Trojan.Win32.Swrort.3_301c88cae3

by malwarelabrobot on May 16th, 2015 in Malware Descriptions.

Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 301c88cae3b189bb4c65ff97cb810d1e
SHA1: b3836879a3744ebc5c30a4c6b347f044d39be03a
SHA256: 723423dcfe5f1b468f79f789a475d9585b2d9d367550dc10c7aa7f37c70f143d
SSDeep: 24576:Qhwv6RjKJ7OYu7qgOgJ5yVihLKuovdmPrqiTGdaOcIZb:mxKxgJEViRKd1yr5TKDcy
Size: 941080 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Carambis (MEDIA FOG LTD.)
Created at: 2014-12-18 10:22:46
Analyzed on: Windows7Ada SP1 64-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

APNSetup1.exe:448
TBNotifier.exe:580
vcredist_x86.exe:820
carambis_driver_updater_24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.exe:2764
IdcLdr.exe:1860
IdcLdr.exe:1584
%original file name%.exe:1912
APNSetup.exe:2700
apnmcp.exe:2292
vcredist_x64.exe:3060
Setup.exe:1060
Setup.exe:1840
Offercast2910_NDV_.exe:1904
Offercast2910_NDV_.exe:2988
MsiExec.exe:208
MsiExec.exe:1172
IdcLdr_x64.exe:2888

The Trojan injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process APNSetup1.exe:448 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll (272 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll (561 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\apnmcp.exe (178 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml (308 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1212 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaaadgepjkdffhjbkfjgnnffnfcffbg.json (285 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_F7B10375EAC02BAADDA45DA11949EA52 (1 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe (156 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll (460 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_NDV-SP@apn.ask.com.xpi (765 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (97 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml (2 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\searchhook.dll (73 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\AskToolbarInstaller-12.28.1_NDV-SP.msi (516 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1034.mst (40 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\APN-Stub\NDV-SP\Stb8665fac0-1198-479e-85d6-725d8d40bbe1.log (8720 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1043.mst (41 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_45BA4D4769FDB8508CEACDC73D403554 (1212 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1049.mst (37 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\common appdata\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx (698 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1041.mst (39 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\Setup[1].ini (808 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1045.mst (37 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1033.mst (13 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml (180 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe (182 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (111 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx (565 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Toolbar.exe (390 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\Setup.ini (155 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1031.mst (43 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1036.mst (41 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\SO.dll (677 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll (11 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll (45 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe (105 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\toolbar.dll (223 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_45BA4D4769FDB8508CEACDC73D403554 (1 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\1040.mst (41 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\2070.mst (38 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (171 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\ApnSetup.exe (4545 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll (130 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_F7B10375EAC02BAADDA45DA11949EA52 (1194 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe (114 bytes)

The process TBNotifier.exe:580 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\ProgramData\AskPartnerNetwork\Toolbar\NDV-SP\Updater\Config\Config.31.19.1.0-5.xml (179 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\favicon[1].ico (1150 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{4B94FF28-B18F-4714-9B39-398825D1D9E1}.ico (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apnuosearch.xml (818 bytes)
C:\ProgramData\AskPartnerNetwork\Toolbar\NDV-SP\Updater\Response\Response.31.19.1.0-0.xml (315 bytes)

The process vcredist_x86.exe:820 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\8292de540935f07b706498\3082\SetupResources.dll (18 bytes)
C:\8292de540935f07b706498\2052\LocalizedData.xml (31 bytes)
C:\8292de540935f07b706498\ParameterInfo.xml (62 bytes)
C:\8292de540935f07b706498\1041\LocalizedData.xml (926 bytes)
C:\8292de540935f07b706498\SetupUi.xsd (581 bytes)
C:\8292de540935f07b706498\1036\SetupResources.dll (18 bytes)
C:\8292de540935f07b706498\1040\eula.rtf (3438 bytes)
C:\8292de540935f07b706498\1031\SetupResources.dll (18 bytes)
C:\8292de540935f07b706498\Graphics\Setup.ico (590 bytes)
C:\8292de540935f07b706498\Strings.xml (14 bytes)
C:\8292de540935f07b706498\Graphics\warn.ico (10 bytes)
C:\8292de540935f07b706498\Graphics\Rotate1.ico (894 bytes)
C:\8292de540935f07b706498\Setup.exe (1013 bytes)
C:\8292de540935f07b706498\3082\eula.rtf (2558 bytes)
C:\8292de540935f07b706498\Graphics\Rotate7.ico (894 bytes)
C:\8292de540935f07b706498\1033\eula.rtf (7 bytes)
C:\8292de540935f07b706498\Graphics\Print.ico (1 bytes)
C:\8292de540935f07b706498\3082\LocalizedData.xml (930 bytes)
C:\8292de540935f07b706498\UiInfo.xml (1883 bytes)
C:\8292de540935f07b706498\SplashScreen.bmp (1098 bytes)
C:\8292de540935f07b706498\Graphics\Rotate6.ico (894 bytes)
C:\8292de540935f07b706498\2052\eula.rtf (3430 bytes)
C:\8292de540935f07b706498\SetupEngine.dll (12353 bytes)
C:\8292de540935f07b706498\1042\LocalizedData.xml (737 bytes)
C:\8292de540935f07b706498\1049\SetupResources.dll (172 bytes)
C:\8292de540935f07b706498\vc_red.msi (1604 bytes)
C:\8292de540935f07b706498\1036\LocalizedData.xml (1028 bytes)
C:\8292de540935f07b706498\DHtmlHeader.html (16 bytes)
C:\8292de540935f07b706498\DisplayIcon.ico (1950 bytes)
C:\8292de540935f07b706498\1049\LocalizedData.xml (690 bytes)
C:\8292de540935f07b706498\vc_red.cab (60660 bytes)
C:\8292de540935f07b706498\Graphics\Rotate2.ico (894 bytes)
C:\8292de540935f07b706498\1028\eula.rtf (3039 bytes)
C:\8292de540935f07b706498\SetupUi.dll (4781 bytes)
C:\8292de540935f07b706498\Graphics\SysReqMet.ico (1 bytes)
C:\8292de540935f07b706498\Graphics\stop.ico (10 bytes)
C:\8292de540935f07b706498\1042\eula.rtf (5133 bytes)
C:\8292de540935f07b706498\sqmapi.dll (2482 bytes)
C:\8292de540935f07b706498\1049\eula.rtf (2548 bytes)
C:\8292de540935f07b706498\Graphics (4 bytes)
C:\8292de540935f07b706498\1028\SetupResources.dll (14 bytes)
C:\8292de540935f07b706498\Graphics\Rotate4.ico (894 bytes)
C:\8292de540935f07b706498\Graphics\Rotate3.ico (894 bytes)
C:\8292de540935f07b706498\1031\eula.rtf (2315 bytes)
C:\8292de540935f07b706498\1040\SetupResources.dll (222 bytes)
C:\8292de540935f07b706498\1036\eula.rtf (2994 bytes)
C:\8292de540935f07b706498\1040\LocalizedData.xml (740 bytes)
C:\8292de540935f07b706498\Graphics\Rotate8.ico (894 bytes)
C:\8292de540935f07b706498\Graphics\Rotate5.ico (894 bytes)
C:\8292de540935f07b706498\1033\SetupResources.dll (17 bytes)
C:\8292de540935f07b706498\Graphics\Save.ico (1 bytes)
C:\8292de540935f07b706498\1031\LocalizedData.xml (1388 bytes)
C:\8292de540935f07b706498\1028\LocalizedData.xml (326 bytes)
C:\8292de540935f07b706498\header.bmp (7 bytes)
C:\8292de540935f07b706498\watermark.bmp (5264 bytes)
C:\8292de540935f07b706498\$shtdwn$.req (788 bytes)
C:\8292de540935f07b706498\1041\eula.rtf (2730 bytes)
C:\8292de540935f07b706498 (4 bytes)
C:\8292de540935f07b706498\1041\SetupResources.dll (15 bytes)
C:\8292de540935f07b706498\2052\SetupResources.dll (594 bytes)
C:\8292de540935f07b706498\Graphics\SysReqNotMet.ico (1 bytes)
C:\8292de540935f07b706498\1042\SetupResources.dll (15 bytes)
C:\8292de540935f07b706498\1033\LocalizedData.xml (596 bytes)

The process carambis_driver_updater_24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.exe:2764 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Offercast2910_NDV_.exe (33440 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\nsProcess.dll (12 bytes)
%Program Files% (x86)\Carambis\Driver Updater\htmlayout.dll (31856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\nsDialogs.dll (21 bytes)
%Program Files% (x86)\Carambis\Driver Updater\Win32\Installer.exe (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_EN.ini (6 bytes)
%Program Files% (x86)\Carambis\Driver Updater\CrashSender.exe (20624 bytes)
%Program Files% (x86)\Carambis\Driver Updater\CrashRpt.dll (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_JP.ini (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\ElevatePrivileges.dll (3398 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_IT.ini (7 bytes)
%Program Files% (x86)\Carambis\Driver Updater\imageformats\qico4.dll (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\ioSpecial.ini (28236 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Driver Updater.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_RU.ini (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_ES.ini (8 bytes)
%Program Files% (x86)\Carambis\Driver Updater\dbghelp.dll (33455 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_FR.ini (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\Registry.dll (3410 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\InstallOptions.dll (31 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\execDos.dll (13 bytes)
%Program Files% (x86)\Carambis\Driver Updater\QtNetwork4.dll (33391 bytes)
%Program Files% (x86)\Carambis\Driver Updater\QtGui4.dll (272329 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carambis\Driver Updater\Uninstall.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\vcredist_x86.exe (165566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\LangDLL.dll (13 bytes)
%Program Files% (x86)\Carambis\Driver Updater\sqlite3.dll (8184 bytes)
%Program Files% (x86)\Carambis\Driver Updater\dupdater.exe (131786 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\System.dll (23 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carambis\Driver Updater\Driver Updater.lnk (1 bytes)
%Program Files% (x86)\Carambis\Driver Updater\QtXml4.dll (12088 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_DE.ini (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\installer_translate.ini (6456 bytes)
C:\Users\Public\Desktop\Driver Updater.lnk (1 bytes)
%Program Files% (x86)\Carambis\Driver Updater\x64\Installer.exe (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\modern-wizard.bmp (5520 bytes)
%Program Files% (x86)\Carambis\Driver Updater\QtCore4.dll (76650 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\vcredist_x64.exe (182477 bytes)
%Program Files% (x86)\Carambis\Driver Updater\uninstall.exe (6360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\welcome.bmp (5520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\modern-header.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx53E.tmp (914302 bytes)
%Program Files% (x86)\Carambis\Driver Updater\libcurl.dll (8184 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\list-bullet.bmp (102 bytes)

The process IdcLdr.exe:1860 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe (857 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll (3073 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll (3361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (845 bytes)

The process IdcLdr.exe:1584 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (114 bytes)

The process %original file name%.exe:1912 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\carambis_driver_updater_24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.exe (5158553 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.txt (512 bytes)

The process APNSetup.exe:2700 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\ProgramData\APN\APN-Stub\NDV-SP\stampbin.dat (8 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\ChromeUtils (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_45BA4D4769FDB8508CEACDC73D403554 (1504 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (696 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_F7B10375EAC02BAADDA45DA11949EA52 (1 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP (4 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\Setup[1].ini (808 bytes)
C:\ProgramData\APN\APN-Stub\NDV-SP\Setup.ini (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_45BA4D4769FDB8508CEACDC73D403554 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_F7B10375EAC02BAADDA45DA11949EA52 (1480 bytes)

The process vcredist_x64.exe:3060 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\a2bc9aa8af392cd2c7e7be\Graphics\stop.ico (10 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\SysReqNotMet.ico (1 bytes)
C:\a2bc9aa8af392cd2c7e7be\1040\LocalizedData.xml (979 bytes)
C:\a2bc9aa8af392cd2c7e7be\SetupEngine.dll (12353 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Setup.ico (809 bytes)
C:\a2bc9aa8af392cd2c7e7be\3082\SetupResources.dll (18 bytes)
C:\a2bc9aa8af392cd2c7e7be\SplashScreen.bmp (1098 bytes)
C:\a2bc9aa8af392cd2c7e7be\sqmapi.dll (2482 bytes)
C:\a2bc9aa8af392cd2c7e7be\1028\LocalizedData.xml (565 bytes)
C:\a2bc9aa8af392cd2c7e7be\1033\LocalizedData.xml (1027 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate2.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\vc_red.cab (70265 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate8.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate7.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\ParameterInfo.xml (282 bytes)
C:\a2bc9aa8af392cd2c7e7be (4 bytes)
C:\a2bc9aa8af392cd2c7e7be\$shtdwn$.req (788 bytes)
C:\a2bc9aa8af392cd2c7e7be\1031\SetupResources.dll (18 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate6.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\SysReqMet.ico (1 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Save.ico (1 bytes)
C:\a2bc9aa8af392cd2c7e7be\SetupUi.xsd (581 bytes)
C:\a2bc9aa8af392cd2c7e7be\1042\LocalizedData.xml (976 bytes)
C:\a2bc9aa8af392cd2c7e7be\1049\SetupResources.dll (391 bytes)
C:\a2bc9aa8af392cd2c7e7be\vc_red.msi (2392 bytes)
C:\a2bc9aa8af392cd2c7e7be\watermark.bmp (5264 bytes)
C:\a2bc9aa8af392cd2c7e7be\1028\SetupResources.dll (14 bytes)
C:\a2bc9aa8af392cd2c7e7be\3082\LocalizedData.xml (150 bytes)
C:\a2bc9aa8af392cd2c7e7be\DHtmlHeader.html (16 bytes)
C:\a2bc9aa8af392cd2c7e7be\1036\LocalizedData.xml (672 bytes)
C:\a2bc9aa8af392cd2c7e7be\1040\eula.rtf (2985 bytes)
C:\a2bc9aa8af392cd2c7e7be\1033\eula.rtf (7 bytes)
C:\a2bc9aa8af392cd2c7e7be\1041\SetupResources.dll (15 bytes)
C:\a2bc9aa8af392cd2c7e7be\1028\eula.rtf (3478 bytes)
C:\a2bc9aa8af392cd2c7e7be\1042\SetupResources.dll (15 bytes)
C:\a2bc9aa8af392cd2c7e7be\2052\eula.rtf (3141 bytes)
C:\a2bc9aa8af392cd2c7e7be\1049\LocalizedData.xml (909 bytes)
C:\a2bc9aa8af392cd2c7e7be\1036\SetupResources.dll (666 bytes)
C:\a2bc9aa8af392cd2c7e7be\1031\LocalizedData.xml (840 bytes)
C:\a2bc9aa8af392cd2c7e7be\SetupUi.dll (4781 bytes)
C:\a2bc9aa8af392cd2c7e7be\1049\eula.rtf (2867 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics (4 bytes)
C:\a2bc9aa8af392cd2c7e7be\2052\LocalizedData.xml (31 bytes)
C:\a2bc9aa8af392cd2c7e7be\DisplayIcon.ico (1950 bytes)
C:\a2bc9aa8af392cd2c7e7be\header.bmp (7 bytes)
C:\a2bc9aa8af392cd2c7e7be\Setup.exe (1013 bytes)
C:\a2bc9aa8af392cd2c7e7be\UiInfo.xml (1318 bytes)
C:\a2bc9aa8af392cd2c7e7be\1031\eula.rtf (2414 bytes)
C:\a2bc9aa8af392cd2c7e7be\1041\LocalizedData.xml (142 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate3.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate1.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\1033\SetupResources.dll (17 bytes)
C:\a2bc9aa8af392cd2c7e7be\2052\SetupResources.dll (833 bytes)
C:\a2bc9aa8af392cd2c7e7be\3082\eula.rtf (2657 bytes)
C:\a2bc9aa8af392cd2c7e7be\1041\eula.rtf (3169 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\warn.ico (10 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate5.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\1042\eula.rtf (5772 bytes)
C:\a2bc9aa8af392cd2c7e7be\Strings.xml (14 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Print.ico (1 bytes)
C:\a2bc9aa8af392cd2c7e7be\1036\eula.rtf (3123 bytes)
C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate4.ico (894 bytes)
C:\a2bc9aa8af392cd2c7e7be\1040\SetupResources.dll (461 bytes)

The process Setup.exe:1060 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C 2010 x86 Redistributable Setup_20150515_204643649.html (147736 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIE0BE.tmp.html (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup_20150515_204643509.html (51982 bytes)
C:\8292de540935f07b706498\sqmapi.dll (147 bytes)
C:\8292de540935f07b706498\SetupEngine.dll (811 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C 2010 x86 Redistributable Setup_20150515_204643649-MSI_vc_red.msi.txt (158631 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIE18C.tmp.html (27528 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup_20150515_2 (2036 bytes)

The process Setup.exe:1840 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\a2bc9aa8af392cd2c7e7be\SetupEngine.dll (811 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIF6AE.tmp.html (22 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIF79B.tmp.html (27528 bytes)
C:\a2bc9aa8af392cd2c7e7be\sqmapi.dll (147 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C 2010 x64 Redistributable Setup_20150515_204649296.html (156720 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C 2010 x64 Redistributable Setup_20150515_204649296-MSI_vc_red.msi.txt (149727 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup_20150515_204649140.html (51982 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup_20150515_2 (692 bytes)

The process Offercast2910_NDV_.exe:1904 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\CRPrimary-ext1[1].png (1931 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\IEPrimary-ext.png (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\scrolltext[1].xml (3389 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\IEPrimary-ext[1].png (1929 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\pipcore-min[1].js (37170 bytes)
C:\Users\"%CurrentUserName%"\Documents\APNSetup1.exe (9025 bytes)
C:\Users\"%CurrentUserName%"\Documents\APNSetup.exe (9025 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\APNAnalytics.xml (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\scrolltext.xml (24 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\orchestrator1[1].htm (1462 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\APNAnalytics[1].xml (583 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CRPrimary-ext1.png (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\install[1].ico (2344 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\install.ico (13 bytes)

The process Offercast2910_NDV_.exe:2988 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\OBJECTMODEL.JS (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\JSON.JS (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\SATTB.PNG (20 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\UI.XML (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\LOADINGSCREEN.PNG (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\V7TB.PNG (9 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ORCHESTRATOR.HTML (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\TB.PNG (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ANALYTICS.XML (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\RULES.JS (60 bytes)

The process MsiExec.exe:208 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Windows\Installer\MSID013.tmp (208 bytes)
C:\Windows\Installer\MSID143.tmp (208 bytes)
C:\Windows\Installer\MSICDCD.tmp (208 bytes)
C:\Windows\Installer\MSICFC3.tmp (208 bytes)
C:\Windows\Installer\MSID092.tmp (208 bytes)
C:\Windows\Installer\MSID0B2.tmp (208 bytes)
C:\Windows\Installer\MSICDAD.tmp (208 bytes)
C:\Windows\Installer\MSICD0F.tmp (208 bytes)
C:\Windows\Installer\MSICC91.tmp (208 bytes)
C:\Windows\Installer\MSID0D3.tmp (208 bytes)
C:\Windows\Installer\MSID053.tmp (208 bytes)
C:\Windows\Installer\MSICFE4.tmp (208 bytes)
C:\Windows\Installer\MSICD6E.tmp (208 bytes)
C:\Windows\Installer\MSID102.tmp (208 bytes)
C:\Windows\Installer\MSICE0D.tmp (208 bytes)
C:\Windows\Installer\MSID123.tmp (208 bytes)

The process MsiExec.exe:1172 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Windows\Installer\MSID24F.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll (11 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll (1281 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1036.mst (41 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1049.mst (37 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll (1425 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1041.mst (39 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe (2105 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (172 bytes)
C:\Windows\Installer\MSID4C3.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (49 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll (3073 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll (12 bytes)
C:\Windows\Installer\MSID454.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_NDV-SP@apn.ask.com.xpi (5441 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll (3361 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\SO.dll (4545 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1031.mst (43 bytes)
C:\Windows\Installer\MSID1F0.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe (601 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\common appdata\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx (4545 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1043.mst (41 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1040.mst (41 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml (2 bytes)
C:\Windows\Installer\MSID966.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1034.mst (40 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\2070.mst (38 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\AskToolbarInstaller-12.28.1_NDV-SP.msi (3073 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1033.mst (13 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx (3361 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (14988 bytes)
C:\Windows\Installer\MSID493.tmp (208 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1045.mst (37 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe (673 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaaadgepjkdffhjbkfjgnnffnfcffbg.json (285 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll (45 bytes)
%Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml (308 bytes)
C:\Windows\Installer\MSID2DC.tmp (208 bytes)
C:\Windows\Installer\MSID9B5.tmp (208 bytes)

The process IdcLdr_x64.exe:2888 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll (131 bytes)

Registry activity

The process APNSetup1.exe:448 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "14 B1 4F 02 37 8F D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Classes\Local Settings\MuiCache\2F\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4A 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "DF 13 6D 3D 37 8F D0 01"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"APN-Stub_NDV-SP" = "C:\ProgramData\APN\APN-Stub\NDV-SP\ApnSetup.exe /install=NDV-SP /dtid=default /trgb=IE /type=vanilla,vanspe /hpr=1 /log /install=NDV-SP /dtid=default /trgb=IE /type=vanilla,vanspe /sa=1 /log /install=NDV-SP /dtid=default /trgb=CR /type=vanilla,vanspe /crcrx=aaaaadgepjkdffhjbkfjgnnffnfcffbg /log /sa=1 /hpr=1 /runonce"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"APN-Stub_NDV-SP"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"APN-Stub_NDV-SP"

The process TBNotifier.exe:580 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableHPGUserGuide" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ff_tb" = "4294967292"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIEDSByPass" = "0"
"switches/enableIENTG" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "7F 37 DB 42 37 8F D0 01"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ff_hpr" = "0"
"cr_countDisabled" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"LastPlatformVersion" = "12.28.1.1293"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"hpr_ff_set" = "0"
"sa_ie" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableHPG" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"dailyconfigupdateime" = "2015-05-15T20:47:47"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableGCStartupPage" = "1"
"switches/enableNTHP" = "1"
"switches/enableGCDefaultSearchGuard" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"cr_nt" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableHPGBurstMode" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4C 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableToolbarCleaner" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ie_browserRestarted" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://www.search.ask.com/?tpid=NDV-SP&o=APN10975&pf=V7&trgb=IE&p2=^B2X^YYYYYY^YY^UA&gct=hp&apn_ptnrs=^B2X&apn_dtid=^YYYYYY^YY^UA&apn_dbr=iexplore.exe_6_10.0.9200.16521&apn_uid=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&itbv=12.28.1.1293&doi=2015-05-15&psv=&pt=tb"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"ie_last_hpr" = "http://www.search.ask.com/?tpid=NDV-SP&o=APN10975&pf=V7&trgb=IE&p2=^B2X^YYYYYY^YY^UA&gct=hp&apn_ptnrs=^B2X&apn_dtid=^YYYYYY^YY^UA&apn_dbr=iexplore.exe_6_10.0.9200.16521&apn_uid=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&itbv=12.28.1.1293&doi=2015-05-15&psv=&pt=tb"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B94FF28-B18F-4714-9B39-398825D1D9E1}]
"ShowSearchSuggestions" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"hpr_ie" = "http://www.search.ask.com/?tpid=NDV-SP&o=APN10975&pf=V7&trgb=IE&p2=^B2X^YYYYYY^YY^UA&gct=hp&apn_ptnrs=^B2X&apn_dtid=^YYYYYY^YY^UA&apn_dbr=iexplore.exe_6_10.0.9200.16521&apn_uid=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&itbv=12.28.1.1293&doi=2015-05-15&psv=&pt=tb"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ie_countDisabled" = "0"
"ie_hpr" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"hpr_cr_set" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"nthp_prev" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"nthp_ie_set" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIEIDC" = "1"
"switches/enableGCRetakeOffer" = "0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B94FF28-B18F-4714-9B39-398825D1D9E1}]
"URL" = "http://www.search.ask.com/web?tpid=NDV-SP&o=APN10975&pf=V7&p2=^B2X^YYYYYY^YY^UA&gct=&itbv=12.28.1.1293&apn_uid=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&apn_ptnrs=^B2X&apn_dtid=^YYYYYY^YY^UA&apn_dbr=iexplore.exe_6_10.0.9200.16521&doi=2015-05-15&trgb=IE&q={searchTerms}&psv=&pt=tb"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\Shutdown]
"Done" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableFFRestart" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIENTRebuttal" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"sa_cr_set" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableGCEnableAssist" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ff_countEnabled" = "0"
"cr_ds" = "0"
"cr_browserRestarted" = "0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B94FF28-B18F-4714-9B39-398825D1D9E1}]
"FaviconURL" = "http://www.search.ask.com/favicon.ico"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableFFRevert" = "1"
"switches/enableGCIDC" = "1"

[HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing]
"NewTabPageShow" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"hpr_ie_set" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"iedsgdisable" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"cr_tb" = "4294967292"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"sa_ie_set" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ie_countEnabled" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\Reporting]
"lastUpdateCallLatency" = "999"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"cr_start" = "0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B94FF28-B18F-4714-9B39-398825D1D9E1}]
"DisplayName" = "Ask Search"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"last_ds" = "{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableGCRestart" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%SystemRoot%\system32]
"p2pcollab.dll,-8042" = "Peer to Peer Trust"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ie_nt" = "0"
"ff_nt" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "DF 13 6D 3D 37 8F D0 01"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIEDSRebuttal" = "1"
"switches/enableIETakeDSAssist" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ff_crm" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"ierhp" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableGCSideLoad" = "1"
"switches/enableFFToolbarProtection" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"cr_signin" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"ie_tb_set" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIEReacquisition" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"timeinstalled_ie" = "2015-05-15T12:47:44"
"sa_ff_set" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableGC32Rebuttal" = "1"
"switches/enableChromeSearchProtection" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"assetLost" = "Type: REG_SZ, Length: 0"
"cr_countEnabled" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIEToolbarProtection" = "1"
"switches/enableGCStockURLMonitor" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\Shutdown]
"LO" = "65 E7 03 A5 B2 39 74 70 E7 F1 AE 91 F1 E0 AA 3C"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ff_countDisabled" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableGCNewTabGuard" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ie_ds" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\Reporting]
"lastConfigDnldLatency" = "561"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"postinstallreportstate" = "0"
"nthp_ie" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"cr_hb" = "0"
"ff_browserRestarted" = "0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableSmartIDC" = "0"
"switches/enableIEHPRebuttal" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"Comp" = "Type: REG_SZ, Length: 0"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIEDSG" = "0"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B94FF28-B18F-4714-9B39-398825D1D9E1}]
"SuggestionsURL_JSON" = "http://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={searchTerms}"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableFFHPG" = "0"
"switches/enableIERestart" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP]
"timeinstalled" = "2015-05-15T12:47:44"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\report]
"ie_tb" = "4294967293"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B94FF28-B18F-4714-9B39-398825D1D9E1}]
"FaviconPath" = "C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{4B94FF28-B18F-4714-9B39-398825D1D9E1}.ico"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableVNT" = "1"

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4B94FF28-B18F-4714-9B39-398825D1D9E1}]
"OSDFileURL" = "file:///C:/Users/adm/AppData/Local/Temp/apnuosearch.xml"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"tbnguid" = "3CBBACF0-15D0-44D7-A238-A35DD11B65B4"

[HKCU\Software\Classes\Local Settings\MuiCache\30\52C64B7E\@%SystemRoot%\system32]
"dnsapi.dll,-103" = "Domain Name System (DNS) Server Trust"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\NDV-SP\ServerSwitches]
"switches/enableIEDefaultSearchAssist" = "1"
"switches/enableStartSingleBrowser" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following registry key(s):

[HKCU\Software\Classes\Local Settings\MuiCache\2F\52C64B7E]
[HKCU\Software\Classes\Local Settings\MuiCache\2F]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"PreventGCDSReset"
"iedsg_changed"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"ientgdisable"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater]
"hpgdisable"
"last_ds"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\AskPartnerNetwork\Toolbar\Updater\Shutdown]
"Lo"

The process carambis_driver_updater_24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.exe:2764 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\APN PIP\NDV]
"Top" = "235"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater]
"InstallLocation" = "%Program Files% (x86)\Carambis\Driver Updater"

[HKCU\Software\Carambis\Driver Updater]
"subalias" = ""
"PartnerId" = "lbdu"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater]
"URLInfoAbout" = ""
"RegCompany" = "Carambis"

[HKCU\Software\Carambis\Driver Updater\generalSettings]
"Language" = "EN"

[HKCU\Software\APN PIP\NDV]
"Show_UI" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater]
"NoRepair" = "1"
"NoModify" = "1"
"DisplayVersion" = "2.4.1.3369"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\LOADINGSCREEN.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\SATTB.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\TB.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\V7TB.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ORCHESTRATOR.HTML, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\JSON.JS, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\OBJECTMODEL.JS, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\RULES.JS, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ANALYTICS.XML, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\UI.XML, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\nsProcess.dll,"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater]
"DisplayName" = "Carambis Driver Updater"
"DisplayIcon" = "%Program Files% (x86)\Carambis\Driver Updater\dupdater.exe"
"HelpLink" = ""

[HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\goalojoobcfkhddpbjcmhdceeegmaphh]
"update_url" = "http://clients2.google.com/service/update2/crx"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater]
"Publisher" = "MEDIA FOG LTD"

[HKCU\Software\Carambis\Driver Updater\generalSettings]
"scanAtStartupEnabled" = "true"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater]
"UninstallString" = "%Program Files% (x86)\Carambis\Driver Updater\uninstall.exe"

[HKCU\Software\Carambis\Driver Updater]
"VID" = "445"

[HKCU\Software\Carambis\Driver Updater\generalSettings]
"launchProgramAtStartupEnabled" = "true"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Driver Updater]
"Comments" = "Carambis (MEDIA FOG LTD). All rights reserved."

[HKCU\Software\Carambis\Driver Updater]
"InstallOptions" = "1"

[HKCU\Software\APN PIP\NDV]
"Left" = "606"
"Start_Install" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Driver Updater" = "%Program Files% (x86)\Carambis\Driver Updater\dupdater.exe -minimized"

The Trojan deletes the following value(s) in system registry:
The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Driver Updater"

The process IdcLdr.exe:1860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process %original file name%.exe:1912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process APNSetup.exe:2700 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "14 B1 4F 02 37 8F D0 01"

[HKCU\Software\Classes\Local Settings\MuiCache\2F\52C64B7E\@%SystemRoot%\system32]
"p2pcollab.dll,-8042" = "Peer to Peer Trust"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Classes\Local Settings\MuiCache\2F\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Classes\Local Settings\MuiCache\2F\52C64B7E\@%SystemRoot%\system32]
"dnsapi.dll,-103" = "Domain Name System (DNS) Server Trust"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 49 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "DF 13 6D 3D 37 8F D0 01"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"APN-Stub_NDV-SP" = "C:\ProgramData\APN\APN-Stub\NDV-SP\ApnSetup.exe /install=NDV-SP /dtid=default /trgb=IE /type=vanilla,vanspe /hpr=1 /log /install=NDV-SP /dtid=default /trgb=IE /type=vanilla,vanspe /sa=1 /log /install=NDV-SP /dtid=default /trgb=CR /type=vanilla,vanspe /crcrx=aaaaadgepjkdffhjbkfjgnnffnfcffbg /log /sa=1 /hpr=1 /runonce"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"APN-Stub_NDV-SP"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"APN-Stub_NDV-SP"

The process apnmcp.exe:2292 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\PackageService]
"lrpt" = "2015-05-15T17:48:46"

[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\PackageService\Register\ApnSetupV6]
"LastCheckTimestamp" = "2015-05-15T17:48:46"

The process Setup.exe:1060 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

The process Setup.exe:1840 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32]
"dnsapi.dll,-103" = "Domain Name System (DNS) Server Trust"

[HKCU\Software\Classes\Local Settings\MuiCache\2E\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32]
"p2pcollab.dll,-8042" = "Peer to Peer Trust"

The Trojan deletes the following registry key(s):

[HKCU\Software\Classes\Local Settings\MuiCache\2D]
[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]

The process Offercast2910_NDV_.exe:1904 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\APN PIP\NDV]
"Top" = "274"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\APN PIP\NDV]
"PIP_Exit_Code" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\APN PIP\NDV]
"PIP_Offers_Exitcode" = ""
"PIP_Offers_Launched" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionTime" = "14 B1 4F 02 37 8F D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "14 B1 4F 02 37 8F D0 01"

[HKCU\Software\APN PIP\NDV]
"PIP_Top" = "235"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\LOADINGSCREEN.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\SATTB.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\TB.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\V7TB.PNG, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ORCHESTRATOR.HTML, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\JSON.JS, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\OBJECTMODEL.JS, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\RULES.JS, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ANALYTICS.XML, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\UI.XML, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\nsProcess.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\, , \??\C:\Users\"%CurrentUserName%"\Documents\APNSetup.exe,"

[HKCU\Software\APN PIP\NDV]
"PIP_Toolbar_Exitcode" = "APNSetup.exe:55000 | APNSetup1.exe:55000"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\APN PIP\NDV]
"Left" = "617"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadNetworkName" = "Network 4"

[HKCU\Software\APN PIP\NDV]
"PIP_UI_Ready" = "1"
"PIP_Left" = "606"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 48 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDecisionReason" = "1"

[HKCU\Software\APN PIP\ipc\NDV]
"Uirt" = "20"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\APN PIP\NDV]
"PIP_UI_Complete" = "1"
"PIP_Toolbar_Launched" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\APN PIP\NDV]
"PIP_SkipAll" = "0"
"PIP_Toolbar_Selection" = "hpr:true|ds:true|oi:true"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\APN PIP\NDV]
"Top"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\APN PIP\NDV]
"Left"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9BA14452-3A93-4712-8A0D-BF6CFCC6695B}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\APN PIP\NDV]
"Show_UI"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\APN PIP\ipc\NDV]
"Uirt"

[HKCU\Software\APN PIP\NDV]
"Cancel_PIP"
"Start_Install"

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"PIP"

The process Offercast2910_NDV_.exe:2988 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "14 B1 4F 02 37 8F D0 01"

[HKCU\Software\APN PIP\NDV]
"Top" = "274"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\LOADINGSCREEN.PNG,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\APN PIP\NDV]
"Left" = "617"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 4B 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following registry key(s):

[HKCU\Software\APN PIP\ipc\NDV]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\APN PIP\NDV]
"Top"
"PIP_Exit_Code"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\APN PIP\NDV]
"Show_UI"
"PIP_Offers_Exitcode"
"PIP_Offers_Launched"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoDetect"

[HKCU\Software\APN PIP\NDV]
"PIP_Top"
"PIP_Toolbar_Exitcode"
"PIP_SkipAll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\APN PIP\NDV]
"PIP_UI_Ready"
"Cancel_PIP"
"PIP_Toolbar_Selection"
"PIP_Offers_Selection"
"PIP_UI_Complete"
"PIP_Toolbar_Launched"
"Left"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\APN PIP\NDV]
"PIP_Left"

[HKCU\Software\APN PIP\ipc\NDV]
"Uirt"

[HKCU\Software\APN PIP\NDV]
"Start_Install"

The process MsiExec.exe:1172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\Toolbar\NDV-SP\Macro]
"dtid" = "^YYYYYY^YY^UA"
"longitude" = "36.25"
"cbid" = "^B2X"
"dsdesc" = "Ask Search"
"dbr" = "iexplore.exe_6_10.0.9200.16521"
"P2" = "^B2X^YYYYYY^YY^UA"

[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\Toolbar\shared]
"TotalTBEverLanded" = "1"

[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\Toolbar\NDV-SP\Macro]
"tb-type" = "vanilla,vanspe"
"qsrc" = "2871"
"Domain" = "www.search.ask.com"
"apnuSwitches" = "0!1!2|3!4!5!6!7!8!9!12|13!14!17|19!20!23!24!25!26!27|28!29|30!31!33!34|35|36|38!39!40!41!44!45|"
"PSV" = ""
"tb-attrib" = "0"
"Guid" = "77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0"
"iedsast" = ""
"location" = "Kharkiv,Ukraine"
"o" = "APN10975"
"l" = "dis"
"gco" = "APN10975cr"

[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\Toolbar\NDV-SP\Info]
"Browsers" = "1_IE"

[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\Toolbar\NDV-SP\Macro]
"iedsgl" = "0"
"latitude" = "50.0"
"trgb" = "IE"
"dssn" = "Ask Search"
"pf" = "V7"
"nthp" = "1"
"slwo" = "0"
"Locale" = "en_US"

[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\Toolbar\shared]
"tbsinstalled" = "NDV-SP"

[HKLM\SOFTWARE\Wow6432Node\AskPartnerNetwork\Toolbar\NDV-SP\Macro]
"dbgrpt" = "0,1"

Dropped PE files

MD5 File path
d4b69c33199f0df1f4af2cf8b3d01af5 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe
ca0eb7b9276abf02c421358b74624d83 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Passport.dll
f5a86c21beda9481877024c7310e2f74 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Passport_x64.dll
f99218793560b339c053484e4e05c326 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe
d8afb9a31748bed9e42881cd19fd18ac c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\SO.dll
e15c6bb651876be555e8f0c123161954 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
44d94ed3042f017dc1028c6126a796cf c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe
8c1fc674241c8b5d2b0fbd93d7725417 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll
d2d8d500bb9de5bb8d5170e590b2f955 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe
f8c905c17205c5a9bfe2a23bbca1c816 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
3bdb596ba4471ccba2e1cec0d7b908e4 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
7dc35908ac8ab97ba98332aea466536a c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll
aaf4ce19eff7db1b7bafd413496cda4f c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll
76e3146b2dec6e03ceab9aa672ab4b35 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll
ab4a62655520bb9d1da87aad0ca35291 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll
4f1f1783fbd5edce63cd546813e4aafe c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
2bb7e9a887f26cdb5c19c76636e85394 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
0fc15680e2214d8f535dba9264e8df8e c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll
0812f64624ac50edaf91c8bd7ae6dcc0 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll
2eed640a2bc090ef395e135ccd4f0e94 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll
ca0eb7b9276abf02c421358b74624d83 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll
f5a86c21beda9481877024c7310e2f74 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll
d8afb9a31748bed9e42881cd19fd18ac c:\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll
e15c6bb651876be555e8f0c123161954 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe
44d94ed3042f017dc1028c6126a796cf c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe
8c1fc674241c8b5d2b0fbd93d7725417 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll
d2d8d500bb9de5bb8d5170e590b2f955 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe
f8c905c17205c5a9bfe2a23bbca1c816 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
3bdb596ba4471ccba2e1cec0d7b908e4 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
7dc35908ac8ab97ba98332aea466536a c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll
aaf4ce19eff7db1b7bafd413496cda4f c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll
76e3146b2dec6e03ceab9aa672ab4b35 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll
ab4a62655520bb9d1da87aad0ca35291 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll
4f1f1783fbd5edce63cd546813e4aafe c:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
2bb7e9a887f26cdb5c19c76636e85394 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
0fc15680e2214d8f535dba9264e8df8e c:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll
0812f64624ac50edaf91c8bd7ae6dcc0 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll
2eed640a2bc090ef395e135ccd4f0e94 c:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll
f71ba7c61956c3a00cee850b98891608 c:\Program Files (x86)\Carambis\Driver Updater\CrashRpt.dll
ccd478e4a08bb83db81521fed1e5b88d c:\Program Files (x86)\Carambis\Driver Updater\CrashSender.exe
ea37841d5cb8b9a5cab82685a40d7665 c:\Program Files (x86)\Carambis\Driver Updater\QtCore4.dll
960bc206b92ef49eede264547a946872 c:\Program Files (x86)\Carambis\Driver Updater\QtGui4.dll
e247189e0541907e6d915ef5d48e7bed c:\Program Files (x86)\Carambis\Driver Updater\QtNetwork4.dll
f298649615aeb4239d17746d28950bab c:\Program Files (x86)\Carambis\Driver Updater\QtXml4.dll
860a39d4d771a77ec5ec9850e112e84a c:\Program Files (x86)\Carambis\Driver Updater\Win32\Installer.exe
5c5e3afd499e5146fef1da5ef8a23205 c:\Program Files (x86)\Carambis\Driver Updater\dbghelp.dll
d20dcb3663fa7a8052342b1051b73da8 c:\Program Files (x86)\Carambis\Driver Updater\dupdater.exe
76f6bfa7c57acd6c83faea94b150e974 c:\Program Files (x86)\Carambis\Driver Updater\htmlayout.dll
840c0aad3d67b850f284d7fa14bcd3c1 c:\Program Files (x86)\Carambis\Driver Updater\imageformats\qico4.dll
1f90550de4a785daa703c6f4045df1ec c:\Program Files (x86)\Carambis\Driver Updater\libcurl.dll
3cb54463ea2c41b8203eb604baf09577 c:\Program Files (x86)\Carambis\Driver Updater\sqlite3.dll
0dac2baa7c035c9879082f55661b7429 c:\Program Files (x86)\Carambis\Driver Updater\uninstall.exe
ff2e3cfcfd519085389395bf07db341c c:\Program Files (x86)\Carambis\Driver Updater\x64\Installer.exe
aac7ed76e8de83f80d866efe99121f2a c:\Program Files (x86)\Common Files\microsoft shared\VC\msdia100.dll
b95b713b23abed30f3919c173f7851ef c:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll
f8c905c17205c5a9bfe2a23bbca1c816 c:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
3bdb596ba4471ccba2e1cec0d7b908e4 c:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
7dc35908ac8ab97ba98332aea466536a c:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll
aaf4ce19eff7db1b7bafd413496cda4f c:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll
76e3146b2dec6e03ceab9aa672ab4b35 c:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll
ab4a62655520bb9d1da87aad0ca35291 c:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll
1f8eb0a08612a515c49bd636b5c987bf c:\Users\"%CurrentUserName%"\AppData\Local\Temp\Offercast2910_NDV_.exe
d9cb1e2a326a3b29b9c4a6a3ffbfbb3a c:\Users\"%CurrentUserName%"\AppData\Local\Temp\carambis_driver_updater_24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.exe
f0438a894f3a7e01a4aae8d1b5dd0289 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\nsProcess.dll
d4b69c33199f0df1f4af2cf8b3d01af5 c:\Users\"%CurrentUserName%"\Documents\APNSetup.exe
d4b69c33199f0df1f4af2cf8b3d01af5 c:\Users\"%CurrentUserName%"\Documents\APNSetup1.exe
36d7d05505951f542922df4c725cc57d c:\Windows\SysWOW64\atl100.dll
07bccdcc337d393d7db0b2f8fe200b3f c:\Windows\SysWOW64\mfc100.dll
8bf73faa44c897c1812f2dacf0eaaf8a c:\Windows\SysWOW64\mfc100chs.dll
4ad997573259d5bbf211d9fb2bba3db0 c:\Windows\SysWOW64\mfc100cht.dll
5f522204b79025f0d5870076111409f3 c:\Windows\SysWOW64\mfc100deu.dll
d21165b7dbcc968cd829c00608f5694e c:\Windows\SysWOW64\mfc100enu.dll
81c0790dbd237317e4ba2908f53e045a c:\Windows\SysWOW64\mfc100esn.dll
bdb98792ce6c2654f14e1bf47263527b c:\Windows\SysWOW64\mfc100fra.dll
3301a48ec56740776326760858936bcd c:\Windows\SysWOW64\mfc100ita.dll
6a7f31c6fafea0ef7f17a9b17b247254 c:\Windows\SysWOW64\mfc100jpn.dll
b5a093f44e7e5c618a7698839df6583c c:\Windows\SysWOW64\mfc100kor.dll
6d163d436251978d14e4c80f33385d76 c:\Windows\SysWOW64\mfc100rus.dll
f841f32ad816dbf130f10d86fab99b1a c:\Windows\SysWOW64\mfc100u.dll
09ff12bae0eb3e6e688609095390d34b c:\Windows\SysWOW64\mfcm100.dll
9bf0cb63876ba82b8178ec733f6510c7 c:\Windows\SysWOW64\mfcm100u.dll
03e9314004f504a14a61c3d364b62f66 c:\Windows\SysWOW64\msvcp100.dll
67ec459e42d3081dd8fd34356f7cafc1 c:\Windows\SysWOW64\msvcr100.dll
631945c6518533a9fadaaa8e98f4ab5b c:\Windows\SysWOW64\vcomp100.dll
36d7d05505951f542922df4c725cc57d c:\Windows\System32\atl100.dll
07bccdcc337d393d7db0b2f8fe200b3f c:\Windows\System32\mfc100.dll
8bf73faa44c897c1812f2dacf0eaaf8a c:\Windows\System32\mfc100chs.dll
4ad997573259d5bbf211d9fb2bba3db0 c:\Windows\System32\mfc100cht.dll
5f522204b79025f0d5870076111409f3 c:\Windows\System32\mfc100deu.dll
d21165b7dbcc968cd829c00608f5694e c:\Windows\System32\mfc100enu.dll
81c0790dbd237317e4ba2908f53e045a c:\Windows\System32\mfc100esn.dll
bdb98792ce6c2654f14e1bf47263527b c:\Windows\System32\mfc100fra.dll
3301a48ec56740776326760858936bcd c:\Windows\System32\mfc100ita.dll
6a7f31c6fafea0ef7f17a9b17b247254 c:\Windows\System32\mfc100jpn.dll
b5a093f44e7e5c618a7698839df6583c c:\Windows\System32\mfc100kor.dll
6d163d436251978d14e4c80f33385d76 c:\Windows\System32\mfc100rus.dll
f841f32ad816dbf130f10d86fab99b1a c:\Windows\System32\mfc100u.dll
09ff12bae0eb3e6e688609095390d34b c:\Windows\System32\mfcm100.dll
9bf0cb63876ba82b8178ec733f6510c7 c:\Windows\System32\mfcm100u.dll
03e9314004f504a14a61c3d364b62f66 c:\Windows\System32\msvcp100.dll
67ec459e42d3081dd8fd34356f7cafc1 c:\Windows\System32\msvcr100.dll
631945c6518533a9fadaaa8e98f4ab5b c:\Windows\System32\vcomp100.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Carambis (MEDIA FOG LTD.)
Product Name: Carambis Installer
Product Version: 1.0.0.2
Legal Copyright: Carambis (MEDIA FOG LTD.) All rights reserved. 2014
Legal Trademarks:
Original Filename: Carambis Installer
Internal Name: Carambis Installer
File Version: 1.0.0.2
File Description:
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
UPX0 4096 1945600 0 0 d41d8cd98f00b204e9800998ecf8427e
UPX1 1949696 921600 921600 5.54496 dbafe97b79c31d9f50b1027c99e2c84d
.rsrc 2871296 12288 12288 3.6405 4cb2b8e5fd826767e3da8960aa2d46c4

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 3
23ca72049c60fe33bb193cacf6c9f42a
bbf266c299b592fb3394bc51c22fe0c8
5501c5958ab8ecb6c80f51981734d2a3

URLs

URL IP
hxxp://google.com/ 173.194.112.40
hxxp://a.carambis.com/program_downloader.php 87.245.204.36
hxxp://rudn3.carambis.com/DriverUpdaterSetupA-2.4.1.3369.exe 87.245.204.39
hxxp://e3432.g.akamaiedge.net/static/partners/NDV/APNAnalytics.xml
hxxp://a610.b.akamai.net/PIP/Server.jhtml?partner_id=NDV&language=en&version=2.9.1.0
hxxp://e3432.g.akamaiedge.net/static/resources/ochelper/2.9.1.0/ochelper.exe
hxxp://e3432.g.akamaiedge.net/static/resources/ui/html/orchestrator1.html?PIPPID=NDV&PTBPartnerID=NDV-SP&STBPartnerID=&tbType=vanilla&version=2.9.1.0&AntiCache=25544
hxxp://e3432.g.akamaiedge.net/static/resources/ui/js/pipcore-min.js?vers=1124
hxxp://e3432.g.akamaiedge.net/static/partners/NDV/images/IEPrimary-ext.png
hxxp://e3432.g.akamaiedge.net/static/partners/NDV/scrolltext.xml
hxxp://e3432.g.akamaiedge.net/static/partners/NDV/images/CRPrimary-ext1.png
hxxp://a90.b.akamai.net/media/toolbar/everest/7.19.0/APNSetup.exe
hxxp://a610.b.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f92e6d35e1df3589
hxxp://e3432.g.akamaiedge.net/static/partners/NDV/images/install.ico
hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://a90.b.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9ee72119169be0e6
hxxp://www106.search.ask.com/v7/installed?pid=NDV-SP&dtid=default&cbid=&pf=&pids=&dbr=iexplore.exe_6_10.0.9200.16521&user_lid=409&client=stub
hxxp://a1778.b.akamai.net/PIP/OfferAccept.jhtml
hxxp://a610.b.akamai.net/media/toolbar/everest/partners/NDV-SP/YY/Setup.ini
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEC9ONDFhvH62dRTT3OxDTqA=
hxxp://www187.apnanalytics.com/tr.gif?anxa=APNStub&anxv=7.19.0.44&anxe=OfferCheckEvent&anxr=TwuB1Ilc&reason=offerMadeClean&tb-type=vanilla,vanspe&tpid=NDV-SP&trgb=IE&result=1&ft=install&udbr=iexplore.exe_6_10.0.9200.16521
hxxp://a90.b.akamai.net/media/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z
hxxp://www103.apnpartners.com/PIP/OfferAccept.jhtml
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEHS6wwlnORsIJC159/eUSeI=
hxxp://www106.search.ask.com/v6/apnu/update?tb=NDV-SP&cbid=^B2X&v=31.19.1.0&r=0&build=0&tbguid=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&id=E49BE05E-944B-42E5-8321-48F1F908ACD8&locale=en_US&dtid=^YYYYYY^YY^UA&os-lang=en&tbv=12.28.1.1293&apn_dbr=iexplore.exe_6_10.0.9200.16521&iev=10.0.9200.16521&ffv=29.0.1&gcv=41.0.2272.118
hxxp://www187.apnanalytics.com/tr.gif?anxa=APNStub&anxv=7.19.0.44&anxe=InstallerEvent&anxp=^B2X^YYYYYY^YY^UA&anxr=tYr5Qosu&ietbs=NDV-SP:vanilla,vanspe&ieVersionInstalled=10.0.9200.16521&apn_dbr=iexplore.exe_6_10.0.9200.16521&userSelection=hp:1;ds:1&defaultSearchChoice=1&reason=offerMadeClean&ffVersionInstalled=29.0.1.5239&osArchitecture=64&tb-type=vanilla,vanspe&installApiAttempts=1&unzippingTime=0.11&ie_hpr=0&msiErrorData=None&browsers=1_IE&osDetail=6.1.1.sp1.x64&anxtv=12.28.1&msiErrorCode=&tpid=NDV-SP&offerCheckTime=0.92&installApiTime=0.28&user_dbr=iexplore.exe_6_10.0.9200.16521&anxt=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&locale=en_US&executionTime=4.95&ie_ds=0&crVersionInstalled=41.0.2272.118&TargetBrowser=IE&msiVersion=5.0.7601.17807&msiExitCode=0&installationResult=success&downloadTime=2.48&setupTime=0.25&homepageChoice=1
hxxp://www187.apnanalytics.com/tr.gif?anxa=TBNotifier&anxv=31.19.1.0&anxt=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&anxtv=12.28.1.1293&anxp=^B2X^YYYYYY^YY^UA&tbnguid=3CBBACF0-15D0-44D7-A238-A35DD11B65B4&cr_tboff=0&cr_nt=0&ie_nt=0&cr_start=0&osArchitecture=64&pid=NDV-SP&apnuBuildNumber=0&cr_hb=0&anxr=Wm5rK7r-&ie_hpr=0&osDetail=6.1.1.sp1.x64&cr_ds=0&anxe=apnuDailyConfig&ff_tboff=0&ie_tboff=0&ff_tbon=0&cr_signin=0&ff_hpr=0&apnuRevisionNumber=0&ie_ds=0&cr_tbon=0&ie_tbon=0&ff_nt=0&ff_crm=-4
hxxp://e11127.g.akamaiedge.net/favicon.ico
hxxp://a1859.b.akamai.net/static/toolbar/everest/notifier/not029/notifier10-config.xml?seq=0
hxxp://www187.apnanalytics.com/tr.gif?anxa=APNStub&anxv=7.19.0.44&anxe=InstallerEvent&anxp=&anxr=x2Pu99GY&ietbs=NDV-SP:vanilla,vanspe&cr_tboff=0&ieVersionInstalled=10.0.9200.16521&userSelection=hp:1;ds:1&defaultSearchChoice=1&reason=offerMadeClean&cr_start=-4&ffVersionInstalled=29.0.1.5239&osArchitecture=64&tb-type=vanilla,vanspe&cr_hb=-4&installApiAttempts=1&unzippingTime=0.31&ie_hpr=1&msiErrorData=Installation failure.&browsers=1_IE&osDetail=6.1.1.sp1.x64&anxtv=12.28.1&msiErrorCode=&errorCondition=msiInstallationFailure&tpid=NDV-SP&offerCheckTime=0.83&installApiTime=0.41&user_dbr=iexplore.exe_6_10.0.9200.16521&anxt=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&cr_ds=-4&ff_tboff=0&ff_tbon=0&ie_tboff=0&ff_hpr=-4&executionTime=5.90&ie_ds=0&crVersionInstalled=41.0.2272.118&TargetBrowser=IE&msiVersion=5.0.7601.17807&cr_tbon=0&ie_tbon=0&msiExitCode=2&installationResult=fail&downloadTime=&ff_crm=-4&setupTime=0.19&homepageChoice=1
hxxp://www106.search.ask.com/v6/package?id=ApnSetupV6&version=12.28.1.1293&subpackageid=NDV-SP
hxxp://www187.apnanalytics.com/tr.gif?anxa=SilentUpdateService&anxv=21.12.1.2516&anxe=dailyStatusUpdate&anxr=DSQEPu92&platformVersion=12.28.1.1293&packageIDs=ApnSetupV6;NDV-SP
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://e6845.ce.akamaiedge.net/ThawtePremiumServerCA.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k=
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U=
hxxp://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= 23.52.59.27
hxxp://apnmedia.ask.com/media/toolbar/everest/partners/NDV-SP/YY/Setup.ini 87.245.221.90
hxxp://www.search.ask.com/favicon.ico 23.5.103.215
hxxp://anx.apnanalytics.com/tr.gif?anxa=TBNotifier&anxv=31.19.1.0&anxt=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&anxtv=12.28.1.1293&anxp=^B2X^YYYYYY^YY^UA&tbnguid=3CBBACF0-15D0-44D7-A238-A35DD11B65B4&cr_tboff=0&cr_nt=0&ie_nt=0&cr_start=0&osArchitecture=64&pid=NDV-SP&apnuBuildNumber=0&cr_hb=0&anxr=Wm5rK7r-&ie_hpr=0&osDetail=6.1.1.sp1.x64&cr_ds=0&anxe=apnuDailyConfig&ff_tboff=0&ie_tboff=0&ff_tbon=0&cr_signin=0&ff_hpr=0&apnuRevisionNumber=0&ie_ds=0&cr_tbon=0&ie_tbon=0&ff_nt=0&ff_crm=-4 74.113.233.187
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl 87.245.221.113
hxxp://ak.pipoffers.apnpartners.com/static/partners/NDV/images/install.ico 23.0.38.19
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= 23.52.59.27
hxxp://ak.pipoffers.apnpartners.com/static/partners/NDV/APNAnalytics.xml 23.0.38.19
hxxp://ak.pipoffers.apnpartners.com/static/resources/ui/html/orchestrator1.html?PIPPID=NDV&PTBPartnerID=NDV-SP&STBPartnerID=&tbType=vanilla&version=2.9.1.0&AntiCache=25544 23.0.38.19
hxxp://apnmedia.ask.com/media/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z 87.245.221.90
hxxp://ak.pipoffers.apnpartners.com/static/resources/ui/js/pipcore-min.js?vers=1124 23.0.38.19
hxxp://tbapi.search.ask.com/v6/apnu/update?tb=NDV-SP&cbid=^B2X&v=31.19.1.0&r=0&build=0&tbguid=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&id=E49BE05E-944B-42E5-8321-48F1F908ACD8&locale=en_US&dtid=^YYYYYY^YY^UA&os-lang=en&tbv=12.28.1.1293&apn_dbr=iexplore.exe_6_10.0.9200.16521&iev=10.0.9200.16521&ffv=29.0.1&gcv=41.0.2272.118 199.36.100.106
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl 87.245.221.113
hxxp://anx.apnanalytics.com/tr.gif?anxa=SilentUpdateService&anxv=21.12.1.2516&anxe=dailyStatusUpdate&anxr=DSQEPu92&platformVersion=12.28.1.1293&packageIDs=ApnSetupV6;NDV-SP 74.113.233.187
hxxp://ak.pipoffers.apnpartners.com/static/partners/NDV/scrolltext.xml 23.0.38.19
hxxp://apnmedia.ask.com/media/toolbar/everest/7.19.0/APNSetup.exe 87.245.221.90
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl 87.245.221.113
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= 23.52.59.27
hxxp://pipoffers.apnpartners.com/PIP/OfferAccept.jhtml 199.36.100.103
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9ee72119169be0e6 87.245.221.90
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl 87.245.221.113
hxxp://apnstatic.ask.com/static/toolbar/everest/notifier/not029/notifier10-config.xml?seq=0 87.245.221.82
hxxp://reporting.offercast.com/PIP/OfferAccept.jhtml 87.245.221.83
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEC9ONDFhvH62dRTT3OxDTqA= 23.52.59.27
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= 23.52.59.27
hxxp://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEHS6wwlnORsIJC159/eUSeI= 23.52.59.27
hxxp://ak.pipoffers.apnpartners.com/static/resources/ochelper/2.9.1.0/ochelper.exe 23.0.38.19
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= 23.52.59.27
hxxp://ak.pipoffers.apnpartners.com/static/partners/NDV/images/IEPrimary-ext.png 23.0.38.19
hxxp://offers.offercast.com/PIP/Server.jhtml?partner_id=NDV&language=en&version=2.9.1.0 87.245.221.97
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= 23.52.59.27
hxxp://ak.pipoffers.apnpartners.com/static/partners/NDV/images/CRPrimary-ext1.png 23.0.38.19
hxxp://tbapi.search.ask.com/v7/installed?pid=NDV-SP&dtid=default&cbid=&pf=&pids=&dbr=iexplore.exe_6_10.0.9200.16521&user_lid=409&client=stub 199.36.100.106
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f92e6d35e1df3589 87.245.221.90
hxxp://crl.thawte.com/ThawtePremiumServerCA.crl 23.52.53.163
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= 23.52.59.27
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= 23.52.59.27
hxxp://tbapi.search.ask.com/v6/package?id=ApnSetupV6&version=12.28.1.1293&subpackageid=NDV-SP 199.36.100.106
phn.apnanalytics.com 74.113.233.187


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA UDPv4 invalid checksum
SURICATA IPv4 invalid checksum
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected

Traffic

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=582117, public, no-transform, must-revalidate
Last-Modified: Fri, 15 May 2015 11:30:08 GMT
Expires: Fri, 22 May 2015 11:30:08 GMT
Date: Fri, 15 May 2015 17:50:25 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..2015051
5113008Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.A..2.....:...:......20150515113008Z....20150522113008Z0...*.H........
.....A...a3....*72..C.s.......F.L...J..D...%!O.~i..6...Y).4;Z.@.n<&
gt;........U.......1.'......p.v..u.i.n.#k..'...lJ .....l..R.".C..IM..d
zf"x[@"...O....y\-..).......K.D....T.PS.......J.}>....#..t... W..&g
t;.X..lY./....l.0.......!m>!.[\...[k..f.......l;s........HV5......#
0...0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0.
..U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms
 of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class
 3 Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U...
.US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U..
.2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3Veri
Sign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H............
.0.............m5*R........2....>...yU4..L.. ...........u..Hez..Pn.
....d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:
..i..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s..
...&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw........
.0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........https:/
/VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's
 CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .....
..0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32
<<< skipped >>>


GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=0-524287
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA F2Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 0-524287/20700512
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8
...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8.......
.PE..L.....GO.................p.......B...9............@..............
.............0.......<...@.................................d.......
../..{..........x.;...................................................
...........................................text....o.......p..........
........ ..`.rdata...*.......,...t..............@..@.data....~........
..................@....ndata...P(..0...........................rsrc...
.{..../..|..................@..@.reloc........0.....................@.
.B....................................................................
......................................................................
......................................................................
......................................................................
..................................................U....\.}..t .}.F.E.u
..H.....-G..H.P.u..u..u.....@..K...SV.5.-G.W.E.P.u.....@..e...E..E.P.u
.....@..}..e....D.@........FR..VV..U... M..........M........E...FQ....
.NU..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E.
.E.P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E..
.....P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h..F.W....@..u.W...u....E
.P.u.....@._^3.[.....L$...-G...i. @...T.....tUVW.q.3.;5.-G.sD..i. @...
D..S.....t.G.....t...O..t .....u...3....3...F. @..;5.-G.r.[_^...U.
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=14155776-14680063
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:43 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMdIZh8fA9eOAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 14155776-14680063/20700512
3C@.....Jj8.-y..R:*d...s......<.pL...3.,.6.p..^".<.....E..ui[..=
...h......2.....p..Alj.I.....{.0.c.?.i.T.|.....h.....O.s.9 .m...A....}
.....Nw.Q.G...[.f<...z .e.....z....x.&.......<:..A.E...#....6...
..L..W<.Dw..w6.\..4C.xF...u.X.9_JQ6;{.%.....s..wB.....-^...... g..S
...~*.,...4M<}.u...-.7......M.x.t.....q.I..*5.L..u....Q.2......}...
{.`..T.F..d.}N!.)...X.-......qm.xq..-....A.S.J.].i...3gf..)t........A"
t@.....`........<.....fVW6.n...%...!v..z..7...-...2..W.....K.r..Kd.
L...k.h.....M...H.'...K."J...s..Q.T5.E.....-.c.*3.`.R...qF.^.x..ug...;
.xP_w.. ....}...D........4;....~.....g.........j@zI.$hO..*gQ........Y.
 D....d...........e..J.Z.1...&E..:........HJ...%..F._....B..Q(.*6.#.6.
.......cFU..h=Z...a...|~.^....%..O}..=.M.;).d_/...Z.1X&8X.).M.;SA...?.
.{......0.D.._w..e..[..>...._'..v$.i8...[.~;P.S..*......M..e.wg....
..._.yv3...n.%.hR....V..P.. ........1.tX....'..|v.GT......~S.C.....{$.
V.....T.].......KF....D)....;.J..t....*.......m...../..f.v.Y.Dn.... .-
.>.......>....O.Yo.I...,E...EG.NP.P$L.|........:6fl7F....-...I..
.0<....Zm6...X.9.<Y..o...Q._y...k../.i,.._.|..!.C..S.[..>.L..
...Y.F.=....B.....M.......w........8......S....J..Ly'..4.|.`K.y].O. D.
.......&-U......K^..p.St;_..:.B}.U2.q...s<E.#.L......I...j5$..3..v/
B...e.O..m*y(.S..A....m.FKg.#W......6...-...2<......`.....0.9..\..]
f.Z......O.W.g._.E..C.....7@..%..Y."...._..,d..) ...{w.r...Ml.$.WY..V.
...G.Uy.K..\.....XNXJ...u..YlD....2.ml%.?Mwe\...W..z../.$..uw.6[Y....I
(5.1.*.KE...R...K.`?&...?....<.[....ig../<`..h@........"!.Z.
<<< skipped >>>


GET /v7/installed?pid=NDV-SP&dtid=default&cbid=&pf=&pids=&dbr=iexplore.exe_6_10.0.9200.16521&user_lid=409&client=stub HTTP/1.1
User-Agent: APN-Stub
Host: tbapi.search.ask.com


HTTP/1.1 200 OK
Date: Fri, 15 May 2015 17:47:38 GMT
Server: Apache
Content-Length: 1750
Connection: close
Content-Type: text/xml;charset=UTF-8
<?xml version="1.0" encoding="UTF-8"?>.<options id="NDV-SP"&g
t;<option id="dtid" value="^YYYYYY^YY^UA" client="macro"/>.<o
ption id="location" value="Kharkiv,Ukraine" client="macro"/>.<op
tion id="reason" value="allowV7Install" client="stub"/>.<option 
id="p2" value="^B2X^YYYYYY^YY^UA" client="macro"/>.<option id="l
ocale" value="en_US" client="macro"/>.<option id="dbr" value="ie
xplore.exe_6_10.0.9200.16521" client="macro"/>.<option id="nthp"
 value="1" client="macro"/>.<option id="nthp" value="1" client="
msi"/>.<option id="cbid" value="^B2X" client="macro"/>.<op
tion id="apnuSwitches" value="0!1!2|3!4!5!6!7!8!9!12|13!14!17|19!20!23
!24!25!26!27|28!29|30!31!33!34|35|36|38!39!40!41!44!45|" client="macro
"/>.<option id="domain" value="VVV.search.ask.com" client="macro
"/>.<option id="proceed" value="yes" client="stub"/>.<opti
on id="iedsast" value="" client="macro"/>.<option id="longitude"
 value="36.25" client="macro"/>.<option id="iedsgl" value="0" cl
ient="macro"/>.<option id="dbgrpt" value="0,1" client="macro"/&g
t;.<option id="eieds" value="" client="stub"/>.<option id="ds
sn" value="Ask Search" client="macro"/>.<option id="gco" value="
APN10975cr" client="macro"/>.<option id="slwo" value="0" client=
"macro"/>.<option id="o" value="APN10975" client="macro"/>.&l
t;option id="cr_crx_flow" value="1" client="msi"/>.<option id="l
" value="dis" client="macro"/>.<option id="tb-type" value="v
<<< skipped >>>


GET / HTTP/1.1
Host: google.com
Accept: */*
User-Agent: Carambis Downloader


HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=xDBWVf2JIcmG8QfM2IAg
Content-Length: 260
Date: Fri, 15 May 2015 17:45:40 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=1
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=xDBWVf2JIcmG
8QfM2IAg">here</A>...</BODY></HTML>....



GET /v6/apnu/update?tb=NDV-SP&cbid=^B2X&v=31.19.1.0&r=0&build=0&tbguid=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&id=E49BE05E-944B-42E5-8321-48F1F908ACD8&locale=en_US&dtid=^YYYYYY^YY^UA&os-lang=en&tbv=12.28.1.1293&apn_dbr=iexplore.exe_6_10.0.9200.16521&iev=10.0.9200.16521&ffv=29.0.1&gcv=41.0.2272.118 HTTP/1.1
User-Agent: APNU
Host: tbapi.search.ask.com


HTTP/1.1 200 OK
Date: Fri, 15 May 2015 17:47:47 GMT
Server: Apache
Content-Length: 315
Connection: close
Content-Type: text/xml;charset=UTF-8
<?xml version="1.0" encoding="UTF-8"?>.<notifier><confi
g><revision>5</revision>.<url>hXXp://apnstatic.as
k.com/static/toolbar/everest/notifier/not029/notifier10-config.xml<
/url>.</config>.<switches value="0!1!2|3!4!5!6!7!8!9!12|13
!14!17|19!20!23!24!25!26!27|28!29|30!31!33!34|35|36|38!39!40!41!44!45|
"/>.</notifier>...



GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f92e6d35e1df3589 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 16:17:41 GMT
If-None-Match: "804047d4e66d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Mar 2015 16:17:41 GMT
ETag: "804047d4e66d01:0"
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:45 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Tue, 24 Mar 2015 16:17:41 GMT..ETag: "804047d4e66d01:0"..C
ache-Control: max-age=86400..Date: Fri, 15 May 2015 17:46:45 GMT..Conn
ection: keep-alive..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1762
content-transfer-encoding: binary
Cache-Control: max-age=398443, public, no-transform, must-revalidate
Last-Modified: Wed, 13 May 2015 08:25:17 GMT
Expires: Wed, 20 May 2015 08:25:17 GMT
Date: Fri, 15 May 2015 17:47:39 GMT
Connection: keep-alive
0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..2015051
3082517Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...3
13..R...%V.......K3.....20150513082517Z....20150520082517Z0...*.H.....
........%.....g]...B..R....[..@.h.5......]t...U0.e.23 CKd....Jz..Lg'kg
....r.l.3.R.]..s.(.l.....!..7.@.^.........SZ.P..<|..j.Wp>.5y..0F
.e..?......>.A$6t..GV......Ie.Q7.......:.U..xR..uU4Y...W<.n.....
.3.Y..D...S.]..y/..o...a.]N|..Z..}.&oG.,...t.....J..3.x6j.b..L,.O.....
0...0...0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0.
..U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2
006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Cla
ss 3 Public Primary Certification Authority - G50...141202000000Z..151
216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Sy
mantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responde
r Certificate 30.."0...*.H.............0...............2&..PL...,..2..
..:..tH...`JG.%..*...s.c%...?t..J..0.q....~..k@X.l.i....0..kk..h.9"1.5
?..s.....3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J....
.@2$"..$l.B.......D.ye..(..2.........@...... ...."... E..0M,..b{.^..s'
....f.6.pr4.J........'j..........0...0...U.......0.0l..U. .e0c0a..`.H.
..E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...http:
//VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0.
.....0!..U....0...0.1.0...U....TGV-B-2760...U......;O}a.!..u...au..eUN
p0...U.#..0.....e......0..C9...3130...*.H.............(.&..Dgr.Ve.
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEC9ONDFhvH62dRTT3OxDTqA= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=520781, public, no-transform, must-revalidate
Last-Modified: Thu, 14 May 2015 18:25:23 GMT
Expires: Thu, 21 May 2015 18:25:23 GMT
Date: Fri, 15 May 2015 17:47:39 GMT
Connection: keep-alive
0..........0..... .....0......0...0......N$p...v....1.;..vn....2015051
4182523Z0s0q0I0... ...................F....0.yV......{&.K......&......
./N41a.~.u....CN.....20150514182523Z....20150521182523Z0...*.H........
.....d.....c]Q...%..... rL.~...;.R~..5......k....E.}...a..p....dR{!...
..%5%.4r<kY2....'3.....m.D.S.2..Y..LQ-.....,'._..O.b..k_?@.o.......
.[|.'`.....`Y.l.wr.a......:#y..=H...Rl%.}.Z.C?.>R.$..p...@o.%kw...@
.. .....4xX..u=..J..TxQImj......x.%..6.s7...E....\...j.ys....0...0...0
............F...I]A(M..s@.0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code S
igning 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0...U.
...VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign 
Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.....
....q<...A...#......A...u..Lz.............o..D.vQ%..s.......f....e.
./jI.d.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p....M
/.. ..;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L...5
.o..o..{..}.........%e.....N..._i........*Bc....:yQg.........0...0...U
....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.veris
ign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incor
p. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U...
.....0... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H.....
.........-..^.........f.P`...s.....8.....V.......... .... B.(@-)6.
<<< skipped >>>


GET /media/toolbar/everest/partners/NDV-SP/YY/Setup.ini HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: apnmedia.ask.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "51d09284be2c59b1d8810969f08ae139:1430741174"
Last-Modified: Mon, 04 May 2015 07:26:11 GMT
Accept-Ranges: bytes
Content-Length: 3508
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:38 GMT
Connection: keep-alive
[Startup]..CmdLine=..DefaultOffer=..XpiInstall=..Require=OS_Requiremen
t..[Product]..ProductName=Ask Toolbar..msi=hXXp://apnmedia.ask.com/med
ia/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z..L
anguages=1031;1033;1034;1036;1040;1041;1043;1045;1049;2070..Criteria=p
rod..UpgradeCode={A7585BA7-0A75-7786-6895-A758B7FFFFFF}..ProductCode={
4E44562D-5350-006A-76A7-A758B70C1C01}..CmdLine=..Logging=voicewarmup..
Type=vanilla,vanspe..[OS_Requirement]..Criteria=os..ProductName=Window
s XP..[Windows XP]..PlatformID=2..MajorVersion=5..MinorVersion=1..Serv
icePackMajor=2..[Reporting]..Url=hXXp://phn.apnanalytics.com/tr.gif..U
rlOC=hXXp://phn.apnanalytics.com/tr.gif?anxa=APNStub&anxe=OfferCheckEv
ent&anxr={anxr}&anxt={anxt}&partnerTrack={dtid}&anxv={anxv}&bb={bb}&cr
_ds={cr_ds}&cr_hb={cr_hb}&cr_start={cr_start}&cr_tboff={cr_tboff}&cr_t
bon={cr_tbon}&crtbs={crtbs}&ff_crm={ff_crm}&ff_hpr={ff_hpr}&ff_tboff={
ff_tboff}&ff_tbon={ff_tbon}&fftbs={fftbs}&ft={ft}&ie_ds={ie_ds}&ie_hpr
={ie_hpr}&ie_tboff={ie_tboff}&ie_tbon={ie_tbon}&ietbs={ietbs}&orgb={or
gb}&reason={reason}&result={result}&tb-type={tb-type}&tpid={tpid}&trgb
={trgb}&udbr={udbr}&wft={wft}..UrlInst=hXXp://phn.apnanalytics.com/tr.
gif?anxa=APNStub&anxe=InstallerEvent&anxp={anxp}&anxr={anxr}&anxt={anx
t}&anxtv={anxtv}&anxv={anxv}&apn_dbr={dbr}&bb={bb}&browsers={brws}&cr_
ds={cr_ds}&cr_hb={cr_hb}&cr_start={cr_start}&cr_tboff={cr_tboff}&cr_tb
on={cr_tbon}&crtbs={crtbs}&crVersionInstalled={crv}&defaultSearchChoic
e={sa}&downloadTime={dwt}&errorCondition={errReason}&executionTime
<<< skipped >>>


GET /program_downloader.php HTTP/1.1
Host: a.carambis.com
Accept: */*
partnerId:lbdu
product:du
User-Agent: Carambis Downloader


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 15 May 2015 17:45:40 GMT
Content-Type: text/html
Content-Length: 2010
Connection: keep-alive
Keep-Alive: timeout=15
X-Source-ID: 6
Set-Cookie: __utmd=V/XMJFVWMMRidh9PA 81Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
{"servers":["http:\/\/rudn3.carambis.com\/","http:\/\/rudn2.carambis.c
om\/"],"fileurl":"DriverUpdaterSetupA-2.4.1.3369.exe","filename":"driv
erupdater.exe","version":"2.4.1.3369","filesize":"20700512","sha1-bloc
k-size":524288,"sha1":"24bf3170a264d8d90ee6b9abe3abd7acd0c5f668","sha1
-parts":["c1988350393187c049bf4aa2953da6c220d18fa0","de54504bbdbdd66fb
e0d975e5fa78a331d0e549f","33557ab08074ec93cdee9f1ab80e0cb494e9f2fe","c
0304abc250e1fc7309830a5317937fb20a3605c","e5b904d3f0636b28c4d088f01ec6
4554db2501c7","bb3e2cb56f43f41ae504add1955dfce7efa027ee","85ee82ef7a6c
6d7531ec9dead719dfc4899aa5b2","21142df58839c29baf08b4cc82cb981c1225acb
9","c3e4ca02e1c4b6f1ce58d50a4000d4688f1f39cf","c83f90dbe2cb7ff30cad2c7
27313b0b7091c884c","0d1bfd9fb58de827304b6247242f5606d9091558","6ac4b83
3f7f94033b7d7aa024cc9f15b918502d0","0d8f330f3e2402f7e50550996045e83770
12526e","6dfb046c61319634e1be9dcee8ceeb69edd84fbd","3ce979f105c4edfe38
1e40b8921d0d8aa1c53379","c383cf482e3a3ee8a17421c41d1976f0712cc6a3","dd
1747ad54ac978d2f12a62c4a85b81c01331c2d","657d1a977dbe11515b7ca1ffc8fe1
e900ff9315f","2ed75daea431e4d027251ff7871852d0ffd3060f","9efdb8be05d21
718e8e36c96e0c7134bbec58339","f42b47812f5c49c355504fc521f6fde1ea0ec309
","5bf3ad4c67f249e537eeaaf814cb45e664e8fc2f","6a1304db5fb06a1db8b6925e
287fa1517dbc320f","0e4a635995d4e3f4730fd1a0e7ffb073a09d0aa9","f6dc8778
22b0fe5d59dbbfc777c9beb013e4e7db","a7715e12ae349dce85200f92e7d493a6377
dc5ab","13ab843f98dfc5c522bc96fb37adfecd3124e953","23c5f9abdf98a89380f
8b6b7140a77eb5f32b7a2","ec031b9d24c729f7de1ec6c7f8992d4b10114e7f",
<<< skipped >>>


POST /PIP/OfferAccept.jhtml HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: APNInstaller
Host: pipoffers.apnpartners.com
Content-Length: 388
Connection: Keep-Alive
Cache-Control: no-cache

&anxa=APNPIP&anxv=2.9.1.0&anxd=2015-05-15T20:45:58.745 02:00&anxe=PIPStats&anxpt=windows&anxpv=7&anxf=&anxw=1716&anxh=901&anxcd=32&app=&anxr=0F6FB5061AC8442F9FD902F5D0C10304&partnerID=NDV&exitCode=0&WFType=Local&funnelID=6F2CFEE7-8EF2-450A-95D1-0527FDB6FBFF&machineID=&InitializationEx=124&DlgInitEx=110&uiDl=0&ConfigEx=0&orchestratorDl=109&v7installCheckerEx=219&ParseUiEx=234&LoadEx=358
HTTP/1.1 200 OK
Date: Fri, 15 May 2015 17:47:40 GMT
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
hostname: dfprdapnpipcl4.df.jabodo.com
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain



HEAD /media/toolbar/everest/7.19.0/APNSetup.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: apnmedia.ask.com


HTTP/1.1 200 OK
Server: Apache
ETag: "d4b69c33199f0df1f4af2cf8b3d01af5:1418692429"
Last-Modified: Tue, 16 Dec 2014 01:06:51 GMT
Accept-Ranges: bytes
Content-Length: 662424
Content-Type: application/octet-stream
Date: Fri, 15 May 2015 17:46:24 GMT
Connection: keep-alive
....


GET /media/toolbar/everest/7.19.0/APNSetup.exe HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 16 Dec 2014 01:06:51 GMT
User-Agent: Microsoft BITS/7.5
Host: apnmedia.ask.com


HTTP/1.1 200 OK
Server: Apache
ETag: "d4b69c33199f0df1f4af2cf8b3d01af5:1418692429"
Last-Modified: Tue, 16 Dec 2014 01:06:51 GMT
Accept-Ranges: bytes
Content-Length: 662424
Content-Type: application/octet-stream
Date: Fri, 15 May 2015 17:46:24 GMT
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......u..>1..m1
..m1..m.K.m9..m8..m(..m8..m...m8..m...m/..m6..m.K.m...m1..mE..m8..m...
m/..m0..m8..m0..mRich1..m........PE..L......T.....................|...
.................@.......................................@............
..................................8.......................U...........
.......................`n..@...................x...@..................
..text............................... ..`.rdata.."v.......x...........
.......@..@.data........ ...(..................@....rsrc....8.......:.
..&..............@..@.reloc...............`..............@..B.........
......................................................................
......................................................................
......................................................................
......................................................................
...............................................j.h.@F.d.....PV..-H.3.P
.D$.d......t$..D$......D$....P..0.F..P.......F..D$...D$$...P.8....L$(.
..j.j.....F..D$,j.j.Q.F..F......F.........F..F...u.....F..F..D$...D$..
...P........I........P.B....D$......D$ ....H........J........P.B......
L$.d......Y^...........V........D$..t.V.O........^.....V...F...0.F...t
.P....F..F.....H........J........P.B....F.....H........J^........P.B..
...........j.h.RF.d.....P..B...x.....-H.3...$.B..SUVW..-H.3.P..$.B..d.
......$.B.....D$..F..D$...3.;.......j8.L$<SQ.....h......$....3.
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1453
content-transfer-encoding: binary
Cache-Control: max-age=338275, public, no-transform, must-revalidate
Last-Modified: Tue, 12 May 2015 15:45:26 GMT
Expires: Tue, 19 May 2015 15:45:26 GMT
Date: Fri, 15 May 2015 17:50:20 GMT
Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....2015051
2154526Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a.
.eR&.....Y.)..".\....20150512154526Z....20150519154526Z0...*.H........
.....b{Wu..(..........-S...B.H....7`a..5...>>.~)..MN..d..>...
.J.....x.....{......Z.....|.m..&F..{._...'y....-w.....53...e.f..I....@
....T.O..7...0.L.....t .q...E.=t.......?...};7...!.....V...........S..
.b......7L.h...k$t....Q^.>ol%(P..9..[;......'..\.kGMC...........0..
.0...0..3......./...b.v..-....l}0...*.H........0_1.0...U....US1.0...U.
...VeriSign, Inc.1705..U....Class 3 Public Primary Certification Autho
rity0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symante
c Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Clas
s 3 PCA - G1 OCSP Responder Certificate 30.."0...*.H.............0....
......'......Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....
H..3-; ).....0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M..
.T..pS.p..^|o....S..v.).).....r.v.qo$......C.V!....@.h#qh...u1T.].G0.]
E...=._...... ........TE...Sa.s4........r...3.............0..0...U....
0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps
0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U..
......0... .....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.....
........$..H......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e....
...a..D...........e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :
,....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=394017, public, no-transform, must-revalidate
Last-Modified: Wed, 13 May 2015 07:15:14 GMT
Expires: Wed, 20 May 2015 07:15:14 GMT
Date: Fri, 15 May 2015 17:50:20 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..2015051
3071514Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
..M.s.Q~...@?j.......20150513071514Z....20150520071514Z0...*.H........
........:.o..%.'...}.K..V......A...:.&....r0.....7s<T&..>..co!..
..(.kt.,.Vu...h#.(U. 7...........&.......x.z.hC...M>..........n....
..{.u....d........V....3.%.`(.;*W7...(H....D......._.0?`.........F.5..
.../?..K.....z.}Y.....9s...<p....{".O0...w.........dQ.u....;...#0..
.0...0..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U
....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of
 use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 
Code Signing 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US
1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2T
erms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSig
n Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.
............m5*R........2....>...yU4..L.. ...........u..Hez..Pn....
.d...nz(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i
..F*]...*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....
&."...:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0.
..0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://ww
w.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CP
S incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0
...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-32010
<<< skipped >>>


GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Mar 2015 05:02:25 GMT
If-None-Match: "a1132b8ef65d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Tue, 24 Mar 2015 05:02:25 GMT
ETag: "a1132b8ef65d01:0"
Cache-Control: max-age=900
Date: Fri, 15 May 2015 17:47:15 GMT
Connection: keep-alive
....


GET /pki/crl/products/WinPCA.crl HTTP/1.1


Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 07 Mar 2015 06:01:44 GMT
If-None-Match: "dde36a309c58d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Sat, 07 Mar 2015 06:01:44 GMT
ETag: "dde36a309c58d01:0"
Cache-Control: max-age=900
Date: Fri, 15 May 2015 17:47:16 GMT
Connection: keep-alive
....


GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1


Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 05 Mar 2015 06:01:35 GMT
If-None-Match: "cf2633d6957d01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Thu, 05 Mar 2015 06:01:35 GMT
ETag: "cf2633d6957d01:0"
Cache-Control: max-age=900
Date: Fri, 15 May 2015 17:47:16 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Mo
dified: Thu, 05 Mar 2015 06:01:35 GMT..ETag: "cf2633d6957d01:0"..Cache
-Control: max-age=900..Date: Fri, 15 May 2015 17:47:16 GMT..Connection
: keep-alive..



GET /v7/installed?pid=NDV-SP&dtid=default&cbid=&pf=&pids=&dbr=iexplore.exe_6_10.0.9200.16521&user_lid=409&client=stub HTTP/1.1
User-Agent: APN-Stub
Host: tbapi.search.ask.com


HTTP/1.1 200 OK
Date: Fri, 15 May 2015 17:47:38 GMT
Server: Apache
Content-Length: 1750
Connection: close
Content-Type: text/xml;charset=UTF-8
<?xml version="1.0" encoding="UTF-8"?>.<options id="NDV-SP"&g
t;<option id="dtid" value="^YYYYYY^YY^UA" client="macro"/>.<o
ption id="location" value="Kharkiv,Ukraine" client="macro"/>.<op
tion id="reason" value="allowV7Install" client="stub"/>.<option 
id="p2" value="^B2X^YYYYYY^YY^UA" client="macro"/>.<option id="l
ocale" value="en_US" client="macro"/>.<option id="dbr" value="ie
xplore.exe_6_10.0.9200.16521" client="macro"/>.<option id="nthp"
 value="1" client="macro"/>.<option id="nthp" value="1" client="
msi"/>.<option id="cbid" value="^B2X" client="macro"/>.<op
tion id="apnuSwitches" value="0!1!2|3!4!5!6!7!8!9!12|13!14!17|19!20!23
!24!25!26!27|28!29|30!31!33!34|35|36|38!39!40!41!44!45|" client="macro
"/>.<option id="domain" value="VVV.search.ask.com" client="macro
"/>.<option id="proceed" value="yes" client="stub"/>.<opti
on id="iedsast" value="" client="macro"/>.<option id="longitude"
 value="36.25" client="macro"/>.<option id="iedsgl" value="0" cl
ient="macro"/>.<option id="dbgrpt" value="0,1" client="macro"/&g
t;.<option id="eieds" value="" client="stub"/>.<option id="ds
sn" value="Ask Search" client="macro"/>.<option id="gco" value="
APN10975cr" client="macro"/>.<option id="slwo" value="0" client=
"macro"/>.<option id="o" value="APN10975" client="macro"/>.&l
t;option id="cr_crx_flow" value="1" client="msi"/>.<option id="l
" value="dis" client="macro"/>.<option id="tb-type" value="v
<<< skipped >>>


GET /v6/package?id=ApnSetupV6&version=12.28.1.1293&subpackageid=NDV-SP HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: APNMCP
Host: tbapi.search.ask.com


HTTP/1.1 200 OK
Date: Fri, 15 May 2015 17:48:46 GMT
Server: Apache
Content-Length: 106
Connection: close
Content-Type: text/xml;charset=UTF-8
<?xml version="1.0" encoding="UTF-8"?>.<packages><packa
ge id="ApnSetupV6" version="12.28.1"/>.</packages>...



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEHS6wwlnORsIJC159/eUSeI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: sf.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=527099, public, no-transform, must-revalidate
Last-Modified: Thu, 14 May 2015 20:10:32 GMT
Expires: Thu, 21 May 2015 20:10:32 GMT
Date: Fri, 15 May 2015 17:47:42 GMT
Connection: keep-alive
0..........0..... .....0......0...0......N$p...v....1.;..vn....2015051
4201032Z0s0q0I0... ...................F....0.yV......{&.K......&......
.t...g9..$-y...I.....20150514201032Z....20150521201032Z0...*.H........
.....U.....{8.W.45..e.f..3........_..V...E..a.g....=....}.'h^v..O.p..:
.p.....n...I\....m.. ....M....v.2...g.1.._.W..7.R....._..............c
...w..}."[...........J.E........@..|t.9g;,.R..)..d6.V.U..*!x...m.A...$
..R...r...w....?.}.G....A....s...6.n[.......3.3yI.a....0...0...0......
......F...I]A(M..s@.0...*.H........0..1.0...U....US1.0...U....VeriSign
, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at http
s://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing
 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0...U....Ver
iSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 
3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........q&
lt;...A...#......A...u..Lz.............o..D.vQ%..s.......f....e../jI.d
.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p....M/.. ..
;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L...5.o..o.
.{..}.........%e.....N..._i........*Bc....:yQg.........0...0...U....0.
0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.co
m/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by 
reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0
... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H...........
...-..^.........f.P`...s.....8.....V.......... .... B.(@-)6.Rf....
<<< skipped >>>


HEAD /media/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: apnmedia.ask.com


HTTP/1.1 200 OK
Server: Apache
ETag: "3761a6f47f7e2af478c4f71a6850cc22:1430741174"
Last-Modified: Mon, 04 May 2015 07:26:11 GMT
Accept-Ranges: bytes
Content-Length: 2859809
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:39 GMT
Connection: keep-alive
....


GET /media/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 04 May 2015 07:26:11 GMT
User-Agent: Microsoft BITS/7.5
Host: apnmedia.ask.com


HTTP/1.1 200 OK
Server: Apache
ETag: "3761a6f47f7e2af478c4f71a6850cc22:1430741174"
Last-Modified: Mon, 04 May 2015 07:26:11 GMT
Accept-Ranges: bytes
Content-Length: 2859809
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:40 GMT
Connection: keep-alive
7z..'...Cb.... .....%............h3...0w`...*@.%...P..".~...,?u.'.^...
Y.03.qY|[i.wp..\_..s..A.Oj=|...J.y=.......>5...8.h._%.[....P...$.E|
;D....o!...e..^...R.. *..C.A...(....F...E.F.y...L...Lw.l:...G..4.G."..
`.>._..\.G....2..F[/f.......uA...l..~..j.....]vL.q...g.}...k .K.1..
.<.jF........!....1^...M..$.8... ..pkJ.. .)...0r.....V%^.w.....P...
Ue......g%...s@.....l..N... H.O..z.........O(.......~."..y...G6.u.Q...
@.4.`aTYK.'q......_,..t<....h.....3A..K%.....7v.&..IxIs9.^.;......!
..|7......."..K...).1".BUvrx)....a.........t....2....k~.lO;..9.|..2...
.x.An]...<!C7.j{.x}....5...O.\..m.2..].))..~.$.j.P.p.0_M.T.'...."..
.E......}.4]..-t.6%_..&G,..s..N..,~.ViHq|.....i.....I.........c..>.
...(..W.8.V6.e........Z._..3.sN.',.a..VU=.z.f.h.......f....6.....0.r..
$"..{^...x.VF=b]A_..0...*L...W.S=...V.....#...vOg..>.t..U.....@.S..
......%n..~jM.]..P...V/v.S.JK:d..x^....!....<.....\EA.l...bs".....m
.....09-.....1.W...#..w..ZY.^..Pl...M.U.l..u.... .....9&..H..6.4....c.
.0Q.O.>....c.8M!.... ...W.i.......M.K=.:.."<......-v.3Uhnv.. .fg
.....y.6.9....q(..}..v...q[..uh.."`6.O.e.G..8w...5r.t....[...!..=... .
.....4...7.....G.g....../JF........./X........N"F......(.|..,...-...Y.
....I.U.........}.k.9@O5..7..w`.i....w..i.R)..*.t....s.Z.mK..PR..~1q._
..uT..6..9....E.r.v41.....w.....'....<..<.B............{.v.d....
.&.^..l..z...Rz......t...7...K..@0;M....u.z...}.M$..M;{|5....I...3..q.
f...w..Q..<_M*.mO.i.~.../-c..*...aV.[...}.5...2pj..1.p.C.nY........
.J..v.(.......WEN:..N.X.r.{.1.{...Q>`F.O....gyv../.......v.A...
<<< skipped >>>


GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=5767168-6291455
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA FwAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 5767168-6291455/20700512
.8..K1......7..kN...1..P.;.v.C.Y..z@.W..?3H..so...._.;...t...E.>7K.
U.....-xE.[..?n....z..$.*...jHU4......J-....G...L'..!*.n`V....D.u.wb#S
..d%.. ......D...yg...nm.^..g}.RDF..%*`[JH,...=uE/...>d.....w......
..x........@.H*.0z.8...Nc..cO..>....zY.._1.,'.n...lB.p....a........
..xs....2.#0........(<.#......C.N........^T.....:}.f.... og.j`Mc...
.W....y.2f....I,>..&...0-...2[...&...M....o.cj.v.R.n.q.w~..(..!...?
.....A.!....b7.n<..~..-_.-.>C..t...F..}.e& ......T..IWK..y..a..y
.*gct......@/.....}i..m...%.'|./...6...g......:..MX..X.V....w..7.E.*..
.?E......v.t..C.S.N.6q."...^....7...Zu._....'.....M..@Mb.T.}Q.. ,...|7
_.BG..hFl.C...d...z.F...fAL.......@......%{./..k"Fcm..Z..&'..l...Z"..R
|...b......R....$..\.>..P..1..T..b..R7.y..5.c...tJj3....[.....C...w
6.....C.Q.Gp|........p?B.....<.9CR....3......x....l........7.......
.>..._.... ...w.} 7 ...\@o.9 .u...9...1...i...(...A.j...0.,m...z.$.
d.3.~.4.........L&...!.P...x3i.b2.j..!.S.t.HL..#...}Y2..._m.v..E..Qd..
*.....OV3.>bT...[.;...&XA....y....1S...........B.9..t.T.f.zq..)..a.
...H..%...|t*....VF.o.Hf... .&....cNL.E.7F[/.h...:X......I.s^b.R..2./;
K.@_<;....4`kr.K.#.`........c........q......f-....&4.....GM"C....P.
....D.nV...z......`...Q............u..I.9*.w..B<.1.............~.O.
....V..r...........y........_1)..F./=..$..1...C=........t....s...}....
...Jm...p..!k..j.0.F@ .......<.^UC.(]n.2_....6.....EP,-....a_{.h..k
. .8. .F..........%.j.D.^..H..m.hh.. .!._.`CaS.I&...".!.....G$.....z.P
.z.@.8.a....Dl7B.....b.].S.B...<...J.^..|..4x...!.>.k....>
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=11010048-11534335
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader



..?.....@Z.F..=..._.J..A.W.....&..".:...Ik..f./...y..[ *.......8q.*.B.
@.Qo.....8....`3..~.....(q..%.I.. `..:.?.......1@(=.r....r..RG....... 
....Wa... .r..;W...b.....p..E..&C..v.=.Xi.....o..Sb(....g....y.x......
.?`..=.a@..N...^R...;g.#./ x.{6..h...Y......:.`v2...g.nvR..c.tT.y..e.l
.R......[JG.._~..[.5.f.Nu'y.wJ... .U....n.A.i G%.U.......(]....(....Z.
._..`.....K .KR....y.pH....R.E..X.[6...[.......M.%..06.A y...iH..'.,/m
r%./...q..k....BI...4..J.....).LR8..)LiD.4.....8....T.{...r..oN8....:.
....3......l._..:..=#....2f..E*.,UA...l.c..........-......CB....:..ke2
...2...aG........[ SR...i..h..u@..~W.{-W.D....e.p..i......`.x....).D-.
...7.L.06!..p.8..K..f.xQEd.rv..( z....r.i".43u.|W[/.S..^...*..H%.E..f.
I.#=..h!..M.....y.$.5 y$ ........K|:n..\....Z.E..s..7k%.7...6.....H...
{...AC^..,...........H...U1G..l#F....w:v=R;.R...M.f..i.U.)..\......~..
....|.(Ra%..?tU. ..xA..OG.......}cK.J ....k.v...{!Mg%9.........].4..F.
4.8...........h..>....0...H.d.}.........M......i.i......3p...i..z.g
...(.W.0]...{.`....-.. ....O.c5p.=.%....q......oC..~..n.:...MxO$..!f..
t.....o.......jGL$..4J[..W..{...c..L..LK.BC.j..D......O...`..{...9..n.
.m_..n49.p..-D.IXs..cy...K...S.h<.#........A.J....q[F8x_V...R6....|
d::..i..`....2_...6.I...X`o...'....:J [.a.}/.....V&''~...Wc.....#...^.
0.....x.(....m.S..f.f.M.W..w.q..=.. M>..ozn..H....f....h..zN... ...
j`.P.gH..........E@.?M{.EV#V..{............P.5C.QS*..9.O ...P..`......
....uT....$...O oD.f..9.......\H8t.y..,z:.9>P..g........~:..j.m....
....e..Av.~8.. ...W...g{f.l@...c.0Y...0.)w.......t@*fo....O..:Z...
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=18350080-18874367
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader



^..N.. .D(.BAo........E(...|.... .N..*......Rggp{.B)s...1....K..d...d.
H.6|u...i....G7.0x..=.X.1...%...Be.m....3.9H_.6=.P.~.....h..~.._.q@.1l
;.ck8..EM...[.([...m.s.$2...?.L. .. .":..2h......A\.~hh....n.(.QJ".^ /
.J.\N/.E.6..U.h.[.b......~......ML...m..?i.`D......T...X.....m.T.Js?..
~....3...j...prP\..n....L)7...Oy.}.i./..%:.=.U..-.NX.D..a)..\Dm.....!.
6..[....x..s..h..|..F!e...o.s...o6.....\..^...\.N.`.Q...gR.E.X.~...{..
f.Vj.../....}.\Dq.....R.......Z&....N1.)..oA.........,r...W"..&...dt .
[..A..*...F..(^Z$.d..HK..7....P.[\..i...;..q.b...T....O...[.R.3J{M..6]
8.Y=.z.n.B.V.....,....`.s.....(.e.K.|o.h.P..]....P^.k)C....k.v4C...2..
..........M$.,.aP7.... ...a%bH..f.g@.gF....{.!...T...1.t..0.)sW#.W."&g
t;...e.Z..Y-...e;S.6;..M...;.R.[.............7....u.....S=..M..{..ZG.3
^. &....j...s..........).O..O4Rl..L.'.7.T.......v..hk...%..c...Jv..B%,
-*8..lP.W..%..4....i.~.;[C.MDe'....Cq,............7gd..n.~..m#....ns..
.A.j'..x...Q...^..>Zu..1.I....D...>N.(...r7\....I.xA_...l...XZ.W
...0Wp|.p.....\v.q,...8.&...k.7......w.......d..R..........!.K/.r..`..
.. W....o.o....:.[..DK. ....;......;Y....C...A..a...(..?..{...[.V.~...
G....d...6..=....,..<o.;.1..a..a.">.P....r[....a.t..c..B.....z.P
.._A..W.|.(W.J..k..T...y.d.I'...l..... ...].P.^.4..E..]R........5.|53M
..>..mk../Zg.a.6LrQD.......C|..j" ....d.!g1..PE..K.......!...Z.C&M.
.@...vS.C.?..I...)rb.<.l...F.....R..$...8...)dh&..../.\w.....V.yK..
......d....S...$K4..|.O.B..]e....k.m..`.....%....Q.4..y.9.~..b.I......
...&S.A> U...f....1^....1..1...O....s0...8*...~}cZ.....9.C.1...
<<< skipped >>>


GET /static/partners/NDV/APNAnalytics.xml HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 29 Apr 2014 20:12:45 GMT
ETag: "87a7d-a10-4f8340e13a940"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1084
Content-Type: application/xml
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:45:59 GMT
Connection: keep-alive
...........V.n.6.}/..`.@.j ......x}..6p._... .e.VC..I.q....o.....E3g8.
3..J.....G*d.....'.."...Xup...9....%.. x#.}...... .....`.....J.....(8.
G.....`....}R7q.."..X......#EJ.M|~..^~a.>^v..4_.U...]..,...Z.ga;...
.......`8...F...yBW.Tb...........d2.......n.3.%..u.#4N.w.....Sy.\.....
.G......\.).p8.0..I.g..)....M.!.k.t......Zm..W...O...h..&.l..pT..b...z
.K:...C....m....w=..f...........s...TL...%..,.P^........}.>..R..A..
{]*..ft.......Y.N6._.....h....0jQ?%.N.s;l..|<....J.4...U.<....{.
.R;u.-H\..Lb.#{...|..(.f..4F.L.-.,...W.)..K..L.| i....l...g..j....R}..
ES..2....9.nf!.a..Dc.a.o..8.."....T.gF& A.........U..I.v.B.....yo.....
....JPWC.A.....6.-D.T...f.....T.1t(.i..6......n......w...x..e......7..
.....`...].J.RVN...|j.......G...7...........`..X.......J.h..J6z.0F...2
.%#.....^-...5OM.K'..R...\0#....Y..d.}m.{c..V_.Z..\.k...3. !~.....?a.r
....@J.B...w.....jcD.R.Q`^{..F........r;.F...c{.......V#.Rxqb.VO*l.,..
...@.a......]l.Z........:../H....h.E.....C..A.WCs..x$... =.SGY7...]#..
....vm.....$Nl.g6.(...c.?.|.......,2X"..`.]....Q..c.......0.t..T......
.w.-.. ...#..0..s..r..1...=L..T...............HTTP/1.1 200 OK..Server:
 Apache..Last-Modified: Tue, 29 Apr 2014 20:12:45 GMT..ETag: "87a7d-a1
0-4f8340e13a940"..Accept-Ranges: bytes..Vary: Accept-Encoding..Content
-Encoding: gzip..Content-Length: 1084..Content-Type: application/xml..
Cache-Control: max-age=86400..Date: Fri, 15 May 2015 17:45:59 GMT..Con
nection: keep-alive.............V.n.6.}/..`.@.j ......x}..6p._... .e.V
C..I.q....o.....E3g8.3..J.....G*d.....'.."...Xup...9....%.. x#.}..
<<< skipped >>>

GET /static/resources/ochelper/2.9.1.0/ochelper.exe HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 244
Content-Type: text/html; charset=iso-8859-1
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:00 GMT
Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /st
atic/resources/ochelper/2.9.1.0/ochelper.exe was not found on this ser
ver.</p>.</body></html>.....


GET /static/resources/ui/html/orchestrator1.html?PIPPID=NDV&PTBPartnerID=NDV-SP&STBPartnerID=&tbType=vanilla&version=2.9.1.0&AntiCache=25544 HTTP/1.1


Accept: application/x-ms-application, image/jpeg, application/xaml xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 30 Apr 2014 20:45:11 GMT
ETag: "3dd42-3244-4f8489fe8a3c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4244
Content-Type: text/html
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:00 GMT
Connection: keep-alive
...........[mo.H......tZ..@2....dr...jg.m2...VjL.:16k.!(.._....Ir{..pH
..]U]]].TU...../?..?.....o..Nb7..#.z.N.F....\J........OW._........%...
|..8.....f...%.kt..fJ.Hb%b.i.4..t #..AJ..nW|...4B.FMU.....\*..|%cPr...
.j.w2.H.$.D N...8...#...'.>.mx\T.'.z..4...B.....i./NO..j..j......\.
.j].(h...:.F5.L.....u.5[-qV...QL..v..s...T2.S..@8.0....,.|..3...q.z..N
.UI..~...0....8zOk...(..,. ...$........g|.~n. ..`Z].........*.!-...Cp.
.YK.=........6%...r.@tw0L........9::......#o...?~M..:L^........W...Wt.
.......<..yx...Qw...Q. .r. ..8l..p..cox...?~....L."...D.&.. #.n,\..
.....H.FE"N...&...K6w.c..........Sy........^.A.......`x..p....s.n..m..
^......6&.'..S.{.p...T@....X.!..B?.Q...$.tS..x......}..J.A~ V.#..KO.k.
D...s..b!.0.1.tP...D .............KW.....`B:gC..63...S..X....U..U.....
.........r:..d.;.e9.F.X...u...r;.)ha4t.......f. ....80. z....HP......d
.M.!..w.y...b.k..i.:..A....d......&.73.)... ...,.'*J..2.'.,.LexQ8.4...
.V.-...L...V....8_..<...{[%. .e.........eb_.S3 ... .V..*.Y..h.....d
.ua..bt....?.6.....I.......b...{@b.j.....#..#,...R?...........VK..q..*
.K...,.....Ns...)...p$f3.2..h@.F.d.....&....g..(;8j...-.y.ie:...n...B!
.Ba &.~Ob...z:1...X..vg.r,... ...p...>#t...c@%.0...||'f.. .Q.......
.@98.[.%. .C...M...-.......NE.1W=.9...u......2.0"...p.*26.R....`....vE
j1..f)#..qx...:...........]S.$..nn.X@.......Ed.F...LN...7T.,.HG.q.4...
..tF.3Q.GP......Z..d..5.Fi[k...".....l..r..]I.<.!.B8A.}.....5c.....
Q...J.......B..!.&OM\...L.zH.j%...[...;4.D2..T..'>..h.k..5.....j..l
.'.Nm....k..A..q..Su..3...J..m....u...>...;.5r.dx]rx;T.z..M(.w.
<<< skipped >>>


GET /PIP/Server.jhtml?partner_id=NDV&language=en&version=2.9.1.0 HTTP/1.1
User-Agent: APNPIP
Host: offers.offercast.com


HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/xml;charset=UTF-8
Date: Fri, 15 May 2015 17:45:59 GMT
Content-Length: 19290
Connection: keep-alive
<?xml version="1.0" encoding="UTF-8"?><root><OwnerInfor
mation><owner><name>APN</name><organization>
;APN Toolbar</organization></owner></OwnerInformation&g
t;<GeneralParameters><Height>389</Height><Width&g
t;503</Width><bgcolor>F1E9E1</bgcolor><dlg_transp
arency>255</dlg_transparency><defaultLanguage>en</de
faultLanguage><ShowOfferScreensOnly>false</ShowOfferScreen
sOnly><MessageUser>false</MessageUser><BalloonIconPa
th>hXXp://ak.pipoffers.apnpartners.com/static/partners/{partnerid}/
images/install.ico</BalloonIconPath><TrayTipTime>2000</
TrayTipTime><PreviousX>270</PreviousX><PreviousY>
39</PreviousY><NextX>181</NextX><NextY>39</
NextY><CancelX>94</CancelX><CancelY>39</Cancel
Y><CancelDeclinesOffer>true</CancelDeclinesOffer><Re
tryTimeout>300</RetryTimeout><NumberOfSecOffersToShow>0
</NumberOfSecOffersToShow><Orchestrator>hXXp://ak.pipoffer
s.apnpartners.com/static/resources/ui/html/orchestrator1.html?PIPPID=N
DV&PTBPartnerID=NDV-SP&STBPartnerID=&tbType=vanilla&ve
rsion={version}</Orchestrator><CBID>ALJ</CBID><Tr
ackID>default</TrackID><geo>UA</geo><HidePrevi
ous>false</HidePrevious><optintextsize>12</optintext
size><PartnerKey>149</PartnerKey><ProgressBarCan
<<< skipped >>>


GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=524288-1048575
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA F0Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 524288-1048575/20700512
%..W...L. m.L..f.>l~.........\....u......@a.....)..y\..Ab....gp.D..
...V;.....U...u..F...7.[<4......O...".../.MyL..j.w.....u)V..d.78...
. qwlL~......?9C.tg...w........W2.\%JT~P..#.......Q..Xg....2.<.....
.P/m&..m......c...}...1.#U..-..9@.......#.JxV.....D...mW.Nu^.....5..$.
..".sT.*A...,!..^%]..GP...R........s.,T..c...}...;4....6. ..9..V..$Y.(
..n...9...j.......d.....#..^.9...-ZJ..mrL..)P..........q.RqY......Eg..
........._.'....f..Q\.`...9..J..&.J.. ...f..........d.,...I).<.}...
Q.........J1%V......... ........naM%..@.t..8.DJc....Km.=.pY.Xz........
...B.....4..........6.M..%aMV.V.6<..f......j.h..l..,'~.. ..,..]..m.
.kRr..,.z...E.(...W.......A....d.7....o...&..........~v...R..@~=l. U@.
GF........3....[.k_'......m...(..r....}f'..._.LA.e..}.......Wa..EFjtmu
..z.N.;3.9.N.x.VY..j.Z .4.jo|.....\W.... ..du...2>i../#,.?....t.}%j
._..^=c...a.......Q&$.i...r.C.P..6....eb.o....}.Q.xJ..~......>)..mR
.^n^........c..hk..6.f.]....W....K....]2.5.:.....d...n..:6fr......=...
..."........Yc.E...X.zhxK...ey.......=.`..z}PTO.f....Y$F*.^...v&..jV..
.W..m.|b.....c......7UOr...9#a.m....hj4j.^3.A..1.b.rxE.H#..*].xU..H.}D
....P.J.....gJY.:.R@;.....bm.......V1.>......g..2r.j... K}Y.0.. ...
.H.<M._...e.*......... ..P..`"...x.........&.%..z...l....Ys..N^....
.;3... ..Zfp.."...6.dt.x..v9.7[Cn..a....#ED..y9.Xu... .7.v.b7..R..S.$.
...=."K..C.Ka.E..r..#`.N....g..fZ.}.Yd..?...>ir...I.....NL.|.4.U..z
.k..r..u....[..;..kR.zf.].:...Q.".g...k.E.*./.KJ7n.>d...v.....3. ..
..M...".......x.R..e.1a.1.0.r....]..v......<#....>..o,O/%.-.
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=9961472-10485759
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader



....u......F.68U..P..W..;...../..G,R.0.....9...W. ..cJj... X.A......bQ
......T...Y.v[.T.y....A%.V..:.[k.kZ.....d.]%0..S......$(.q....H..^."..
.-d.r. ......=........~....._.EF......~.....\~^...#.E!.....#.M..O..\..
PS.6.N6......O.x...N...&6...J........q..5mC.jr..6...g....W...:...l.{..
.FY.....@O...C..c...f.;pE.w%........V.@K`0o.......0.w..qK.B....b^.I..X
.k..U..@t.B.~....E*.A..........D..m...r<.%.0..............Em....e.~
..O..;.5.%...Xu..^....Qk<...I..~...i.O..3B.t...pB.......X....r.X'j.
.j...`(...L.........N=.A:.@.).......z...*1..b....... .$...E,..7s`.c...
. .%W.F.%..J...q.)'.&.#g./[ ..L j....lN }...j.!5....w.e...=...;.j.,...
X....d.j#..8..,.U>.....i..n!...}u.F...X.F.....khy...i.T.....JO8.3..
.H{...aE.......w...S....C.)=i.6..F...{...=.k..Q. 1.....`.....4I......^
.7...p..........L....m*.$.....g.Y...@....Wq..3........8.Zp.l....O.....
#w.]o......T.W.R.@K.B=.q>0.....{........@..cFm.peW...K}q% ...y.q.Tf
. ..@....q...'..o|..6.. 1.U.w....-..\.h.......[.D....*#..F...(........
v.~nAt.$..^D}..4[..X..c.... ..e..]1....t$.\o.F.U.\.H. .-=[1.....r./...
.{9X .{.............S.j..h.D<....^f.[9......Y.lWe..... P.A^7...-K.R
#.c."o......b..u...=_L>.A.?G#...~1...j...^Q....R......(..........1W
.F.P.YHpe...LZ.a.Ct..5....5.....?..0o.^.l. ]...#.....x_.....t....b..gL
J8.3.C..Z..-l..b..2....W....b.....m.x.k[.... .f...F...Ry..6xb.. .7..-.
....UkRr.R....Oc2..B.)t..k.J..,.S.....,........=.. .%i..\.i.../.....E.
=..W..(.j.)...G..&.r&.G..C.mY.Oy..t....Gj.])O.E..D..G5...Lr@2b.^.tboj.
.1..x.1...f..t......1...^.D...<K..i.J.._.sPw.....(....M..9Csw9j
<<< skipped >>>


GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=3670016-4194303
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA FzAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 3670016-4194303/20700512
/N....9.....*..\..r..lz.....=..ck.%.i. ..U..O'... .C`.7......d.U..~.|:
.5....p.>Ki.)....tE(...........g..b..8.J.9.._..u.;...O. .1. RN..w..
.B.$..x ....|,...V.#........ ..C....8_..-.N...4S..~....k.....R....wY$.
G........|.H..U.f.^.f...}l..uN;/..W..*V.D*.[.13.....x...*....5.....3..
:..k.p.._...>qkH.......5".#<....xM...l3l....Ca...j...)..sW.P..$]
F;a...........E.......QJh.I;....... .....b...q.....u.6....../... J@...
...T [.;....gj..[4V.......' ......A.....F,...2!....jA.v.*6.3.S>.p.m
>%V.......YF.O!@[0.}...G...H0..W...J.a..K....<..K.[.M.7.....O...
...!'..../v,....Sx.^=..<. ..7....E.....5"3..7.C.....&..|L.b.y....t.
.c...i....... ...?.,.....r.&...I`U...........%*..P......QDf~U..j~rs...
..x...[..lwT-....M.?.aL.(..^........._....w.&gFd^IF..O..Q@.n../.......
0k_.v.. ..6.`.x....g...^Oo...?...A........9.P_..|0....k....G2n....{pnf
K}L.B A...@Gz....>.#A....H}^W.Po.-..w.`Q2.mO.q'.XK4......D..LE...6.
.K.......r...~..s.f28...B...V7>T.f....R*e.Q.FAd.xE...<.........i
^b...^.....@.....BeH..w.v..........J...Q.......=...p...q.{..x.. ......
...)q.q.38.zt....h.....2 .@....C..<.f.....={.S..v.0E. ..%y<.....
...f7..7.....5.j.R...y".....[....@...HY....i....nr..3"\...A.......;Ki.
].Po....=k...Q..n...{..{el..u.^.`.....d.y..f.o...~B/'..R(..'??...$..x1
..[.......i>G..q.w.@....}.........n.?. Qq>.#....E.O.]..f....<
...."...>.....2...O.]F.._.Y2/.P......im.c..}..]..3..0c.=x.K..m.\..W
....[&.bl....|9........./9D.P.2.t..(....3..u).8...I.rD.s.r.G.".|..9.D.
V.f.k.P`fB_....M..[.o.cW&... C[x_......=..{...s.a..K../.W..<..q
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=14680064-15204351
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader



TP$....3 ......%...R.[.....,.|yk<b...#...bJb.{d......G6.....p..fJDO
.. .....Vy..a./4L7A...s.._...MJ.(.*....`....,...$.)UC...d..Tk..G......
O.S1U....62...Mb.!...uG...y.[.1..L.FD......w...i./.R..2...K...F- C....
..H.%..Av.R....H..G..j.....G..S..fI_ ..?.MP..Tp.##.. 6f2@....l.S.i0q..
....V .S...x7g1.v.`,.\S. ......jO..b.......a.f...NBb..t..H...Q..r.....
si.t...0...17.'......(B...s....i....r2.2......2.L..2)....v$6E..TjO...V
w.QW... )....&P..h.!'.A.N]...L..HL......Fw..X..Yg..F:. IJ..`.*.X...^..
..A..V....'.E..0........:,.tO*.(..*......W.z.)..0.z.._..2~........."..
.z5M..d...`(...?f0.?.O>7...,....P.A..4. h. .u,.&/.......H.8.... .:.
...=..k.&,s.qx.S.....#.H..t..v.V.....}d.X7g.....^..3D....2.....v.u...W
3..g..e.....{.8.]Cj..Ie.U..y..........Gb.Qa6..@.......a"h.'C...w......
.....=.Wq.9...vc........)........#DN5.e.c...T}.....Bi..#~...?....G..B.
.r...V*2...q.... *S....x.....#k.m3.1 ..y....}....... .n..Z..B..fK:-i4.
.."d,....ivCf.......ch.F.....(.AE....!..l......HX".3:...q...m.\..RM...
.^..K%y.<Q.1.....B..s.......34...........T......=.;. @.'.a^...J...i
..........~..Z.wJ%..w!.....*D3..a......Q5q.w*|&7.Hj.....2...q......Wn.
_.X...C.....K"V....*.....B-.$......?{gAyy..MPU.....Nj4....I.[.4t`.....
..F..xR~|H..>U....a|_.W....g.C....s.v..l.'...}W. ..8...o..j..w.....
.Vu..x..$...!..le:.....1[....U.]G...!.._&...XO..[..0../.p0Az#..u..gUu.
O;.3[H6}.&>..w.......y`.".hXCo .9^J#w.|.{L...L.d./.q%x.A,3&9n1..;..
.o.F.s.@H...#.....Xj........|....v......nF0I....H...>............MW
k.T...}o`.T....k.....%...=....Y......(.........1.5..r.S5..^Z..&.O.
<<< skipped >>>


GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?9ee72119169be0e6 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 24 Feb 2015 00:37:01 GMT
If-None-Match: "80b4d90ca4fd01:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com


HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Tue, 24 Feb 2015 00:37:01 GMT
ETag: "80b4d90ca4fd01:0"
Cache-Control: max-age=604800
Date: Fri, 15 May 2015 17:47:16 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Tue, 24 Feb 2015 00:37:01 GMT..ETag: "80b4d90ca4fd01:0"..C
ache-Control: max-age=604800..Date: Fri, 15 May 2015 17:47:16 GMT..Con
nection: keep-alive..



HEAD /media/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: apnmedia.ask.com


HTTP/1.1 200 OK
Server: Apache
ETag: "3761a6f47f7e2af478c4f71a6850cc22:1430741174"
Last-Modified: Mon, 04 May 2015 07:26:11 GMT
Accept-Ranges: bytes
Content-Length: 2859809
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:39 GMT
Connection: keep-alive
....


GET /media/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z HTTP/1.1


Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 04 May 2015 07:26:11 GMT
User-Agent: Microsoft BITS/7.5
Host: apnmedia.ask.com


HTTP/1.1 200 OK
Server: Apache
ETag: "3761a6f47f7e2af478c4f71a6850cc22:1430741174"
Last-Modified: Mon, 04 May 2015 07:26:11 GMT
Accept-Ranges: bytes
Content-Length: 2859809
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:40 GMT
Connection: keep-alive
7z..'...Cb.... .....%............h3...0w`...*@.%...P..".~...,?u.'.^...
Y.03.qY|[i.wp..\_..s..A.Oj=|...J.y=.......>5...8.h._%.[....P...$.E|
;D....o!...e..^...R.. *..C.A...(....F...E.F.y...L...Lw.l:...G..4.G."..
`.>._..\.G....2..F[/f.......uA...l..~..j.....]vL.q...g.}...k .K.1..
.<.jF........!....1^...M..$.8... ..pkJ.. .)...0r.....V%^.w.....P...
Ue......g%...s@.....l..N... H.O..z.........O(.......~."..y...G6.u.Q...
@.4.`aTYK.'q......_,..t<....h.....3A..K%.....7v.&..IxIs9.^.;......!
..|7......."..K...).1".BUvrx)....a.........t....2....k~.lO;..9.|..2...
.x.An]...<!C7.j{.x}....5...O.\..m.2..].))..~.$.j.P.p.0_M.T.'...."..
.E......}.4]..-t.6%_..&G,..s..N..,~.ViHq|.....i.....I.........c..>.
...(..W.8.V6.e........Z._..3.sN.',.a..VU=.z.f.h.......f....6.....0.r..
$"..{^...x.VF=b]A_..0...*L...W.S=...V.....#...vOg..>.t..U.....@.S..
......%n..~jM.]..P...V/v.S.JK:d..x^....!....<.....\EA.l...bs".....m
.....09-.....1.W...#..w..ZY.^..Pl...M.U.l..u.... .....9&..H..6.4....c.
.0Q.O.>....c.8M!.... ...W.i.......M.K=.:.."<......-v.3Uhnv.. .fg
.....y.6.9....q(..}..v...q[..uh.."`6.O.e.G..8w...5r.t....[...!..=... .
.....4...7.....G.g....../JF........./X........N"F......(.|..,...-...Y.
....I.U.........}.k.9@O5..7..w`.i....w..i.R)..*.t....s.Z.mK..PR..~1q._
..uT..6..9....E.r.v41.....w.....'....<..<.B............{.v.d....
.&.^..l..z...Rz......t...7...K..@0;M....u.z...}.M$..M;{|5....I...3..q.
f...w..Q..<_M*.mO.i.~.../-c..*...aV.[...}.5...2pj..1.p.C.nY........
.J..v.(.......WEN:..N.X.r.{.1.{...Q>`F.O....gyv../.......v.A...
<<< skipped >>>


GET /ThawtePremiumServerCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.thawte.com


HTTP/1.1 200 OK
Server: Apache
ETag: "4c1a38495b5906e320a1b3da59f43ffb:1431680746"
Last-Modified: Fri, 15 May 2015 09:05:46 GMT
Date: Fri, 15 May 2015 17:50:21 GMT
Content-Length: 6467
Connection: keep-alive
Content-Type: application/pkix-crl
0..?0...0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U.
...Cape Town1.0...U....Thawte Consulting cc1(0&..U....Certification Se
rvices Division1!0...U....Thawte Premium Server CA1(0&..*.H........pre
mium-server@thawte.com..150515090053Z..150525090053Z0...0!....T..W...p
.[..%...100322161038Z0!...!P..6{.lS.@...5..130927150657Z0!...Da\v.....
.....%..130920062728Z0!...>.e..-...s[.2I...140418142220Z0!........d
.{#E..9`...130926061856Z0!....6..q.'tT..1.Q...130926062249Z0!.........
...>..i....130528164218Z0!..........#.P.......130716072254Z0!.....%
.......R......100801221434Z0!.....M..HK.....x....130926060355Z0!....k.
"..z......64..130919082450Z0!...W..._....%..I....130926063253Z0!..._._
~gq.I.)q6@g...131025034600Z0!.....=X>...]..h5@...130920130332Z0!...
 .(........n.S...130923202627Z0!.....:...B..=]Hsx_..130920011556Z0!...
.>.ITt.Aw%*I.....130918091937Z0!...U...z7.....UK.n..150330151829Z0!
..........1S..Pp....130925105017Z0!.......x.G.....=....130926064912Z0!
....d....... ..=....130911111649Z0!.....f.....F."E.....100527143439Z0!
.......B...Y..;..S..130925185558Z0!..........G.1.......100624153158Z0!
...=.;...........`..130924105544Z0!....e..8..3...h1[|..130905162920Z0!
...d.[,tpLq..o.; ...100528183707Z0!...c.$.?.._..4..O...130905193529Z0!
......V..T].Y..:|...130304224528Z0!....Xy..MnW.G..f.t..130810133109Z0!
.....c.8..vX....ue..130930185946Z0!...o. ...a4?...s3...140409095630Z0!
..._...!?Y.K..3..K..130929003638Z0!...aa].!.ya..)......130930170744Z0!
........h....xf..Y..130523222209Z0!...,.:E...8H>N...o..13092606
<<< skipped >>>


GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=4194304-4718591
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA F3Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 4194304-4718591/20700512
.........._}..z..9..OG^S~.o:5I-......G..... ....Q.l*.n@.........\.M..m
d}..j./J.t7.v..J.0...|.TR..0.r.oB.D..9.\t ..._.|..sH...).]xl. .t....h.
 ....O...u2.W.c.gJ..N.-..Us.....4......j<..f!.....s.`..[m..D..p.5h=
........HwQ'... )..ef........6u......y..h?....#..\\.K|P.....R...$..Z.1
....t...z...x......7... 6F.0.SH....H....xR... ...YlU.V...IK..0N.$F1-I.
.k....c...L.&..........g...;...-(1..,.F8.S......m....M..Qs.@.$[. ..S[&
..]e..$ .y.p....C...U.8...Ir. >5..E......,.)'@.r..U.N4-..fu....F...
.$..A......Y.cM....xp./...>....\..52.m...T3nQ.N.*.'..E.....!K'...N.
....@.p.....S.RB.Q..[......xm-....... ^..-../G..]h]7.#........d...l...
V....:....%..;.k..............:<1.............wi.Ua.........y....Jb
aD...... ..#..".3].k.z-.k...u....7.F.....'"......m.l;.^B.....{.&'U.r..
~:..z;q....6k...&])........v...j].9#...w'.n..b...#...........h...._.(.
....Hzf'|...9`.......z..JR.../}.M.Kt....-s<..n.j.c3..[|.m...)....\0
.....K..=....lTL4Q....\k.....xGL...wq.....Q.....J,.e. ..y............_
.. .oi........P`......6.. .....]....;.:......WxI..EL.0....Y.zEO..8..v.
.]A|..|.n.\d...,.)r...~..%O.{.p..c.d....R......[.......6...H.M.....T..
i .W.f8.:W...:=_............p...a.........7...P '....vY.a.j...@]....S.
.Z#...(....=f...Qa.l......5m........p....}o(.........fY......B.e......
.e@*...s..I....L...j.Y.....d.sb.p.HL...9[..a...w8.9dG.Y#....C.P.){.W..
n...........c......|V. ...Vp~..a#....N.'-......... ....f....F.d.}..c..
H_..$.bg.F.B.[...j%^...2...?.vX}....kl..._..F-}e.hr.a....$.......3...!
.i.F....E.Q<].R;>.-.....g....'.q....../.x.xc..S..U....Y.D.{.
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=12582912-13107199
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:43 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMdIZh8fA9eJAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 12582912-13107199/20700512
...'.R;U....?..#..k.*mo ........K?v..N5`f.o......@^.Kq{.. ..?fr.......
.{ 6.oNV.x..)W...n.1bl.r.:x\....a./.EM$Tm..K..J.......g..|.;.c.(u2..*.
....%~P.K&.2.[ .S.v.&.......;U.}t..}.(c"Fe.u...).....\.Q...SK....%.x.f
c<".sw...E...........b...r.M.V.0.!nK.{....-...dQx..5^....-Nw...g...
-..S.a....YV...$p.g.;.O..~....w\.`;.<...<.)$...^.....9.e:.#.:0..
.#.WH.9.@..-.U..bfs.n ......6M!P..|....e.j.:.,.hi....5.R...o...g..G.5.
1...._.9. .....}t.......J.dd.e.l.3..C..,..#F...vuI.....04... ;..P.....
.I...y..V.A.<...[....V.*..,A.hS....9K.o.....0.?..<...{..........
&..* .!.f..C.-..j..A.(....p...D....L......E.1.I......./.(.l..)E.=]..^.
!!.x......C.,.1./i..L/r.......d;..",$.U`2...[..z.e.\....T. .....N...Q.
......(o....J!.......%.P......mloL.....V..J55.....;..^..zpQ......?U(Vk
 n......E.2X.@....y.b....8..Bf%. .4..]......Mq.17.{...|..U.......g.8y.
....Y..4y..}#$I.".N...\..b..U.:.wd.,]_}./.0....5.$=DQ...Lhj^AD...x....
.M.9.(%.r...1....^.6.{.[..O6s.....'.!!..(&T....f...sp.....d@ ].V8.W..$
.#J7.r....L.k..^....$.a:....=]3.&o..o.1.u...x..\x>\....q.l..'......
......f..R.\...|.....0..}T'.z..}.]w.R2H....dp|..m\.J<S...4.L.....oP
.........-L..5....1..V?P[=........".sq<.ih.&...p~.b....<....5.M.
!..5..*........(.y.R-....;...yF\..8..8..........*.K..Z..K...u....z.9/.
...C..p.o,.s..x......?.j.w.V.7.....}..G....|4.h!...UF......s[...&k.. n
.d6$......X.v........((.-..o6..ECSkh/KN.k....cg....}a.$3N.zj...X/<.
. x5....._.>.{.CKoRa. ...,A..J.Ei...T n..e....:V...4?.!..\2.).....(
%[xBm.t.T.1.......Q....)@ }.U...A.UP....P5X.....O"..I......n..)tE.
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=20447232-20700511
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader



..iYDf..d=.... Y.0.l.J.....Q2...........e.B.^M.?.x.@q[>;`tIE.....\?
..f...4...)....2-#^i....R~X...g.P]..o..i....JE@|....f.....[r.....b..R.
........R.N...F.]...]..5@...H4.T^.Y.D...l..`V.[%...a]...v.M.C.......l.
...*..d.G...}.D|OK.5....0jO....,..F<.}.....^.vRHb6.Z.........O...[r
q].k....&..s..K..J..,.......%.../V..3....a.....Q.VB.......-....q......
...V.O.(....jsG..S....(...hz.b.1..Ea=....,.5..$oY.p....vH;.n..N=.J.f._
z...N*A..[.>..c..TQM)<._...9.................4.....q...t..c..~&l
t;..`.H.Y...g............{..R..WVe...H.j]y...K5..&..wj]..... ......d..
.y.AyP3./..K.}.G.})..JM...r.*.......#..Q5.d.............e.. ....P..M..
H....}.Q[.....]....!. '.p....D..{.:b....s8.|Q2.......\.2..C.../l-.....
.s47.Z....bh.8...K.v..]...3.w"...NV,m....Z-..Z[....]..\....-...\.\[7.R
.j.^...`.]..o..5Co...;.p.._f<..PR..... x.F....^...&p........m.*....
^..h.i... .G....uI..K...f.....2.Q..0.......i..{...is..\Z....aw..=.!..e
..c*Y.*\.S..u.F.....3.p.NI..;................<L.W.r&..R..yf.2j%...d
 ..G%.9...A..[.....J* .!.^..3t{wC.F....b./.......g..e)..%K..D bW....l.
 .....p.7.Y..3.W....."........?.....m..g@......-m.;y..'.%#...i..".0.H.
e. ....p.....).....KP.2.(B.7.g"g........).A...JyS...n|6.$Z..N.4.0Nu.\O
4.=..0........]4.]....z.{.."w.......u.p....9;2...:.yRQS./.|...{.S.w7..
..~.-w......&Y%H:.A|..J...0.L.8I....ex._....h..'-.n.....s..w..siT*.G.q
>._..aL(.x..5pmLu...q....NJQ.L..;4....:..B.@..W.8.^iXT.X:^........n
.....F......B./n[Z.....S..=*...I.m...k...2j......$..20?t..r...:... ...
...J...u.....1n2ZW.{.. '%O.w/.5..B#fEL3...h......3S.V.).Y.V.lk.=.(
<<< skipped >>>


GET /static/toolbar/everest/notifier/not029/notifier10-config.xml?seq=0 HTTP/1.1
User-Agent: APNU
Host: apnstatic.ask.com


HTTP/1.1 200 OK
Server: Apache
ETag: "1e470a718ce4bc066d5cd9ed5219b7b9:1430241811"
Last-Modified: Tue, 28 Apr 2015 16:48:49 GMT
Accept-Ranges: bytes
Content-Length: 188662
Content-Type: application/xml
Date: Fri, 15 May 2015 17:47:48 GMT
Connection: keep-alive
<?xml version="1.0" encoding="utf-8"?>..<toolbar blankmacro="
^">..  <properties>..    <property name="stdCat-tbtypes" v
alue="vanilla;vanilla-sec"></property>..    <property name
="FF-MaxNavSearchDepth" value="4"></property>..    <proper
ty name="StartSingleBrowser" value="0"></property>..    <p
roperty name="IEDSA-display-style" value="0"></property>..   
 <property name="HPG-max-showcount" value="1"></property>.
.    <property name="HPG-max-protectcount" value="3"></proper
ty>..    <property name="HPG-burst-duration" value="70"></
property>..    <property name="HPG-quiet-duration" value="10">
;</property>..    <property name="HPG-reset-interval-seconds"
 value="86400"></property>..    <property name="HPG-white-
list" value="*.google.*;google.*;*.ask.*;ask.*;*.avira.com"></pr
operty>..    <property name="HPG-prompt-hide-interval-seconds" v
alue="7"></property>..    <property name="HPG-logo-mode" v
alue="1"></property><!-- 0: none, 1: cobrand.ico, 2: gear 
-->..    <property name="HPG-guide-offer-report-delay" value="36
00"></property><!-- seconds of delay between guide dialog 
response and checking for home page change. -->..    <property n
ame="apnurevision" value="5"></property>..    <property na
me="hours-delay-update-call" value="0"></property>..    <p
roperty name="landing-page" value="hXXp://apnstatic.ask.com/static
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEHS6wwlnORsIJC159/eUSeI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: sf.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=527099, public, no-transform, must-revalidate
Last-Modified: Thu, 14 May 2015 20:10:32 GMT
Expires: Thu, 21 May 2015 20:10:32 GMT
Date: Fri, 15 May 2015 17:47:42 GMT
Connection: keep-alive
0..........0..... .....0......0...0......N$p...v....1.;..vn....2015051
4201032Z0s0q0I0... ...................F....0.yV......{&.K......&......
.t...g9..$-y...I.....20150514201032Z....20150521201032Z0...*.H........
.....U.....{8.W.45..e.f..3........_..V...E..a.g....=....}.'h^v..O.p..:
.p.....n...I\....m.. ....M....v.2...g.1.._.W..7.R....._..............c
...w..}."[...........J.E........@..|t.9g;,.R..)..d6.V.U..*!x...m.A...$
..R...r...w....?.}.G....A....s...6.n[.......3.3yI.a....0...0...0......
......F...I]A(M..s@.0...*.H........0..1.0...U....US1.0...U....VeriSign
, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at http
s://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing
 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0...U....Ver
iSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 
3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........q&
lt;...A...#......A...u..Lz.............o..D.vQ%..s.......f....e../jI.d
.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p....M/.. ..
;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L...5.o..o.
.{..}.........%e.....N..._i........*Bc....:yQg.........0...0...U....0.
0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.co
m/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by 
reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0
... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H...........
...-..^.........f.P`...s.....8.....V.......... .... B.(@-)6.Rf....
<<< skipped >>>


GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=1048576-1572863
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA FxAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 1048576-1572863/20700512
Ud.WB.cR%..."j..w...I]...(.Mc...\.".!"|...-%...}..Mr.#...].e....&...-.
....@W.z:...{.K..;.u.YO..&...r%.<5.\...Knz...NP.*...A.4.;..4...=./.
..B...............&u.1~... 9.kv./.'Mm..P.d.....Jv.R.f.<R=......>
...8...J.ze.lx.v.s6x.n.7..dh..Z.C.....!.]$....)5(.y.F.d........%..).?.
..o"....."..(d...>7`......,N(...p.....y.]E.\..8)!V3 ....E..).8...d.
.]n.......(.......[.|D..Vn..........-8'~.D...*...B.<.....t.......w.
..S..<B.Jt.}S.U...U.%o..-Z.5A..7....)..qO..6@.X.~...2..;P.!u3.$.r..
}.I.f...c.2k...?..A()..C.:...g~e...........)r.c.f.&....$.y..h..rdf6...
n^....T........3....W..).0......uNx..J.....eC.B#.....2..Qml.....3..Q5.
B`^sW^0..45....'...D.4...j..........B$`.....-...e.$ .!....V.,...;.'.t.
.....8.<5....m.p.4D...V..``..F.l.t..]).....R}z...A...V......K.[;S..
..P/......Y.7.?....@...y[ ...XT.. u...l<d0...a..II....z<..B...xA
.9.....rK}<;c..]7r..Yu.......SI.Fst..h.t.Iq .Z..H.e....IqU;..s...j.
...z.0..Xf.A..m3.!...CY........i.......#.S...Zy..q...s..zi.0O......r..
?*..F{.%0..p.g*`....p.....d.w....1.Y .3k.,.......A.O...2 ....T%.US....
..d........V5...R.. g:.P....}.h......PZ2En..]....)..\.B.|.f.....:.$g.5
.-..`z....H....w..U.:.j...E.QB.....x.c......:..C.P.l.W4...2..@u.!"`...
2..u..z.1.....N=Y.Y.:0.f`.R.5....u..l^.....9.OqWWW...H..Q..}..H....&..
j..vR.....'...).Q.....f[j.....\o...66.......!. ......^..|.".N..9(...g.
...h.....v<...SE...c..L.Y.U.q.....J..{...T'..4.'3...JoU`...O.xA.9A.
B.(.m.el.4.%..y.hgP.cW.0.`.z.5..j6.c......x![{?..uYPc&..G,uC.zQ..O...7
....n.................2..NM.../)......>...) ....QM....0...j...?
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=7864320-8388607
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader



....6.....t9 A....q..e%%.....'.....{../F$.....A.....r.V...V..14.......
..T...j.....U...1...Twn..Da.P..{...~..M......N%...q..8.G...RK![......N
.@a.H.....K....u.&..$.6w..!...$...R%.t..(....b......m.d..lFn....;...C.
...om....wru...s.P....;.I.......^.!5..N...}..Ll.inlF.Lz..|..m..JCB....
...XS{..&..........a....{........._.....H2.t.? ..S...PP9...L..1i..YFE.
.C)?.........(q.GW.b.GG...pE.az.=4A.o..mv*zo........h9....;...V....&..
..?.....x.".E..m.c`.1......h..K.m.. &.G.........j...N.('M....Jhy....X.
^..6;b..;jW.....?........ .,.`0.u.WT....E...s~..v.5..B1/^..U'..7T...&g
t;1....v.T)..=if..}<......q.^8.F...&~...C..,...`..]..p..V.........R
............Z.%.=oh.2..FL.....2.|...............V...>...Ko9..&QB...
....6o......a..M...R.I..8%.p.......v..j).f..k<.U]X.u..JL%......R(1.
....&&.S...#....../V.a.`.7$.........s-...e...3...X...u]!..W....'.w>
.s'.....iD...U.. .....n...U..Dc.....&....Z.^5....2.j...D......KP...p.m
....(...;...6....*A...Bqa..0...a?..c2n#R..K....U.J.....d[....i.....3..
h...8.cY..&.|v....d.%t....o...!..,.r.....C.....y......J`..W@.-4.Q..B..
...TT..$..r..!A.....H...{k.C.F.o.}..J3..a.J..$..%t.... ...:..Ug2..1[.B
."J..!ohQ...J........!.9n..F.sX........_.fG...P...s............../q...
...m<gp....T.r...[......L.F..<x.\2.F,.9F.i......l...k....Fc.~...
.s.w<....0..j(..4...L~b.....} %.xXH.C...p...B....5.P r.'(..H._..7..
nZ.k............|...g...........N%...>).T.`....t.v3..`.6Q.0...q....
#.....Ft.;.qs&....{.],5...xQE.\.h.3.......:..*.(.K.e..SS.....)7.r..lNQ
...@..lu.v..q.....kc.D........o.J&?...HN1.)[.(...z.....E.N7`.g.d.]
<<< skipped >>>


GET /media/toolbar/everest/partners/NDV-SP/YY/Setup.ini HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: apnmedia.ask.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "51d09284be2c59b1d8810969f08ae139:1430741174"
Last-Modified: Mon, 04 May 2015 07:26:11 GMT
Accept-Ranges: bytes
Content-Length: 3508
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:38 GMT
Connection: keep-alive
[Startup]..CmdLine=..DefaultOffer=..XpiInstall=..Require=OS_Requiremen
t..[Product]..ProductName=Ask Toolbar..msi=hXXp://apnmedia.ask.com/med
ia/toolbar/everest/partners/NDV-SP/YY/AskToolbarInstaller-NDV-SP.7z..L
anguages=1031;1033;1034;1036;1040;1041;1043;1045;1049;2070..Criteria=p
rod..UpgradeCode={A7585BA7-0A75-7786-6895-A758B7FFFFFF}..ProductCode={
4E44562D-5350-006A-76A7-A758B70C1C01}..CmdLine=..Logging=voicewarmup..
Type=vanilla,vanspe..[OS_Requirement]..Criteria=os..ProductName=Window
s XP..[Windows XP]..PlatformID=2..MajorVersion=5..MinorVersion=1..Serv
icePackMajor=2..[Reporting]..Url=hXXp://phn.apnanalytics.com/tr.gif..U
rlOC=hXXp://phn.apnanalytics.com/tr.gif?anxa=APNStub&anxe=OfferCheckEv
ent&anxr={anxr}&anxt={anxt}&partnerTrack={dtid}&anxv={anxv}&bb={bb}&cr
_ds={cr_ds}&cr_hb={cr_hb}&cr_start={cr_start}&cr_tboff={cr_tboff}&cr_t
bon={cr_tbon}&crtbs={crtbs}&ff_crm={ff_crm}&ff_hpr={ff_hpr}&ff_tboff={
ff_tboff}&ff_tbon={ff_tbon}&fftbs={fftbs}&ft={ft}&ie_ds={ie_ds}&ie_hpr
={ie_hpr}&ie_tboff={ie_tboff}&ie_tbon={ie_tbon}&ietbs={ietbs}&orgb={or
gb}&reason={reason}&result={result}&tb-type={tb-type}&tpid={tpid}&trgb
={trgb}&udbr={udbr}&wft={wft}..UrlInst=hXXp://phn.apnanalytics.com/tr.
gif?anxa=APNStub&anxe=InstallerEvent&anxp={anxp}&anxr={anxr}&anxt={anx
t}&anxtv={anxtv}&anxv={anxv}&apn_dbr={dbr}&bb={bb}&browsers={brws}&cr_
ds={cr_ds}&cr_hb={cr_hb}&cr_start={cr_start}&cr_tboff={cr_tboff}&cr_tb
on={cr_tbon}&crtbs={crtbs}&crVersionInstalled={crv}&defaultSearchChoic
e={sa}&downloadTime={dwt}&errorCondition={errReason}&executionTime
<<< skipped >>>


GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: VVV.search.ask.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
ETag: "c8786bc5b30ddb35ef1bb7acd9422223:1405974749"
Last-Modified: Mon, 21 Jul 2014 20:32:29 GMT
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: image/x-icon
Expires: Fri, 15 May 2015 17:47:48 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 15 May 2015 17:47:48 GMT
Connection: keep-alive
............ .h.......(....... ..... .................................
......................................................................
..............................................................PP......
............00..pp..............................@@....................
..................@@..................................................
........................................``......MM....................
..........@@..........................................MM..............
................................__..............^^......~~............
..........``..PP......................................................
........................``..................................PP........
..........................``..........................................
................qq..@@..............@@..................pp............
......@@......................................@@......................
........``..  ........................................................
......................................................................
......................................................................
................................



POST /PIP/OfferAccept.jhtml HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: APNInstaller
Host: reporting.offercast.com
Content-Length: 764
Connection: Keep-Alive
Cache-Control: no-cache

&anxa=APNPIP&anxv=2.9.1.0&anxd=2015-05-15T20:45:59.25 02:00&anxe=PIPOutcome&anxpt=windows&anxpv=7&anxf=&anxw=1716&anxh=901&anxcd=32&app=&anxr=02464E952E8B4C52852FF96CC7A2B7FA&pipPartnerName=NDV&machineID=&funnelID=47D75D93-6888-48D0-998D-36007C52334B&CBID=ALJ&campaignID=&ioID=&placementID=&WFType=Remote&offerCount=0&offerType=Toolbar&offerProvider=APNV7&offerScreenVersion=default&userAcceptance=true&userUIChoice=Next&installerLaunched=NoAttempt&downloadStatus=NoAttempt&downloadTime=1&errorCondition=0&reasonCode=0&reasonString=&ChromeTB=&ChromeVersionInstalled=41.0.2272.118&FFTB=&FFVersionInstalled=29.0.1&IETB=&IEVersionInstalled=9.10.9200.16521&TBPartnerid=NDV-SP&TrackID=default&apn_dbr=IE_10.0.9200.16521&cmdb=&orgb=&trgb=IE&userSelection=hpr:1;ds:1;oi:1
HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
hostname: dubprdapnpipcl3.dub.jabodo.com
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:38 GMT
Content-Length: 0
Connection: keep-alive
....


POST /PIP/OfferAccept.jhtml HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: APNInstaller
Host: reporting.offercast.com
Content-Length: 770
Connection: Keep-Alive
Cache-Control: no-cache

&anxa=APNPIP&anxv=2.9.1.0&anxd=2015-05-15T20:45:59.25 02:00&anxe=PIPOutcome&anxpt=windows&anxpv=7&anxf=&anxw=1716&anxh=901&anxcd=32&app=&anxr=02464E952E8B4C52852FF96CC7A2B7FA&pipPartnerName=NDV&machineID=&funnelID=47D75D93-6888-48D0-998D-36007C52334B&CBID=ALJ&campaignID=&ioID=&placementID=&WFType=Remote&offerCount=1&offerType=Toolbar&offerProvider=APNV7&offerScreenVersion=default&userAcceptance=true&userUIChoice=Next&installerLaunched=Success&downloadStatus=Success&downloadTime=1&errorCondition=0&reasonCode=0&reasonString=&ChromeTB=&ChromeVersionInstalled=41.0.2272.118&FFTB=&FFVersionInstalled=29.0.1&IETB=NDV-SP:vanilla,vanspe&IEVersionInstalled=9.10.9200.16521&TBPartnerid=NDV-SP&TrackID=default&apn_dbr=IE_10.0.9200.16521&cmdb=&orgb=&trgb=CR&userSelection=oi:1
HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
hostname: dubprdapnpipcl7.dub.jabodo.com
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:39 GMT
Content-Length: 0
Connection: keep-alive
....


POST /PIP/OfferAccept.jhtml HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: APNInstaller
Host: reporting.offercast.com
Content-Length: 555
Connection: Keep-Alive
Cache-Control: no-cache

&anxa=APNPIP&anxv=2.9.1.0&anxd=2015-05-15T20:45:59.25 02:00&anxe=PIPOutcome&anxpt=windows&anxpv=7&anxf=&anxw=1716&anxh=901&anxcd=32&app=&anxr=02464E952E8B4C52852FF96CC7A2B7FA&pipPartnerName=NDV&machineID=&funnelID=47D75D93-6888-48D0-998D-36007C52334B&CBID=ALJ&campaignID=&ioID=&placementID=&WFType=Remote&offerCount=-1&offerType=Toolbar&offerProvider=APNV7&offerScreenVersion=default&userAcceptance=false&userUIChoice=NoAttempt&installerLaunched=NoAttempt&downloadStatus=NoAttempt&downloadTime=-1&errorCondition=0&reasonCode=0&reasonString=&userSelection=
HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
hostname: dubprdapnpipcl6.dub.jabodo.com
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:39 GMT
Content-Length: 0
Connection: keep-alive
....


POST /PIP/OfferAccept.jhtml HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: APNInstaller
Host: reporting.offercast.com
Content-Length: 585
Connection: Keep-Alive
Cache-Control: no-cache

&anxa=APNPIP&anxv=2.9.1.0&anxd=2015-05-15T20:45:59.25 02:00&anxe=PIPOutcome&anxpt=windows&anxpv=7&anxf=&anxw=1716&anxh=901&anxcd=32&app=&anxr=02464E952E8B4C52852FF96CC7A2B7FA&pipPartnerName=NDV&machineID=&funnelID=47D75D93-6888-48D0-998D-36007C52334B&CBID=ALJ&campaignID=&ioID=&placementID=&WFType=Remote&offerCount=-1&offerType=Toolbar&offerProvider=APNV7&offerScreenVersion=default&userAcceptance=false&userUIChoice=NoAttempt&installerLaunched=NoAttempt&downloadStatus=NoAttempt&downloadTime=-1&errorCondition=0&reasonCode=68&reasonString=Target browser offer rejected&userSelection=
HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
hostname: dubprdapnpipcl3.dub.jabodo.com
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:39 GMT
Content-Length: 0
Connection: keep-alive
....


POST /PIP/OfferAccept.jhtml HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: APNInstaller
Host: reporting.offercast.com
Content-Length: 290
Connection: Keep-Alive
Cache-Control: no-cache

&anxa=APNPIP&anxv=2.9.1.0&anxd=2015-05-15T20:45:59.25 02:00&anxe=PIPAttempt&anxpt=windows&anxpv=7&anxf=&anxw=1716&anxh=901&anxcd=32&app=&anxr=02464E952E8B4C52852FF96CC7A2B7FA&status=0&UIReadyTime=2949&pipPartnerName=NDV&WFType=Remote&funnelID=47D75D93-6888-48D0-998D-36007C52334B&machineID=
HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
hostname: dubprdapnpipcl1.dub.jabodo.com
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:39 GMT
Content-Length: 0
Connection: keep-alive
....


POST /PIP/OfferAccept.jhtml HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: APNInstaller
Host: reporting.offercast.com
Content-Length: 566
Connection: Keep-Alive
Cache-Control: no-cache

&anxa=APNPIP&anxv=2.9.1.0&anxd=2015-05-15T20:45:59.25 02:00&anxe=PIPStats&anxpt=windows&anxpv=7&anxf=&anxw=1716&anxh=901&anxcd=32&app=&anxr=02464E952E8B4C52852FF96CC7A2B7FA&partnerID=NDV&exitCode=0&WFType=Remote&funnelID=47D75D93-6888-48D0-998D-36007C52334B&machineID=&InitializationEx=94&APNAnalyticsDl=296&DlgInitEx=296&uiDl=578&ConfigEx=578&orchestratorDl=31&ochelperDl=266&isTargetChromeBrowserEx=889&isTargetIEFFBrowserEx=0&isTargetChromeBrowserEx=0&ParseUiEx=1170&IEPrimary-extDl=266&scrolltextDl=249&CRPrimary-ext1Dl=250&LoadEx=2559&uiReady=2949&installDl=352
HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
hostname: dubprdapnpipcl1.dub.jabodo.com
Content-Type: text/plain
Date: Fri, 15 May 2015 17:47:39 GMT
Content-Length: 0
Connection: keep-alive



GET /tr.gif?anxa=SilentUpdateService&anxv=21.12.1.2516&anxe=dailyStatusUpdate&anxr=DSQEPu92&platformVersion=12.28.1.1293&packageIDs=ApnSetupV6;NDV-SP HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: APNMCP
Host: anx.apnanalytics.com


HTTP/1.1 204 No Content
Server: nginx/1.0.10
Date: Fri, 15 May 2015 17:48:47 GMT
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Cache-Control: max-age=0



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAKQll6RM0DNpmNM7zH3/Qc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=572910, public, no-transform, must-revalidate
Last-Modified: Fri, 15 May 2015 08:55:33 GMT
Expires: Fri, 22 May 2015 08:55:33 GMT
Date: Fri, 15 May 2015 17:50:34 GMT
Connection: keep-alive
0..........0..... .....0......0...0......'.V.8.F.V....H....JW..2015051
5085533Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
....^.3@..cL.1.......20150515085533Z....20150522085533Z0...*.H........
.....s....@...m......Q..>......P..4....7._8tr.. ..U^9.C...np...F!6.
..~G..T....p.d.x:. ..V%gz..'.`....%%y...#....j.....O.....JFM......... 
..u%v...L..]...}...B.R..r...H.P.5Q.b.s..fX.....4....d...NL={3..Z..4...
..|1......)..X6....<..W.e.T..FE...%.-#.s....|.l..$...7...#0...0...0
..........r..?.*......y"..0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...150226000000Z..150527235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
......m5*R........2....>...yU4..L.. ...........u..Hez..Pn.....d...n
z(...V7.}^...d!RX...bl..[..a...L.. .~..Ij......%..%p.-...u..:..i..F*].
..*....{NH..|0...gHX.Q.r....S..........._.9.(w...suC...N..s.....&."...
:.C.Q.i~rl..<..krS..8.B..o].y..L.4...iB@..s.....mw.........0...0...
U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.veri
sign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS inco
rp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U..
......0... .....0......0"..U....0...0.1.0...U....TGV-B-32010...*.H
<<< skipped >>>


GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=2097152-2621439
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA FvAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 2097152-2621439/20700512
{.O0.~Q*.)........`...5..wCP.z....,..i.........Hk...~.....s...........
(tA...H\..%."G~n....Rr.j"...8... ...['.I.....]...O.o!Vm.c.C.f..VdH6.Z-
&.y5..:........~.....=*.......|..e...`z.|1=L}...x....c....dO...?9oC)`.
u$....<.*J;.z!.Z!....o..I....!......B'..^..e......q.).......4..)%L.
dv.2D%....4-.7..../..tFe..G.*agE>....ADZ....J...d..=.....#.....Ifm{
....h............c05..EQMK....Q..\...'..0Fs.....r...L.ny".sDL.O...|a..
.cP'.>{ ..2......T...>Ne.1.W.q!..k......zr.........B..:`./......
...<z..6.^.X........aG.>...%.P.G.b....ISH..-..qT..............N.
.....fG.9.5.....P)..[Y..;..a.,...D..~?..4W8%...,J....m.4...,.<;pX.&
lt;H.. .JO.....M..M..f..`.=.............<{..u..X...c...f....4r.....
.W Y-...J.....jE..o.3...._...X..a.1.-BS..fP.F.....uu....4....z..)\=..U
.....V...Q.AN$..3.,B........g.... ..?...(...3<..p.r..]....^..Z.O .z
..T..&t.q. .....$...cY...."..|.:...H.<`..6'.]N...v!#.k.b.e)&.......
 .........X...i..7./.....\e). o<.#L..T....NW.h.......Cr..u.XX...jD.
]..J...B.p:...k...Vy.l".Z..h....p"_../y.3jx..N..::..>..%.....}a.N..
....B......{J.7....W.G..1.3..u.Z.J.. ...ms..m...W.v..{..C.].).v'.....,
8.ah.....D.&.pM=..QL^vX. d...F.izy}s...2...B....Asnr..L.K d^.bR #.\.e.
...B..o..k..Z}........t..v.n......d[.t@C.d...e....[..:.O.......)1x..g6
G.k.4d.....k...j.Y,...;Mv. P...o......M<...g.....8 .r......X...[ .m
.).`........x.9..[o..;...ef{]..B...M.&a......D7?V....r........$... \..
Bn#..2?Kt...... .2..<....yg...l..A..9..@Upsi.7....Q.... Z...PT.....
..)...u.x..t.D$..v8...O.......$.4f.q..s.s...e6.....s:q..t.s}....(.
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=7340032-7864319
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVm1B9TA8qLAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 7340032-7864319/20700512
..Y...Q#.o...,j.'p.}....H.#q...Z..MP.....N.B...5zS...E.5.#.......0M?..
/.Y..g....g.Rl.A...eR.cK....?...J....t.............l.(..U.....N.!{..C.
.==......w.U....{J...7..v....[.{..!..z.G.\:2.<.0..o.h-U..V.`.;3A..m
...W......n...`.r....5...}..LZ.B..2KC~.%.......... ....Q.A...<y.., 
i..Lt.....t.b..`.Q.....B/.u..x..`^3..s@.c..!t...2..Bp2Rm.:...$.......#
..o4 .a5..@,..........=.....D%j.F./.,...0]......\.L?i...Eh...hf<y._
f..V.......u8..I.=.7.....^..\..y&7....Q.......V..._7.a.L...,M..P;.....
.p...b.)...>t.<..i].....h....L.I.$.jL.........J.e**^.....F}.....
.P.L.......Q...x.b~...H......o6.V.\S.2|..Q4..q.}=[..P....L......i.M[".
..f..tcL........E...s.e#.....H/\.......2}....'...f.em...B..p........s.
...eum...> $.....O..9.M.(,6..:......#.........B.r.....,........$...
.....I....h..u[4.-..9..~l.....H*.c..\.i..UpV..9S.0... ....w.Ji....I6..
U.....-.....x.1..;.rkY(.F.....&....K..L..=`.,d5#.9C...bP..c........'. 
.fK.....aafUw|.H..F.R.2R#m..YZ _z.....)......y...|.<...y.X.h.8..a0(
.2.....$... ...U.%S../.....Z.z..F...2q.c........\d.c.......y.....{....
......H.fC.....m?..vVAJ.r@...P..L...D........i%.....~7,O..pN....t....d
S)..!.U.../.!Yu.jK.X..m#9..R..k1.<.W.2..(8.<1j.9,7.......RP.....
H....e.4.......QT.....l...E..1R....@..P.M..t$.PI.)...l5r..yW...c..@..5
h...x...V.DK....{...3......~..t.|....=.*..ZV..........*..d......!.2...
.....3...tK...........8>..J.`.3....4.{#.#.Z...0h..L..w7A.r.?:.1....
.O...X...<u..&.F&ou.M..:.j$...J.N....J........Qq..y......|`.....W!.
.7..2...-.t<....C..ds._F..>.M...w..VR.=k...:q...S..9Y.......
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=8912896-9437183
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:42 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMZplB9fA F7Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 8912896-9437183/20700512
=u.<n...7..Y...T....F...J.Pd...=G~j;.$...._.....l<.h...'......./
....W;..o....!0.Y.Uc!..........M.w.p..n`.......z.A~..#.L.z:.......=...
..../.E{kFiy$...:...L.\......|S)......&....Q=..ky.j.\!..._.W.5.`...N.f
...[T...?.h..>...|V...... ..!..}...".....6....I...L..*N.j.&jV....).
A)L...HalqR[?f...q..R.........C%.?F.}..X..6|.I.5...Jvy...w1.......T.D}
l.d.#...@L.Cp=..U.!.4c......-L.....z`}...-9.b=[.QG..;.]f.XX.....#..u.'
...4.......9l.01..Xqs.(.......T,.vH.-...a./..........(.."o.......t....
.,..Pl.D..*..^...j;f.".....>&8..j.b...!..:.}..R..D.}\...gD .......&
gt;....~..c..O.cW..a.RR.7....`...H...w,_. b....pQ'..N.6..?..rk.J..`..E
..U..z.......y..{.......*k-.."4.k.{..D.G)..`s...p..c"..~...B.........!
..[[.6"....(......w....x'.J.D..-.IN.0.nc..Y=...X.O........dh...p. ymTp
....x.......qt.j7NKx...qb"..s...'K....<.51...k.).j..(......Q.5L...N
.I.......`....W.;....q......*j!........T..Q.T....Qi(.....5......6'\.k.
.Q....K./gS..Z...@V[.#.l.o.V..?....1e.>.*-..o..J..?.,..b...v5e.....
..&$.hlY...g..........Kp... ./...F.....v....>....F......h}....p_...
lM......8j*H.S.......A....B. *V..:...J....Yq......:.y3..3..p..."J.9.~L
)^N.....j..u..Aq.J..#..hce.......@...e....zK....,..#VA.1iA pv...N...^a
38`<..e..j..^...A.....*..$.d....#."..gX.TnYwQ....R#r}...j.}W......q
.5.{.\.b......)gd..!.E..~..7|....Su......3..p.n..;...N..|..%.[.U...T..
.2...%.#....s..]o....YxGW....ZQ.|.z|...M.e..p4f..R.....B.N.......T..;.
..z.-.....j..(H.-.).d.....R..r@...../n.(........a1....WN.2~xT\(.......
...A.."..V...L..G......r.x..hO(6r ..e'.."..n.s.tA.2....QMt(.O.....
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=10485760-11010047
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:42 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMZIZh8fA9eDAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 10485760-11010047/20700512
..PW.7..|..........L.....q....H.l.k:..e.5.`<...R[C...,..oUP;.......
..Cb.R.H:,.......s.x.....thT".\.}.......".....$...D..)...We.K....'g.? 
...wZ..1.YLv......E.f.H........B3a=._..-....p.]..N.F.2.........@..g.M.
..e...%5P...$..#.:.n...pX....Q.W3c*.8....rp:.c.U...q.rYe.1. {P.xn ..2"
.`;.>..P$..wU.Z...;....6...p..."..@@Mu....J....l.Xz...B...f|n......
.\.SahH...J.[.4.......P.*I....,.7x.AW.3$#.......~.T.>..G. .8`...1..
S...uJ ..?c..t.Qp.....Q...mA.,/.GYo......->.A[.s;#<..<..W.s.@
).O.....8.{.........dK..h..r..Y..>...2W....U[..vz c'.Yk..?i. .....F
XD&....&.[W.../o.. .A^..}.R.x.w.Z[..O D........Y........G~65`.@W*N{!..
Os......c...j.......9O..( R...\...._[Bp[I.K|GM..... ....G..-....T.F.L"
.?..W.......s,q....DK......_E=RN..."#F..h.9..&.-..'.r....C...?...b.>
;..u|).....D........i...#.e.....Q.n...EV>.-].C...!...s.l|...T..E...
8A.|f.D...1..Q2.e.....Sv.5...P....d....L.a.td..._....|^.h....!.....F]h
.|.!.x.ak..}q....G5|B..f..........u*y...p.T.:...V.X> NaP....{....8.
.9?....!i..F....dr*.Q@0P.I.~{z.(...:.....~..x.'=..%..:..%... .........
.z.......s#..:.9......!%I=..~r..@t\.3..o...>....{.B....t...I.......
A9..K$K..^.RW..K.1#....x\..d.-..q..V1........^...............Z~.....J.
.i.%)...}.......3....}....m]..._..u.&8. ...x....a..\..U).|<].....I8
..5~.D]...$.T.;_.....[..B.?...7.S.5.....iH)...y:\zQ`.a..v.............
.Z......c.O.T........e..R...b.$)#J. .....x*g39_._.z*>.g#.}[j..7L.; 
utI.....Y.A.@W....0..O.......mB.........x...g.y...j<.I....i....|...
...nUu........s.g-].f..4..q..I..U.$.)J`..5,#..U.....@..<Uf..T[.
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=13107200-13631487
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader



.!..n.{.....XbDZ..7...r..3.8....2.s..Z9..g.I............u..7.......3..
.A....D..'.../.D...o!.H..t].../...DaO.e..7B....Tu......M...so3U:...~=.
<.e,......E..%Q.J6[u.....A..*.|[......g.?..Q.G.<E..r......M..j.&
gt;...mC...~.~.e....0.&...h........4$.q.. ..#C.D..~5.$R...A....9.0....
....e5.....J....!`.N4Yl.D...7.<.v..$...|g?.E'T.B{.v..7.............
!.j^H....y..o ........J....>...JHz#k..VRD.(.h).*~.....G..-.B.....Z;
..J...AN._6......J......e..r0.K....oD..,...<ZTcPEdY...x.|.d...D...O
....X.0k....c.?.{.'....*...Z........F...S4.3.0...a......3f..wz......*.
6...*.|.A.|,d.R...(.)..7....b..&./`.T...../!...^k.. .^..1e. v...,.....
n.e...y.....(.Fz^.....;...kBaC.......R..E..=3.q.SD..{..'.".An.Zl.{Y.p.
....5c...>v..mQ;zK.x.o...P...n.y.....U.....`..P..0..m]k.9(j.U'5....
.#.)...]...P....%Z...{.....]>.9.e...\0/...D.:..4../....M..$..R.j{..
.f...J.y9M.B.R.;{..d.H$..L.Q.:6s.......\#....3... t_.5p.Ek..f..VA.t&..
...T30..q.....l.W.........&.B"..S:....EQ#........P..b&Nk3...#...2....f
O.l....2sG.../{..?"............n....*....NKUu. &......o........."z..9.
39..&....5/.b...6....0K......;.._.n.....h...r..z:.K?..M.]0s.....mi...S
\:.6x.....nD.....U.~..%N........ 7z*g.h(Q.2m.....}.e...;ip......&E.k!(
\..:&d..u......7[.w@1M&B..g........p@G..x!..3..a..-...F1=..*?.../..W..
.....A.Y"..|.X...D.i._I..O..Uzx.......#.."..W......!...=..&.#a...F`..V
.......1[.....:.A$.iZJ|...S...70._.H..VP.].s..".pTHH.Z....B...J.j.....
X.6Rm........Qp`..c\9.c.9..3I.^....3z...~9/...F...~Kk...x.......*....e
5.h.9.D:.~A..(q....e|..\L..l/..R"x.......\.{.w..i.....Sa.-..h..:A.
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=18874368-19398655
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:44 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMhIZh8fA9esAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 18874368-19398655/20700512
!....3.)..C.8.d..A.W..=U(k]..@...[>.4....n..-...R.k...'...{WC...Uf.
.._.M.F!.B.W/.a3...|k..C$.~.*....C..t.5....W.58....i...u.l.}...#b..V.c
=.... mE.9.......ZM..{.X.:t.g.....a.[...>.l...H.&Fn!..Y..v..... .2.
......t...9.M$.@(.I.K..W.s.`.K.}..u..B.%.}...^.a..........i..[`..s.1Z.
gZ.w.....@....$:ZX.......e.2..............*...<.....(....[.6G.{....
ylh..r..61'Pw....5....y..7..e. ,~7.....O...g>....<...."...n..G..
.U.Wv&..hu.no..^./....F.G.....................L...j..o...m.#.A..G....X
......lC.6.:.....$p..B.~.(7\.j|.[....!.....L.#..TQ..(...*X,.~..L..b.. 
..kbK.".K..=3.}j./._.~}s2.........V......n.d..N.wq.y..:..!z.fHz..2...y
....y...ct...>C.............z.....VS ?..k.......\..9!n....G.l..*2..
S..&S....}.p.Y.@.SZj..'S.sQ...$...o...K..!.......p.,".~.........!.@l.~
....h.....q.s..G{..sH....,k.3.`..d.C.^..^.w.q.............Ve.-4-..e...
S..q*....^.._.2=...?.\iS........@&..DY.&l.{.../4....#".=J...n.=..j....
B....'3.]."..g.JB...I.....F.R.|....>.o..i.....i...T..:#.~...C...KJU
.:............{.-.G.....t....L..G..-c].#b.[.Q.^.k.i...K...Y.......:Q'.
R.4.t@.......^O........5..v.....y....~ 4{VP.s`...S......u.....)..~J..&
gt;0 ].m0.bw.6...e..r........zS.D....&a...=y...-............h.^. .A...
9.....J....W..".. F8u0]9A.^"... .h..!...o.......i7.......$.9..?..).p..
...TIG..X.s!58..";..."gQ.z..,j..K......<..}zM..... ...W.}.....\N.#.
...z..?\.......!R..Wd..8..`L.k)..W..(.1.NL-.^.Y...]'....g`c...]...w..%
O...D....MbAAr .@..,.Lz~.....0...^..;3@..3.Fz.J.O..M..~.G.....K..z....
...V.E..[\.9x.._....  ....WM...D...WQ..........VV....2...~..A....K
<<< skipped >>>


GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=3145728-3670015
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA FyAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 3145728-3670015/20700512
.....G.X...z... ...vC#h.g..1{.S.....1...".Sz.V.Z.....X.......H..94&...
H.....%....&.G.../.]`....x.N.......<...|.....tS.....'...nY....=V...
.Y.y..8.....L....S.bcwB.9Ko.S<^}..w..=.............Z .K.HE.8~..H...
D..?O...........c.o.. .K.......It..UHqg...}.._.[}-B...iG...}i....m.-..
....d...Z..........p.a.w..,...6&....Y.......}y..l..VbWS..4h.Q.J.......
w...`..A)..3.?..vx7hd>........hSH5*.T.Z..I..8.pe......m...%.....}..
...h..c#.A.nU..?..{!...J..H...`..[..z..e...x...._..m.0...D(,...2I.....
.......~.I^.<....*. M`..mL'.s..].6...".[.q..3.Ig..Y......`..V{.1...
....y...p/........\?\....X.......  .O.f.t.....6.Zd...=8i...Z2.W;...}a.
...IvJT.g.q.0.O.p[.`..gP.{.*...`.....H........D5..,........,3...v ...r
....O.2..A..R.f..........e.........%..Z..I..........n....]l-..@.'.r...
...O...<.L .G.D..n.6........$....;..seq....6..N..( .......[..3].R.(
.B.n..~...8....C.@_..6[.c.m;6.....^....Tw...d....YOp.X&.....J@%.......
.B...j(......J.n..v:.%H.m.v..,....n.....R.......!.0.....^...'7AR;.r%..
8..............xK.........l.....~m..mH..q........-/o......N......"..o&
%h; ..!.s.2....Sd.0...........2.d..~t..=.(w-.C..o38a>..7.....N.....
....{.U.......|W...J.je.X|..:..p......?._..q..5.g..<.VY`...{Uw.).Vh
.8eW.Vye.6>.g.s.%.....1..w6,......(...g......6.#.......x.^4|.......
B%.......L.....s.......;.m.........df.......*.,.....8qgQ.N.J^1.S..X.M.
.-.&.1[.m.n_i..{!......R.DE...n]*~.B.2.....5h.....I..H.Zt:..5R...I-^Ot
L.% .U"kB...M.b....A....B..y.`2.j.H}q^... .....\c."....uReK^..-..6..r.
.G..({....V.,5..#.V!x...?Y.....D.7.....m p.Z.....I.^H.:..f ....{.d
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=16777216-17301503
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:43 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMdIZh8fA9eVAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 16777216-17301503/20700512
.?....lMJ&._X^LX.|...<.r#5.'."0.O..i....R....%...w._.. @l=jl/=..6..
....p.k....i../d1.25.%.#.@].J..i.(......L..)...ws....\Z.X......R"z....
.... ..`.....[*P.. ]m.Ci<..M.V.N...7......6.q......l.`..4Lt-x..Q.1.
.,...6...-..2.C.*.Ek..sY...r.`X....$...Gwk-.0....g. ....;...=9.....'..
G..C..GXP`...te....=....D..d.../..&4;..u..%.a:yL....C..m...)K...^....x
..t...8}`...\e........M.Ao...:T..D.#.X...;;...G....Hh.x9..g....7Y..'d(
Zr....X.uii...u...(.....D.....Jh.."...FT..[..].(...k.@.g\l....p.z_O...
yd..W......o....'....2f...D.]T.#.l7.........us.to.5e.C..0..{.%$....E&g
t;.Y<?..y....f.........R..r6...uwD5..k&.....9....=h.B.!.5.....*C...
...[..J..c....f.A&...............V(..(._.....a|.k....#P#...~.d&.o.gl.L
`.Dbo. .....G$ld.O..,0......q..x..YTc..d..F...S.&.......v...=.96.)H..Z
..y...T.....%......../...Rk[......cD1...2R......Hj......u....E5.Qb..,.
6....p#..= ..F4~.$'.....?..l}..Iq..d...tz........M..... .r.v.....4..%Y
n...:..X..n.....e....Q.z...z..X...`.|/..Y...bHZ .s...@2A...MLP....@.\.
....8w.P....W.Bdue9Rf.P~!.... ..y..Z.D..5]q..3.".;...t`%.Wi..q..>].
..J...A?..........By)5.V.b$...,.@"......d3W.={I....U{........<.....
... .*w....0....Xw..ZT3e.cq......NNN.|.A3....|3..e.....$2..0I.2....v..
_.......}..8....N_...T.u"..%..:.TC... B.......#m............K.x....H..
.._.......f4._.*.:.x..^......V.l. X.(/.k.....@..3<..%...........N..
..7%F-?b...j.s.3B^...M.....HP.H......\y7.#....m..3..'...].x...F.....=/
....P.:...(./K......."........clP..Juz.n|R.!s3F...K|./7.Gi...9......9.
.I.P.N.......e2..RI...y....A.n.A.`......t.!R.....b^.%.5!..9..Y.;.4
<<< skipped >>>


GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=5242880-5767167
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA F4Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 5242880-5767167/20700512
....O.A=..a..l..E..)......t..2N.x S'N.....v..\.s.K.........x..>_...
..(b..<Nb,50gC.....h.R....g|W..i....4...... i.u...}\8x.w..d..2w...4
...i[V.!.|k.&.......;.....;.zQ.C....e.....kn.....:.-*..b.2T...&.......
}-n...#..&h...1..o.w....az........|.\3Y..U..........k..e..8....|h?Y...
9.....O)4.y...R$.P......!6K.jC.1l..M...p[[.m...........=.3...\a.. Y..:
.....3.(Y..[....0.........y.YL....D...e...Yp.0)..!|...rC.^kt..}.c(. ..
..'.\..0..... =......B....bq....p.@M..&N..e...ll.M.K.....4....r.1nq..Q
(q...^.U...$?/..`.A....r.@.s.:JZ,.. ..e..}d.V.....:.......1...1uDac...
..k..-..H..,%.p.@.9.a..|...!.P..t....v.Y..`.GQ8t@_.Hu@..}....K ....zM.
<..e.:..Z..mN.v....f....IHR.K..n;.".?k.N....*.p.%....!.w.[.....|Q..
.....w....m..2.|....".}a...%.B.e.h,.8......e.`#8.t.s(.b..3 9r.2.).3...
7y.|?.".].1jL.p.UZ.dpY...,..8y...4....h6.k.R....\CZ...G...)8..d.}...C.
..[..,./.....2...oo9....,..].Q............../i.".tJ...y..F.f.x..*\%...
..Y..V..O.T.v.(c....,..^...V......K...;....q.........D....ff.4.io.... 
.&<8.P...f.....8........[.....]/.f.f|...).....`..P..)....;Jy...y6..
0C.E..b..5(...g.W7`.I.....Z.....G.v.ZV............/.-E.$..G...`6...J..
..<...Q.z ......l^ZU......y...p2_PU..{K/I..t..V}7.<T......c.....
.rHN.l.9.6.....;.....ey..9.{(..m........./.h&.4{]x..9..~n..q..7....|.k
.Q....M!D..^..R.J..?ZH.Oz:.....6H..........K&6<. ..s......={h.EU ?w
.p...b... .b..PD....4...,..M&gd.u .]..2".....z..`u.....r..Yf..-...2..K
bsGH..ueYVU...i.]$.......<.......~..`.$HQ....?.j.I.\.\H;....f......
..p.$...{..e...n;V39v..X.d....;.,....c....-}m.kxP..2.d.{........M.
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=17301504-17825791
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:43 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMdIZh8fA9ekAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 17301504-17825791/20700512
F..{.h.|......).....C..T.u.0.*...}*.....~H..5k...4.e..g.i.k.......#~.b
.:WUw.R....n.9{.A1.5.}..)E#.jx.]W......"RX*...:=.QY#.%8.4...18.zg.....
..[*....]._........^V#6I=..N.............4P..Cae.........h6s..M....I.m
...j..W.5.t..7...-......k.W.Z..7..Ml7..I..r^..m...A.%.,...S......5..I.
.o......,.1.....>...N......:).....coJ......p.k......i.$...i.. &}..|
M.kxn........b.Ir(.#...Y}..]v....J1..|Y...\...DO .._....AOA7.....=....
..e..X. ,'.pV.....v<z.....1|.}3.......X...H....3..=?...i.k....=.m..
..<.(_..m..o...V!....|1...n.&.....q..hl..r...d%..P."...{.c,........
Lt?2.y....[...V..c0...~.nYa.y...3_R#L..........5....1 ..._Z....Ms7..j.
"..m. ..2?...M.x8..^9..g..o...<j...ur.4n;P..?.3A.Tu(.v..._:......).
.A...].V..-.yj.....H...b....mE:.-..../`R. .... Q.&#....H.....e......`S
y4...~W.*hZ..&JC.4).*^..q.$.B....Q..p:.........S..L.Q........~~.0..;..
L....~...(.....E.#.......N4.......}..%VT.........G..........`(..yZ.:R.
g..Zphs.....`.&..AP#"F...Lx.........A.....2....J0.A.&.#'...g.....i...E
.Z~..8.....9..............d....,tra.2s...ouo3..|e.e..H.0"f9....yG18,h\
.K`...`yY.......8.s.B...r*I..z1.k.....}.TP^..Y....Vj....d...)...|.f ..
 .=P.....of..C....%].?.hv._2....3p.%.D.eAY.r.W.Z.....3..T......r`G0d..
Xr..n...%4..t.........J.... .Nq..WF......WKJ.....@. .I.[.1`.....tV.b..
.P^.......8...d..c.....~$.*Q..*..54.Udk.`....:.i.BI./.y.........^>.
@...@.>.a.6....7....6......> ..@...$Z...." ...1.9E.I.^..?.......
.8.........rJ..-.l."....r.TG.y.f..... ..?X..}.bb....:......(!Y..-^',.\
...?.L'T... ..{.<.].'...iT.....=.R...9_..[......|!pvRz.\.,g.Eb(
<<< skipped >>>


GET /static/resources/ui/js/pipcore-min.js?vers=1124 HTTP/1.1
Accept: */*
Referer: hXXp://ak.pipoffers.apnpartners.com/static/resources/ui/html/orchestrator1.html?PIPPID=NDV&PTBPartnerID=NDV-SP&STBPartnerID=&tbType=vanilla&version=2.9.1.0&AntiCache=25544
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8o DAV/2 mod_jk/1.2.32
Last-Modified: Thu, 04 Dec 2014 02:25:38 GMT
ETag: "18001-fe23-5095aad044c80"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 14120
Content-Type: application/javascript
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:01 GMT
Connection: keep-alive
...........}k[...._q..'..V..h...\)....@.V...-.K........~ft..k..}.>.
.!6.4.F...h4.S..1'.........(.(..O.?..{...u...x.m]].{......>.....R.6
.....;.k...n......j....//M......\................~........<.R..LE.e
......Y..ww.....:...tLC..3....Cu.r.%.|$dj......3.k....,..1U.....y.kw..
......:....tV4.a......X......}Q....c..M=k)..|i:ss).~,f.c:.S........=..
Rc...&.dce.;.Q/.]...6Yh...n.Q)]=..I..:1..-.3./.......r...tS.!..1....{.
.7.....{......\.....[H...r._....^...|..-M}....o{..Q._.$.,....O..M..{..
.*...#..{?V...L..wG...l.<>..F.31.........h....C6~l|...W!.%].....
...?J.K.CRg@...d..6..d...`.~bX.l-.C@n..#...,..`X..{.M...w..j.......{D_
.\..8.T@..........X........?-@.d..h8....v$6......O.......i)...p.9./..5
...0kW......c_......_................:.....J0-=x4.......(I..H.s...|6.W
......{N....Y.E..Z...E.....W...:.&..X......$'.U|..h..J"....4....kr."d.
....2.....[....C7M...W0Q..$..3...I?3N........v..x.....o..>o.T..|.m.
U"^<h@..T..u...........=.|/....*....y.f-.HqJ.....T>..#-..?4.;K..
..t.%p..4......@n.]...-....F..1\.....;....b......8..7.......-.s..K....
.....M..i;.9\...A..T. .Vh...$....1...P@.O.d.~|Ha. ....I..z.....?}p-].u
.[.y8sA.y8...,L..C.Y$..g..........0:.(.c.X..OcX.Q.f.0...f.F|....\m.Om.
.. ..r\.>.,.Q..D.D.......*&.j...p.....B.{Mc.. A..|.....*..C.!.P%.b.
.1...TD...ceX (.8 ......._....6..:^.A.I.I...Q<.=...g.S....u...b1q`.
...........`.Y[<..;....p..u.J.U.T*.TJk..$.~..7a.z.&{.7.vz.7......`.
..9..^.'#..\.... rz3.1."..T2.C...T .D3.. P.G.......R.z.......a....nW..
..p..[.Z!...%.z...s....FoLDz.......:...J...*/.j.*..". A.WR....H2..
<<< skipped >>>

GET /static/partners/NDV/images/IEPrimary-ext.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sat, 28 Jun 2014 08:30:57 GMT
ETag: "921f4-2818-4fce13eb91240"
Accept-Ranges: bytes
Content-Length: 10264
Content-Type: image/png
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:01 GMT
Connection: keep-alive
.PNG........IHDR.......:.....1..8....PLTE.........\..hil......B..P....
.g.. St....N....k........p..-......OH.........Sj.......T..(......w....
:..z.....~..5v...F...SRT......o...................r...(k..............
...........O.....=..................S................:...........v....
.].......p.....w...................z........}.Lu....#.....>......3V
...".....".....b...........79;.................5......6..w..b..k......
.....u.................-../.....*..?..&.................-..9......o...
....h........Z..................w................>..*..%..J!*.D8...
n........&...i..k\...W..............M............<....1...........A
...... "<W......./J..........Z...................................m.
.............J\w........................~.............................
!l.....u..................n.....K............!x...|GYP...$.IDATx...Ok"
...q..M....LD.E(.M...`...V.JB.w*...U.........S&v....-...P.b.].....3.Y.
 O.~..:...L2\............S..8~.....Y..v.g......M./.>9..o_....fS.J.R
.U..c.g.......}...."....Gg.f........-.{ ..Z6.t<?.'=...........G...-
.".G...A>./e.[....Ij#.....|....Cq[..p:.f..0..uS.. ~..\g.L......s...
.I..G#.a.).;...n.....S...^......A.1..........X.%f..A.)t..p..#.`0...l..
...>...."..9.7.....? ....mq.0G."8........:....;....8...."......m.:.
7......{1'.....U..:[.Mt.{z..t...rv>..S|...mqs#7..m9.[k...q..S4..R..
!.P.X.^.f....m.zB.....}qr.8.Z..>.?..y..?X?.o.O ....npyE..#.... .W.s
W...1...e.....ssY.,.m.....gW..8...W.N.n...."..~.Y..Ju.".. .)..qq6.....
..DZnp1.L:...o........z........1...,....:..0X.B.9..M./"v....C.....
<<< skipped >>>

GET /static/partners/NDV/scrolltext.xml HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
Last-Modified: Sat, 19 Jul 2014 00:24:03 GMT
ETag: "5c652-609b-4fe80e419aec0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8789
Content-Type: application/xml
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:01 GMT
Connection: keep-alive
...........\[s.H.~.....~i;B.]5=.=./K.U...n.].G!.P...]......%S)..g.6b_.
...'O..w...dh.......F....q.~6..?x4.S\}...?-.ie.6......Y..uZ.f...CeKs.&
6...oJkw6.......*21.e S....M%c..X...1]2..'..2 .d.boWf.b.......h...Ed..
..)Js.Tx6.Y..9..x...g.Wu.e....`..Av...bf...V3.k.R......)5?`.z....._S..
.........L.d...k.."[.%.)7.|....o........,... s:7...\....q..G....[]..s.
...w."M....?..K........bU.;.s...i.b...... ....E........t.z..........h[
1d.......k.R4......1i..).R0[:......f.......C.SJ.....H-3~.....Z........
LsKdZ.Z.......!...A#~..-qfW.R...i.....{m..)m.6*^.?76'r.GB.8.l..C'.....
s.......qR.O.?K.....3.....7.G....HIW..B....<w.3.BZ.........*]......
.I9...;.....,.@L>r.,.>......n._....R.x.<.^..../...o5.uz..x#..
.y..!...-. pl.T..e...*.....Y7%_..&e.....M........Uv...$..zF.*.J..^.6..
...W{..{*q.........!.DHl.fY..5.mG.l..4.07yB..,.....7....J.......$.4..g
....V../X.4..:n.....l[..>.Xg.^o.FL........3....b.T.......#:.......:
......\........L...M.y............Ae^.>.....F.^'.t.*..s\..Y..S._%q^
u......6I.i.C.....U.Q.].|v....Ho.hQ/".<.Q5.Yv.t]g........d..[...lB.
CX.....E.lE"H..D.|..a..diXl.=.-..9.y..=sW.Z.....@,.....Oq...!..`.u..ps
....:Mz.....y..A...xY4....S......SgB.....B...Ix..Kz...X.gUa........./.
...Y.......,{.V.u...(.....k....W..'^..~.(t.;...6.{h...cW...Z.y..d.*..|
.....eJ.>....,...`.z.N._....'8./j..r.9...6F..."q=!....~........O...
.Sw.%[..u.-....E.#........J....$......]Z.@.F.IQ.... .~2jx...J.=......^
c.}vb.d.N...0{.*.u...A.o.....:"...X0......"3..f./...3<.@..u....7@K"
.....2;.q....B.....*..<../\...."..5.._...:^F..I..Q.b......V...!
<<< skipped >>>

GET /static/partners/NDV/images/CRPrimary-ext1.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 17 Sep 2014 05:35:11 GMT
ETag: "87a90-2528-5033c3b4741c0"
Accept-Ranges: bytes
Content-Length: 9512
Content-Type: image/png
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:01 GMT
Connection: keep-alive
.PNG........IHDR.......:.....1..8....PLTE...Z......z..<........[Q..
.....ca......yyy.....z.....2.......E9;.[....)9.....G.................0
N}\.........`........................O...........y....................
..............y.......................................................
.ghjy....................e................................NNN.........
..DJ..............{.............................r.......K............U
.*s.................W........:...n..........c........=l........Yw.....
................b.....m..::;....................H...............R.....
...y..........................6.................................=...3.
..........................ap....j..(.............x`.....(v. x.......I[
v..........."..l6.9......g....................q............OSf........
x..)B.............f m.........x.z........H.l 5..!.IDATx....n.H...m..W}
.........=..("CX.....(l..*.." l! EHm-.....N9.$=.r......). .....qCq.*T.
...@...o....Q....,.Y.u.*...........u.....J......B.S.7B=Q......z...2...
.o......./..-....!...>.........XOD..3:.?.#......./..@~'^.........;.
..I....2...(..Mg2]g~....:.......(......B..H..$q.N.....,H;6...hQ.......
.T...\.S.......T.<...A\.4....6F).h`......\...&.O.'.b.......I.. q^q.
..p..8....G.k.-.{.....2..r....<._.x.....J....P.`.........K..7.....r
~%..rC.gR.....\.W..P`..z..fk.9."..33.e.....qY*.`..Q.m...8w.q.).?....{.
..c.._.....C...%.?...... .....!b......B..1wk...6.......;..I9.\.o.....8
.=....z...).S.b.|.8N..v.T\L.z.C.I:.M..|&....3............an.....k..ul(
b...}.&...../......<..^.oF....x|..i.. ...q8....u.Gr............
<<< skipped >>>

GET /static/partners/NDV/images/install.ico HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C)
Host: ak.pipoffers.apnpartners.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 29 Aug 2012 18:08:44 GMT
ETag: "36009-364e-4c86b730b0300"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 9367
Content-Type: image/x-icon
Cache-Control: max-age=86400
Date: Fri, 15 May 2015 17:46:53 GMT
Connection: keep-alive
...........{w\....q..N...M.&}3.fu.i..=..v.8..8Nb;.c.....A..@B.@B.b....
....0 ....{.c...1...#pC.......w...s.{.=.....#.l.Mp..w.E.o.p')......G.Y
..C...O..p.&*.Z...0{ .SO.....v.u....f...........G....a..<..^....;`=
... 0p5..r#..IJ=A.. .&.E=..Y...;A.......S m.|....6......G.....5}..!.oX
.d=.n..X............u..5&t..vpr...........}....B..)8..9..:.....3.&.O..
0.q.....)K...X).........Jw.6.. <.auG...."...j|.eN.u.....cN.........
.)...B.......R..R...........8.....O.N%..E. .%C. ...t.)M.NU....!....1..
.....j.q..!...|........8..(.,.a=..K.......2Ro.H...L$.Rq=H .A%..EM44...
...-.BPJ.!.5.D.QP.I.|9..:R Z...E...<.)..V......F.....P ..S9.50A....
..MMB8.R..... ......6>..... ..s.`n/.U_.(.j..@.."..........t.......:
.`....T.i,.$..@ .......~........u.P.....A.C.79.h[.J...F%.5.......m .R.
L=..v h[..lU.R......4Jh..C....Nh..@...=....e..C7.z{`...........!3h..A?
1...6..3B........j....`.....4.LYal..V....9.3.'.g......t..?..(6f]..'.9.
....k.G...........g...#....dCj.k... [.z,...o.Q,=.O/.l.c..._..j#=!....n
....O}...S...>}W<..o.>?q..q...>.....[...O.;........{~..6.b
....'.....'~vK4.v7.....'..s.<..}......~....(.|.8.hD....|...v.......
aQ~.Z....'.......IIi.7....-......I....p..=.d(YJ...j<...7...........
...y........H.y.Z.Z.{........I.s...<...o..N}...y..7Q........\.o.j.L
.].oY........@R...I.^.....I.\.t..$.SR...Q..W..n.G[{..*..~'O...........
._....kx.m.P........ .`..__.Ck|=...o..a......../..QH.....e...y..'.o.~&
lt;.......6......O..mo......W......p4`7..|.{.{....p....u..<.~.A...8
...q.U`.~.b.....6Hs..........d......2....c..~.g...s.38.9.Q..x7...&
<<< skipped >>>


GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=4718592-5242879
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA FuAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 4718592-5242879/20700512
..)-..Y....,s.k......Gz`.....r.....d.... x.3K...B...:9......|........6
O.X.W....Pq..CK.....d..W4.e.@B..g...F.<..{.yH.G2J..%M.M........L..Q
..%..G?.&8).^.&KSo>./ s............. .7.[.]..Z.Cr.>$3 /r.h...@ ]
:>.'...=..&......d......yb..By.&.5 ...x.q2...M....{...2..=c.j.1.Znp
..._....My..R.{F6.P..!.....$....r'Ly?.Ht...m.~...$...i....Ec...p^1....
.j....>,.....:....B...B..k..[.9..M..Lg.._.e......O...._........3...
.5.<.kZ.y]...}.'.N`nl=.4C.%..`<r@.OU...s.1A....*.f.).$P|2......R
...w.....A.......!P....A....|......D8O.L.4...I.g..d..p...k...L..<..
..!|F...9).....Zw..42rE..#....Uc#t.T...>...}1.h.7:w.c..BX..T.....t.
k....A.t..r....^4um....O....ycE....n.....E%.Xd..(...O!.TQ....V..a.....
...<..........Y.....B:.u;.0e.1..L;~.7{ .~.)2y.......W.........$[.k.
...ry.{....T..fNX..#.{P.YC..5....*...........],c...;.mh...8..Z..9..(.T
......a....gn*m..'"........K.b..I;..Y.8....M.6L....Y.1.W..!.... ....V.
1z..*5o...2...5R.U..c;.j>.4....W}..{&U........K.jl....|.h.G..A.6Z.{
..%...k.$..f>...Y.....>.F4M....4o..}..Q......G....".....!.f.....
..!|.A.........4(...yF.-...V2.O...u1.....8...Z.S..^..:c...`q_.M...=..O
s.#v.ZM.`..1..l._.zj......x..(.sK.@.j..U.u.;.I...f?.n.H.f.@....Zo{....
.P5..:L;..j.Z....H.P..../...H7D.&.6.EcH.....J.u:2.7s P.]lt@c.....%w..3
.(9..!......_. ....a....M..(..w6. .d(k-.w.ij.m..8.<...w6I..u.G....Z
...I.8B.<.c.W/.....vj.j..~2f;..\.vF........O(<k.eE.;.0&Y.N./.g..
.l.w.q0.;.f.......(........aVh.v.*^....ZE...[...;....3...V .......3U.3
..d..\........Z.Yr..)...n...'.M..p.. .9.g..^(.....{.u.d...Hu..r.%C
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=6815744-7340031
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVm1B9TA8qKAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 6815744-7340031/20700512
5\.o.`.. .)09!....M,W"...t.D@.k..:..X...lU...43M...L..d..h..5.([...c..
..:_..y.......2..,A..%....W...WU..DV-..^......IT..\...u..'.Q?so.^e....
.f#.k....1..--.....A...5.5.......x@.....*...k....m.'.W=....:.....u>
..I...v ...1BS.-...K..8....-l.Pc.j........m<.9q..H.y%..{.h.. ......
.b......*..{.p..jDn.;.@.4.....ck7..P....-..W.@..&{.g..-..x..'..zB(._.1
.F...dEsv.3..g.5.[A...B..F... `...]..5m.]....'...W..d<...(Pm../..u.
 ...I#)....=!..6...~n9.2u...Cx|po........|..]..Hm.!!...~d.j.7d........
9.Z=..zE.@..p.-.2M9..'.p.....M..]..?r.C.\|.h..V...~.............I..0..
..m`.I...g.O.[....r.<..(.&....Gwv.$.A.,G.Pm...].b..... .{.N........
.&.$GI...PB\..>R.U'b..C...m.. {..U!8..<........PD@..2j.~-<<
;.!..3*..........TH2.F.,..............a....Kp.}...{..j_.co...Ip.......
n.C.....!t.QnH...=q.-3..V...<@.......7........H.......7..."..o.....
x..@I...2tY.o....A.Yf...n%.p........".`d%2.. e...0......~...._..FR....
ov~{....q...d..{...].......tCL...b:....e...Q<.......~.x....)...~...
=.'........6?O.s.{P.<.....P...Q..."..[0.......U.ua.G.7..z..9......"
C..%....w..64Kd..<9..L.L.s.d.w...q..]..3......"...8l...H#M.......h7
..........\\..(;WH....4.W..K.....W.....T.!.z.].N.....Jl4o.Q..@....e...
s......F.../1..7....'.rHb...3..hZv........<.Y.]...j.7.`BRu..>...
95.dC.o.......2......'^w....I.......L4.....t...g.Q.(7.S . . .Y......#.
.^...di......<...N?.\..".jp....P........E...1....j...}...T.L.C.^.,.
E.B..e..2...gSM...[S..~b...I...V.....%.{..u.Y...||............u..LG...
.q#.....&=7.:.....`.m....B.'C.9*voCR-4...@..b 6s..t7.".J.:=...:...
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=9437184-9961471
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:42 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMZIZh8fA9eAAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 9437184-9961471/20700512
P.F .yp.g2..t......3.oW...N...G_.6f<V.hU.7.h..{tt........;G....".o.
|..L1....}...Ti....,C.,y[..ss.A.&.^$.kf...........F..XT.}.o......a.%n.
o1N.3w......./,gv.3U.S#.....gSc.*..a.J.K..'0.Cm...K2.C6..t......r...o.
....B.6.f."1)....vuG..!`.bu.4..8...0T..Y.B....~7..8..O.q#(D......7$...
.....@.".{...Q......x.i...(.H)..t.{..t.E.x...<2LY..g..Lc.H....5.;.(
=.1Z...r....B.`......1.\r6!....;.F..=.F}..i!a...j...D...f..........n.R
.V`.ya.UwV..xq.K-.....G..CxC..4.A.l..=.`...\.g.....W4P^.}..[......Cv6.
.?.9.U,Z.z,..........b..O..]`....%%.@....F%X.....XO......%D.!......$..
B.5....@.3.) [.TF@?.&b_.:......c.\...~./.Q..=... .*X._. h. .5...[.|...
..FE.9..Y...C.w|KT..r.j..:.qCA...._.P...3....V.;.LQ.X..!B..1..<w..#
F....h...p.b.).....i.c.0.,....}v}q..6M.m........TT.p... 9../...d}.e.@.
..{ 1U.&,.qDV1.j..f.......V..........r#R.....,d"...KZ.q....H.....t".}s
.A....T.....s.5)k[t...z=..]J....:7....w..o:..M...m.....n.Gq.a.B.f9<
...E....K.......l.K..o.f...k.E..tZ......a-.V.....*............B..-P\Gi
.YE....}....p...U.....p7.`./..._....v6...'...3..}.jv.2.t.~k"..,..'!.;.
.`xb.P..Lc..E"a.j....../K..-..].N....D.A...r^B... . ..4..e...(.O.V....
.KLs....x....3.r..h..iz5.^. O......Z...LH"L...f.s..o68...5E....eler..0
]...m......H.......'`.......z..M....."..TaFP.......w..,...C.....U.P.#W
.-E@U....K..B.......e28.$.......P882.v.....C....Z..'z."o.|..-9k..7....
...S`K55..p....Vv........Q..8........oY].X[.a.S..AUc/.n%......*.!..^.9
.-.I5...V...Cc*y...W.l7.g....3.PH@....wz.w.`...~........6.#..G.i^..s..
br......GhhG ...0@...I_. L.....J_..nd.......0&.9..-TsgYMON.eY.!2..
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=11534336-12058623
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader



O....P.....y:bs...t.....MR.......i....;&..6.a..@C .9.i..w.......1.... 
^...N..8.........}..B}..yv..&r.....$zk...[XB.H;.....'Mg.p..P@M.*.U..}i
<.....p.9..c.}..?e.T.Z..K[.....D*f.[..Q..b3.L.....Q...>.mdR.....
..Pb...9.e.......(...%.....*{.....Tf..hD........tBK..o.CG;.#.>...o^
.....6....2YKk.4V.w.....o.~....=...i9=....U[.(i6.....T...#....J.PF.h].
[.n..$1w*.".(..I.t...]EQ...I......{.}N.....JD.w1.`K..fs._.C9.._.HM....
#... .C...Z..v....>...M................PV3.$.EY...L.....x..Y\3`N...
.L....*3....h.q.#.ow.[..-.M*0....ngZ..'o=.c..;m..$......G.]Q....X.d...
O...d.~3....K.....Y|..\. .E.NV...............b~.`...^......f...{R..d,.
...R.v.9Op....._t....1........4s.~9....>H.M..M...T..ip 9.q......T6.
..O.......b.a.4hi.K)B.`...o0RT...K....~ .R7B8..G&e...z....Y..G...:.R..
.. P.:.P.8....&fl..v.....A..H....De".. ...1.I..E..8....(.....)..PM..r3
....j#$...P...k.b...#y.:t..>......!.I\%....Y..o.........a.BK....^:.
........Z.U..@.V.J....U.......^.....~.........>...L.F..'...5..K0>
;..q..iPT.Ub.....5..a..|.h.5*TwR.%.W[..z..k...q........l@R. =`..e..!..
.GT.dt..p...Z.@.H-...O.........H.|5..y..7;.....H.(...)M..Vw...K.4.-.pf
...G2F..v..e.^..P........9P.x....fNe;.4..y.A3...c?..!.#.uxS.f.y%.'. Te
S.M....XXF.~..c.<..' . 'd!.....5.x...X.pv..O.....:[7..%Z....'.?.~.J
.$p.7..,.'.;...............Q....&!....vJ`.C...W&.....E...M...).2......
.Z~...<.<..<%k..8.....r...B..GL ..&..pB^ahr.z. #...sy.....~..
..d.b...Hw.:y.S...z.h..{.w.....).....D..#.M.1.R....&... .l..*5......BI
.&......0.5.x..D...P.......`M........<FUW.......fJoS..%ph...B.q
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=13631488-14155775
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=15728640-16252927
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:43 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMdTmR84A JGAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 15728640-16252927/20700512
...}n....7.e...;....W....Z...G.....SS.E....q......#......`a.q....<.
1U.\i.d,"}.m($..'./.]........W..=I....B./.....R[.Brsho..6...r...b.67,.
.E..g..Uz....&o"..9..].....3jy.^...._g7.5p.rl!...6.S.A....jv.7U8...&.)
x..F....j.})=...s.....S!q...D#zhK....FN..&.......<.....]|.....h.(..
...VOY..&....:..@../-.......N..'..o....!...2&...-..0.Z#i..:0..Si.nWyz.
.e.1.....8."..r(YRA..X..@...'.....*.v..u....Mj...vX..$WhK...e` 6y.....
.k..i3..l.....R...l..C)...azo.is.a.R....u.$A.L.$.3./=...)....5...z..(?
.J ..ly.9lU..Q....`.)..{...B......A..l..d^.s....b6.....*y...[E. ...%d.
./8).b....(..{.)'K,8-Z.....=]V[.o,..qs.W...z..N.....74I.i.. .VK..R?...
<.X......{m.n...S.'..A........^....Q"KhB..KC....ws.....Ey..&y7.]>
;..A..?9...^...gUl....d...w0.......Jo\M....k.......e..<..P.H...`...
.\i....6)}...........}e.......*Q..~m...1..B.uyHC.I.vA..RU.\.A..|.....R
.8.g..E..._.B..c%.t....{.2~........}..7z.......?w.O..eS..........S....
y.).H)..3.3.9#....?*...'...qn..7.P*_...q...G....0..HA.w.X..C ........E
.....o...v...@B:..B.......c.......t.....E..w...~L......l...C.|.. F...#
k.......[...j..Y.......KE]A..u{.Y.b....c...#D..gQu....".s.S.....T..}D.
N:<..kr.Z..h....h......C.n....u..o.........7p..I|9o.K..,../....45we
.3.....k,.>.....<...R.........7...<........}..x...J..Df.@...l
l...u/.'.Ci..i.d...n........^w.L..d.abY..%...j.l.o..!.X..~.,>5..s._
.....j.6$..g:4p..."&U......'....o#Y...(....!%.._..Y_..d9..7.e........g
!....x...#...4y........p.M.[.T..>....Z>c....."S.....#Q\U.-.x...U
!;.=..kP..M.. ......Kz...[....O.....i...QZ...O.......L.'.G.....[."
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=17825792-18350079
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:43 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMdIZh8fA9emAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 17825792-18350079/20700512
.......I6.....}1.T0...nQ..0Y,Dp.X....c.J.7..q...sV...V..~.....>.|..
.w...s%...>,...Z........%.#....Z..l. ....8Zf.b..... .^U..C.$.>K.
W(.b8V.....z.@..Md......1.4H.."4)f_....].*1~=.X...j..b(.......y.Bu....
p...#.V...8....yLiC.T.E^"..1....i.......w..[....P.IY..Hwe,*$..w.%.....
....^.......g..#.y.x......y....%.`............t.`.^}V.\..0..wc.=./i...
. ?v[J...0.........a..<..:... R#.o_.'.(.... P.r......Y....X.....y..
.<..n.mS..hB_. . ...<...o..b.................u......F....E...;..
H..6...~?...p0..'7....l.a..6T2.HY..^I..A.(......?.^...pQ.3.......D.X..
..........zK.H...b..c..a........%O..e...c.....v..C".[W...4U.=.o..@..:L
..:#..)&.....n.b`.4\K.Q.l.dgJ...})b.i....y..._\...k.ar`.W..8..6Q.i....
6.5;..FK........`m.].cMmE..UO..e..k..;a}(..0J..X..........=5....H.k...
......e^F.....wd.8..... .`.OB."abI[..5@....U..../bTG...O....f8...t..;.
 .D.|.....c.W.A.|j.b^A^....Nf./27.........aT\.q.....uQ.....Y.......q..
.[*..c..".....H....;.G.k........U.M.'.BXda....i\....C0AS....5....6....
.Q.t..I...d....e.5....O.j...*._..\'.g.y}3*......n..e..=...3.Ma>C.f.
.......pqc...9..W...-...q.\M@[..K?.(.....%.....a.6....~Y.$n..N....Ot..
6@o...\R.Sq.F.`u.b.......q#..8US...3~Z~|xu.<.F..p.W.W.q...)......0.
...q5Q..WHY/..r..`....!].'.a..]{.........S..%..3.:.....{S^.H...R......
.....d.4.&..V.\7..C.<.....7...&..............0.oeu......4$R_(u.....
...#.Y.NR....k.:.......I......C....(d.M..=.?...[I;..V]..{..XXp.\.H.M..
.x..w4......uE......o....T...'.....S.Z.>*....-.r..R.<..c.%.3..v.
^......@.....9.X."T.n8O?j...$;.$$...l.n.-;4...Wv....r......_!.....
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=19398656-19922943
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader



...(...........6.....6:...%n.g......[w...lr.........U`e...9[...E..R...
I.#?.....L......J..d...A..,.]......:..a-r).x..i..S...v..Z....)...z^...
W...MG..:..w&../.'......@ ....[O.c....n.i.]%9."J$.T.i.....q...2..y....
....SL8......)..v...7.....nL...!}U) ...,....j..1z.......Jg......]..P.I
^>......g.....a$.k8....0...S\8=..<....n...ht..../...}.M...6.p..@
.V.!.....I....2...y.bawYxRZ...8G>`.p..>..R..J>u,t.....S^v...p
m.....W.>Z.?-&P...C..A1.<!.]..........!......H.R3`.@,. .=7. ..Y.
x.j....~.d;R....@.8...;{......C.Kh..I........nd\.Z.@.i.x....l>.....
.O.o......c3...<..../t.e../.......$ ...:.C....N.].".E|m3..9....=...
.#L...`6.%..l..,.7..a.{..?.L..2.>.c.I.........ac..R...........<.
.......Z.>.G.......).S.VB.1......{.h ...GR..:...w.!...J.E.....e...}
...1WZ..W[.K..N.._...J...[z.D...q.....N...(,f`.f...n..t*....~7/....s=Y
.>..v..../...H..>..%.....$=.YB...k.A.a.K...<0f..<C......O.
.@.M..fl...T6.R.,.D..ej..MF..!..Pz8.$.........*.I..6.......>.,v..&l
t;.k....O...{k;. ...3./9.-E..y:A...<fSeG....Ma..`e.H...c..!C.4wA...
. F.2.;Y..v..A....G..[6...N..oG..g<...........Jw!...y>bY.t.....N
.Dl..{.l1.!\V...^N..x..@....5..U.<.y...*....Q...i.mm.^...y...;..)..
nX......%....a..eQ.......$.OH...d..Hn....o.`.A<.l.b..F.#`.Gz.$.16fF
7....u...8.....F]3."..d...u..NX@."q"R.Y.......L31(..c..vh["........poz
.,t.br.i.7..|.R...Sv...f1.s..H...#..Q.<.....B.....6.....go..l...w..
d....t...Q...]...)....h.:...^...1[.......6.Q8M.e.sB..8.....X.Q....f.f.
....^...A..{0..$)..T.y.6...:....mhX...4.......kz.....[....o.i.7..6
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTEemCaVgs8Tuh2B9fGVE0pKKNyzgQUTF+nNhcF4oZhIkk5jLmo40rgOBoCEC6utoKGY/7ZdVX4/iTzOxo= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1552
content-transfer-encoding: binary
Cache-Control: max-age=604093, public, no-transform, must-revalidate
Last-Modified: Fri, 15 May 2015 17:35:11 GMT
Expires: Fri, 22 May 2015 17:35:11 GMT
Date: Fri, 15 May 2015 17:50:34 GMT
Connection: keep-alive
0..........0..... .....0......0...0........C...4N...@..6...v...2015051
5173511Z0s0q0I0... .........z`.V.<N.v...TM)(.r...L_.6....a"I9....J.
8........c..uU..$.;.....20150515173511Z....20150522173511Z0...*.H.....
.........L...NI}..* >........K.J..RH..\..f...jN..,.%.....ye'..#...Q
?..EUs..`q..]G9....(...~.m..5.....2G."{.d_L...a....,.-8%6z..u..E.....z
^.%b.=.....yV.x7...|e.>.<.HJ-.D._yHM.j!..w..2...-..o...*U.plj[..
.hd......>V. ....K.'|.,.6....C.W..4.G.3.:?..w..~.|...b..-..f.0....5
0..10..-0..........y.P}~.EY....T]. 0...*.H........0..1.0...U....US1.0.
..U....VeriSign, Inc.1<0:..U...3Class 3 Public Primary Certificatio
n Authority - G21:08..U...1(c) 1998 VeriSign, Inc. - For authorized us
e only1.0...U....VeriSign Trust Network0...141202000000Z..151216235959
Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Tr
ust Network1?0=..U...6Symantec Class 3 PCA - G2 OCSP Responder Certifi
cate 30.."0...*.H.............0..........6..]......w';.r........I..c..
4.... .........TyW......hd_.....!C.k......SE<?o.H.. .me.c..9N.&....
e.^-..a.....i\:..*."..u...|....".Nf3.~.L...QW...p.....-]UV8U...J&.<
./.G.....I...4.T....#I*.i.E0\..~q$.I.......X?G....f.t......v.l.U.Ld.I.
..B.....=...Sf...H.s.........0..0...U....0.0l..U. .e0c0a..`.H...E....0
R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.sy
mauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U.
...0...0.1.0...U....TGV-B-2740...*.H............1.`...i.....H.C.i.9~.i
..Z.r.*$..(./.ag9.....J.Q.~.`.$?b..C....<.h.........d&....3.kV.
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs/UZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq+2TZMCEA89qsgV9niZmSI6gIO0S/U= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=591226, public, no-transform, must-revalidate
Last-Modified: Fri, 15 May 2015 14:00:41 GMT
Expires: Fri, 22 May 2015 14:00:41 GMT
Date: Fri, 15 May 2015 17:50:34 GMT
Connection: keep-alive
0..........0..... .....0......0...0......%bn.$..5.......?'4....2015051
5140041Z0s0q0I0... ........N.E.~.?Q.n.j<a.....3...>c."t..d.1..#.
...M...



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1762
content-transfer-encoding: binary
Cache-Control: max-age=398392, public, no-transform, must-revalidate
Last-Modified: Wed, 13 May 2015 08:25:17 GMT
Expires: Wed, 20 May 2015 08:25:17 GMT
Date: Fri, 15 May 2015 17:47:39 GMT
Connection: keep-alive
0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..2015051
3082517Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...3
13..R...%V.......K3.....20150513082517Z....20150520082517Z0...*.H.....
........%.....g]...B..R....[..@.h.5......]t...U0.e.23 CKd....Jz..Lg'kg
....r.l.3.R.]..s.(.l.....!..7.@.^.........SZ.P..<|..j.Wp>.5y..0F
.e..?......>.A$6t..GV......Ie.Q7.......:.U..xR..uU4Y...W<.n.....
.3.Y..D...S.]..y/..o...a.]N|..Z..}.&oG.,...t.....J..3.x6j.b..L,.O.....
0...0...0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0.
..U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2
006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Cla
ss 3 Public Primary Certification Authority - G50...141202000000Z..151
216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Sy
mantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responde
r Certificate 30.."0...*.H.............0...............2&..PL...,..2..
..:..tH...`JG.%..*...s.c%...?t..J..0.q....~..k@X.l.i....0..kk..h.9"1.5
?..s.....3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J....
.@2$"..$l.B.......D.ye..(..2.........@...... ...."... E..0M,..b{.^..s'
....f.6.pr4.J........'j..........0...0...U.......0.0l..U. .e0c0a..`.H.
..E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...http:
//VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0.
.....0!..U....0...0.1.0...U....TGV-B-2760...U......;O}a.!..u...au..eUN
p0...U.#..0.....e......0..C9...3130...*.H.............(.&..Dgr.Ve.
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEC9ONDFhvH62dRTT3OxDTqA= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=520688, public, no-transform, must-revalidate
Last-Modified: Thu, 14 May 2015 18:25:23 GMT
Expires: Thu, 21 May 2015 18:25:23 GMT
Date: Fri, 15 May 2015 17:47:39 GMT
Connection: keep-alive
0..........0..... .....0......0...0......N$p...v....1.;..vn....2015051
4182523Z0s0q0I0... ...................F....0.yV......{&.K......&......
./N41a.~.u....CN.....20150514182523Z....20150521182523Z0...*.H........
.....d.....c]Q...%..... rL.~...;.R~..5......k....E.}...a..p....dR{!...
..%5%.4r<kY2....'3.....m.D.S.2..Y..LQ-.....,'._..O.b..k_?@.o.......
.[|.'`.....`Y.l.wr.a......:#y..=H...Rl%.}.Z.C?.>R.$..p...@o.%kw...@
.. .....4xX..u=..J..TxQImj......x.%..6.s7...E....\...j.ys....0...0...0
............F...I]A(M..s@.0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code S
igning 2010 CA0...150225000000Z..150526235959Z0..1.0...U....US1.0...U.
...VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign 
Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.....
....q<...A...#......A...u..Lz.............o..D.vQ%..s.......f....e.
./jI.d.W.....|K;.j5...#.B%.]..~S.... .|;S.&.....N..`...5.....!D.p....M
/.. ..;j...q..`6...2.Ck..BnLHvCZn%....,.w.Ooi..z'...\.Yx......b..L...5
.o..o..{..}.........%e.....N..._i........*Bc....:yQg.........0...0...U
....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.veris
ign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incor
p. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U...
.....0... .....0......0"..U....0...0.1.0...U....TGV-B-31830...*.H.....
.........-..^.........f.P`...s.....8.....V.......... .... B.(@-)6.
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9+WQCtWAQU1A1lP3q9NMb+R+dMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT+k= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.thawte.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1396
content-transfer-encoding: binary
Cache-Control: max-age=556404, public, no-transform, must-revalidate
Last-Modified: Fri, 15 May 2015 04:20:07 GMT
Expires: Fri, 22 May 2015 04:20:07 GMT
Date: Fri, 15 May 2015 17:50:21 GMT
Connection: keep-alive
0..p......i0..e.. .....0.....V0..R0......Qw.}`.Z8...JV...r@z...2015051
5042007Z0s0q0I0... ........l....r.vdv0..*.~Y..X....e?z.4..G.L.......q.
.%Qq.........w.O.....20150515042007Z....20150522042007Z0...*.H........
.....QqmKa.v.@..M..wQ.y.,*..u..C...V..G@.[....BwQg.J.m._.]....2..0c%..
.v6.!_...!..~.b.-$..EF..7..;#:.J=.0... ...o>......]'.. .....M...k..
....d......{2.t../) .5-..]..=..2.uvK..S2.5p!hF......?..Ck...1^.{......
.C>.0..X....N......o....>k}..h.L.H...d!v...0..Q..:...k....0...0.
..0..y.......^..........N...)0...*.H........0J1.0...U....US1.0...U....
Thawte, Inc.1$0"..U....Thawte Code Signing CA - G20...150303000000Z..1
50601235959Z0Y1.0...U....US1.0...U....Thawte, Inc.1301..U...*Thawte Co
de Signing CA - G2 OCSP Responder0.."0...*.H.............0............
).Z.......O.~.l...,\.3.".'.'W .ih./..}OA...K...HJd....K^..<.....-.r
WJ.j.U.._......W.../.6....J.y.u-.\...2..U.52B.>...=F...RbR.y.zm....
...{b.bj....Y..J..m...*=.^......V.}p......rmA......9.L ...{?.g.-Y.....
.......8...k.$.:.5..6#4..F.#....t.B.8.O)'F.p).........d0b0...U....0.0.
..U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...
U....TGV-B-32450...*.H..............C.....8.Aw.{....`...y1N...W4M..M.J
.3~..7#}..X..:x..5....$...Z^%.?6..e...}I.)....... .A.w......_...B..j.T
..Yu.o.....g....H....q.Ju.SA`K.....~..O_.....S....I>..O.X..E.......
]...y..L..F....K......../...._XSk6.:a};.?`...:^.....p....4Z.3L;.......
t....>.....j....
<<< skipped >>>


GET /tr.gif?anxa=TBNotifier&anxv=31.19.1.0&anxt=77084FD2-73AB-4C69-BD6E-6CCA1E45E0B0&anxtv=12.28.1.1293&anxp=^B2X^YYYYYY^YY^UA&tbnguid=3CBBACF0-15D0-44D7-A238-A35DD11B65B4&cr_tboff=0&cr_nt=0&ie_nt=0&cr_start=0&osArchitecture=64&pid=NDV-SP&apnuBuildNumber=0&cr_hb=0&anxr=Wm5rK7r-&ie_hpr=0&osDetail=6.1.1.sp1.x64&cr_ds=0&anxe=apnuDailyConfig&ff_tboff=0&ie_tboff=0&ff_tbon=0&cr_signin=0&ff_hpr=0&apnuRevisionNumber=0&ie_ds=0&cr_tbon=0&ie_tbon=0&ff_nt=0&ff_crm=-4 HTTP/1.1
User-Agent: APNU
Host: anx.apnanalytics.com


HTTP/1.1 204 No Content
Server: nginx/1.0.10
Date: Fri, 15 May 2015 17:47:48 GMT
Connection: close
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Cache-Control: max-age=0



GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=2621440-3145727
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA FtAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 2621440-3145727/20700512
6.i.,u....Q............=.......U.8.....e.I.ZrjbZ..K.Ci.7s*ab...vY..c.f
.. ........./\[..>.D.C.....K0.^...e.N.su.T3...[.....{....].[.."?I."
..g..E....r...*]sn]w..L.(*.......&so..b.j.......h.P.{.G.....4.y%%f....
..#..e.&.....sp~.g...."kBs.......hf..4I6..O..D....R..y....[ut.5&..[}.?
...K6S.[. y.B.......;..A.h......-.R).,.[...&......hY.-t../....9.. ....
9...<.W..q.m]m...=s..t`..Mj...]U.w{..)3..@6.!..~.$.%.y..]..T...#u..
Q.3.W.j'....kI.......@!.C!....(...a....K...|.b.G...b.m..5p9).I..O.....
v.'D..q......|..P...<..i..)q.......PN.G....O3............x..._...(.
".:v{-..#.H)..:b.Pw["./e..|...l.c....BP.(t...`...... ..B.w....p...b...
.. `.......Z..X..o)r.m.>. .v...U..lz5S,?.O..<....S@...S..Q...-l&
gt;.ur6.z...D.......~E.%...'..Iu...].).c...............=....zM.ry..\..
.3y.7.C.....r....Z.~...H.J..<r.5.............B.5...!n..f.....N.}>
;8..x3]k.....F..G....L..:=U%._$.4......~G..66....v.G........9.Ta.. .k.
b...H..T2Ye=...j..w....M........NW .?.n..........M<e.....cG.3E.Nc..
.....A....>........9...ka....V.0.ge-]D.QA.i:..=2...x..d.%6.=\.1j.8.
e$...aj......9c.....Kh....w.....^..f..i..... *.:I.c}.d..F3.......E..0.
.=Q..Sk.@..B9.......D...uuH(...\.u...@.S.".K...T..F..R.|.'f6..Ap....EU
qz]..]...&.......L'..8-...5..$$.8.-,..\]z_.A...?..=!?.a...].p.... amm.
Ob...AL".z({..../A...._...G.3..../^b;..dA.c..BM....7...?.-..qn.H.-...a
.D...$.$)}..~H....W.r..-.E.G....l.^....K)..S.Q_%...i..2.2).U...2.3!.L.
7`..\.....q.U!...).<...3.J9.|2f..~.U.."....X.o.|>.*s(EV...D0..C.
(A..i..d"(.0C.........RH..e.yD.>w8.....v)%.7.q...n4G....A..Q..u
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=6291456-6815743
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVm1B9TA8qJAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 6291456-6815743/20700512
].S`:JwEn[.1.K(9......}.p...=.. .5}.b...J..Q.>a..n../e. Z...s.v.x.B
....1..._9g..gs).?...3.1.Q.|?;I(. e...I.....d|.TF...h)y.U.......`.AP|J
.{@j1.>..".ut...{K....`.1i..6O..S.._.. a.zzj...4.d.*.....E..*.O...i
..=.M.Cx>u....;.r.-..3]...X..{......2..:....P.Y...-..V..#....(..\..
.......~ 'J...u....R.........T..q......"...cy.......G.Y.#..rt~,...x.t.
'..3q`...u%.._..O......?0....%.4..<..l....D....x%...G....U0k.z.{...
.E%.,I...!..D.l.:..bn7......y.........'..S.B..._%..d>...(|.$R8`... 
s.o.5.j.$..s......$.....[i..p.x.T._HLQ.FO.}.>........A(.&..tM....3.
4y....b.........8....\C.....C..Yau...D!. .k2../.Q...e.....]...y.M.V...
...sW.q...&{..0..xUT...@J\o....{......4..?...........f1JyV.M../.1#&fR.
..'\..6.\q.8z..[.........a..BXDL..4..bN>a.G....`_.....7.@..m..;3.].
A. .Y=.....z.?E...(......@a5V.../.......E...b..t."......uO....c......'
~,.vD..<.;Z)!.......>n5..j.^..MXiz.P..M.....S.....>8 ~...q...
C.....CrZn....M.!.......CN....,......G<\.8.$>...0...O.o..!...B.6
.I....I..e.....X.....'......N..1.%.22..-M...x...cK..P3..c.|C.<.2.&.
..=f.J.i4R.....8 ..(./7...&I.....9^.7;.a.Q...E.......A.D........-H|.l.
.....n..(..0/...=.#,9..7cC[..U>.g@...bz....k24.Ql..D<-M.q.....g.
...........].W1...........OB. .9..q.g.!.R.z.d%.~.M:.....G..(H....-....
.9.....s ..@...e..........:[....M$./wT....$......E.i.].V..l.z..D.....X
..F..4[....c.c.z...v...M\.......H~g$...........@..L.]'...m....,...R...
..O7.......#...`.liH.Z@..S(...sA.$o.Sj......(.....U...C..U...1.....1..
.^...=...{....>.7lA9I.8....I._ .Gm..g-vto._.....Q.Z.RWW.z?.....
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=8388608-8912895
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader



...L@.....z?...B.h&kb<B^.-....f..r)......qQ>..........z.....O...
....h..u..."..5M$...@n........?..<CMU...IT9s...qQ....{.hv..7...o4.v
...ib.1....M.Jus@ .F.._....k.n.].y...H....D.RN`.j.:.MN!..x..c....3."..
....9.....,...:lf.....y....~.K6.&...?5.a..........n. ...&...X.C.......
.u.-.Q.V_c..i.2.....PLDy9.....m.;..m(....1...!.|..Y.3...Ol..r....*(...
..n.0Z..z...Wa>....F.....k.u|..B..5.0.e.z[..a4p....i ...i..ZO.. ...
K.G...lG..X.......z.2X..m....WL...wRX.....G.2..r..(6G.yYR.!fU...lr....
((.Gr.j.n...f.....*?...I...\.WKy=....[..w.7...P1i.i.w....j...h..f.B.&l
t;..9|E...a1j....T....b.(...K.J.v.U..[Wo.n6.v.v..QM.2...d.Z..BZ-O....W
.N..@..|.:..Z]...7........2W.k#...:.N..-.5..c.E[......[ao ....[xfF@.V.
.>.K. Y....s...h$!2Bjz.Y...wbV.q.,mZ..R(.Ct..|?...j..2.C.($.......i
cJ..c7']...04......~...|._a?wA.1.c.?ZkV9...R7...<T.D.2..G.Y..$....v
.:.d.*3..Sly...{J.Dy....r.............9......Zy..|w..6..h]!.H..).^..&l
t;.....$1.@5..........>.g...L.d...0X.K..lNz.>..P.M.,...n.IEG2...
...O...j.i..,.:...\.......aR.3<...d....Si.s.@......9.$....../....`.
,..-t........_...-/.[;z..x..v.....^.RV.P:..x..\U..H.X.Mj.x...Q!y..e}~/
.!."...(.$..6g..X.d_....^\.S..E....L........6 .....}...o..d3..PROz....
.....;._........$..Q......Ur..XbpM...*@....',....K.`.h..._.kX.}.n.....
.|m.QbQh,....b.o.9){..".|./y..IK[a.r..OJ...Z.......b.Q.o.._Da.....F.G.
...)|.....#...S.y....7..].s.I.q.5."..O5.Vv.....[.J/i.:.X'..._...q....g
......6.1P...wc.".5.........6.%..x..]..=.qO...w.;..c*..v\....2.....D.0
R........"y7.Nu..A.J.I4/C....s.~x}.a...../.?....y..0...."@{3O.e...
<<< skipped >>>


GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1
Range: bytes=1572864-2097151
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader


HTTP/1.1 206 Partial Content
Server: nginx
Date: Fri, 15 May 2015 17:45:41 GMT
Content-Type: application/octet-stream
Content-Length: 524288
Connection: keep-alive
Keep-Alive: timeout=15
Content-Disposition: attachment; filename="DriverUpdaterSetupA-2.4.1.3369.exe"
Last-Modified: Mon, 30 Mar 2015 12:03:31 GMT
ETag: "55193b93-13bdd60"
Set-Cookie: __utmd=V/XMJFVWMMVplB9fA F1Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Range: bytes 1572864-2097151/20700512
=.6...l..4r.Z1.D.......I........Ae.te[mU.FQ.....H7.#.=..B).r.R.n.r....
!....w(/....2.Nlm.\-.......m....6.,g.....D.GD...o!....f..p,:..0.&#l.#.
.-.`.F *.LGV.{..m..Z@.X.. ...M..d..|=..H.....V|..n.y..s....)/..L...!.:
.Cz?..P.e....... .XAF..C..|6.*J .6()..$-.......Z...*%....._^.G.w......
/.&..g..d:J.6j#qJ.g.......S..u........j....L...7 t.&d....^.;5d}....RW.
.S7.go..q^...2H...U..'\...._o.(_.....e.!..|3$....(.....S....(>...m.
...y7E.F...[0....2.....;...(.w.-~..2%F..;`..p.o<.L....tv.Y.....T..#
..1......~..j/A..<..Y...U..c..l..b....ov..Q.M....SR./.uH..PZ.9....x
.F..DP.......]..z.Ll{.l..R.....H.s..~........O...a..ar.`Z.t....=....$.
..b...-.- .M.|..q........M...Jl%....}.m.........%...wB/..'......S..m..
.....l<....H.".....)<....^.,...p.@"...C.8......=dH..............
C.}.f.....h[..........VR.{.....$[;.f .A&.c.L.K.?].L@...c..x..s....C...
...."Qd&.o.a.....6...s....>...961Bo.JA8I..u.......S.{.l.#.'.......&
gt;.jn...c...u~..t8.c...wr..]..@JA..s..U7..L.J..._.$........7w...n94.O
..E..{.S..q.!|s...iN..K. .G.....r...H.....S5h2....H..a...=....Kz.y-...
{W....C`.*p,HV.Cn...Q.....`........B.PU..&..z.6....t.`..bt.....u...e.l
.......4....D..........,......4..._.......d..2.......zr-.r.G.yr^......
.....r...f.....J.JI...&...~....#..l.,.....9.6....O.>.....g......@d.
o..?4.=.....Q..{#.......|.(..d<-..o...~.v.GQh......u]6....%.7.}U.@_
.V..KO:0*.>W3.}W}.j{6.]...$.M..w.s.......!t. ......\.{..&%.H..6`t..
.....y..l...g.d..].5..3..&....5...sv..7.1..s[.6FI)..e.q}.)..H.6.Q.....
./...!.A.......5..W.(Js...c._.W.n.......K..e....,]a.s"...'.L..}t..
<<< skipped >>>

GET /DriverUpdaterSetupA-2.4.1.3369.exe HTTP/1.1


Range: bytes=12058624-12582911
Host: rudn3.carambis.com
Accept: */*
User-Agent:Carambis Downloader



...w...y..4...#R..U#.9. .J.6K.o..3.6.....uL.x:.].......*....>r.....
.x.J...k{..._.,l...Z...`c$.Thu.i......;.........?W.L.4... -.{.s..r.Ro.
P.i......'...0.X...T...j.....8& ..b:r........H..X.[..W.*u..mz.V..<.
"..&/eJ....C....Q..N.y~...}_b..C.a....'4..-......u.%7(d...FG........=.
y.T.GJ.]LO@o?#..... .<....DSv-..P..Q..E.(..E..t. m .V.V...D.^..c...
.I/..[...C..n.........@...^8.I*.}...Mt....'f.\....z..J.t7,.}.q..|y>
..lNn.Qv....L.VWL....f...=........x...8.r....-%[...A...[^...p.;.......
F.o!< 1<..e....?..'5cD.q..r..)......................K!.....$..."
.....N.y.].t.......h;.M1..d.%...D_(.....`3.([|E..7\..'.............To.
(... $.v.}C."`.s._.}hi@f.j-...O.Jqz....8G..C. .6...f....6..8j.bP..I...
..b..Q...........u9i.......T...........J6.k\............?OU}M....T1...
....... 3.G.,..9aUQA...d..rk.=..<...N?.C..........d..'...}&.......u
...q.B.:...$2......v...p.ay........6.V..d.....r...r.'..5?`9..L..m.S..7
............E..d..V....jZ....I..^.V8S ....6.p..k...K..5...=lrKo..,...5
....T..GR#..*..y.1p3.........6....JV.....m...0.).9`.....P.H..h.......b
TW..}).F.3Lm$..&.PE.V.b..LA...dG..5..',O...95k=..c ".D$.....|.....a(..
}...........f!...m..\.......7.......a..7..Z....x...Me...}B........f]`.
..^R....._...".{...;...S.e.`.<Y.....4..F...........`.A.>.-.:.\J"
..wQ..." .0...d.8U..~e.P.zb..Y..(....|[.k# ....3.....9Y}...} ....T...0
/.....!...5.O1glB..Le...<.}..{.../lI.......M....XV........>....H
a....G......5s.tGV..3f.u.q.O.\....e........... L..x...,W......g......p
2.{.E....O..}........E...G....=.'...#..#..I..e=<. ).E.... H.h~.
<<< skipped >>>


GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Tue, 14 Apr 2015 05:02:07 GMT
Accept-Ranges: bytes
ETag: "2711f7277076d01:0"
Server: Microsoft-IIS/8.5
VTag: 279782516600000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Fri, 15 May 2015 17:50:24 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Si
gning PCA..150413163223Z..150713045223Z.a0_0...U.#..0..........X..7.3.
..L...0... .....7.........0...U......Z0... .....7......150712164223Z0.
..*.H.............WK....e.\.-.n......./......."]..E!.. //=...[....w...
 ..........#...[.l.J..f|..... .s......w...J._.......3.[..#.z....ko.I..
Q{....e.nV......F..d}..rF\H.jlH]dQ.E....x......W............j....&L. 2
.$.?...X?.#.(.....pK.v.......y..r....t......=.AW......K.G.gJD.b...







The Trojan connects to the servers at the folowing location(s):







apnmcp.exe_2292:




.text
`.rdata
@.data
.rsrc
@.reloc
RegOpenKeyTransactedW
1.3.6.1.4.1.311.2.1.12
2.5.4.11
operator
GetProcessWindowStation
C:\Jenkins\workspace\TOOLBAR_PACKAGE\IE_CORE_SRC\Release\apnmcp.pdb
KERNEL32.dll
MsgWaitForMultipleObjects
USER32.dll
ReportEventW
RegCloseKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
ADVAPI32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
WinHttpCloseHandle
WinHttpSetOption
WinHttpCrackUrl
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WINHTTP.dll
WTSAPI32.dll
USERENV.dll
CertGetNameStringW
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CRYPT32.dll
WINTRUST.dll
msi.dll
GetProcessHeap
GetCPInfo
.?AV?$CAtlExeModuleT@VCAPNMCPModule@@@ATL@@
.?AVCUrlHelper@@
1.HKe
.?AVCReportServiceTask@@
zcÁ
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
> >$>(>,>
: :$:(:,:0:4:8:<:
WM_WEBQUIT
WM_UPDATE_CHROME
{FBA0990C-6A6D-49FC-BAA6-DE0A50F68C49}
{F80EB12B-281E-4CE7-994E-0A9A5E3DD332}
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Updater\TBNotifier.exe
2355446a-53e8-45c7-b1d4-fdffe06a5037
5bb9aa39-5f0a-4dfc-b1d3-e4939db3b0bd
kernel32.dll
%s\{%s}
hXXp://tbapi.search.ask.com/v6/package?id={id}&version={version}&subpackageid={subpackageid}
CmdArgs
Ask.com
Advapi32.dll
d-d-dTd:d:d
Global\%s
winlogon.exe
%s\%s\%s
%s\%s
cmdargs
invokeurl
{FBA0990C-6A6D-49FC-BAA6-DE0A50F68C49}
hXXp://anx.apnanalytics.com/tr.gif
Global\{41B49C4F-9B93-44EA-B055-81DC25DE82CF}
explorer.exe
KERNEL32.DLL
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
mscoree.dll
WUSER32.DLL
\\.\pipe\7A65E986-1D15-4F19-88BE-66EF148EB099
\\.\pipe\BD333C6E-0F54-4A8E-98F0-F1198C063CD0
3C598FC9-4B6F-49E5-9E33-90A1F5FFAC1E
A6971D8B-D15B-4F20-BE74-1DBB5EA64D9A
%Program Files% (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
21.12.1.2516
APNMCP.exe

TBNotifier.exe_580:




.text
`.rdata
@.data
.rsrc
@.reloc
<:%u4
t8Ht.HHt#
.uJFf
u.jHZ
,3,3,,456
SShOP
tLHt.Ht 
8%u(j
~%x#hh
u"SSh
j.Yf;
_tcPVj@
r%f;M
.PjRW
Lpt.VotF%qt
RegOpenKeyTransactedW
RegDeleteKeyTransactedW
RegDeleteKeyExW
RegCreateKeyTransactedW
%s[%d]: %s
SQLITE_OK
SQLITE_ERROR
SQLITE_INTERNAL
SQLITE_PERM
SQLITE_ABORT
SQLITE_BUSY
SQLITE_LOCKED
SQLITE_NOMEM
SQLITE_READONLY
SQLITE_INTERRUPT
SQLITE_IOERR
SQLITE_CORRUPT
SQLITE_NOTFOUND
SQLITE_FULL
SQLITE_CANTOPEN
SQLITE_PROTOCOL
SQLITE_EMPTY
SQLITE_SCHEMA
SQLITE_TOOBIG
SQLITE_CONSTRAINT
SQLITE_MISMATCH
SQLITE_MISUSE
SQLITE_NOLFS
SQLITE_AUTH
SQLITE_FORMAT
SQLITE_RANGE
SQLITE_ROW
SQLITE_DONE
CPPSQLITE_ERROR
SELECT id, userDisabled, appDisabled FROM addon where id like '%ask.com'
SELECT id, userDisabled FROM addon where id like '%ask.com'
prefs.js
UPDATE meta SET value='%q' WHERE key='Default Search Provider ID';
UPDATE keywords SET url='%q' WHERE id=%q;
UPDATE meta SET value='%q' WHERE key='Default Search Provider ID Backup';
DELETE FROM keywords WHERE short_name='%q';
DELETE FROM keywords WHERE short_name='Ask' AND keyword='ask.com' AND prepopulate_id=0;
{favicon_url}
{instant_url}
{keyword}
{search_terms_replacement_key}
{url}
{suggest_url}
{alternate_urls}
UPDATE keywords SET url='%q' AND suggest_url='%q' WHERE id=%q
UPDATE keywords SET url='%q' WHERE id=%q
SELECT value FROM meta WHERE key='Default Search Provider ID'
SELECT short_name, keyword, url, suggest_url FROM keywords WHERE id=%d
keyword
suggest_url
SELECT short_name, Keyword, Url, suggest_url FROM keywords WHERE id=
SELECT short_name FROM keywords WHERE id=
SELECT short_name, keyword, url, prepopulate_id FROM keywords WHERE id=
select value from ItemTable where key like '%pref_new_tab_off_by_user%'
select keyword, url from keywords where prepopulate_id = 4
Web Data
2.5.4.11
1.3.6.1.4.1.311.2.1.12
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
operator
GetProcessWindowStation
d-d-d d:d:d
d:d:d
d-d-d
922337203685477580
RowKey
%s\etilqs_
OsError 0x%x (%u)
invalid page number %d
2nd reference to page %d
Failed to read ptrmap key=%d
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
%d of %d pages missing from overflow list starting at %d
failed to get page %d
freelist leaf count too big on page %d
Page %d:
unable to get the page. error code=%d
sqlite3BtreeInitPage() returns error code %d
On tree page %d cell %d:
On page %d at right child:
Corruption detected in header on page %d
Corruption detected in cell %d on page %d
Multiple uses for byte %d of page %d
Fragmented space is %d byte reported as %d on page %d
Page %d is never used
Pointer map page %d is referenced
Outstanding page count goes from %d to %d during this analysis
keyinfo(%d
%s(%d)
%s-mjX
unable to use function %s in the requested context
cannot open savepoint - SQL statements in progress
no such savepoint: %s
cannot %s savepoint - SQL statements in progress
cannot rollback transaction - SQL statements in progress
cannot commit transaction - SQL statements in progress
sqlite_temp_master
sqlite_master
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s
database table is locked: %s
cannot open virtual table: %s
cannot open view: %s
no such column: "%s"
cannot open indexed column for writing
cannot open value of type %s
misuse of aliased aggregate %s
%s: %s.%s.%s
%s: %s.%s
%s: %s
not authorized to use function: %s
%r %s BY term out of range - should be between 1 and %d
too many terms in %s BY clause
Expression tree is too large (maximum depth %d)
variable number must be between ?1 and ?%d
too many SQL variables
too many columns in %s
%.*s"%w"%s
sqlite_rename_table
sqlite_rename_trigger
%s OR name=%Q
there is already another table or index with this name: %s
sqlite_
table %s may not be altered
view %s may not be altered
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
sqlite_sequence
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Cannot add a PRIMARY KEY column
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
sqlite_altertab_%s
sqlite_stat1
CREATE TABLE %Q.sqlite_stat1(tbl,idx,stat)
DELETE FROM %Q.sqlite_stat1 WHERE tbl=%Q
SELECT idx, stat FROM %Q.sqlite_stat1
too many attached databases - max %d
database %s is already in use
unable to open database: %s
no such database: %s
cannot detach database %s
database %s is locked
sqlite_detach
sqlite_attach
%s %T cannot reference objects in database %s
illegal return value (%d) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
there is already an index named %s
too many columns on %s
duplicate column name: %s
default value of column [%s] is not constant
table "%s" has more than one primary key
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
CREATE %s %.*s
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE TABLE %Q.sqlite_sequence(name,seq)
view %s is circularly defined
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
table %s may not be dropped
use DROP TABLE to delete table %s
use DROP VIEW to delete view %s
DELETE FROM %s.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
foreign key on %s should reference only one column of table %T
number of columns in foreign key does not match the number of columns in the referenced table
unknown column "%s" in foreign key definition
indexed columns are not unique
table %s may not be indexed
views may not be indexed
virtual tables may not be indexed
there is already a table named %s
index %s already exists
sqlite_autoindex_%s_%d
table %s has no column named %s
CREATE%s INDEX %.*s
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
no such index: %S
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
DELETE FROM %Q.%s WHERE name=%Q
DELETE FROM %Q.sqlite_stat1 WHERE idx=%Q
unable to identify the object to be reindexed
no such collation sequence: %s
table %s may not be modified
cannot modify %s because it is a view
sqlite_version
table %S has %d columns but %d values were supplied
%d values for %d columns
table %S has no column named %s
%s.%s may not be NULL
PRIMARY KEY must be unique
sqlite3_extension_init
unable to open shared library [%s]
no entry point [%s] in shared library [%s]
error during initialization: %s
automatic extension loading failed: %s
foreign_key_list
*** in database %s ***
unsupported encoding: %s
malformed database schema (%s)
%s - %s
unsupported file format
SELECT name, rootpage, sql FROM '%q'.%s
database schema is locked: %s
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
a NATURAL join may not have an ON or USING clause
cannot have both ON and USING clauses in the same join
cannot join using column %s - column not present in both tables
%s.%s
%s:%d
ORDER BY clause should come after %s not before
LIMIT clause should come after %s not before
SELECTs to the left and right of %s do not have the same number of result columns
no such index: %s
sqlite_subquery_%p_
no such table: %s
sqlite3_get_table() called with two or more incompatible queries
cannot create %s trigger on view: %S
cannot create INSTEAD OF trigger on table: %S
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
no such trigger: %S
-- TRIGGER %s
no such column: %s
PRAGMA vacuum_db.synchronous=OFF
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';'FROM sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM ' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
vtable constructor failed: %s
vtable constructor did not declare schema: %s
no such module: %s
table %s: xBestIndex returned an invalid plan
at most %d tables in a join
cannot use index: %s
TABLE %s
%s AS %s
%s WITH INDEX %s
%s VIA MULTI-INDEX UNION
%s USING PRIMARY KEY
%s VIRTUAL TABLE INDEX %d:%s
%s ORDER BY
unable to close due to unfinished backup operation
SQL logic error or missing database
large file support is disabled
no such vfs: %s
SQLite format 3
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY
CREATE TABLE sqlite_master(
sql text
3.6.11
CREATE TEMP TABLE sqlite_temp_master(
C:\Jenkins\workspace\TOOLBAR_PACKAGE\DEFENSE_SRC\APNU\Release\TBNotifier.pdb
msi.dll
WTSAPI32.dll
GetProcessHeap
KERNEL32.dll
CreateDialogIndirectParamW
EnumChildWindows
GetAsyncKeyState
keybd_event
EnumWindows
MsgWaitForMultipleObjects
SetWindowsHookExW
UnhookWindowsHookEx
USER32.dll
GDI32.dll
RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegFlushKey
RegNotifyChangeKeyValue
ADVAPI32.dll
ShellExecuteExW
ShellExecuteW
SHELL32.dll
ole32.dll
OLEAUT32.dll
UrlCreateFromPathW
SHDeleteKeyW
SHEnumKeyExW
SHCopyKeyW
SHLWAPI.dll
IPHLPAPI.DLL
GdiplusShutdown
gdiplus.dll
MSIMG32.dll
PSAPI.DLL
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CRYPT32.dll
VERSION.dll
InternetCrackUrlW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetCanonicalizeUrlW
WININET.dll
WINTRUST.dll
OLEACC.dll
COMCTL32.dll
GetCPInfo
zcÁ
.?AVCppSQLite3Exception@@
.?AVCppSQLite3Query@@
.?AVCppSQLite3DB@@
.?AV?$CBaseMonitor@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@W4_enumEventCode@APNU@@@APNU@@
.?AVCDbgReport@APNU@@
.?AVCDbgReporting_GC32DSReset@APNU@@
.?AV?$CRuntimeConstant@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PAV?$CAtlMap@PAHHV?$CElementTraits@PAH@ATL@@V?$CElementTraits@H@2@@2@@APNU@@
.?AVCSendHttpMonitor@APNU@@
.?AUISupportErrorInfo@@
.?AVCTBMonReporting@APNU@@
.?AVCTBMonReportingData@APNU@@
.?AVCTBMonReportingManager@APNU@@
.?AVCTBMonReportingService@APNU@@
.?AVCTBMonV5Reporting@APNU@@
.?AVCTBMonV6Reporting@APNU@@
.?AV?$CRuntimeConstant@V?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@V12@@APNU@@
.?AV?$CAtlExeModuleT@VCUpdaterModule@@@ATL@@
.?AVCRegistryKeyChangeMonitor@APNU@@
ForceRemove {09F7A6CC-6128-477B-A41D-D76F43E105C2} = s 'TBMonAutomation Class'
val ServerExecutable = s '%MODULE_RAW%'
TypeLib = s '{ADEF8FEB-F99D-414A-B3F5-0C0CAA0FF25A}'
8'!'[(#(^"
6464767
 ' @959}
.KK=%0>KK-
.wvbc
Paint.NET v3.5.87;
]|.PG
_.DXXd
:*.LEJ
Paint.NET v3.5.100
hiTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:69112FCA17206811B5D1BC6E1CE2C3E9" xmpMM:DocumentID="xmp.did:E1BF2C7EE6B411E1BA93F7CDE3DEB3F2" xmpMM:InstanceID="xmp.iid:E1BF2C7DE6B411E1BA93F7CDE3DEB3F2" xmp:CreatorTool="Adobe Photoshop CS5.1 Macintosh"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0C8566DC48206811B5D1BC6E1CE2C3E9" stRef:documentID="xmp.did:69112FCA17206811B5D1BC6E1CE2C3E9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
.Tb@Tt%
"L.qwV
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:69112FCA17206811B5D1BC6E1CE2C3E9" xmpMM:DocumentID="xmp.did:E1BF2C86E6B411E1BA93F7CDE3DEB3F2" xmpMM:InstanceID="xmp.iid:E1BF2C85E6B411E1BA93F7CDE3DEB3F2" xmp:CreatorTool="Adobe Photoshop CS5.1 Macintosh"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0C8566DC48206811B5D1BC6E1CE2C3E9" stRef:documentID="xmp.did:69112FCA17206811B5D1BC6E1CE2C3E9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>`L
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:69112FCA17206811B5D1BC6E1CE2C3E9" xmpMM:DocumentID="xmp.did:0CDD940FE6B511E1BA93F7CDE3DEB3F2" xmpMM:InstanceID="xmp.iid:0CDD940EE6B511E1BA93F7CDE3DEB3F2" xmp:CreatorTool="Adobe Photoshop CS5.1 Macintosh"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0C8566DC48206811B5D1BC6E1CE2C3E9" stRef:documentID="xmp.did:69112FCA17206811B5D1BC6E1CE2C3E9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>czSD
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:69112FCA17206811B5D1BC6E1CE2C3E9" xmpMM:DocumentID="xmp.did:0CDD9413E6B511E1BA93F7CDE3DEB3F2" xmpMM:InstanceID="xmp.iid:0CDD9412E6B511E1BA93F7CDE3DEB3F2" xmp:CreatorTool="Adobe Photoshop CS5.1 Macintosh"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0C8566DC48206811B5D1BC6E1CE2C3E9" stRef:documentID="xmp.did:69112FCA17206811B5D1BC6E1CE2C3E9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
-'~'&|(#|#
%|%0u0%
%S>d{p
.LW:vA
.xI{lr
stdole2.tlbWWW
Created by MIDL version 7.00.0555 at Mon Apr 20 18:23:29 2015
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
<assemblyIdentity type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*' />
<*=/=8===
5$5)5/595?5
99
0:1g1r1-2
6u7u7
1'1>1\1~1
77z7
;";,;7;&<7<
6b6f6s6
5&5.555\5
77X7
4_5X5p5
9&:8:{:7;
"0(0,00040
= = =6=>=
7*71777=7
4$4(4,404
; ;$;(;,;0;4;8;<;
3 3$3(3,3034383<3@3
1 1$1(1,1
,5054585
? ?$?(?,?0?4?8?<?@?
;,;8;\;|;
4 5@5`5|5
; ;<;@;\;`;
8 8$8(8,8
1$1@1\1|1
%d:%s
XXXXXX
%s<a>%s</a>%s
Global\{FBA0990C-6A6D-49FC-BAA6-DE0A50F68C49}
Global\{F80EB12B-281E-4CE7-994E-0A9A5E3DD332}
Global\{41B49C4F-9B93-44EA-B055-81DC25DE82CF}
id:%ld|index:%d|viewmode:%d|HWND:%d|shown:%d
http:
SOFTWARE\AskPartnerNetwork\Toolbar\%s
https:
WM_UPDATE_CHROME
Google\Chrome\User Data\Default\Preferences
Google\Chrome\User Data\Default\Protected Preferences
Google\Chrome\User Data\Default\Secure Preferences
Advapi32.dll
.ask.com)
{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
https
CreateOpenSearchServiceFromFile - InstallService failed: hr=%d, URL: %s
CreateOpenSearchServiceFromFile - UrlCreateFromPath failed: hr=%d
CreateOpenSearchServiceFromFile - CoCreateInstance failed: hr=%d
IERTUTIL.DLL
Url[@type="text/html"]
Url[@type="application/x-suggestions json"]
%s\%s
FaviconUrl
SuggestionURL_JSON
.ask.com
MozillaWindowClass
Chrome_WidgetWin_1
kernel32.dll
CBrowserRestartManager::ShutdownBrowser, FindWindow failed for class %s
CBrowserRestartManager::ShutdownBrowser, OpenProcess failed for process id %d
CBrowserRestartManager::ShutdownBrowser, TerminateProcess failed for process id %d
CBrowserRestartManager::ShutdownBrowser, shutdown sucessful for class %s
CBrowserRestartManager::ShutdownBrowser, shutdown timeout for class %s
CBrowserRestartManager::ShellExThreadProc, Restart %s failed (%d)
CBrowserRestartManager::ShellExThreadProc, Restart %s succeeded
\chrome.exe
SOFTWARE\Mozilla\Mozilla Firefox
%s\%s\Main
PathToExe
Internet Explorer\iexplore.exe
CBrowserRestartManager::ShutDownIE, IsIERestartEnable return FALSE for PID = %s
CBrowserRestartManager::ShutDownIE, after InternalShutdownIE bssIE=%d
CBrowserRestartManager::ShutDownFF, IsFFRestartEnable return FALSE for PID = %s
CBrowserRestartManager::ShutDownFF, after InternalShutdownFF bssFF=%d
CBrowserRestartManager::ShutDownGC, IsGCRestartEnable return FALSE for PID = %s
CBrowserRestartManager::ShutDownGC, after InternalShutdownGC bssGC=%d
CBrowserRestartManager::StartGC, CreateThread ok dwThreadId = %d
CBrowserRestartManager::IsRestartEnable, No dispatch for PID = %s
CBrowserRestartManager::IsRestartEnable, No CServerSwitches for PID = %s
CBrowserRestartManager::IsRestartEnable, dwRestart = %d
CBrowserRestartManager::GetBrowserShouldStartStatus, after GetRecentPartnerToolbarPerBrowser for IE PID = %s
CBrowserRestartManager::GetBrowserShouldStartStatus, after GetRecentPartnerToolbarPerBrowser for FF PID = %s
CBrowserRestartManager::GetBrowserShouldStartStatus, after GetRecentPartnerToolbarPerBrowser for GC PID = %s
CBrowserRestartManager::GetBrowserShouldStartStatus, IE, FF, GC = %d, %d, %d
CBrowserRestartManager::SetForegroundWindowInternal2, hWndGC is NULL, nCount=%d
reporting
shell32.dll
*Mozilla
GetHPR failed to load content from prefs.js
browser.startup.homepage
GetHPR(%s) returns %d
GetHPR() will use default value: %s
IsUserDisabledNewTab failed to load content from prefs.js
extensions.%s.pref_new_tab_off_by_user
browser.search.selectedEngine
browser.search.order.1
//SearchPlugin/Url[@type='text/html']
//SearchPlugin/os:Url[@type='text/html']
//OpenSearchDescription/Url[@type='text/html']
%s\*.xml
%s\Mozilla Firefox\browser\searchplugins
%s\searchplugins
CFFBrowserInfo::GetDefaultSearchUrl() Failed to load prefs.js settings.
CFFBrowserInfo::GetDefaultSearchUrl() Failed to load search extensions.
browser.search.defaultenginename
browser.search.order.2
browser.search.order.3
browser.search.countryCode
CFFBrowserInfo::GetDefaultSearchUrl Need to use default value.
CFFBrowserInfo::GetDefaultSearchUrl userLanguageID = %d (russian is %d)
CFFBrowserInfo::GetDefaultSearchUrl This is a russian FF with default setting.
CFFBrowserInfo::GetDefaultSearchUrl strName = %s, strUrl = %s
<?xml version="1.0" encoding="utf-8"?><SearchPlugin xmlns="hXXp://VVV.mozilla.org/2006/browser/search/" xmlns:os="hXXp://a9.com/-/spec/opensearch/1.1/">
<os:Image height="16" width="16" type="image/x-icon">hXXp://{domain}/favicon.ico</os:Image>
<SearchForm>hXXp://{domain}/?o={o}&l={l}</SearchForm>
<os:Url type="application/x-suggestions json" method="GET" template="hXXp://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={{searchTerms}}"></os:Url>
<os:Url type="text/html" method="GET" template="hXXp://{domain}/web?tpid={tb}&pf={pf}&o={o}&p2={p2}&gct=&itbv={ProductVersion}&apn_uid={guid}&apn_ptnrs={cbid}&apn_dtid={dtid}&apn_dbr={dbr}&doi={timeinstalled}&trgb={trgb}&psv={psv}&pt={pt}&q={{searchTerms}}"></os:Url>
<os:ShortName>Ask.com</os:ShortName>
<os:Description>Convenient tools and links to make your web surfing more enjoyable</os:Description>
<os:Image width="16" height="16">data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8AxcXmOmpqtZkKCZH6BwaN/wcGjf8KCor6amq1mY PxXH6 vsD////AP///wD///8A////AP///wD///8Afn7PgwAAhf8CAo3/CAi0/wEBp/8CAqz/BQSv/wYFrv8HBpv/BwaL/3d3t4v8/P0B////AP///wD///8AurrmRAkJvv95ecn/GRlv/wAAqf8DA8P/AwN9/wAAhP8AAHb/AQGX/wMDl/8EA5P/AQCG/7293kL///8A////AA8Ou/UAAMv//////8PB v8AAGT/lZXQ/6Cgs///////MzPT/yYmd/8vL4L/AAB2/woKcf8HB3D/tbXbSv///wATEsv/AADe/yMj5//6 v7/////////// AgLr/LS3b/83N9v//////jIyl/319nP//////AABz/wMDi//k5PEZFBPR ERD9P8FBeb/q6v//7Gxvv//////T0 y/xAQwv//////gYHu/8LC4f//////Xl6p/wAAof8FBZn/fHy hYCA5H5oZ //SUf0/ysr9f///////////zw8s///////nZ2w/wAAfv/Z2ff//////0ZGe/8AAHn/Bga5/woKkvj8/P0BHBzQ/Vta9f8FBef/mJf7//////8VFZ3/QkPu//////82Nsb/lpbq/7u7u///////GRmg/wAAuf8FBZ//////ALy87UISEtH/CQjp/z08 P//////NTSn/wAA5f8NDu//AADw/7W1////////JCSt/ysr//8AAL3/DAym9////wD///8AxsbwOAUFzf8AAN//gH/r/0RD2f8MCun/BgXm/wUF5f Kiv///////wAAfP8AAOf/BQXC/5KS227///8A////AP///wD///8AenrghQwMyPMVFN7/DAvb/xQT4P8FBeX/T07o/9jY6v8ICLX/AADH/zk5yMn///8A////AP///wD///8A////AP///wDGxvA4mprlZEhJ0bYaGsnpGhrJ6RoayeloZ GjdXXkkcTE7jr///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A////AP///wD///8A//8AAP//AADgfwAAgA8AAIAHAAAAAwAAAAEAAAAAAACAAAAAgAAAAMAAAADgAQAA8AEAAP4HAAD//wAA//8AAA==</os:Image>
<SearchForm>hXXp://VVV.ask.com/?o={o}&l={l}</SearchForm>
<os:Url type="application/x-suggestions json" method="GET" template="hXXp://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={{searchTerms}}"></os:Url>
<os:Url type="text/html" method="GET" template="hXXp://websearch.ask.com/redirect?client=ff&src=crm&tb={tb}&o={o}&locale={locale}&apn_uid={id}&apn_ptnrs={cbid}&apn_sauid={said}&apn_dtid={dtid}&q={{searchTerms}}&psv={psv}"></os:Url>
keyword.URL
extensions.asktb.ff-original-keyword-url
extensions.%s.my-keyword-url
extensions.%s.previous-keyword-url
extensions.APN_TB.first-previous-keyword-url
\ask-search.xml
CFFBrowserInfo::SetOpenSearch - loadPrefJSContent Failed: %s
ask-search.xml
askcom.xml
search-results.xml
CFFBrowserInfo::SetOpenSearch - CreateDirectory Failed (%d): %s
CFFBrowserInfo::SetOpenSearch - GetOpenSearchProviderName Failed: %s
CFFBrowserInfo::SetOpenSearch - WriteFile Failed (%d): %s
search.json
CFFBrowserInfo::loadPrefJSContent(%d) default profile path is empty.
\prefs.js
prefs.js.new
prefs.js.bak
\Mozilla\Firefox\profiles.ini
CFFBrowserInfo::GetDefaultProfilePath() ini file returns %s as profile to use.
profiles.ini
extensions.json
/addons[%d]/id
ask.com
/addons[%d]/userDisabled
/addons[%d]/appDisabled
GetAskToolbarCountFromJson: File not found: %s
GetAskToolbarCountFromJson: File read failed for %s
GetAskToolbarCountFromJson: json changenode failed for %s
GetAskToolbarCountFromJson: jsonIF.GetArray failed for %s
GetAskToolbarCountFromJson: json GetObject failed for %s
'extensions.sqlite
OpenFirefoxExtensionDB: File not found: %s
OpenFirefoxExtensionDB: Not able to open firefox extension sqlite
browser.search.order.%d
Software\AskPartnerNetwork\Toolbar\%s\Info
intl.locale.matchOS
general.useragent.locale
extensions.xpiState
error getting provider name: %s
hXXp://%s
Firefox
MozillaDialogClass
Options - Mozilla Firefox
CStartUpDispatch::doFFPostInstallTB calling ShutDownFF pid = %s
doFFPostInstallHpr() - bNeedToSetV6FFHpr=%d, bV6FFHprAlreadySet=%d
doFFPostInstallHpr() - bNeedToSetV5FFHpr=%d
CStartUpDispatch::doFFPostInstallHpr calling ShutDownFF with pid %s
doFFPostInstallSa() - bNeedToSetV6FFSa=%d, bV6FFSaAlreadySet=%d
doFFPostInstallSa() - bNeedToSetV5FFSa=%d
CStartUpDispatch::doFFPostInstallSa - Pid %s - bNeedToSetV6FFSa=%d, HasTargetBrowser=%d
CStartUpDispatch::doFFPostInstallSa calling ShutDownFF with pid %s
CStartUpDispatch::SetFFSa: %s - Detected FF34 - seting OpenSearch only
Software\%s
homepageurl
CStartUpDispatch::doFFPostInstallHpr() -- Home page is not Ask, so save it for revert on uninstall: ->%s<-
CStartUpDispatch::doFFPostInstallHpr() -- Save the installed value for FF Homepage: %s
CStartUpDispatch::doFFPostInstallHpr() -- Failed to get the post install backup key.
CStartUpDispatch::BackupFFSa strSearchNameJustSet = %s, strDefaultEngineNameJustSet   %s
Not able to startup Rebuttal Manager: failed to register for event %s.
CFFRebutManager::ProcessEvent() - unexpected event code: %d
CFFRebutManager::OnPrefsJSChange() failed to get Firefox home page.
CFFRebutManager::OnBrowserStop - User changed to: %s
Start monitoring %s. (hWnd = %d)
OnForegroundWindowChange - Firefox window NOT detected: %s (%s, %s)
register for close window event: %s
CFFRebutManager::RetakeHP() -- set FF HP to %s
MonitorForFFStop -- waiting for process %d
setupFFHPRDialogs(): m_nFFDialogOpenCount = %d
CRebutManager::OnTimerExpired() for timer: %s
31.0.0.0
macros.json
favicon_url
hXXp://VVV.ask.com/favicon.ico
originating_url
manifest\chrome_settings_overrides\search_provider\search_url
search_url
manifest\chrome_settings_overrides\homepage
manifest\chrome_url_overrides\newtab
new_tab_url
r%s\%s\Info
hXXp://ss.websearch.%s.com/query?li=ff&sstype=prefix&q={searchTerms}
hXXp://VVV.search-results.com/favicon_ms_search-results.ico
hXXp://VVV.ask.com/web?q={searchTerms}
manifest\chrome_settings_overrides\startup_pages
CGCBrowserInfo::SetHPR() -- Failed to read Preferences file: %s
CGCBrowserInfo::SetHPR() -- Failed to replace "gct=hp" in startup URL: %s
CGCBrowserInfo::SetHPR() -- Failed to add %s as a startup page.
bChoiceExists = %d, iChoice = %d
OpenChromeDB: Not able to get GC default profile DB path
OpenChromeDB: File not found: %s
OpenChromeDB: Not able to open chrome sqlite in temp folder
CGCBrowserInfo::OpenChromeDB return OK
SetGCDS: Not able to backup GC web data
SetGCDS: Not able to open chrome sqlite in temp folder
SetGCDS: Failed to insert Ask search provider into web data
SearchKeyword
SearchUrl
SearchSugUrl
SELECT * FROM keywords WHERE (
keyword LIKE '%s'
Failed to find the specified entry in keywords for keyword %s
icon_url
instant_url
search_terms_replacement_key
}alternate_urls
SetKeywordEntry: Not able to remove current Ask Search provider settings
CGCBrowserInfo::PreventDSReset() -- can't find ask.com
CGCBrowserInfo::PreventDSReset() -- ask.com is default - no update for silent update
VVV.ask.com
CGCBrowserInfo::PreventDSReset() -- UpdateSearchProviderUrl for id=%d failed, url=%s
CGCBrowserInfo::PreventDSReset() -- UpdateSearchProviderUrl for id=%d successful, url=%s
CGCBrowserInfo::PreventDSReset() -- SetSafeDefaultSearch for id=%d successful
\Web Data.pdsreset
\Web Data
CGCBrowserInfo::UpdatePrefDSProvider() -- Failed to read Preferences file: %s
short_url
CGCBrowserInfo::PreventDSReset() -- SetSafeDefaultSearch for id=%d failed
INSERT INTO keywords (%s) VALUES (%s);
l%sGoogle\Chrome\User Data
Local\Google\Chrome\Application\chrome.exe
Google\Chrome\Application\chrome.exe
%u.%u.%u.%u
CGCBrowserInfo::IsChromeSignedIn - Chrome user is signed in
CGCBrowserInfo::IsChromeSignedIn - Chrome user is NOT signed in
***CGCBrowserInfo::GetCurrentDfltSearchId, nDefaultSearchId=%d, strKeyword=%s, bIsAskId=%d, strSearchUrl=%s, bIsStock=%d
/session/startup_urls/
/session/urls_to_restore_on_startup/
search.ask.com
/extensions/chrome_url_overrides/newtab/
/default_search_provider/search_url
/extensions/settings/%s/manifest/update_url
/extensions/settings/%s/manifest/name
Failed to set to %d
CGCBrowserInfo::GetStartupPages - Failed to locate node %s in the DOM.
/extensions/settings/%s/state
/extensions/settings/%s
/extensions/settings/%s/ack_prompt_count
manifest\chrome_settings_overrides\search_provider\name
Failed to read Preferences file: %s
CGCPreferencesReader::LoadAssets() -- Failed to read Preferences file: %s
CGCBrowserInfo::LoadAssets() -- Failed to find/load extension ID's: %s
/extensions/settings/%s/active_permissions/api/
/extensions/settings/%s/manifest/chrome_settings_overrides/homepage
/extensions/settings/%s/preferences/default_search_provider.enabled
/extensions/settings/%s/manifest/chrome_settings_overrides/search_provider/
/extensions/settings/%s/manifest/chrome_settings_overrides/startup_pages/
/extensions/settings/%s/manifest/chrome_url_overrides/newtab
/extensions/settings/%s/preferences/session.restore_on_startup
%s\Local Storage\chrome-extension_%s_%d.localstorage
SELECT id FROM keywords WHERE keyword='%s'
CGCBrowserInfo::GetHPR() -- Failed to read Preferences file: %s
/extensions/settings/%s/from_webstore
/default_search_provider/keyword
br.ask.com
uk.ask.com
Google Chrome
%s\Chrome
ReInitialize Chrome Defense
\AskPartnerNetwork\Toolbar\%s\
google:baseURL
CStartUpDispatch::doGCPostInstallTB calling ShutDownGC pid = %s
doGCPostInstallHpr() - bNeedToSetV6GCHpr=%d, bV6GCHprAlreadySet=%d
doGCPostInstallHpr() - bNeedToSetV5GCHpr=%d
CStartUpDispatch::doGCPostInstallHpr calling ShutDownGC with pid %s
doGCPostInstallHpr() - Chrome is running
doGCPostInstallSa() - bNeedToSetV6GCSa=%d, bV6GCSaAlreadySet=%d
doGCPostInstallSa() - bNeedToSetV5GCSa=%d
CStartUpDispatch::doGCPostInstallSa calling ShutDownGC with pid %s
CStartUpDispatch::setGCHpr() - call SetHPR for GC browser (Allow startup pages = %d).
CStartUpDispatch::setGCSa (%d,%s,%d)
CStartUpDispatch::setGCSa: Not able to get GC keyword url
CStartUpDispatch::setGCSa GetSearchProviderInfo returned false, pattern = %s
CStartUpDispatch::setGCSa GetSearchProviderInfo return true, strProviderName = %s
CStartUpDispatch::setGCSa ReplaceUrlHost() called
setGCSA strNewKWUrl = %s
CStartUpDispatch::setGCSa SetKeywordEntry() called
Failed to add record to keyword table for short_name Ask Search, shortname=%s, kw=%s, url=%s
CStartUpDispatch::setGCSa UpdateSearchProviderUrl() called. id = %d
SetGCSa: error while updating ask.com url and ss, id=%d, url=%s
SetGCSa: successfully update ask.com url and ss, id=%d, url=%s
CStartUpDispatch::setGCSa SetSafeDefaultSearch failed, id=%d
\Web Data.ppostinstall
CStartUpDispatch::setGCSa SetSafeDefaultSearch successful, id=%d
GetSearchIDFromKeyword(%d,%s) failed.
SetSafeDefaultSearch(%d) failed.
SetSafeDefaultSearch(%d) successful.
SetGCSa: Not able to build keyword insert statement
\Chrome
web?l=dis&
\Web Data.pmonitor
GCUpdateSearchURL
A third-party application is forcing your home page to be set to {COMPETITOR_URL}. If you do not want to have this URL as your home page, you should manually change it.
Clicking on 'Yes' will open a web page with the instructions.
GuideOfferReport
hXXp://apnstatic.ask.com/static/hpds/en/reset-settings/index.html#na1
{COMPETITOR_URL}
hXXp://
%d.%d.%d
HPG Init: not able to load HPR settings: %s, isV5=%d
loadPartnerNTGSettings: not able to load NTG settings for pid: %s
%s\%s\Macro
Users manually change IE newtab setting. NTG is disable - IE dialog opened: %d, close time: %d
IdcLdr.exe
\AskPartnerNetwork\Toolbar\Updater\%s
{DF8AB633-6D92-4535-A5F9-134FB8DF60AB}
{154E4B05-E5D4-4BAE-982D-ECB1C2E1B46B}
Ask.com
OLEACC.DLL
CIEBrowserInfo::GetPartnerIESearchGuid - Failed to open SearchScopes Registry (%d): %s
CIEBrowserInfo::GetPartnerIESearchGuid - Failed to open SearchScopes Entry (%d): %s
CIEBrowserInfo::MigrateV5DefaultSearch(%s,%s,%s) - called
CIEBrowserInfo::MigrateV5DefaultSearch - Failed to open SearchScopes Registry (%d): %s
CIEBrowserInfo::MigrateV5DefaultSearch - Failed to open SearchScopes Entry (%d): %s
CIEBrowserInfo::MigrateV5DefaultSearch - Failed to query URL value (%d)
CIEBrowserInfo::MigrateV5DefaultSearch - O code found and URL was updated
CIEBrowserInfo::MigrateV5SearchHook - Failed to open Search Hook Registry (%d): %s
CIEBrowserInfo::MigrateV5SearchHook - Error loading from registry: %d
{00000000-6E41-4FD3-8538-502F5495E5FC}
CIEBrowserInfo::MigrateV5SearchHook - Failed deleting reg value (%d):
apnuosearch.xml
CreateOpenSearchService - Xml file: %s
CIEBrowserInfo::SaveUserPrefs - Failed to open SearchScopes Registry (%d): %s
CIEBrowserInfo::SaveUserPrefs - Failed to query DefaultScope(%d)
CIEBrowserInfo::SaveUserPrefs - Failed to open Updater key (%d): %s
CIEBrowserInfo::SaveUserPrefs - Failed to query setting (%d): %s
Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.exe
EnumInternetExplorerServer found hwnd=%d
EnumTabWindowClass found hwnd=%d
RevertIENewTabFeature(%d) -- called
RevertIENewTabFeature() found: %s[%s] = %d
RevertIENewTabFeature() failed to read: %s[%s]
InstallIENewTabFeature() found that major version is %d
hXXps://
WasToolbarEnabledOrDisabled - strCOMGuid = %s
Software\Microsoft\Windows\CurrentVersion\Ext\Settings\
WasToolbarEnabledOrDisabled - Needed Flags detected: %x
WasToolbarEnabledOrDisabled - Needed Flags not set: %x
WasToolbarEnabledOrDisabled - IE %d detected - No flags yet - assume enabled
WasToolbarEnabledOrDisabled - IE %d detected - No setting yet - assume enabled
WasToolbarEnabledOrDisabled - Error %d while opening: %s
CLSID\%s\InprocServer32
Adding Name:%s, Value:%s
Invoegtoepassingen beheren
CIEDSGDispatch::ReInitialize - Settings = bSuccess:%d, bLoadComplete:%d
CIEDSGDispatch::HandleCustomEvent - Detected ReInitialize event: %s
dsg Init: not able to load IEDSG settings for partner: %s
IEPostInstallComplete - performing PostInstall operations
CStartUpDispatch::doIEPostInstallTB calling ShutDownIE pid = %s
doIEPostInstallHpr() - bNeedToSetV6IEHpr=%d, bV6IEHprAlreadySet=%d
CStartUpDispatch::doIEPostInstallHpr IsPlatformOverride returned TRUE - don't take HP: %s
CStartUpDispatch::doIEPostInstallHpr GetIEStatus = %d
CStartUpDispatch::doIEPostInstallSa() - bV6UserSelectSa = %d
CStartUpDispatch::doIEPostInstallSa() - didPartnerSetIEChrome false
CStartUpDispatch::doIEPostInstallSa - No search to set - calling WaitForIEPostInstallOperations
doIEPostInstallSa() - bNeedToSetV6IESa=%d, bV6IESaAlreadySet=%d, bV6IEChromeAlreadySet=%d
CStartUpDispatch::doIEPostInstallSa - IsPlatformOverride returned TRUE - don't take HP: %s
CStartUpDispatch::doIEPostInstallSa - GetIEStatus = %d
doIEPostInstallNthp() found partner %s
<Url type="text/html" template=
Not able to set IE sa: missing required component: ie-postinstall in the client config.xml
SetIESa - CheckFollowupReport
SetIESa - CheckFollowupReport - user did not choose Ask - disable DSG
SetIESa - PersistSearchParams(%s) failed.
SetIESa - SetOpenSearchDefaultUsingByPass returned status = %s
CStartUpDispatch::setIESa - 7. Wait for IE to run to handle PostInstall Operations
CStartUpDispatch::InitiatePostInstallCompleteOPeration - IE7 search set - IE running - calling IEPostInstallComplete
CStartUpDispatch::InitiatePostInstallCompleteOPeration - IE7 search set - calling WaitForIEPostInstallOperations
Settings will be changed back to Ask upon Firefox' restart.
When you installed the %s, you agreed to change your Internet Explorer search settings. Unfortunately, the process was not completed.
Would you like to set your %s to %s now? You can change back your settings at any time.
{D4027C7F-154A-4066-A1AD-4243D8127440}
This feature helps you stay in control of your Firefox's settings by avoiding unwanted changes by third-party applications.
hXXp://help.ask.com/link/portal/30015/30018/ArticleFolder/11/Ask-com-Browser-Toolbar
%sUNAVAILABLE
%sSELECTED
%sFOCUSED
%sPRESSED
%sCHECKED
%sMIXED
%sINDETERMINATE
%sREADONLY
%sHOTTRACKED
%sDEFAULT
%sEXPANDED
%sCOLLAPSED
%sBUSY
%sFLOATING
%sMARQUEED
%sANIMATED
%sINVISIBLE
%sOFFSCREEN
%sSIZEABLE
%sMOVEABLE
%sSELFVOICING
%sFOCUSABLE
%sSELECTABLE
%sLINKED
%sTRAVERSED
%sMULTISELECTABLE
%sEXTSELECTABLE
%sLOW
%sMEDIUM
%sHIGH
%sPROTECTED
%sVALID
x-osid:1:search:%{%s%}
Home Page / New Tab - Set to %s
Default Search - Set to %s
CRebutManager::Shutdown() m_bStop = %d
CRebutManager::InializeHPRebut() Found a partner with FF HP Rebut enabled: %s
CRebutManager::Reinitialize - Disabled because switch %d is active
CRebutManager::SendReport Failed to find dispatch for Pid: %s
CRebutManager::IsAskHomePage - Failed to get IE home page url
CRebutManager::RebuttalAllowed - Less than %d (elapsed = %d) hours since last displayed
CRebutManager::RebuttalAllowed - More than %d hours since last displayed
CRebutManager::StartRebutTimer(%d) - m_bRebutTimerRunning = %d
VVV.asksearch.com
SearchBetter.com
ask.com;*.ask.*
CStartUpDispatch::StartIESearchSetupTimer for PID:%s aborted - IsIEOSearchPend = FALSE
CStartUpDispatch::StartIESearchSetupTimer - bDidUserAction = %s, SKIP_SEARCH = %s
setiechrome
CStartUpDispatch::StartIESearchSetupTimer - Register for IEEnableComplete for PID:%s
CStartUpDispatch::TimerCheckIESearchSetup - strXML = %s
CStartUpDispatch::TimerCheckIESearchSetup (bIEEnableShowing NOT showing) - calling InitiateIESearchSetup - SKIP_SEARCH = %s
RemoteCheckIESearchSetup calling InitiateIESearchSetup (PID:%s, HWND:0x%x)
%s\Offers
%s\%s\Offers
%Y-%m-%d %H:%M:%S
CStartUpDispatch::InitiateIESearchSetup - PID: %s - SKIP_SEARCH Detected!
InitiateIESearchSetup - found IE, starting chrome install thread
CStartUpDispatch::InitiateIESearchSetup - Register for IEEnableComplete for PID:%s
StartUpDispatch ProcessEvent - detected IEEnableComplete - starting 2 sec timer (PID:%s, HWND:0x%x)
Firefox or Google Chrome process ended.
CStartupDispatch::ProcessEvent - V6APNUShutdownPath triggered - ExitCode=%d
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
?anxa=%s
&anxv=%s
&anxt=%s
&anxtv=%s
&anxp=%s
FireFox
GoogleChrome
ReportingData.dat
CTBMonReportingManager Thread Not able to stop worker thread after waiting for 10 seconds
%s\%s\%s
postinstallreportstate
newtab.html
%d-d-dTd:d:d
*.ask.*;search.avira.com
FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF
&%s=%s
PreUninstallOperation(%s)
CUninstallBrowserService::RevertSettings - GetPostInstallBackupRegKey failed!
CUninstallBrowserService::RevertFFSettings() Read FFHP_inst = %s
CUninstallBrowserService::RevertFFSettings() strFFHomePage = %s
CUninstallBrowserService::RevertFFSettings() FFHP_inst has same domain as current home page: %s
RevertFFSettings() strInstSelectedEngine=%s, strCurrSelectedSearchEngine=%s, strCurrDefaultEngineName=%s
Search AssetRevert = %s
After FF search revert search is: %s
ffsa_kwurl_prev
iesa_chromeguid_prev
99999.99999.99999.99999
TBNotifier.log
(]:])
%s-%s
%d.%d.%d.%d
User32.dll
{7FAA2206-8045-48C4-819E-8B5BD6A15678}
TBNotifier.exe version %s built: Apr 20 2015, 18:24:48
CmdLine
Launch %s?
Failed to Launched: %s
NotifySwitchesChanged - broadcasting switch change for partner: %s
%Y-%m-%d
%s%s\%s\%s
%s\%s\%s\%s
0.0.0
m_pTBMonReportingService->Shutdown complete
SOFTWARE\AskPartnerNetwork\Toolbar\%s\Info
CDispatchManager::setDoneCode() Create key: %s
CDispatchManager::setDoneCode() Set done code to %d
CDispatchManager::setDoneCode() returns: %d
GetLatestGCStartupPage() - look at kill switch for %s
GetLatestGCStartupPage() - skip %s, eSS_EnableGCStartupPage = %d
GetLatestGCStartupPage() - eSS_EnableGCStartupPage = %d
GetLatestGCStartupPage() - skip %s, version too low
GetLatestGCStartupPage() - %s is newer
CDispatchManager::GetLatestGCStartupPage() - Failed to open key at path = %s
{browser-lang}
not able to open process to monitor: %d
lastsetiechromepid
Software\AskPartnerNetwork\Toolbar\Updater\Chrome
iexplore.exe
firefox.exe
chrome.exe
chromeReporting
chromeSetAskSearch
chrome_launcher.exe
googleupdate.exe
googleupdateondemand.exe
Safari.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice
Software\Classes\http\shell\open\command
http\shell\open\command
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe
Software\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
setup.exe
updater.exe
Mozilla
hXXp://websearch.ask.com/redirect?client=ff&src=kw&tb={tb}&o={o}&locale={locale}&apn_uid={id}&apn_ptnrs={cbid}&apn_sauid={said}&apn_dtid={dtid}&psv={psv}&q=
hXXp://websearch.search-results.com/redirect?client=ff&src=kw&tb={tb}&o={o}&locale={locale}&apn_uid={id}&apn_ptnrs={cbid}&apn_sauid={said}&apn_dtid={dtid}&psv={psv}&q=
hXXp://websearch.ask.com/redirect?client=cr&src=kw&tb={tb}&o={o}&locale={locale}&apn_uid={id}&apn_ptnrs={cbid}&apn_sauid={said}&apn_dtid={dtid}&psv={psv}&q={{searchTerms}}
hXXp://websearch.search-results.com/redirect?client=cr&src=kw&tb={tb}&o={o}&locale={locale}&apn_uid={id}&apn_ptnrs={cbid}&apn_sauid={said}&apn_dtid={dtid}&psv={psv}&q={{searchTerms}}
hXXp://websearch.%s.com/apnu/update?tb={tb}&cbid={cbid}&v={apnuversion}&r={apnurevision}&build={build}&tbguid={guid}&id={apnuguid}&locale={locale.underscore}&dtid={dtid}&browser-name={browser-name}&browser-version={browser-version}&browser-lang={browser-lang}&ielu={ielu}&fflu={fflu}&tbv={version}&apn_dbr={apn_dbr}&emc={emc}&umc=&dp={overlay-dp}&ds={overlay-ds}&dm={overlay-dm}&db={overlay-db}&do={overlay-do}
hXXp://tbapi.search.ask.com/v6/apnu/update?tb={tb}&cbid={cbid}&v={apnuversion}&r={apnurevision}&build={build}&tbguid={guid}&id={apnuguid}&locale={locale}&dtid={dtid}&os-lang={browser-lang}&tbv={version}&apn_dbr={dbr}&iev={iev}&ffv={ffv}&gcv={gcv}
chrome_ie_set
apnu/enableChromeSearchProtection
switches/enableChromeSearchProtection
switches/enableGCStockURLMonitor
switches/enableIEDSByPass
config/url
report
Software\Microsoft\Windows\CurrentVersion\Ext\Settings
FirefoxToolbarCount
hXXp://anx.apnanalytics.com/tr.gif
hXXp://img.apnanalytics.com/images/nocache/apn/tr.gif?cb={cbid}&guidu={apnuguid}&apn_dtid={dtid}&pid={tb}&guidt={guid}&ts={random}&uev={uev}&us={userselection}&iev={ieversion}&ffv={ffversion}&chv={gcversion}&dp={overlay-dp}&ds={overlay-ds}&dm={overlay-dm}&db={overlay-db}&do={overlay-do}&count={count}
PostInstallRefreshReport
config.xml
Updater.exe
ff-keyword-url
gc-keyword-url
ie-searchhook-url
APNUrl_HelpFAQ
APNText_FF8ArrowDlg1Msg
APNText_FF8ArrowDlg2Msg
APNText_FF8PoweredByAskMsg
APNText_FF8RestartFirefox
APNText_FF8PresentedByPartnerPoweredByAskMsg
APNText_FF8XULName_GoToAWebsite
APNText_GCSelectSearchChangeMsg
APNText_GCDeliveredByPartnerPoweredByAskMsg
APNText_GCDeliveredByAskMsg
APNText_GCAttemptedDefSearchChangeMsg
APNText_GCChangeToAskMsgChgMsg
*.google.*;google.*;*.ask.*;ask.*
HPG-guide-offer-report-delay
APNText_HPGIE_DeliveredByAskMsg
APNText_HPGIE_DeliveredByPartnerMsg
APNText_IEHPGHELPURL
faqPageUrl
APNText_GCMoreInfoFAQUrl
Software\Google\Chrome\Extensions
Software\Policies\Google\Chrome\ExtensionInstallForcelist
APNText_FFMoreInfoFAQUrl
hXXp://{domain}/?p2={p2}&gct=hp&o={o}&apn_ptnrs={cbid}&apn_dtid={dtid}&tpid={tb}&apn_dbr={dbr}&trgb={trgb}&apn_uid={guid}&itbv={ProductVersion}&doi={timeinstalled}&psv={psv}&pt={pt}
Software\Microsoft\Windows\CurrentVersion\Uninstall
{79A765E1-C399-405B-85AF-466F52E918B0}
Software\AskToolbar\Chrome
Software\APN\Updater\Reporting
Software\AskPartnerNetwork\Toolbar\Updater\%s\Macro
Software\AskPartnerNetwork\Toolbar\%s\Macro
Software\AskPartnerNetwork\Toolbar\Updater\%s\Reporting
Software\AskPartnerNetwork\Toolbar\Updater\%s\Offers
Software\Microsoft\Internet Explorer\URLSearchHooks
ieframe.dll
error loading config.xml at %s: %s
loading v5 config: fftoolbarname = %s
Software\%s\%s
cobrand.ico
VVV.search.ask.com
//components/component[@name='%s']
toolbar_%s@apn.ask.com
property[@name="%s"]
Config.%s-
%s*.xml
%s%d.xml
Response.%s-%d.xml
%sConfig.%s-%d.xml
0.0.0.0
Response.%s*
-0.xml
%sResponse.%s-%d.xml
Global\%s_%s
DLAUninstallFix will be performed on existing toolbar for PID: %s
DLAUninstallFix not performed on new toolbar for PID: %s (bV5V7URLadjusted = %s)
Firefox process ended.
?seq=%d
<?xml version="1.0" encoding="utf-8"?><notifier><switches value="%s" /></notifier>
DLAUninstallFix() - Couldn't open root key (%d) for PID: %s
DLAUninstallFix() - Couldn't open partner key (%d) for PID: %s
DLAUninstallFix() - InstalledHPRIESet for PID: %s
DLAUninstallFix() - InstalledHPRFFSet for PID: %s
DLAUninstallFix() - InstalledHPRGCSet for PID: %s
DLAUninstallFix() - InstalledSAIESet for PID: %s
DLAUninstallFix() - InstalledSAFFSet for PID: %s
DLAUninstallFix() - InstalledSAGCSet for PID: %s
bV5V7URLadjusted true
bV5V7URLadjusted false
strVal %s
rkSrc.QueryStringValue error %d
error loading response file at %s: %s
combase.dll
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
%Program Files% (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
31.19.1.2516
TBNotifier.exe
A third-party application is forcing your home page to be set to 'VVV.some-url.com'. If you do not want to have this URL as your home page, you should manually change it.
Clicking on 'Yes' will open a web page with the instructions. (from resource)
This feature helps you stay in control of your FireFox's settings by avoiding unwanted changes by third-party applications.
Would you like to set your default search engine, home page amd new tabs page to Ask.com now? You can change back your settings at any time.
Your home page may have been changed by another application. Would you like to revert your home page back to Ask.com?
Revert back to Ask.com home page
Firefox Settings Change Notification

IdcLdr.exe_1584:




.text
`.rdata
@.data
.rsrc
@.reloc
operator
GetProcessWindowStation
C:\Jenkins\workspace\TOOLBAR_PACKAGE\DEFENSE_SRC\IDC\Release\IdcLdr.pdb
WTSAPI32.dll
GetProcessHeap
KERNEL32.dll
SetWindowsHookExW
UnhookWindowsHookEx
MsgWaitForMultipleObjects
USER32.dll
ADVAPI32.dll
ShellExecuteExW
SHELL32.dll
IPHLPAPI.DLL
PSAPI.DLL
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CRYPT32.dll
GetCPInfo
zcÁ
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
?,?0?4?8?
5%5 5/5<5]5{5
;"<(<,<0<4<
<(<-<9<><]<
>$?1?:?^?
9 9$9(9,9
6 6<6@6`6
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
kernel32.dll
USER32.DLL
XXXXXX
IdcLdr.exe
IdcSrvStub.dll
IdcSrv.dll
IdcLdr_x64.exe
IdcSrvStub_x64.dll
IdcSrv_x64.dll
\IdcSrvStub.dll
18E9CAF6-12E0-4E11-870A-1A307541A4F4
%s\%s
\AskPartnerNetwork\Toolbar\Updater\%s
{DF8AB633-6D92-4535-A5F9-134FB8DF60AB}
Global\BAE8A7C6-0FBC-447D-B63C-2566AE335455
C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
31.19.1.2516






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    APNSetup1.exe:448
    TBNotifier.exe:580
    vcredist_x86.exe:820
    carambis_driver_updater_24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.exe:2764
    IdcLdr.exe:1860
    IdcLdr.exe:1584
    %original file name%.exe:1912
    APNSetup.exe:2700
    apnmcp.exe:2292
    vcredist_x64.exe:3060
    Setup.exe:1060
    Setup.exe:1840
    Offercast2910_NDV_.exe:1904
    Offercast2910_NDV_.exe:2988
    MsiExec.exe:208
    MsiExec.exe:1172
    IdcLdr_x64.exe:2888
    

    2. 

  2. Delete the original Trojan file.
    3. 

  3. Delete or disinfect the following files created/modified by the Trojan:
    

    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll (272 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll (561 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\apnmcp.exe (178 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml (308 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1212 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaaadgepjkdffhjbkfjgnnffnfcffbg.json (285 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_F7B10375EAC02BAADDA45DA11949EA52 (1 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe (156 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll (460 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_NDV-SP@apn.ask.com.xpi (765 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (97 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml (2 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\searchhook.dll (73 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\AskToolbarInstaller-12.28.1_NDV-SP.msi (516 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\1034.mst (40 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\APN-Stub\NDV-SP\Stb8665fac0-1198-479e-85d6-725d8d40bbe1.log (8720 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\1043.mst (41 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_45BA4D4769FDB8508CEACDC73D403554 (1212 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\1049.mst (37 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\common appdata\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx (698 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\1041.mst (39 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\Setup[1].ini (808 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\1045.mst (37 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\1033.mst (13 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml (180 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe (182 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (111 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx (565 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Toolbar.exe (390 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\Setup.ini (155 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\1031.mst (43 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\1036.mst (41 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\SO.dll (677 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll (11 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll (45 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe (105 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\toolbar.dll (223 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_45BA4D4769FDB8508CEACDC73D403554 (1 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\1040.mst (41 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\2070.mst (38 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (171 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\ApnSetup.exe (4545 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll (130 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_F7B10375EAC02BAADDA45DA11949EA52 (1194 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe (114 bytes)
    C:\ProgramData\AskPartnerNetwork\Toolbar\NDV-SP\Updater\Config\Config.31.19.1.0-5.xml (179 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\favicon[1].ico (1150 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{4B94FF28-B18F-4714-9B39-398825D1D9E1}.ico (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apnuosearch.xml (818 bytes)
    C:\ProgramData\AskPartnerNetwork\Toolbar\NDV-SP\Updater\Response\Response.31.19.1.0-0.xml (315 bytes)
    C:\8292de540935f07b706498\3082\SetupResources.dll (18 bytes)
    C:\8292de540935f07b706498\2052\LocalizedData.xml (31 bytes)
    C:\8292de540935f07b706498\ParameterInfo.xml (62 bytes)
    C:\8292de540935f07b706498\1041\LocalizedData.xml (926 bytes)
    C:\8292de540935f07b706498\SetupUi.xsd (581 bytes)
    C:\8292de540935f07b706498\1036\SetupResources.dll (18 bytes)
    C:\8292de540935f07b706498\1040\eula.rtf (3438 bytes)
    C:\8292de540935f07b706498\1031\SetupResources.dll (18 bytes)
    C:\8292de540935f07b706498\Graphics\Setup.ico (590 bytes)
    C:\8292de540935f07b706498\Strings.xml (14 bytes)
    C:\8292de540935f07b706498\Graphics\warn.ico (10 bytes)
    C:\8292de540935f07b706498\Graphics\Rotate1.ico (894 bytes)
    C:\8292de540935f07b706498\Setup.exe (1013 bytes)
    C:\8292de540935f07b706498\3082\eula.rtf (2558 bytes)
    C:\8292de540935f07b706498\Graphics\Rotate7.ico (894 bytes)
    C:\8292de540935f07b706498\1033\eula.rtf (7 bytes)
    C:\8292de540935f07b706498\Graphics\Print.ico (1 bytes)
    C:\8292de540935f07b706498\3082\LocalizedData.xml (930 bytes)
    C:\8292de540935f07b706498\UiInfo.xml (1883 bytes)
    C:\8292de540935f07b706498\SplashScreen.bmp (1098 bytes)
    C:\8292de540935f07b706498\Graphics\Rotate6.ico (894 bytes)
    C:\8292de540935f07b706498\2052\eula.rtf (3430 bytes)
    C:\8292de540935f07b706498\SetupEngine.dll (12353 bytes)
    C:\8292de540935f07b706498\1042\LocalizedData.xml (737 bytes)
    C:\8292de540935f07b706498\1049\SetupResources.dll (172 bytes)
    C:\8292de540935f07b706498\vc_red.msi (1604 bytes)
    C:\8292de540935f07b706498\1036\LocalizedData.xml (1028 bytes)
    C:\8292de540935f07b706498\DHtmlHeader.html (16 bytes)
    C:\8292de540935f07b706498\DisplayIcon.ico (1950 bytes)
    C:\8292de540935f07b706498\1049\LocalizedData.xml (690 bytes)
    C:\8292de540935f07b706498\vc_red.cab (60660 bytes)
    C:\8292de540935f07b706498\Graphics\Rotate2.ico (894 bytes)
    C:\8292de540935f07b706498\1028\eula.rtf (3039 bytes)
    C:\8292de540935f07b706498\SetupUi.dll (4781 bytes)
    C:\8292de540935f07b706498\Graphics\SysReqMet.ico (1 bytes)
    C:\8292de540935f07b706498\Graphics\stop.ico (10 bytes)
    C:\8292de540935f07b706498\1042\eula.rtf (5133 bytes)
    C:\8292de540935f07b706498\sqmapi.dll (2482 bytes)
    C:\8292de540935f07b706498\1049\eula.rtf (2548 bytes)
    C:\8292de540935f07b706498\1028\SetupResources.dll (14 bytes)
    C:\8292de540935f07b706498\Graphics\Rotate4.ico (894 bytes)
    C:\8292de540935f07b706498\Graphics\Rotate3.ico (894 bytes)
    C:\8292de540935f07b706498\1031\eula.rtf (2315 bytes)
    C:\8292de540935f07b706498\1040\SetupResources.dll (222 bytes)
    C:\8292de540935f07b706498\1036\eula.rtf (2994 bytes)
    C:\8292de540935f07b706498\1040\LocalizedData.xml (740 bytes)
    C:\8292de540935f07b706498\Graphics\Rotate8.ico (894 bytes)
    C:\8292de540935f07b706498\Graphics\Rotate5.ico (894 bytes)
    C:\8292de540935f07b706498\1033\SetupResources.dll (17 bytes)
    C:\8292de540935f07b706498\Graphics\Save.ico (1 bytes)
    C:\8292de540935f07b706498\1031\LocalizedData.xml (1388 bytes)
    C:\8292de540935f07b706498\1028\LocalizedData.xml (326 bytes)
    C:\8292de540935f07b706498\header.bmp (7 bytes)
    C:\8292de540935f07b706498\watermark.bmp (5264 bytes)
    C:\8292de540935f07b706498\$shtdwn$.req (788 bytes)
    C:\8292de540935f07b706498\1041\eula.rtf (2730 bytes)
    C:\8292de540935f07b706498\1041\SetupResources.dll (15 bytes)
    C:\8292de540935f07b706498\2052\SetupResources.dll (594 bytes)
    C:\8292de540935f07b706498\Graphics\SysReqNotMet.ico (1 bytes)
    C:\8292de540935f07b706498\1042\SetupResources.dll (15 bytes)
    C:\8292de540935f07b706498\1033\LocalizedData.xml (596 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Offercast2910_NDV_.exe (33440 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\nsProcess.dll (12 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\htmlayout.dll (31856 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\nsDialogs.dll (21 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\Win32\Installer.exe (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_EN.ini (6 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\CrashSender.exe (20624 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\CrashRpt.dll (1856 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_JP.ini (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\ElevatePrivileges.dll (3398 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_IT.ini (7 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\imageformats\qico4.dll (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\ioSpecial.ini (28236 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Driver Updater.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_RU.ini (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_ES.ini (8 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\dbghelp.dll (33455 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_FR.ini (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\Registry.dll (3410 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\InstallOptions.dll (31 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\execDos.dll (13 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\QtNetwork4.dll (33391 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\QtGui4.dll (272329 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carambis\Driver Updater\Uninstall.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\vcredist_x86.exe (165566 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\LangDLL.dll (13 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\sqlite3.dll (8184 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\dupdater.exe (131786 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\System.dll (23 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carambis\Driver Updater\Driver Updater.lnk (1 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\QtXml4.dll (12088 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Carambis\Driver Updater\data\lang\crashrpt_lang_DE.ini (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\installer_translate.ini (6456 bytes)
    C:\Users\Public\Desktop\Driver Updater.lnk (1 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\x64\Installer.exe (1552 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\modern-wizard.bmp (5520 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\QtCore4.dll (76650 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\vcredist_x64.exe (182477 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\uninstall.exe (6360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\welcome.bmp (5520 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsc55E.tmp\modern-header.bmp (784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsx53E.tmp (914302 bytes)
    %Program Files% (x86)\Carambis\Driver Updater\libcurl.dll (8184 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\list-bullet.bmp (102 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll (601 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe (857 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll (3073 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll (3361 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (601 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (845 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\carambis_driver_updater_24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.exe (5158553 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\24bf3170a264d8d90ee6b9abe3abd7acd0c5f668.txt (512 bytes)
    C:\ProgramData\APN\APN-Stub\NDV-SP\stampbin.dat (8 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\stop.ico (10 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\SysReqNotMet.ico (1 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1040\LocalizedData.xml (979 bytes)
    C:\a2bc9aa8af392cd2c7e7be\SetupEngine.dll (12353 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\Setup.ico (809 bytes)
    C:\a2bc9aa8af392cd2c7e7be\3082\SetupResources.dll (18 bytes)
    C:\a2bc9aa8af392cd2c7e7be\SplashScreen.bmp (1098 bytes)
    C:\a2bc9aa8af392cd2c7e7be\sqmapi.dll (2482 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1028\LocalizedData.xml (565 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1033\LocalizedData.xml (1027 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate2.ico (894 bytes)
    C:\a2bc9aa8af392cd2c7e7be\vc_red.cab (70265 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate8.ico (894 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate7.ico (894 bytes)
    C:\a2bc9aa8af392cd2c7e7be\ParameterInfo.xml (282 bytes)
    C:\a2bc9aa8af392cd2c7e7be\$shtdwn$.req (788 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1031\SetupResources.dll (18 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate6.ico (894 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\SysReqMet.ico (1 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\Save.ico (1 bytes)
    C:\a2bc9aa8af392cd2c7e7be\SetupUi.xsd (581 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1042\LocalizedData.xml (976 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1049\SetupResources.dll (391 bytes)
    C:\a2bc9aa8af392cd2c7e7be\vc_red.msi (2392 bytes)
    C:\a2bc9aa8af392cd2c7e7be\watermark.bmp (5264 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1028\SetupResources.dll (14 bytes)
    C:\a2bc9aa8af392cd2c7e7be\3082\LocalizedData.xml (150 bytes)
    C:\a2bc9aa8af392cd2c7e7be\DHtmlHeader.html (16 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1036\LocalizedData.xml (672 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1040\eula.rtf (2985 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1033\eula.rtf (7 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1041\SetupResources.dll (15 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1028\eula.rtf (3478 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1042\SetupResources.dll (15 bytes)
    C:\a2bc9aa8af392cd2c7e7be\2052\eula.rtf (3141 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1049\LocalizedData.xml (909 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1036\SetupResources.dll (666 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1031\LocalizedData.xml (840 bytes)
    C:\a2bc9aa8af392cd2c7e7be\SetupUi.dll (4781 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1049\eula.rtf (2867 bytes)
    C:\a2bc9aa8af392cd2c7e7be\2052\LocalizedData.xml (31 bytes)
    C:\a2bc9aa8af392cd2c7e7be\DisplayIcon.ico (1950 bytes)
    C:\a2bc9aa8af392cd2c7e7be\header.bmp (7 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Setup.exe (1013 bytes)
    C:\a2bc9aa8af392cd2c7e7be\UiInfo.xml (1318 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1031\eula.rtf (2414 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1041\LocalizedData.xml (142 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate3.ico (894 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate1.ico (894 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1033\SetupResources.dll (17 bytes)
    C:\a2bc9aa8af392cd2c7e7be\2052\SetupResources.dll (833 bytes)
    C:\a2bc9aa8af392cd2c7e7be\3082\eula.rtf (2657 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1041\eula.rtf (3169 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\warn.ico (10 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate5.ico (894 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1042\eula.rtf (5772 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Strings.xml (14 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\Print.ico (1 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1036\eula.rtf (3123 bytes)
    C:\a2bc9aa8af392cd2c7e7be\Graphics\Rotate4.ico (894 bytes)
    C:\a2bc9aa8af392cd2c7e7be\1040\SetupResources.dll (461 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C   2010  x86 Redistributable Setup_20150515_204643649.html (147736 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIE0BE.tmp.html (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup_20150515_204643509.html (51982 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C   2010  x86 Redistributable Setup_20150515_204643649-MSI_vc_red.msi.txt (158631 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIE18C.tmp.html (27528 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIF6AE.tmp.html (22 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\HFIF79B.tmp.html (27528 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C   2010  x64 Redistributable Setup_20150515_204649296.html (156720 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Microsoft Visual C   2010  x64 Redistributable Setup_20150515_204649296-MSI_vc_red.msi.txt (149727 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Setup_20150515_204649140.html (51982 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\CRPrimary-ext1[1].png (1931 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\IEPrimary-ext.png (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\scrolltext[1].xml (3389 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDZ3KS6S\IEPrimary-ext[1].png (1929 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\pipcore-min[1].js (37170 bytes)
    C:\Users\"%CurrentUserName%"\Documents\APNSetup1.exe (9025 bytes)
    C:\Users\"%CurrentUserName%"\Documents\APNSetup.exe (9025 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\APNAnalytics.xml (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\scrolltext.xml (24 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HVGFTJ0\orchestrator1[1].htm (1462 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUC72OXY\APNAnalytics[1].xml (583 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CRPrimary-ext1.png (9 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D285HURO\install[1].ico (2344 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\install.ico (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\OBJECTMODEL.JS (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\JSON.JS (17 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\SATTB.PNG (20 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\UI.XML (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\LOADINGSCREEN.PNG (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\V7TB.PNG (9 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ORCHESTRATOR.HTML (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\TB.PNG (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\ANALYTICS.XML (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\apn_pip_local\RULES.JS (60 bytes)
    C:\Windows\Installer\MSID013.tmp (208 bytes)
    C:\Windows\Installer\MSID143.tmp (208 bytes)
    C:\Windows\Installer\MSICDCD.tmp (208 bytes)
    C:\Windows\Installer\MSICFC3.tmp (208 bytes)
    C:\Windows\Installer\MSID092.tmp (208 bytes)
    C:\Windows\Installer\MSID0B2.tmp (208 bytes)
    C:\Windows\Installer\MSICDAD.tmp (208 bytes)
    C:\Windows\Installer\MSICD0F.tmp (208 bytes)
    C:\Windows\Installer\MSICC91.tmp (208 bytes)
    C:\Windows\Installer\MSID0D3.tmp (208 bytes)
    C:\Windows\Installer\MSID053.tmp (208 bytes)
    C:\Windows\Installer\MSICFE4.tmp (208 bytes)
    C:\Windows\Installer\MSICD6E.tmp (208 bytes)
    C:\Windows\Installer\MSID102.tmp (208 bytes)
    C:\Windows\Installer\MSICE0D.tmp (208 bytes)
    C:\Windows\Installer\MSID123.tmp (208 bytes)
    C:\Windows\Installer\MSID24F.tmp (208 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll (11 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll (1281 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml (673 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1036.mst (41 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1049.mst (37 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll (601 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll (1425 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1041.mst (39 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe (2105 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (172 bytes)
    C:\Windows\Installer\MSID4C3.tmp (208 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (49 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll (3073 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe (673 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll (601 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe (673 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe (601 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll (12 bytes)
    C:\Windows\Installer\MSID454.tmp (208 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_NDV-SP@apn.ask.com.xpi (5441 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll (601 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll (3361 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\SO.dll (4545 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1031.mst (43 bytes)
    C:\Windows\Installer\MSID1F0.tmp (208 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe (601 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\common appdata\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaadgepjkdffhjbkfjgnnffnfcffbg.crx (4545 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe (673 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1043.mst (41 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1040.mst (41 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml (2 bytes)
    C:\Windows\Installer\MSID966.tmp (208 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1034.mst (40 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\2070.mst (38 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\AskToolbarInstaller-12.28.1_NDV-SP.msi (3073 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1033.mst (13 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx (3361 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (14988 bytes)
    C:\Windows\Installer\MSID493.tmp (208 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\1045.mst (37 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe (673 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaaadgepjkdffhjbkfjgnnffnfcffbg.json (285 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll (45 bytes)
    %Program Files% (x86)\AskPartnerNetwork\Toolbar\NDV-SP\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml (308 bytes)
    C:\Windows\Installer\MSID2DC.tmp (208 bytes)
    C:\Windows\Installer\MSID9B5.tmp (208 bytes)
    

    4. 

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "APN-Stub_NDV-SP" = "C:\ProgramData\APN\APN-Stub\NDV-SP\ApnSetup.exe /install=NDV-SP /dtid=default /trgb=IE /type=vanilla,vanspe /hpr=1 /log /install=NDV-SP /dtid=default /trgb=IE /type=vanilla,vanspe /sa=1 /log /install=NDV-SP /dtid=default /trgb=CR /type=vanilla,vanspe /crcrx=aaaaadgepjkdffhjbkfjgnnffnfcffbg /log /sa=1 /hpr=1 /runonce"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "Driver Updater" = "%Program Files% (x86)\Carambis\Driver Updater\dupdater.exe -minimized"

    [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ApnTBMon" = "%Program Files% (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
    

    5. 

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    6. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2024 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now