay-ds}&dm={overlay-dm}&db={overlay-db}&do={overlay-do}
hXXp://websearch.%s.com/apnu/update?tb={tb}&cbid={cbid}&v={apnuversion}&r={apnurevision}&build={build}&tbguid={guid}&id={apnuguid}&locale={locale.underscore}&dtid={dtid}&browser-name={browser-name}&browser-version={browser-version}&browser-lang={browser-lang}&ielu={ielu}&fflu={fflu}&tbv={version}&apn_dbr={apn_dbr}&emc={emc}&umc=&dp={overlay-dp}&ds={overlay-ds}&dm={overlay-dm}&db={overlay-db}&do={overlay-do}
hXXp://tbapi.search.ask.com/v6/apnu/update?tb={tb}&cbid={cbid}&v={apnuversion}&r={apnurevision}&build={build}&tbguid={guid}&id={apnuguid}&locale={locale}&dtid={dtid}&os-lang={browser-lang}&tbv={version}&apn_dbr={dbr}&iev={iev}&ffv={ffv}&gcv={gcv}
hXXp://tbapi.search.ask.com/v6/apnu/update?tb={tb}&cbid={cbid}&v={apnuversion}&r={apnurevision}&build={build}&tbguid={guid}&id={apnuguid}&locale={locale}&dtid={dtid}&os-lang={browser-lang}&tbv={version}&apn_dbr={dbr}&iev={iev}&ffv={ffv}&gcv={gcv}
chrome_ie_set
chrome_ie_set
apnu/enableChromeSearchProtection
apnu/enableChromeSearchProtection
switches/enableChromeSearchProtection
switches/enableChromeSearchProtection
switches/enableGCStockURLMonitor
switches/enableGCStockURLMonitor
switches/enableIEDSByPass
switches/enableIEDSByPass
config/url
config/url
report
report
Software\Microsoft\Windows\CurrentVersion\Ext\Settings
Software\Microsoft\Windows\CurrentVersion\Ext\Settings
FirefoxToolbarCount
FirefoxToolbarCount
hXXp://anx.apnanalytics.com/tr.gif
hXXp://anx.apnanalytics.com/tr.gif
hXXp://img.apnanalytics.com/images/nocache/apn/tr.gif?cb={cbid}&guidu={apnuguid}&apn_dtid={dtid}&pid={tb}&guidt={guid}&ts={random}&uev={uev}&us={userselection}&iev={ieversion}&ffv={ffversion}&chv={gcversion}&dp={overlay-dp}&ds={overlay-ds}&dm={overlay-dm}&db={overlay-db}&do={overlay-do}&count={count}
hXXp://img.apnanalytics.com/images/nocache/apn/tr.gif?cb={cbid}&guidu={apnuguid}&apn_dtid={dtid}&pid={tb}&guidt={guid}&ts={random}&uev={uev}&us={userselection}&iev={ieversion}&ffv={ffversion}&chv={gcversion}&dp={overlay-dp}&ds={overlay-ds}&dm={overlay-dm}&db={overlay-db}&do={overlay-do}&count={count}
PostInstallRefreshReport
PostInstallRefreshReport
config.xml
config.xml
Updater.exe
Updater.exe
ff-keyword-url
ff-keyword-url
gc-keyword-url
gc-keyword-url
ie-searchhook-url
ie-searchhook-url
APNUrl_HelpFAQ
APNUrl_HelpFAQ
APNText_FF8ArrowDlg1Msg
APNText_FF8ArrowDlg1Msg
APNText_FF8ArrowDlg2Msg
APNText_FF8ArrowDlg2Msg
APNText_FF8PoweredByAskMsg
APNText_FF8PoweredByAskMsg
APNText_FF8RestartFirefox
APNText_FF8RestartFirefox
APNText_FF8PresentedByPartnerPoweredByAskMsg
APNText_FF8PresentedByPartnerPoweredByAskMsg
APNText_FF8XULName_GoToAWebsite
APNText_FF8XULName_GoToAWebsite
APNText_GCSelectSearchChangeMsg
APNText_GCSelectSearchChangeMsg
APNText_GCDeliveredByPartnerPoweredByAskMsg
APNText_GCDeliveredByPartnerPoweredByAskMsg
APNText_GCDeliveredByAskMsg
APNText_GCDeliveredByAskMsg
APNText_GCAttemptedDefSearchChangeMsg
APNText_GCAttemptedDefSearchChangeMsg
APNText_GCChangeToAskMsgChgMsg
APNText_GCChangeToAskMsgChgMsg
*.google.*;google.*;*.ask.*;ask.*
*.google.*;google.*;*.ask.*;ask.*
HPG-guide-offer-report-delay
HPG-guide-offer-report-delay
APNText_HPGIE_DeliveredByAskMsg
APNText_HPGIE_DeliveredByAskMsg
APNText_HPGIE_DeliveredByPartnerMsg
APNText_HPGIE_DeliveredByPartnerMsg
APNText_IEHPGHELPURL
APNText_IEHPGHELPURL
faqPageUrl
faqPageUrl
APNText_GCMoreInfoFAQUrl
APNText_GCMoreInfoFAQUrl
Software\Google\Chrome\Extensions
Software\Google\Chrome\Extensions
Software\Policies\Google\Chrome\ExtensionInstallForcelist
Software\Policies\Google\Chrome\ExtensionInstallForcelist
APNText_FFMoreInfoFAQUrl
APNText_FFMoreInfoFAQUrl
hXXp://{domain}/?p2={p2}&gct=hp&o={o}&apn_ptnrs={cbid}&apn_dtid={dtid}&tpid={tb}&apn_dbr={dbr}&trgb={trgb}&apn_uid={guid}&itbv={ProductVersion}&doi={timeinstalled}&psv={psv}&pt={pt}
hXXp://{domain}/?p2={p2}&gct=hp&o={o}&apn_ptnrs={cbid}&apn_dtid={dtid}&tpid={tb}&apn_dbr={dbr}&trgb={trgb}&apn_uid={guid}&itbv={ProductVersion}&doi={timeinstalled}&psv={psv}&pt={pt}
Software\Microsoft\Windows\CurrentVersion\Uninstall
Software\Microsoft\Windows\CurrentVersion\Uninstall
{79A765E1-C399-405B-85AF-466F52E918B0}
{79A765E1-C399-405B-85AF-466F52E918B0}
Software\AskToolbar\Chrome
Software\AskToolbar\Chrome
Software\APN\Updater\Reporting
Software\APN\Updater\Reporting
Software\AskPartnerNetwork\Toolbar\Updater\%s\Macro
Software\AskPartnerNetwork\Toolbar\Updater\%s\Macro
Software\AskPartnerNetwork\Toolbar\%s\Macro
Software\AskPartnerNetwork\Toolbar\%s\Macro
Software\AskPartnerNetwork\Toolbar\Updater\%s\Reporting
Software\AskPartnerNetwork\Toolbar\Updater\%s\Reporting
Software\AskPartnerNetwork\Toolbar\Updater\%s\Offers
Software\AskPartnerNetwork\Toolbar\Updater\%s\Offers
Software\Microsoft\Internet Explorer\URLSearchHooks
Software\Microsoft\Internet Explorer\URLSearchHooks
ieframe.dll
ieframe.dll
error loading config.xml at %s: %s
error loading config.xml at %s: %s
loading v5 config: fftoolbarname = %s
loading v5 config: fftoolbarname = %s
Software\%s\%s
Software\%s\%s
cobrand.ico
cobrand.ico
VVV.search.ask.com
VVV.search.ask.com
//components/component[@name='%s']
//components/component[@name='%s']
toolbar_%s@apn.ask.com
toolbar_%s@apn.ask.com
property[@name="%s"]
property[@name="%s"]
Config.%s-
Config.%s-
%s*.xml
%s*.xml
%s%d.xml
%s%d.xml
Response.%s-%d.xml
Response.%s-%d.xml
%sConfig.%s-%d.xml
%sConfig.%s-%d.xml
0.0.0.0
0.0.0.0
Response.%s*
Response.%s*
-0.xml
-0.xml
%sResponse.%s-%d.xml
%sResponse.%s-%d.xml
Global\%s_%s
Global\%s_%s
DLAUninstallFix will be performed on existing toolbar for PID: %s
DLAUninstallFix will be performed on existing toolbar for PID: %s
DLAUninstallFix not performed on new toolbar for PID: %s (bV5V7URLadjusted = %s)
DLAUninstallFix not performed on new toolbar for PID: %s (bV5V7URLadjusted = %s)
Firefox process ended.
Firefox process ended.
?seq=%d
?seq=%d
DLAUninstallFix() - Couldn't open root key (%d) for PID: %s
DLAUninstallFix() - Couldn't open root key (%d) for PID: %s
DLAUninstallFix() - Couldn't open partner key (%d) for PID: %s
DLAUninstallFix() - Couldn't open partner key (%d) for PID: %s
DLAUninstallFix() - InstalledHPRIESet for PID: %s
DLAUninstallFix() - InstalledHPRIESet for PID: %s
DLAUninstallFix() - InstalledHPRFFSet for PID: %s
DLAUninstallFix() - InstalledHPRFFSet for PID: %s
DLAUninstallFix() - InstalledHPRGCSet for PID: %s
DLAUninstallFix() - InstalledHPRGCSet for PID: %s
DLAUninstallFix() - InstalledSAIESet for PID: %s
DLAUninstallFix() - InstalledSAIESet for PID: %s
DLAUninstallFix() - InstalledSAFFSet for PID: %s
DLAUninstallFix() - InstalledSAFFSet for PID: %s
DLAUninstallFix() - InstalledSAGCSet for PID: %s
DLAUninstallFix() - InstalledSAGCSet for PID: %s
bV5V7URLadjusted true
bV5V7URLadjusted true
bV5V7URLadjusted false
bV5V7URLadjusted false
strVal %s
strVal %s
rkSrc.QueryStringValue error %d
rkSrc.QueryStringValue error %d
error loading response file at %s: %s
error loading response file at %s: %s
combase.dll
combase.dll
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
portuguese-brazilian
portuguese-brazilian
%Program Files% (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
%Program Files% (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
31.19.1.2516
31.19.1.2516
TBNotifier.exe
TBNotifier.exe
A third-party application is forcing your home page to be set to 'VVV.some-url.com'. If you do not want to have this URL as your home page, you should manually change it.
A third-party application is forcing your home page to be set to 'VVV.some-url.com'. If you do not want to have this URL as your home page, you should manually change it.
Clicking on 'Yes' will open a web page with the instructions. (from resource)
Clicking on 'Yes' will open a web page with the instructions. (from resource)
This feature helps you stay in control of your FireFox's settings by avoiding unwanted changes by third-party applications.
This feature helps you stay in control of your FireFox's settings by avoiding unwanted changes by third-party applications.
Would you like to set your default search engine, home page amd new tabs page to Ask.com now? You can change back your settings at any time.
Would you like to set your default search engine, home page amd new tabs page to Ask.com now? You can change back your settings at any time.
Your home page may have been changed by another application. Would you like to revert your home page back to Ask.com?
Your home page may have been changed by another application. Would you like to revert your home page back to Ask.com?
Revert back to Ask.com home page
Revert back to Ask.com home page
Firefox Settings Change Notification
Firefox Settings Change Notification
IdcLdr.exe_1584:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
operator
operator
GetProcessWindowStation
GetProcessWindowStation
C:\Jenkins\workspace\TOOLBAR_PACKAGE\DEFENSE_SRC\IDC\Release\IdcLdr.pdb
C:\Jenkins\workspace\TOOLBAR_PACKAGE\DEFENSE_SRC\IDC\Release\IdcLdr.pdb
WTSAPI32.dll
WTSAPI32.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
SetWindowsHookExW
SetWindowsHookExW
UnhookWindowsHookEx
UnhookWindowsHookEx
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
USER32.dll
USER32.dll
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteExW
ShellExecuteExW
SHELL32.dll
SHELL32.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
PSAPI.DLL
PSAPI.DLL
CryptMsgGetParam
CryptMsgGetParam
CertFindCertificateInStore
CertFindCertificateInStore
CertGetNameStringW
CertGetNameStringW
CRYPT32.dll
CRYPT32.dll
GetCPInfo
GetCPInfo
zcÃ
zcÃ
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
?,?0?4?8?
?,?0?4?8?
5%5 5/5
5%5 5/5
;"
;"
>$?1?:?^?
>$?1?:?^?
9 9$9(9,9
9 9$9(9,9
6 6
6 6
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
kernel32.dll
kernel32.dll
USER32.DLL
USER32.DLL
XXXXXX
XXXXXX
IdcLdr.exe
IdcLdr.exe
IdcSrvStub.dll
IdcSrvStub.dll
IdcSrv.dll
IdcSrv.dll
IdcLdr_x64.exe
IdcLdr_x64.exe
IdcSrvStub_x64.dll
IdcSrvStub_x64.dll
IdcSrv_x64.dll
IdcSrv_x64.dll
\IdcSrvStub.dll
\IdcSrvStub.dll
18E9CAF6-12E0-4E11-870A-1A307541A4F4
18E9CAF6-12E0-4E11-870A-1A307541A4F4
%s\%s
%s\%s
\AskPartnerNetwork\Toolbar\Updater\%s
\AskPartnerNetwork\Toolbar\Updater\%s
{DF8AB633-6D92-4535-A5F9-134FB8DF60AB}
{DF8AB633-6D92-4535-A5F9-134FB8DF60AB}
Global\BAE8A7C6-0FBC-447D-B63C-2566AE335455
Global\BAE8A7C6-0FBC-447D-B63C-2566AE335455
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
31.19.1.2516
31.19.1.2516