Sample_107a4c0166

by malwarelabrobot on October 10th, 2017 in Malware Descriptions.

mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Malware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 107a4c0166e2979a7b0cde4d6c45e38f
SHA1: 72f283540fae498b3169c0578e79b32e55689026
SHA256: 885db63443653a572f929886cd0422501fe95ad74da83dc95a632807bed9bf23
SSDeep: 24576:SRKvMp /Qlb VoDLhb/ZPPtKWMAEeaze8OlgG:S8MpYYSVo/l/ZPPt/rEe9huG
Size: 1040792 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company: Exent Technologies Ltd.
Created at: 2008-08-20 16:51:24
Analyzed on: Windows7 SP1 32-bit


Summary:

Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Payload

No specific payload has been found.

Process activity

The Malware creates the following process(es):

cmhelper.exe:2748
cmhelper.exe:3828
cmhelper.exe:956
cmhelper.exe:2764
GPlayer.exe:3368
FreeRideGames.exe:3024
Regsvr32.exe:1452
RegEdit.exe:1988
RegEdit.exe:3300
%original file name%.exe:3308
setup.exe:4048
Free Ride Games.exe:2452
FRG_toolbar.exe:768

The Malware injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process cmhelper.exe:2748 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Low\PVXDUYBH.txt (106 bytes)

The process cmhelper.exe:3828 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Low\2WG9I57W.txt (214 bytes)

The Malware deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Low\PVXDUYBH.txt (0 bytes)

The process cmhelper.exe:956 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Low\XUWLY219.txt (318 bytes)

The Malware deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Low\2WG9I57W.txt (0 bytes)

The process cmhelper.exe:2764 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AQW9UQHU\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OPHRS0CG\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FHRXL987\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ROKJ9SS6\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini (67 bytes)

The Malware deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\LocalLow\Temp\ietemp1.dat (0 bytes)

The process GPlayer.exe:3368 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files%\FreeRide Games\Info\1.clg (15349 bytes)
%Program Files%\FreeRide Games\Info\2.clg (1093 bytes)

The process FreeRideGames.exe:3024 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\plf20C9.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\layout.bin (473 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\0x0409.ini (21 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.inx (7356 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\data1.hdr (2277 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.iss (257 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\pftw1.pkg (23526 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\ISSetup.dll (10675 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.exe (16638 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ext20CA.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.ini (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\data1.cab (14367 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\data2.cab (158355 bytes)

The Malware deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\plf20C9.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\layout.bin (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\exs.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\0x0409.ini (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.inx (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\data1.hdr (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.iss (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.log (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\pftw1.pkg (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\ISSetup.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ext20CA.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.ini (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\data1.cab (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\data2.cab (0 bytes)

The process Regsvr32.exe:1452 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Program Files%\FreeRide Games\AppLoader2KEx.dll (966 bytes)

The process %original file name%.exe:3308 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\resourceDll.dll (130 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_uninsep.bat (174 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\Free Ride Games.exe (989 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\0013F160 (917 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\ExentCtlInstaller.dll (200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\cmhelper.exe (192 bytes)

The Malware deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\0013F160 (0 bytes)

The process setup.exe:4048 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG279c.rra\AppL279c.rra (32102 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\load2dd3.rra (2340 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\masks\logi2cf9.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\icon\IAF2be0.rra (17 bytes)
%Program Files%\FreeRide Games\myGa28a5.rra (6126 bytes)
%Program Files%\FreeRide Games\Skin\dat\GPlrLanc.dat (20 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dial2c0f.rra (1 bytes)
%Program Files%\FreeRide Games\FRGN28a5.rra (17 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\preRoll\play2d66.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\load2b73.rra (2336 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\spla2b44.rra (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG227bc.rra\exs227cb.rra (2335 bytes)
C:\Users\Public\Desktop\More FREE games.lnk (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\erro2c6c.rra (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\isrt.dll (262 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_u2d47.rra (7 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\yesn2cba.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_m2d47.rra (18 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\bgBo2b54.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\masks\play2cf9.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\atta2b54.rra (4 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\masks\bann2ce9.rra (6 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\titl2da4.rra (2 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\cls_2ab8.rra (31 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\Subs2dc4.rra (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG227bc.rra\exs227bb.rra (12834 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\prvd2912.rra (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setu22eb.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\swit2cba.rra (3 bytes)
%Program Files%\FreeRide Games\Data\Loca2857.rra (7 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\logo2b73.rra (8 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\dial2b06.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\dat\Loca2867.rra (5 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\pb2c5d.rra (8 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\canc2a0c.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\main2d95.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\dat\Loca2857.rra (7 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\drop2dc4.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\icon\MyGa2bf0.rra (17 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\sign2cab.rra (4 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\flas2b63.rra (4 bytes)
%Program Files%\FreeRide Games\Skin\icon\Onli2bf0.rra (17 bytes)
%Program Files%\FreeRide Games\Skin\icon\Exit2bb1.rra (17 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\canc2a2b.rra (2 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\erro2c7c.rra (8 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\game2dd3.rra (4 bytes)
%Program Files%\FreeRide Games\npEx28a5.rra (8760 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\229d.rra (100 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRide Games.lnk (1 bytes)
%Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\ISSe26f0.rra (10504 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_a2d08.rra (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{FE55FDF9-85DD-4E1D-A6A3-885E33F44B22}\0x0409.ini (21 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\sear2de3.rra (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\DIFx2329.rra (86 bytes)
%Program Files%\FreeRide Games\Skin\icon\GPla2be0.rra (17 bytes)
%Program Files%\Exent Technologies\FreeRide Games\Jugar a mis juegos.lnk (1 bytes)
%Program Files%\FreeRide Games\Skin\mask\play2cca.rra (144 bytes)
%Program Files%\FreeRide Games\X6Ex27cb.rra (16732 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\emai2d85.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\GameInfoDefault\Thum28e4.rra (19 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\prvd2932.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_i2d37.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\skin_events\Skin2e02.rra (5 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\prvd2941.rra (26 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\drop2dd3.rra (181 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\ok_22a79.rra (2 bytes)
C:\Windows\System32\d3dx2876.rra (32512 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\skin2b44.rra (11 bytes)
%Program Files%\FreeRide Games\Skin\inde28b5.rra (34 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\chk_2a3b.rra (4 bytes)
%Program Files%\FreeRide Games\Skin\icon\FRGL2bc1.rra (34 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\adGa2af6.rra (4 bytes)
%Program Files%\FreeRide Games\Skin\Popups\1\pinb29ce.rra (5 bytes)
%Program Files%\FreeRide Games\report.ini (86 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\key_2c8c.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\GameInfoDefault\Game28d4.rra (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra\Repo278c.rra (31560 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\bgTo2b63.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\cls_2ae6.rra (33 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_s2d47.rra (12 bytes)
%Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setu26f0.rra (6040 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\YUI\auto2980.rra (36 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\conn2d76.rra (6 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\skin_events\spec2e02.rra (807 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setu22db.rra (6040 bytes)
%Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\layo26d1.rra (473 bytes)
%Program Files%\FreeRide Games\Skin\Popups\1\upda29dd.rra (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\ISSetup.dll (577 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\gplayer\gpla2ba2.rra (15 bytes)
%Program Files%\FreeRide Games\Skin\Sett28b5.rra (1 bytes)
%Program Files%\FreeRide Games\exs.ini (1638 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra\GPla2700.rra (154846 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\Most2bff.rra (2334 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG227bc.rra\DoDl27cb.rra (4456 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\core2329.rra (2334 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\titl2db4.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\Popups\1\skip29dd.rra (5 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\cls_2ad7.rra (21 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\clos2a4a.rra (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.log (323 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\masks\bann2cda.rra (6 bytes)
%Program Files%\FreeRide Games\npGa2e12.rra (13264 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\preR2cab.rra (6 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\skin_events\PreR2df2.rra (3 bytes)
%Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\data26d1.rra (15968 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\logi2b15.rra (2 bytes)
%Program Files%\FreeRide Games\Skin\Popups\1\skip29ce.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\Popups\1\yesb29ed.rra (8 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\topL2b82.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\prvd2970.rra (27 bytes)
%Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setu26e1.rra (14400 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\ap_p28d4.rra (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\isrt2339.rra (8434 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\post2c9b.rra (966 bytes)
%Program Files%\FreeRide Games\Skin\Popups\1\nobu29be.rra (2 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_d2d08.rra (22 bytes)
%Program Files%\FreeRide Games\Clie28b5.rra (262 bytes)
%Program Files%\FreeRide Games\Skin\icon\Chan2bb1.rra (17 bytes)
%Program Files%\FreeRide Games\Skin\Popups\1\clos299f.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\Popups\1\back298f.rra (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{FE55FDF9-85DD-4E1D-A6A3-885E33F44B22}\setup.ini (1 bytes)
%Program Files%\FreeRide Games\Data\Loca2867.rra (5 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\preRoll\invi2d66.rra (262 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\Subs2db4.rra (16 bytes)
C:\ProgramData\FreeRide Games\data3072.rra (172922 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\mg_i2b15.rra (2 bytes)
%Program Files%\FreeRide Games\Skin\icon\FRGL2bc2.rra (34 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\og_i2c9b.rra (625 bytes)
%Program Files%\FreeRide Games\Skin\icon\MyDo2be0.rra (17 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\ap_m28c4.rra (24 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\cls_2af6.rra (23 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\logi2c8c.rra (1 bytes)
%Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setu2700.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\spla2cab.rra (6 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\ap_d28c4.rra (15 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\pids2903.rra (58 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\YUI\anim2980.rra (13 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\dl_i2b06.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\buy_2a0c.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\dott2dd3.rra (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\_isr2348.rra (18974 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\ap_c28c4.rra (2334 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra\Game277d.rra (8760 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\prvd2960.rra (40 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\defa2348.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\layo2c4d.rra (5 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\preRoll\play2d76.rra (6 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\prvd2903.rra (4 bytes)
C:\ProgramData\FreeRide Games\ISSe30b0.rra (10504 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\clos2a3b.rra (2 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_l2d37.rra (7 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\ap_a28c4.rra (3404 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\bgLe2b54.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\post2cab.rra (966 bytes)
%Program Files%\FreeRide Games\Skin\Skin28b5.rra (352 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\MinC2db4.rra (6 bytes)
%Program Files%\FreeRide Games\Skin\icon\Help2be0.rra (17 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\cls_2ac7.rra (52 bytes)
%Program Files%\FreeRide Games\Skin\icon\Sett2bf0.rra (17 bytes)
%Program Files%\FreeRide Games\Skin\Langs\0409\Stri29fc.rra (11940 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\_isres_0x0409.dll (561 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\trac2cba.rra (7 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\fram2b15.rra (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\Stri2339.rra (2 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\bgRi2b63.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\subm2a89.rra (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra\cmhe279c.rra (4456 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\mg2903.rra (7 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\erro2b06.rra (2 bytes)
%Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\0x0426f0.rra (21 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\topR2b92.rra (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\exs22eb.rra (12834 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\eror2c1e.rra (8 bytes)
%Program Files%\FreeRide Games\ExentComponents.ini (1073 bytes)
%Program Files%\FreeRide Games\Data\vers2857.rra (5 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\preRoll\load2d66.rra (17 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\logo2de3.rra (14 bytes)
%Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setup.ini (5176 bytes)
%Program Files%\FreeRide Games\Skin\icon\FRGL2bd1.rra (34 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\gmt\cls_2b92.rra (10 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\more2a6a.rra (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG279c.rra\wh_P27ac.rra (4456 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\main2de3.rra (18 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\dl_i2c5d.rra (32 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra\Game275e.rra (65287 bytes)
%Program Files%\FreeRide Games\Skin\Popups\1\pinb29be.rra (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\19U01AT3.txt (707 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\yesn2b44.rra (2 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\YUI\yaho298f.rra (2334 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\drop2c6c.rra (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\FRG_toolbar.exe (69 bytes)
C:\ProgramData\FreeRide Games\layo30c0.rra (473 bytes)
C:\ProgramData\FreeRide Games\setu30c0.rra (14401 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\spac2c5d.rra (49 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\GATr2bff.rra (2326 bytes)
%Program Files%\FreeRide Games\Skin\Popups\1\canc299f.rra (7 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\YUI\data2980.rra (31 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\chk_2a2b.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\sear2df2.rra (10 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\clie2c5d.rra (509 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\emai2d95.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\hide2a5a.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\preRoll\clos2d56.rra (1106 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_e2d08.rra (11 bytes)
%Program Files%\FreeRide Games\Skin\dat\Loca2868.rra (6 bytes)
%Program Files%\FreeRide Games\Skin\NIBmps\NetI28e4.rra (1260 bytes)
%Program Files%\FreeRide Games\Skin\NIBmps\Thum28f3.rra (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\lice22eb.rra (9 bytes)
%Program Files%\FreeRide Games\Skin\Popups\1\Chec298f.rra (2 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\chan2dc4.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\cls_2aa8.rra (45 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\GPla22fa.rra (17 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\prvd2951.rra (18 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\NPGa2329.rra (9 bytes)
%Program Files%\FreeRide Games\Skin\icon\favi2bb1.rra (17 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\bord2d76.rra (1 bytes)
%Program Files%\Exent Technologies\FreeRide Games\More FREE games.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\exs.dll (380 bytes)
%Program Files%\FreeRide Games\Skin\GameInfoDefault\md28e4.rra (383 bytes)
C:\ProgramData\FreeRide Games\setu30d0.rra (6477 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\preRoll\laun2d66.rra (6 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\disp2d85.rra (6 bytes)
%Program Files%\FreeRide Games\Skin\html\Conn2ba2.rra (296 bytes)
%Program Files%\FreeRide Games\Skin\icon\GPlr2be0.rra (17 bytes)
C:\Users\Public\Desktop\Jugar a mis juegos.lnk (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\ok_12a79.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\icon\Tray28a5.rra (17 bytes)
%Program Files%\FreeRide Games\Skin\icon\FRGL2bb1.rra (34 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra\repo279c.rra (364 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\Regi22eb.rra (29 bytes)
%Program Files%\FreeRide Games\Skin\NIBmps\NetI28f3.rra (2520 bytes)
C:\Windows\Downloaded Program Files\Exen2886.rra (32172 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\logi28d4.rra (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\4E2B122G.txt (709 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\ok_12a79.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\retr2b82.rra (3 bytes)
C:\Windows\Downloaded Program Files\ExentControl.ocx (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_g2d18.rra (17 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\FRG_22fa.rra (3404 bytes)
%Program Files%\FreeRide Games\Skin\icon\Serv2bf0.rra (17 bytes)
%Program Files%\FreeRide Games\Skin\mask\erro2cca.rra (144 bytes)
%Program Files%\FreeRide Games\Skin\GameInfoDefault\Spla28d4.rra (29 bytes)
%Program Files%\FreeRide Games\Skin\Langs\0409\EXEt29fc.rra (840 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\AC_R2c5d.rra (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\exs2490.rra (7168 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra\GPlr274e.rra (32516 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\debu28d4.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\gplayer\gpla2b92.rra (4314 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\main2da4.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_o2d47.rra (6 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\ok_02a79.rra (2 bytes)
%Program Files%\FreeRide Games\Skin\mask\upda2cda.rra (96 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\FRG_22fb.rra (2104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\dotn2329.rra (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG27bb.rra\3rdP27bb.rra (26 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\MyGa2c0f.rra (4298 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\righ2da4.rra (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG279c.rra\AX32279c.rra (3404 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\canc2a0c.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\tabs2df2.rra (4 bytes)
%Program Files%\FreeRide Games\Skin\Popups\1\clos29ae.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\Popups\1\upda29ed.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\sett2b34.rra (6 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\flas2c7c.rra (23 bytes)
%Program Files%\FreeRide Games\Skin\html\OffL2ba2.rra (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\Font2329.rra (39 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\play2c9b.rra (729 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\cls_2a98.rra (37 bytes)
%Program Files%\FreeRide Games\glut27da.rra (4314 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\bott2b63.rra (2 bytes)
%Program Files%\FreeRide Games\Skin\icon\FRGL2bd0.rra (34 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\dl2903.rra (7 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\help2a4a.rra (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG27bb.rra\lice27bb.rra (9 bytes)
C:\ProgramData\FreeRide Games\exs30b0.rra (7168 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\defa2903.rra (2 bytes)
%Program Files%\FreeRide Games\Skin\mask\logi2cca.rra (144 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_e2d18.rra (3 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\og_i2b34.rra (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\data1.hdr (53 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\jque2c8c.rra (3404 bytes)
%Program Files%\FreeRide Games\X6XS27da.rra (2334 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\CW2ZUIA5.txt (709 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\info2d95.rra (6 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\auto2b06.rra (1 bytes)
%Program Files%\FreeRide Games\Skin\Popups\1\nobu29ae.rra (6 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\myGa2c5d.rra (22 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\mg_i2c8c.rra (20 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\fram2c8c.rra (14 bytes)
%Program Files%\FreeRide Games\Skin\dat\GPlr2b44.rra (6 bytes)
%Program Files%\FreeRide Games\Data\Loca2876.rra (6 bytes)
C:\ProgramData\FreeRide Games\0x043062.rra (21 bytes)
%Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\icon2c3e.rra (8 bytes)

The Malware deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31} (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7CFS2HCA.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG227bc.rra (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\RegistryValues.reg (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG27bb.rra\Info (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\corecomp.ini (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\4E2B122G.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\StringTable_0x0409.ips (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\exs.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\FRG_toolbar_w_homepage.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\FontData.ini (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{FE55FDF9-85DD-4E1D-A6A3-885E33F44B22}\0x0409.ini (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\isrt.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\dotnetinstaller.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{FE55FDF9-85DD-4E1D-A6A3-885E33F44B22} (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\license.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB} (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\19U01AT3.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setup.ini (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\DIFxData.ini (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{FE55FDF9-85DD-4E1D-A6A3-885E33F44B22}\setup.ini (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setup.inx (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\GPlayer.ico (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\_isres_0x0409.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\default.pal (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG279c.rra (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\NPGameTreatPlugin.reg (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG27bb.rra (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG27bb.rra\IGL (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\FRG_toolbar.exe (0 bytes)

The process Free Ride Games.exe:2452 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\beacon[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\controller[1] (11 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\SDM_DB_148.xml (364 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7CFS2HCA.txt (705 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\measurements[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\gamesInQueue[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\defines[1] (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\VZE1PNJ9.txt (705 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\offlineheader[1] (398 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\util[1] (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\close_up[1] (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\configuration[1] (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\defines[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\SDMLog.log (2522745 bytes)
%Program Files%\FreeRide Games\GameInst.dll (146 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\initialized[1] (401 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\functions[1] (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\SDM_PROGRESS[1].htm (276 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT (1056 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\WNFI8C11.txt (111 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\ZB1BYKS6.txt (295 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\connecting_anim[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\servicePromotion4[1].jpg (8261 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\emptyFooter[1] (817 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\SDM_PROGRESS[1].htm (2373 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\defines[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\pageURLInfo[1] (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\connection[1] (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\util[1] (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\bubbleRight[1] (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\servicePromotion2[1].jpg (9076 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\initialized[1] (401 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\SDM_PROGRESS[1].css (732 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Exent\DACC\SDM_DownloadAcc_148.tmp (234161 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\index[1] (7 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Exent\GI20171009122844GMT.Log (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\FreeRideGames.exe (3202 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\connecting_anim[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\conf_defines[1] (510 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\F4SZENBS.txt (705 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\progress[1] (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\servicePromotion3[1].gif (5752 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\servicePromotion1[1].jpg (4766 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\SDM_HEADER2[1].css (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\minimize_up[1] (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\conf_defines[1] (510 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\offlineheader[1] (199 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\conf_defines[1] (510 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_uninsdm.bat (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\defines[1] (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\bubbleLeft[1] (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\defines[1] (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\FS67204F.txt (329 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\13[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\SDM_PROGRESS[1].css (732 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\header[1].jpg (2035 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\boxshot_sm[1].jpg (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2VWLEQVN.txt (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\util[1] (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Exent\DACC\SDM_DownloadAcc_148.acc (901 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Temp\ietemp1.dat (748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\pageURLInfo[1] (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\SDMHTMLInterfaces[1] (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\close_disabled[1] (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\initialized[1] (401 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\progressFooter[1] (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\extrnalHandler[1] (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\EULAFooter[1] (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Z9G5WK54.txt (705 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\header[1].htm (331 bytes)
%Program Files%\FreeRide Games\GPlayer.exe (485 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\OPXWUDYK.txt (543 bytes)

The Malware deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\5a2ce8gs.default\cookies.sqlite-wal (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\VZE1PNJ9.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\offlineheader[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\initialized[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\conversionTracking[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\WNFI8C11.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\initialized[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\pageURLInfo[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\util[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\F4SZENBS.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\defines[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\conf_defines[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\offlineheader[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\conf_defines[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\defines[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\FS67204F.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Mozilla\Firefox\Profiles\5a2ce8gs.default\cookies.sqlite-shm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Temp\ietemp1.dat (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2VWLEQVN.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\util[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\connecting_anim[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Z9G5WK54.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\OPXWUDYK.txt (0 bytes)

The process FRG_toolbar.exe:768 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn3266.tmp\inetc.dll (48 bytes)
C:\END (18 bytes)

The Malware deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ct3198777\stub.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn3266.tmp\inetc.dll (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsy3256.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn3266.tmp (0 bytes)

Registry activity

The process GPlayer.exe:3368 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\GPlayer_RASAPI32]
"ConsoleTracingMask" = "4294901760"
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"GPlayer.exe" = "10"

[HKLM\SOFTWARE\Microsoft\Tracing\GPlayer_RASMANCS]
"MaxFileSize" = "1048576"
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\2]
"RTyp" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG]
"RecoverSendFilesCount" = "3"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\1]
"TargetURL" = ""

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\2]
"PlayTime" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\LastShutdownOK]
"Value" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\1]
"STyp" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\2]
"filepath" = "%Program Files%\FreeRide Games\Info\2.clg"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\1]
"filepath" = "%Program Files%\FreeRide Games\Info\1.clg"

[HKLM\SOFTWARE\Microsoft\Tracing\GPlayer_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\2]
"ErrorID" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\1]
"PlayTime" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\GPlayer_RASMANCS]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\GPlayer_RASAPI32]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG]
"LastFileIndex" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\GPlayer_RASAPI32]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\1]
"RTyp" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 41 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\2]
"TargetURL" = ""

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\1]
"ErrorID" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\2]
"TicketID" = "1204111893"

[HKLM\SOFTWARE\Microsoft\Tracing\GPlayer_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG]
"MaxFilesCount" = "16"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\1]
"TicketID" = "1204111893"

[HKLM\SOFTWARE\Microsoft\Tracing\GPlayer_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\GPlayer_RASAPI32]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\2]
"STyp" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\GPlayer_RASMANCS]
"FileTracingMask" = "4294901760"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following registry key(s):

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\2]
[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG\1]

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process Regsvr32.exe:1452 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\WOW]
"DefaultSeparateVDM" = "yes"

The process RegEdit.exe:1988 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ClosePlayerOnIdle]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\IGA\IGAOptions]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CS\CSEnabled]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Scheduling\SchedulingEnable]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\IGA\IGAOptions]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\LastShutdownOK]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\MessagesSoundEnable]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Proxy\ProxyPort]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\LastShutdownOK]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeEnable]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Communication\WebComType]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\OfflineShortcutFolder]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\PRV\eSSTy]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\RamMaxWindowSize]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Proxy\ProxyAddress]
"Value" = ""

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentStatus\ContentStatusShowMsgDurationInSec]
"Value" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Scheduling\SchedulingEnable]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssDefaultShowMsgDurationInSec]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CS\CSDelExp]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\PRV\EnableDumpReport]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\UserProfile\UserChannel]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssCheckUpdatesIntervalInSec]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Proxy\ProxyPort]
"Value" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\SleepingPeriod]
"Value" = "30000"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\CreateUninstallShortcutMode]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssCheckUpdatesIntervalInSec]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\PRV\eLPL]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\ClientKeepaliveInterval]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\PRV\eSPT]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Partner\PartnerName]
"IsReadOnly" = "1"
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushShowMsgDurationInSec]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssCheckUpdatesIntervalInSec]
"Value" = "1800"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssUserType]
"Value" = "old"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssFeedUrl]
"Value" = "http://www.freeridegames.es/messages/rss/"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssEnable]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\TK\TKEnabled]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushCheckTimerIntervalInSec]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Partner\PartnerName]
"Value" = "Default"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushAIGsListUrl]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushCheckTimerIntervalInSec]
"Value" = "900"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoErrorReport]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\UserProfile\UserChannel]
"Value" = "default"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\CurrentUser]
"Value" = "advoyris"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushFadingScheme]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\PRV\EnableDumpReport]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\NetworkInterfacesCount]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\CheckDiskSpaceInterval]
"Value" = "86400000"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\PRV\eSPT]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeEnable]
"Value" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\ClientCleanupOffsetMSec]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\SleepingPeriod]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CS\CSDelExp]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Version]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\RamMaxWindowSize]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\ClientCleanUpInterval]
"Value" = "60000"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushEnableForOldUser]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CS\CSEnabled]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Proxy\ProxyRadio]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\OpenShortcutInIE]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeRecovery]
"Value" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\UserProfile\UserChannel]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\CreateUninstallShortcutMode]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeEnable]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushEnable]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssPersistentMessageFadingScheme]
"Value" = "168,86400"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\MediaChangerHotKey]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AccessWebPageConnectionTimeout]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\LastShutdownOK]
"Value" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\EnableShortcut]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\ClientCleanupOffsetMSec]
"Value" = "30000"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssCheckReminderTimerIntervalInSec]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Communication\SkinComType]
"Value" = "2"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\EnableDesktopShortcut]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ClientReport\UseClientReportUrl]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeCheckIdleIntervalInMinutes]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\PRV\eLPL]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeCheckURL]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\CoreInitFlags]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Communication\WebComType]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AccessWebPageConnectionTimeout]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\MediaChangerHotKey]
"Value" = "193"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\OSLUpdIntMin]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssUserType]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\CheckDiskSpaceInterval]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\CoreInitFlags]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoErrorReport]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Version]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ClientReport\ClientReportUrl]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\ClientKeepaliveInterval]
"Value" = "1000"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeReminderIntervalInMinutes]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoErrorReport]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CS\CSEnabled]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\MessagesSoundEnable]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\TK\TKEnabled]
"Value" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssCheckReminderTimerIntervalInSec]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\CurrentUser]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\ClientKeepaliveInterval]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeRecovery]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Communication\SkinComType]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CS\CSDomain]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssPersistentMessageFadingScheme]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\EnableShortcut]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushAIGsListUrl]
"Value" = "http://www.freeridegames.es/messages/contentpush/"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\ClientCleanUpInterval]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\MessagesSoundEnable]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssEnable]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\PropmtBeforeCreatingShortcut]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Communication\WebComType]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\CLG]
"LastSuccessfulErrURL" = "http://player.freeridegames.com/opTools/errorReport.jsp"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssPersistentMessageFadingScheme]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ClosePlayerOnIdle]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushShowMsgDurationInSec]
"Value" = "3600"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\OpenShortcutInIE]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\IGA\GameInfoURL]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentStatus\ContentStatusShowMsgDurationInSec]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeCheckIdleIntervalInMinutes]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Scheduling\LastDirectionFileIndex]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CS\CSNamesEx]
"Value" = "ON(143_CAMPAIGN_SERIAL_ID)ON(143_TURNKEY)ON(143_FIRST_BROWSER)NN(143_CAMPAIGN_PERFORMED_CONVERSIONS)NN(143_DAYS_PLAYED)NN(143_REACTIVATION_ID)NN(143_GAG)NN(143_UDOM)"
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ClosePlayerOnIdle]
"Value" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CS\CSDomain]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeRadio]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentStatus\ContentStatusShowMsgDurationInSec]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Proxy\ProxyAddress]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Scheduling\LastDirectionFileIndex]
"Value" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\NetworkInterfacesCount]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Partner\PartnerDomain]
"Value" = "player.freeridegames.com"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeRadio]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Partner\PartnerDomain]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeCheckIntervalInMinutes]
"Value" = "360"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\RunPlayerOnStartUp]
"IsVisible" = "1"
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\IGA\IGAOptions]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushEnable]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushAIGsListUrl]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\SleepingPeriod]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\PRV\eSSTy]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushFadingScheme]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\IGA\GameInfoURL]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\PRV\eSPT]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Version]
"Value" = "117802240"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssDefaultShowMsgDurationInSec]
"Value" = "3600"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeCheckIntervalInMinutes]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushEnable]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeCheckURL]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AccessWebPageConnectionTimeout]
"Value" = "20000"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushCheckTimerIntervalInSec]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CS\CSDomain]
"Value" = "player.freeridegames.com"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\OpenShortcutInIE]
"Value" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\EnableDesktopShortcut]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Partner\PartnerDomain]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Proxy\ProxyRadio]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\PRV\EnableDumpReport]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ClientReport\UseClientReportUrl]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\OSLUpdIntMin]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Scheduling\LastDirectionFileIndex]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ClientReport\UseClientReportUrl]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoDiskManagment]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\RamMaxWindowSize]
"Value" = "10"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeCheckURL]
"Value" = "http://player.freeridegames.com/do/PlayerUpdateInfo"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushEnableForOldUser]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\CurrentUser]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\OfflineShortcutFolder]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\NetworkInterfacesCount]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeReminderIntervalInMinutes]
"Value" = "4320"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CS\CSDelExp]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushEnableForOldUser]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\PRV\eLPL]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Proxy\ProxyPort]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ClientReport\ClientReportUrl]
"Value" = "http://player.freeridegames.com/opTools/clientReport.jsp?theme=Home"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeCheckIdleIntervalInMinutes]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ClientReport\ClientReportUrl]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushShowMsgDurationInSec]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoDiskManagment]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssFeedUrl]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssUserType]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssCheckReminderTimerIntervalInSec]
"Value" = "1800"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\ClientCleanupOffsetMSec]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\ContentPush\ContentPushFadingScheme]
"Value" = "168,43200"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\CoreInitFlags]
"Value" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoDiskManagment]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Proxy\ProxyRadio]
"Value" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\OfflineShortcutFolder]
"Value" = ""

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\PRV\eSSTy]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\NetworkStateUrl]
"Value" = "http://player.freeridegames.com/check.jsp"
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\EnableDesktopShortcut]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\OSLUpdIntMin]
"Value" = "1440"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CS\CSNamesEx]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Scheduling\SchedulingEnable]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\IGA\GameInfoURL]
"Value" = "http://player.freeridegames.com/do/gameInfo?contentId=%GAME_ID%"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\MediaChangerHotKey]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\CreateUninstallShortcutMode]
"Value" = "3"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\ClientCleanUpInterval]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeRecovery]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Communication\SkinComType]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssFeedUrl]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\PropmtBeforeCreatingShortcut]
"Value" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\RunPlayerOnStartUp]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\TK\TKEnabled]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\CMC\CheckDiskSpaceInterval]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\EnableShortcut]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeReminderIntervalInMinutes]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssDefaultShowMsgDurationInSec]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\NetworkStateUrl]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Rss\RssEnable]
"Value" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Proxy\ProxyAddress]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeRadio]
"Value" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\AutoClientUpgrade\AutoClientUpgradeCheckIntervalInMinutes]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Shortcuts\PropmtBeforeCreatingShortcut]
"IsVisible" = "1"

The process RegEdit.exe:3300 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}]
"(Default)" = "Game Treat Widget"

[HKCR\AppID\{B415CD14-B45D-4BCA-B552-B06175C38606}]
"(Default)" = "FireBreathWin"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"GTR.exe" = "9999"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{C9C1FD39-F2D3-50C9-AA6E-662D0EB26128}\TypeLib]
"(Default)" = "{103DFC4E-147A-5606-9B4E-1C216DF227A1}"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\ProgID]
"(Default)" = "GameTreatWidget.GameTreatWidget.1"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\VersionIndependentProgID]
"(Default)" = "GameTreatWidget.GameTreatWidget"

[HKCR\MIME\Database\Content Type\application/x-gametreatwidget]
"Extension" = ""

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"GTR.exe" = "9999"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\Version]
"(Default)" = "1"

[HKCR\Interface\{FEFD8F9E-7F71-5307-A9E8-D2E60A4AAECA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\MIME\Database\Content Type\application/x-gametreatwidget]
"(Default)" = "Game Treat Widget"

[HKCR\Interface\{7E8621A2-3513-5BAD-85D8-D624558847C7}]
"(Default)" = "IFBComEventSource"

[HKCR\GameTreatWidget.GameTreatWidget\CLSID]
"(Default)" = "{44d07caa-4fc4-5a84-9951-a485ad808d0e}"

[HKCR\GameTreatWidget.GameTreatWidget\CurVer]
"(Default)" = "GameTreatWidget.GameTreatWidget.1"

[HKCR\Interface\{C9C1FD39-F2D3-50C9-AA6E-662D0EB26128}]
"(Default)" = "IFBComJavascriptObject"

[HKCR\GameTreatWidget.GameTreatWidget.1]
"(Default)" = "Game Treat Widget"

[HKCR\MIME\Database\Content Type\application/x-gametreatwidget]
"CLSID" = "{44d07caa-4fc4-5a84-9951-a485ad808d0e}"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Interface\{FEFD8F9E-7F71-5307-A9E8-D2E60A4AAECA}]
"(Default)" = "IFBControl"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\TypeLib]
"(Default)" = "{103DFC4E-147A-5606-9B4E-1C216DF227A1}"

[HKCR\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\MiscStatus]
"(Default)" = "0"

[HKCR\Interface\{7E8621A2-3513-5BAD-85D8-D624558847C7}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\GameTreatWidget.GameTreatWidget.1\CLSID]
"(Default)" = "{44d07caa-4fc4-5a84-9951-a485ad808d0e}"

[HKCR\Interface\{7E8621A2-3513-5BAD-85D8-D624558847C7}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\npGameTreatWidget.dll]
"AppID" = "{B415CD14-B45D-4BCA-B552-B06175C38606}"

[HKCR\Interface\{FEFD8F9E-7F71-5307-A9E8-D2E60A4AAECA}\TypeLib]
"(Default)" = "{103DFC4E-147A-5606-9B4E-1C216DF227A1}"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32]
"AppID" = "{B415CD14-B45D-4BCA-B552-B06175C38606}"

[HKCR\GameTreatWidget.GameTreatWidget]
"(Default)" = "Game Treat Widget"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\iexplore\AllowedDomains\*]
"Count" = "0"

[HKCR\Interface\{C9C1FD39-F2D3-50C9-AA6E-662D0EB26128}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{C9C1FD39-F2D3-50C9-AA6E-662D0EB26128}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{7E8621A2-3513-5BAD-85D8-D624558847C7}\TypeLib]
"(Default)" = "{103DFC4E-147A-5606-9B4E-1C216DF227A1}"

[HKCR\Interface\{FEFD8F9E-7F71-5307-A9E8-D2E60A4AAECA}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}\1.0]
"(Default)" = "GameTreatWidget 1.0 Type Library"

The process %original file name%.exe:3308 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process setup.exe:4048 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"Version" = "16777219"

[HKCR\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}\MiscStatus\1]
"(Default)" = "132497"

[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095}]
"Installer" = "MSICD"

[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095}\Contains\Files\%WinDir%\Downloaded Program Files]
"ExentControl.ocx" = ""

[HKCU\Software\AppDataLow\Software\Exent\Exetender\Providers\148\IS]
"ErrorDesc" = "Completed"

[HKCR\ExentControl.ExentInf1.1]
"(Default)" = "ExentInf1 Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4FF78044-96B4-4312-A5B7-FDA3CB328095}]
"(Default)" = ""

[HKCR\TypeLib\{D60BB9DB-17C1-4115-9887-6E47FA954061}\1.1\HELPDIR]
"(Default)" = "C:\Windows\Downloaded Program Files"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKCR\Interface\{9563E921-78AF-48BD-AEB0-696998875C4E}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{DDB2EFCB-F22B-4FD6-AB70-701F29DAC008}]
"(Default)" = "IExentCtlStub"

[HKCR\ExentControl.ExentStub\CLSID]
"(Default)" = "{5FB1E1AE-138D-45B3-809C-A41858AA44D9}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"ProductGUID" = "{6C26A305-4549-4A8A-9F03-25719C03B0FB}"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148]
"BinPath" = "%Program Files%\FreeRide Games"

[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095}\DownloadInformation]
"CodeBase" = ""

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASAPI32]
"MaxFileSize" = "1048576"

[HKCU\Software\AppDataLow\Software\ExentControl]
"runInstallFlag" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3F 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\MozillaPlugins\www.exent.com/GameTreatWidget]
"Path" = "%Program Files%\FreeRide Games\NPGameTreatPlugin.dll"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Disks\C]
"Keep Free Space" = "50"

[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095}\InstalledVersion]
"LastModified" = "Wed, 20 Jun 2012 05:42:12 GMT"

[HKCR\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}\1.0\0\win32]
"(Default)" = "%Program Files%\FreeRide Games\npGameTreatWidget.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"NoRepair" = "1"

[HKCR\Interface\{CBF3AB6E-743A-4B00-B563-BE8C3774F3F6}]
"(Default)" = "_IExentInfEvents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"VersionMajor" = "1"
"URLInfoAbout" = "www.exent.com"

[HKCR\CLSID\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}\VersionIndependentProgID]
"(Default)" = "ExentControl.ExentStub"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKCR\Interface\{CBF3AB6E-743A-4B00-B563-BE8C3774F3F6}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASMANCS]
"EnableConsoleTracing" = "0"
"FileTracingMask" = "4294901760"

[HKCR\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}\1.0\HELPDIR]
"(Default)" = "%Program Files%\FreeRide Games"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"LogMode" = "1"

[HKCR\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}\InprocServer32]
"(Default)" = "C:\Windows\Downloaded Program Files\ExentControl.ocx"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASMANCS]
"EnableFileTracing" = "0"

[HKCR\Interface\{9563E921-78AF-48BD-AEB0-696998875C4E}]
"(Default)" = "IExentInf"

[HKCR\Interface\{CBF3AB6E-743A-4B00-B563-BE8C3774F3F6}\TypeLib]
"(Default)" = "{D60BB9DB-17C1-4115-9887-6E47FA954061}"

[HKCR\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}\Version]
"(Default)" = "1.1"

[HKCR\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}\MiscStatus]
"(Default)" = "0"

[HKCR\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}\ProgID]
"(Default)" = "ExentControl.ExentInf1.1"

[HKCU\Software\AppDataLow\Software\Exent\Exetender\Providers\148\IS]
"ErrorNum" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"InstallLocation" = "%Program Files%\FreeRide Games"
"Publisher" = "Exent Technologies"
"InstallSource" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\%WinDir%\Downloaded Program Files]
"ExentControl.ocx" = "1"

[HKCR\TypeLib\{D60BB9DB-17C1-4115-9887-6E47FA954061}\1.1]
"(Default)" = "ExentControl 1.1 Type Library"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\EXEtender.exe]
"(Default)" = "%Program Files%\FreeRide Games\FreeRide Games"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ExentControl.ocx]
"{4FF78044-96B4-4312-A5B7-FDA3CB328095}" = ""

[HKCR\Interface\{DDB2EFCB-F22B-4FD6-AB70-701F29DAC008}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{D60BB9DB-17C1-4115-9887-6E47FA954061}\1.1\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"UninstallString" = "%Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setup.exe -runfromtemp -l0x0409 -removeonly"
"NoModify" = "1"
"VersionMinor" = "0"

[HKCR\ExentControl.ExentStub.1]
"(Default)" = "ExentStub Class"

[HKCR\ExentControl.ExentInf1]
"(Default)" = "ExentInf1 Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\EXEtender.exe]
"Path" = "%Program Files%\FreeRide Games"

[HKCR\CLSID\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}]
"(Default)" = "ExentStub Class"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C28FE5C-51FE-464E-A9B4-5E5AF02B514C}]
"Policy" = "3"

[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095}\InstalledVersion]
"(Default)" = "07,02,00,07"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"DisplayName" = "FreeRide Games"

[HKCR\ExentControl.ExentStub]
"(Default)" = "ExentStub Class"

[HKCR\Interface\{DDB2EFCB-F22B-4FD6-AB70-701F29DAC008}\TypeLib]
"Version" = "1.1"

[HKCR\ExentControl.ExentInf1\CurVer]
"(Default)" = "ExentControl.ExentInf1.1"

[HKCR\Interface\{CBF3AB6E-743A-4B00-B563-BE8C3774F3F6}\TypeLib]
"Version" = "1.1"

[HKCR\ExentControl.ExentStub\CurVer]
"(Default)" = "ExentControl.ExentStub.1"

[HKCR\TypeLib\{D60BB9DB-17C1-4115-9887-6E47FA954061}\1.1\0\win32]
"(Default)" = "C:\Windows\Downloaded Program Files\ExentControl.ocx"

[HKCR\CLSID\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}\ProgID]
"(Default)" = "ExentControl.ExentStub.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"DisplayVersion" = "1.00.0003"

[HKCR\CLSID\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}\InprocServer32]
"(Default)" = "C:\Windows\Downloaded Program Files\ExentControl.ocx"

[HKCR\Interface\{9563E921-78AF-48BD-AEB0-696998875C4E}\TypeLib]
"(Default)" = "{D60BB9DB-17C1-4115-9887-6E47FA954061}"

[HKCR\Interface\{DDB2EFCB-F22B-4FD6-AB70-701F29DAC008}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}\TypeLib]
"(Default)" = "{4FF78044-96B4-4312-A5B7-FDA3CB328095}"

[HKCR\ExentControl.ExentStub.1\CLSID]
"(Default)" = "{5FB1E1AE-138D-45B3-809C-A41858AA44D9}"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Disks\C]
"Size" = "15518"

[HKCR\Interface\{CBF3AB6E-743A-4B00-B563-BE8C3774F3F6}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C28FE5C-51FE-464E-A9B4-5E5AF02B514C}]
"AppPath" = "%Program Files%\FreeRide Games"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"UninstallStringOriginal" = "%Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\Setup.exe -runfromtemp"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASMANCS]
"MaxFileSize" = "1048576"

[HKCR\ExentControl.ExentInf1.1\CLSID]
"(Default)" = "{4FF78044-96B4-4312-A5B7-FDA3CB328095}"

[HKCR\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}\ToolboxBitmap32]
"(Default)" = "C:\Windows\Downloaded Program Files\ExentControl.ocx, 101"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCR\Interface\{9563E921-78AF-48BD-AEB0-696998875C4E}\TypeLib]
"Version" = "1.1"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASAPI32]
"FileDirectory" = "%windir%\tracing"
"EnableFileTracing" = "0"

[HKCR\ExentControl.ExentInf1\CLSID]
"(Default)" = "{4FF78044-96B4-4312-A5B7-FDA3CB328095}"

[HKCR\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}]
"(Default)" = "ExentInf1 Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ExentControl.ocx]
".Owner" = "{4FF78044-96B4-4312-A5B7-FDA3CB328095}"

[HKCR\Interface\{9563E921-78AF-48BD-AEB0-696998875C4E}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASAPI32]
"EnableConsoleTracing" = "0"

[HKCR\CLSID\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"NoRemove" = "0"

[HKCU\Software\AppDataLow\Software\Exent\Exetender\Providers\148\IS]
"Progress" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"Language" = "1033"
"InstallDate" = "20171009"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Disks\C]
"Games Dir" = "Remote Programs"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32]
"(Default)" = "%Program Files%\FreeRide Games\npGameTreatWidget.dll"

[HKCR\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}\VersionIndependentProgID]
"(Default)" = "ExentControl.ExentInf1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"ModifyPath" = "%Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setup.exe -runfromtemp -l0x0409"
"LogFile" = "%Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setup.ilg"

[HKCR\CLSID\{5FB1E1AE-138D-45B3-809C-A41858AA44D9}\TypeLib]
"(Default)" = "{D60BB9DB-17C1-4115-9887-6E47FA954061}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"RegOwner" = "Windows User"

[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095}]
"SystemComponent" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\Setup_RASAPI32]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\MozillaPlugins\@exent.com/npExentControl,version=7.1.0.1]
"Path" = "%Program Files%\FreeRide Games\npExentControl.dll"

[HKCR\Interface\{DDB2EFCB-F22B-4FD6-AB70-701F29DAC008}\TypeLib]
"(Default)" = "{D60BB9DB-17C1-4115-9887-6E47FA954061}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C28FE5C-51FE-464E-A9B4-5E5AF02B514C}]
"AppName" = "GPlayer.exe"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following registry key(s):

[HKLM\SOFTWARE\Exent Technologies]
[HKLM\SOFTWARE\Exent Technologies\FreeRide Games]
[HKLM\SOFTWARE\Exent Technologies\FreeRide Games\1.00.0003]

The Malware deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"MinorVersion"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"MajorVersion"

[HKCU\Software\AppDataLow\Software\Exent\Exetender\Providers\148\IS]
"ExtResponse"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"NoModify"

[HKCU\Software\AppDataLow\Software\Exent\Exetender\Providers\148\IS]
"ErrorNum"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6C26A305-4549-4A8A-9F03-25719C03B0FB}]
"NoRepair"
"NoRemove"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\AppDataLow\Software\Exent\Exetender\Providers\148\IS]
"ErrorDesc"
"Progress"

The process Free Ride Games.exe:2452 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
"cFormatTags" = "2"

[HKLM\SOFTWARE\Microsoft\Tracing\Free Ride Games_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
"aFormatTagCache" = "01 00 00 00 10 00 00 00 55 00 00 00 1E 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\Free Ride Games_RASAPI32]
"EnableConsoleTracing" = "0"
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\Free Ride Games_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\Free Ride Games_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
"cFilterTags" = "0"

[HKLM\SOFTWARE\Exent\Exetender\Providers\148\Settings\Communication\WebComType]
"Value" = "1"

[HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
"fdwSupport" = "1"

[HKCU\Software\AppDataLow\Software\Exent\Exetender\Providers\148\SDM]
"ResumePage" = "index.html?PageId=SDM_PROGRESS"

[HKLM\SOFTWARE\Microsoft\Tracing\Free Ride Games_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"Free Ride Games.exe" = "10"

[HKLM\SOFTWARE\Microsoft\Tracing\Free Ride Games_RASMANCS]
"MaxFileSize" = "1048576"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3E 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\Free Ride Games_RASAPI32]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\Free Ride Games_RASMANCS]
"FileDirectory" = "%windir%\tracing"
"EnableFileTracing" = "0"
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\Free Ride Games_RASAPI32]
"MaxFileSize" = "1048576"

To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Exent_SDM" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\Free Ride Games.exe l 'Startup' u 'http://player.freeridegames.com/do/SDMC?action=config_7_5&type=ES_TB_HOMEPAGE_SEARCH&contentId=%d' p '148' c '480860'"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following registry key(s):

[HKCU\Software\AppDataLow\Software\Exent\Exetender\Providers]
[HKCU\Software\AppDataLow\Software\Exent\Exetender\Providers\148\SDM]
[HKCU\Software\AppDataLow\Software\Exent\Exetender\Providers\148\IS]
[HKCU\Software\AppDataLow\Software\Exent\Exetender\Providers\148]

The Malware deletes the following value(s) in system registry:

[HKCU\Software\AppDataLow\Software\Exent\Exetender\Providers\148\IS]
"ErrorNum"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Internet Explorer\LowRegistry]
"AddToFavoritesInitialSelection"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Internet Explorer\LowRegistry]
"AddToFeedsInitialSelection"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\AppDataLow\Software\Exent\Exetender\Providers\148\IS]
"ErrorDesc"

The Malware disables automatic startup of the application by deleting the following autorun value:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Exent_SDM"

The process FRG_toolbar.exe:768 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\FRG_toolbar_RASAPI32]
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FRG_toolbar_RASMANCS]
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\FRG_toolbar_RASAPI32]
"MaxFileSize" = "1048576"
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\FRG_toolbar_RASMANCS]
"MaxFileSize" = "1048576"
"EnableFileTracing" = "0"
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\FRG_toolbar_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\FRG_toolbar_RASMANCS]
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 40 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\FRG_toolbar_RASAPI32]
"FileTracingMask" = "4294901760"
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\FRG_toolbar_RASMANCS]
"FileDirectory" = "%windir%\tracing"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Malware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

Dropped PE files

MD5 File path
72ef2d24d0efd50633e348426acb452f c:\Program Files\FreeRide Games\AX32.dll
b3c69f6569b3ddf8f90e0fe882981a5d c:\Program Files\FreeRide Games\AppLoader2KEx.dll
46f665a167001e27c4b704d66f93d855 c:\Program Files\FreeRide Games\DoDlg.exe
ef179a0f195ce0fe6a9ccfcf3ece3a7a c:\Program Files\FreeRide Games\GPlayer.exe
b54f9bfb20abfbe1d2ba2eb2a9daabdd c:\Program Files\FreeRide Games\GPlrLanc.exe
56e166e59fc421baa4ab0eed74e6b1c5 c:\Program Files\FreeRide Games\GameInst.dll
a1db2166c6009048693590eff8e1d261 c:\Program Files\FreeRide Games\GameLauncher.exe
b0394050322e898dd40ce9f52d6e0bbe c:\Program Files\FreeRide Games\Report.exe
dcbd967ad77dd43f27695a2168df4aba c:\Program Files\FreeRide Games\Uninstall.exe
63f00c8b66124171b9afe2b72562a806 c:\Program Files\FreeRide Games\X6Ex_Pr148.sys
636248dae1ff854d29fe7beed971a73a c:\Program Files\FreeRide Games\X6XSEx_Pr148.sys
46eaac51e711f3dcd436879de4fd52de c:\Program Files\FreeRide Games\cmhelper.exe
3fbed3ecfe60f52c53974023177adefe c:\Program Files\FreeRide Games\exs.dll
55c38709c3c879b2d0fa24f751d2c824 c:\Program Files\FreeRide Games\glutil.dll
b385ec1c7943032c945a03ceff85ca78 c:\Program Files\FreeRide Games\npExentControl.dll
8d00e5ce5d60005b53f3e02469c68640 c:\Program Files\FreeRide Games\npGameTreatWidget.dll
9bc0902f50e58167b4b778ef6f1b1103 c:\Program Files\FreeRide Games\wh_Pr148.dll
1bf0fc52d41be3f3c1025b3971bc49a0 c:\Program Files\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\ISSetup.dll
03f8ed82d10c710f89b90ea0a46e9352 c:\Program Files\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setup.exe
1bf0fc52d41be3f3c1025b3971bc49a0 c:\ProgramData\FreeRide Games\ISSetup.dll
3fbed3ecfe60f52c53974023177adefe c:\ProgramData\FreeRide Games\exs.dll
03f8ed82d10c710f89b90ea0a46e9352 c:\ProgramData\FreeRide Games\setup.exe
1bf0fc52d41be3f3c1025b3971bc49a0 c:\Users\All Users\FreeRide Games\ISSetup.dll
3fbed3ecfe60f52c53974023177adefe c:\Users\All Users\FreeRide Games\exs.dll
03f8ed82d10c710f89b90ea0a46e9352 c:\Users\All Users\FreeRide Games\setup.exe
7ac9b56c15369c1c950d32e9084b9dde c:\Windows\Downloaded Program Files\ExentControl.ocx
39c858645cbf37b83bc907e188f8bc85 c:\Windows\System32\d3dx9_32.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver " \??\%Program Files%\FreeRide Games\X6XSEx_Pr148.Sys" the Malware attaches its filter-device object to the Volume Device Object (VDO) of the file system driver.

Propagation

VersionInfo

Company Name: Exent Technologies Ltd.
Product Name: ExentCtl Module
Product Version: 07.02.00.01
Legal Copyright: Copyright (c) 1996-2007 Exent Technologies Ltd. All rights reserved.
Legal Trademarks:
Original Filename: ExentCtl.ocx
Internal Name: ExentCtl
File Version: 07.02.00.01
File Description: ExentCtl Module
Comments: Release.
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 67586 69632 4.53151 13d4df63a29071e604d09a6768d2e641
.rdata 73728 9413 12288 2.89315 1aae2e1490b0b801344569bed4d29505
.data 86016 19400 16384 0.903431 b02c7e2c998cd8ec273626efa37333f3
.rsrc 106496 932420 933888 5.35024 aba3e2c1bd924c3ef14eb75939c4015e

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 1
7b61424b27216898e09e3668b49c6aae

URLs

URL IP
hxxp://player.freeridegames.com/do/SDMC?action=config_7_5&type=ES_TB_HOMEPAGE_SEARCH&contentId=480860 212.18.254.120
hxxp://player.freeridegames.com/do/SDM?action=config_7_5&contentId=480860&type=ES_TB_HOMEPAGE_SEARCH 212.18.254.120
hxxp://player.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_TotalProcessStart&sdmVersion=01.51.00.47&muid=303000300050563BAEACF7ED10F5FDFF00000800F5842E75C2685063D8C2EEE100067EDB 212.18.254.120
hxxp://player.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_DownloadStart&sdmVersion=01.51.00.47&fileName=hxxp://dts1.freeridegames.com/FRG_site/downloads/geo/es/Exetender_toolbar_homepage_search_Default.exe&muid=303000300050563BAEACF7ED10F5FDFF00000800F5842E75C2685063D8C2EEE100067EDB 212.18.254.120
hxxp://a1507.b.akamai.net/free/frg/products/480860/boxshot_sm.jpg
hxxp://a1697.b.akamai.net/FRG_site/downloads/geo/es/Exetender_toolbar_homepage_search_Default.exe
hxxp://e8296.g.akamaiedge.net/check.jsp
hxxp://player.freeridegames.com/product/SDM/SDM_standard/SDM_PROGRESS.html?GameName=The Rise of Atlantis&GameId=480860 212.18.254.120
hxxp://a1697.b.akamai.net/freeride_marketing/SDM/SDM_standard/header.html
hxxp://d1cklgu5sscvp0.cloudfront.net/meter/www.freeridegames.com/13.gif
hxxp://a1507.b.akamai.net/freeride_marketing/SDM/SDM_standard/css/SDM_HEADER2.css
hxxp://a1507.b.akamai.net/freeride_marketing/SDM/SDM_standard/css/SDM_PROGRESS.css
hxxp://a1507.b.akamai.net/freeride_marketing/SDM/SDM_standard/js/defines.js
hxxp://a1507.b.akamai.net/freeride_marketing/SDM/SDM_standard/img/header.jpg
hxxp://a1507.b.akamai.net/freeride_marketing/SDM/SDM_standard_2010/SDM_PROGRESS.html
hxxp://a1507.b.akamai.net/freeride_marketing/SDM/SDM_standard_2010/css/SDM_PROGRESS.css
hxxp://a1507.b.akamai.net/freeride_marketing/SDM/SDM_standard_2010/js/defines.js
hxxp://a1507.b.akamai.net/freeride_marketing/SDM/SDM_standard_2010/img/servicePromotion1.jpg
hxxp://a1507.b.akamai.net/freeride_marketing/SDM/SDM_standard_2010/img/servicePromotion2.jpg
hxxp://a1507.b.akamai.net/freeride_marketing/SDM/SDM_standard_2010/img/servicePromotion3.gif
hxxp://a1507.b.akamai.net/freeride_marketing/SDM/SDM_standard_2010/img/servicePromotion4.jpg
hxxp://a1294.w20.akamai.net/beacon.js
hxxp://a1294.w20.akamai.net/b?c1=2&c2=6035233&ns__t=1507552116545&ns_c=windows-1252&ns_if=1&cv=3.1&c8=&c7=http://dts1.freeridegames.com/freeride_marketing/SDM/SDM_standard/header.html&c9=
hxxp://a1294.w20.akamai.net/b2?c1=2&c2=6035233&ns__t=1507552116545&ns_c=windows-1252&ns_if=1&cv=3.1&c8=&c7=http://dts1.freeridegames.com/freeride_marketing/SDM/SDM_standard/header.html&c9=
hxxp://player.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_DownloadFinished&sdmVersion=01.51.00.47&muid=303000300050563BAEACF7ED10F5FDFF00000800F5842E75C2685063D8C2EEE100067EDB 212.18.254.120
hxxp://player.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_InstallStart&sdmVersion=01.51.00.47&muid=303000300050563BAEACF7ED10F5FDFF00000800F5842E75C2685063D8C2EEE100067EDB 212.18.254.120
hxxp://player.freeridegames.com/opTools/clientTracking.jsp?track=playerinstallationstart 212.18.254.120
hxxp://player.freeridegames.com/opTools/clientTracking.jsp?trackEvent=playerinstallationfinished 212.18.254.120
hxxp://player.freeridegames.com/do/conversionTracking?conversionName=PlayerInstallationCompleted&format=fullHtml 212.18.254.120
hxxp://player.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_TotalProcessFinished&sdmVersion=01.51.00.47&muid=303000300050563BAEACF7ED10F5FDFF00000800F5842E75C2685063D8C2EEE100067EDB 212.18.254.120
hxxp://usage.integration.toolbar.ams.conduit-services.com/usage.ashx
hxxp://storage.ams.conduit.com/ps/conduitinstaller/stublogic.exe
hxxp://player.freeridegames.com/opTools/errorReport.jsp?t=1&e=65&p=0&sty=0&dty=1 212.18.254.120
hxxp://player.freeridegames.com/opTools/errorReport.jsp?t=1&e=65&p=0&sty=0&dty=0 212.18.254.120
hxxp://player.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_InstallFinished&sdmVersion=01.51.00.47&muid=303000300050563BAEACF7ED10F5FDFF00000800F5842E75C2685063D8C2EEE100067EDB 212.18.254.120
hxxp://dts1.freeridegames.com/FRG_site/downloads/geo/es/Exetender_toolbar_homepage_search_Default.exe 2.21.89.19
hxxp://cdn.exent.com/freeride_marketing/SDM/SDM_standard_2010/img/servicePromotion3.gif 2.21.89.33
hxxp://cdn.exent.com/freeride_marketing/SDM/SDM_standard/css/SDM_HEADER2.css 2.21.89.33
hxxp://cdn.exent.com/freeride_marketing/SDM/SDM_standard/js/defines.js 2.21.89.33
hxxp://b.scorecardresearch.com/beacon.js 62.140.236.163
hxxp://cdn.exent.com/freeride_marketing/SDM/SDM_standard_2010/SDM_PROGRESS.html 2.21.89.33
hxxp://cdn.exent.com/freeride_marketing/SDM/SDM_standard_2010/img/servicePromotion4.jpg 2.21.89.33
hxxp://usage.integration.toolbar.conduit-services.com/usage.ashx 195.78.120.115
hxxp://dts1.freeridegames.com/freeride_marketing/SDM/SDM_standard/header.html 2.21.89.19
hxxp://images.scanalert.com/meter/www.freeridegames.com/13.gif 52.85.184.91
hxxp://img.exent.com/free/frg/products/480860/boxshot_sm.jpg 2.21.89.33
hxxp://cdn.exent.com/freeride_marketing/SDM/SDM_standard_2010/css/SDM_PROGRESS.css 2.21.89.33
hxxp://cdn.exent.com/freeride_marketing/SDM/SDM_standard/img/header.jpg 2.21.89.33
hxxp://cdn.exent.com/freeride_marketing/SDM/SDM_standard_2010/js/defines.js 2.21.89.33
hxxp://cdn.exent.com/freeride_marketing/SDM/SDM_standard_2010/img/servicePromotion1.jpg 2.21.89.33
hxxp://storage.conduit.com/ps/conduitinstaller/stublogic.exe 195.78.120.65
hxxp://cdn.exent.com/freeride_marketing/SDM/SDM_standard_2010/img/servicePromotion2.jpg 2.21.89.33
hxxp://cdn.exent.com/freeride_marketing/SDM/SDM_standard/css/SDM_PROGRESS.css 2.21.89.33
hxxp://b.scorecardresearch.com/b?c1=2&c2=6035233&ns__t=1507552116545&ns_c=windows-1252&ns_if=1&cv=3.1&c8=&c7=http://dts1.freeridegames.com/freeride_marketing/SDM/SDM_standard/header.html&c9= 62.140.236.163
hxxp://www.freeridegames.com/check.jsp
www.google-analytics.com 172.217.20.174


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY FreeRide Games Some AVs report as TrojWare.Win32.Trojan.Agent.Gen
ET MALWARE Possible Windows executable sent when remote host claims to send html content
ET POLICY PE EXE or DLL Windows file download HTTP
ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers

Traffic

GET /FRG_site/downloads/geo/es/Exetender_toolbar_homepage_search_Default.exe HTTP/1.1
Range: bytes=9516044-11895055
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Mon, 11 Nov 2013 14:00:35 GMT
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Expires: Mon, 09 Oct 2017 12:28:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 Oct 2017 12:28:33 GMT
Content-Range: bytes 9516044-11895055/11895056
Content-Length: 2379012
Connection: keep-alive
HTTP/1.1 206 Partial Content..Server: Apache/2.4.4 (Win64)..Last-Modif
ied: Mon, 11 Nov 2013 14:00:35 GMT..Accept-Ranges: bytes..Content-Type
: application/x-msdownload..Expires: Mon, 09 Oct 2017 12:28:33 GMT..Ca
che-Control: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Mo
n, 09 Oct 2017 12:28:33 GMT..Content-Range: bytes 9516044-11895055/118
95056..Content-Length: 2379012..Connection: keep-alive...\.|O.J.....N.
.tm}t[.>.@L.K.D..1.x..25#.oJ..<.....R..w. .h(.M....'.%......PQ.C
.F....[S.k.}.....z....^X.z!.F...i.....V......g. =w..@2.."..*..0.0.DsG.
..!y(..7...rx.:'o.MN....6M..........BM.....e.M.-TL....n..o./.G..#~..W]
.W.....8.<J... ..Hb.........GD..Ut.5...u....b....@...i.|.......<
.......R .<..?,..........#>....1......y.T.....B..b1...<..~.Y.
.DG.!.......WI0..H....t...n.J.n.....LkG.p....HU...|.{.P...@r..y2..0.e.
.f.Lz.j-s]....2....qs.......R..5i...................f....nj..6_._.U..t
> ........p-Q\.,..p0...jP.q...>cj...QR.."..C...'.......K..@.X...
..'@."=d.Uf....0P...FK.D_ ....%......hr......4.t...G...o....vY....A2L.
n....@!d!.[....^j..z..(.17...5.=.J.lM..M.^...rm..j..~|^..e....zM..U.&l
t;..e.......1.d.G..........A.5i._]..=O...P..../e#lP.[. ....XrI....u_..
..U........E..wJ2 .i.J.:..W...;....u....94......c....p..Q....X7O..6(.\
G..va...........}.j.n...M.......;....0...i...|zZ..r....b.CL.a.Cx......
^..~.n'.syn.=r.s{~. >m.{~.-....X.H..}..Z4M...v........x.......H...7
.[g....<*ur.<.E........M.3.....73;V......J.....V....$.l...;.b.Z.
O....k...D.d..z.m....#Ae.K|.tt.C...@.RX.C-..Dia........c.m..G.k...
<<< skipped >>>


POST /opTools/errorReport.jsp?t=1&e=65&p=0&sty=0&dty=0 HTTP/1.1
User-Agent: AHTTPConnection
Host: player.freeridegames.com
Content-Length: 1848
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: 143_TURNKEY=Default-261507552109961866; 143_CAMPAIGN_SERIAL_ID=Default-Default; 143_FIRST_BROWSER="Default-MSIE 7.0"; 143_CT=1

tAQAAAAAAADhewoAAQAxAAwA4AAtADkAlAAAAAYAAAAeAAAAqW0AAAIAAAeTZXxGa8NlIFehYGqCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiFeQcAAAAAAAAAAA-AAAA3M-YGOTAyWTxeQjcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:28:44 GMT
Server: Apache
Set-Cookie: JSESSIONID=024817DD413D0A6F42AE0BBD5B2969FD; Path=/; HttpOnly
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 1
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Keep-Alive: timeout=3, max=800
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
0HTTP/1.1 200 OK..Date: Mon, 09 Oct 2017 12:28:44 GMT..Server: Apache.
.Set-Cookie: JSESSIONID=024817DD413D0A6F42AE0BBD5B2969FD; Path=/; Http
Only..Pragma: no-cache..Cache-Control: no-cache..Content-Length: 1..P3
P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Keep-Alive: t
imeout=3, max=800..Connection: Keep-Alive..Content-Type: text/html;cha
rset=ISO-8859-1..0..



POST /opTools/clientTracking.jsp?trackEvent=SDM_DownloadFinished&sdmVersion=01.51.00.47&muid=303000300050563BAEACF7ED10F5FDFF00000800F5842E75C2685063D8C2EEE100067EDB HTTP/1.1
User-Agent: AHTTPConnection
Host: player.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=2F414CCB8CFD85AA7DE47BF1E71CE7EC; 143_TURNKEY=Default-261507552109961866; 143_CAMPAIGN_SERIAL_ID=Default-Default; 143_FIRST_BROWSER="Default-MSIE 7.0"; 143_CT=1


HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:28:38 GMT
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Keep-Alive: timeout=3, max=800
Connection: Keep-Alive
Content-Type: text/html
....


POST /opTools/clientTracking.jsp?trackEvent=SDM_InstallStart&sdmVersion=01.51.00.47&muid=303000300050563BAEACF7ED10F5FDFF00000800F5842E75C2685063D8C2EEE100067EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: player.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=2F414CCB8CFD85AA7DE47BF1E71CE7EC; 143_TURNKEY=Default-261507552109961866; 143_CAMPAIGN_SERIAL_ID=Default-Default; 143_FIRST_BROWSER="Default-MSIE 7.0"; 143_CT=1


HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:28:38 GMT
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Keep-Alive: timeout=3, max=799
Connection: Keep-Alive
Content-Type: text/html
HTTP/1.1 200 OK..Date: Mon, 09 Oct 2017 12:28:38 GMT..Server: Apache..
Content-Length: 0..P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI CO
M NAV"..Keep-Alive: timeout=3, max=799..Connection: Keep-Alive..Conten
t-Type: text/html..



GET /freeride_marketing/SDM/SDM_standard/css/SDM_HEADER2.css HTTP/1.1
Accept: */*
Referer: hXXp://dts1.freeridegames.com/freeride_marketing/SDM/SDM_standard/header.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: cdn.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 12 Apr 2011 11:54:23 GMT
Content-Type: text/css
Accept-Ranges: bytes
X-Varnish: 1341931850
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: private, max-age=259200
Expires: Thu, 12 Oct 2017 12:28:33 GMT
Date: Mon, 09 Oct 2017 12:28:33 GMT
Content-Length: 301
Connection: keep-alive
............=O.0..gG......IShQ.....,..*'.8..m]........hG..^.z......g.y
...{.\p...,-...Dm...=?.%c,.~.L.m..R.>".T.....j.....(...n.......Dg..
.L%W..<z...2... .l!...Yk..S..h.;. ..Q..=8*..)[.@.`5j.......{.UO.)..
4.]v.X|.}...n.%..-B.I' ..'.4.u..@.H.>Xy....:>.W.f..*;.bv........
1..1=..i../o^........8U...$.:........


GET /freeride_marketing/SDM/SDM_standard_2010/SDM_PROGRESS.html HTTP/1.1


Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://player.freeridegames.com/product/SDM/SDM_standard/SDM_PROGRESS.html?GameName=The Rise of Atlantis&GameId=480860
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: cdn.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 12 Apr 2011 11:54:32 GMT
Content-Type: text/html
Accept-Ranges: bytes
X-Varnish: 1341931852
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: private, max-age=259200
Expires: Thu, 12 Oct 2017 12:28:33 GMT
Date: Mon, 09 Oct 2017 12:28:33 GMT
Content-Length: 1615
Connection: keep-alive
...........YmO.8..\$..7......i){-...tp..-.;.'.&nkH.(v(.....v.B_...]..8
v...........^...ct.??C........c..4{.}.?..-.i.~.#N.e..m...q...?..P....]
P............a......it...z.....1!.@b.....^.>...'d..0...../.\.......
k.hg'........o.........7....F.[7@.o.....Qh,D..m?.,rO"a.lb..B.....Nn...
H*....G.N.k.i8.j8..SP<O.:.lo..C..R<.....Ws..u.B...N...7.C.<.t
K.}&p.V8,......h$...h8..f..P...R..^t.U/.F...........!.N.C..C.....F..L1
...0%...U...J.A/..FW...N2..E...-.....D.DKJ..Z..n."=R.,QU........... .}
...C..A.h._...0%...A^.....T....Z..-...cNP..MT*.........!....).n.r...j.
...b.t........ ..!.e.[G...:...i.X~b........?P.@:.0i3...=5F$J....C..~..
.$f.O@9.}.z....9.7H........Ni.'#w.(...B....[o.yk.).....!.o..K..!NC.Q..
.. .Y....q...G.4."6.!.8...h....)/r..I....<..|.....T....sy..Y..=....
g!../.i....9.= !.Z..eU.P._H.'._..P.d...0*e.Y$.D.#s.;L.S ..Fx..${......
r.{.....#...".p$w.....gQ.^E..#! .Q..u#O.2R......'4.H...\(. .)O.K...$.i
.....0.l......Bm'i.u..U.....k..v*.&.Q......\.Q.W..L.~....[E..[..i...,.
..*.S..lj..DU`W7......usJ.1.>:N}L....a(...8.f.....,.A=.4...........
...fD.@.P..K>.gc.=......... ..D..5...*...g8...H..j..|/..Y.....Stp_.
.?E.. .....z....%.;.....A......Hv.23.TT..Qe...Dw..]..t....r....*..v.1.
U.n.). ....]V....!..v2#j...1..)...S...},.4?..]..A.u. u....K9awP,..R...
.hP7!;.....!.U..L..L).i....$.(W.FM.f..AQ&.....U..........w......o....|
...F.............n....v]..<......0.....mD.:o8.....G..$.*....<..Y
G.^}.V:....c...f....<..=.#[i...'.FZ.\...dO...qp...ei...r...:w.|...'
...|.`.j........,.t..s.nn7..f..w....L...w...*;.......X.v1H}a..>
<<< skipped >>>

GET /freeride_marketing/SDM/SDM_standard_2010/js/defines.js HTTP/1.1


Accept: */*
Referer: hXXp://cdn.exent.com/freeride_marketing/SDM/SDM_standard_2010/SDM_PROGRESS.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: cdn.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 12 Apr 2011 11:54:32 GMT
Content-Type: application/javascript
Content-Length: 1376
Accept-Ranges: bytes
X-Varnish: 598296066
Cache-Control: private, max-age=259200
Expires: Thu, 12 Oct 2017 12:28:34 GMT
Date: Mon, 09 Oct 2017 12:28:34 GMT
Connection: keep-alive
Exent = function()..{..};..Exent.SDM = function()..{..};..Exent.SDM.Ma
rkting = function()..{..};..Exent.SDM.Markting.Defines = function()..{
..};....Exent.SDM.Markting.Defines.BASE_URL = ..{...cdn : "hXXp://cdn.
exent.com/freeride_marketing/SDM/SDM_standard_2010/img/",...freeride :
 "hXXp://VVV.freeridegames.com/product/img/SDM/"..}..if (navigator.use
rAgent.indexOf("Windows NT 6.0") != -1) ..{..  Exent.SDM.Markting.Defi
nes.SERVICE_PROMOTION = ..  {..  .servicePromotion1 : "url('"   Exent.
SDM.Markting.Defines.BASE_URL.cdn   "servicePromotion1.jpg')",..  .ser
vicePromotion2 : "url('"   Exent.SDM.Markting.Defines.BASE_URL.cdn   "
servicePromotion2.jpg')",..    servicePromotion3 : "url('"   Exent.SDM
.Markting.Defines.BASE_URL.cdn   "servicePromotion3vista.jpg')",..  .s
ervicePromotion4 : "url('"   Exent.SDM.Markting.Defines.BASE_URL.cdn  
 "servicePromotion4.jpg')"..  };..}..else..{ ..  ..  Exent.SDM.Marktin
g.Defines.SERVICE_PROMOTION = ..  {..  .servicePromotion1 : "url('"   
Exent.SDM.Markting.Defines.BASE_URL.cdn   "servicePromotion1.jpg')",..
  .servicePromotion2 : "url('"   Exent.SDM.Markting.Defines.BASE_URL.c
dn   "servicePromotion2.jpg')",..    servicePromotion3 : "url('"   Exe
nt.SDM.Markting.Defines.BASE_URL.cdn   "servicePromotion3.gif')",..  .
servicePromotion4 : "url('"   Exent.SDM.Markting.Defines.BASE_URL.cdn 
  "servicePromotion4.jpg')"..  };..}....
<<< skipped >>>

GET /freeride_marketing/SDM/SDM_standard_2010/img/servicePromotion2.jpg HTTP/1.1


Accept: */*
Referer: hXXp://cdn.exent.com/freeride_marketing/SDM/SDM_standard_2010/SDM_PROGRESS.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: cdn.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 12 Apr 2011 11:54:30 GMT
Content-Type: image/jpeg
Content-Length: 90657
Accept-Ranges: bytes
X-Varnish: 1341931860
Cache-Control: private, max-age=259200
Expires: Thu, 12 Oct 2017 12:28:35 GMT
Date: Mon, 09 Oct 2017 12:28:35 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P......hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpRights="hXXp://ns.adobe.com/xap/1.0/rights/" xmlns
:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.
com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0
/" xmpRights:Marked="False" xmpMM:OriginalDocumentID="uuid:E075493B8A6
3DD11AC50F33A9CF1BD4A" xmpMM:DocumentID="xmp.did:AF514043B36311DFB23FC
5759A59FD89" xmpMM:InstanceID="xmp.iid:AF514042B36311DFB23FC5759A59FD8
9" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:Derived
From stRef:instanceID="xmp.iid:B3C1E96644B3DF11B72A88327B6583E8" stRef
:documentID="uuid:E075493B8A63DD11AC50F33A9CF1BD4A"/> </rdf:Desc
ription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&
gt;....Adobe.d........................................................
......................................................................
...................=.|................................................
................................................!.1a.A".Q2.q...#..V.BR
.3.$Tt..uF.......Sc..^U.&v..brCs...4D7.8....e.f...6d'...............
........!..1AQ.aq".......2...BR...br.#3.D....CS.4T...cs.$..5.t.%..d...
.........?..g.....e=..WN.tu.U...N..V."(..".."(..".......J..<.P.
<<< skipped >>>


POST /opTools/clientTracking.jsp?track=playerinstallationstart HTTP/1.1
User-Agent: AHTTPConnection
Host: player.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: 143_TURNKEY=Default-261507552109961866; 143_CAMPAIGN_SERIAL_ID=Default-Default; 143_FIRST_BROWSER="Default-MSIE 7.0"; 143_CT=1


HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:28:39 GMT
Server: Apache
Set-Cookie: JSESSIONID=EF1FEB421560D34C1B8BCA1F629446CB; Path=/; HttpOnly
Set-Cookie: 143_userName=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_password=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_CAMPAIGN_SERIAL_ID=Default-Default; Expires=Sun, 07-Jan-2018 12:28:39 GMT; Path=/
Set-Cookie: 143_FIRST_BROWSER="Default-MSIE 7.0"; Version=1; Max-Age=7776000; Expires=Sun, 07-Jan-2018 12:28:39 GMT; Path=/
Set-Cookie: 143_CT=1; Expires=Mon, 16-Oct-2017 12:28:39 GMT; Path=/
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Keep-Alive: timeout=3, max=800
Connection: Keep-Alive
Content-Type: text/html
HTTP/1.1 200 OK..Date: Mon, 09 Oct 2017 12:28:39 GMT..Server: Apache..
Set-Cookie: JSESSIONID=EF1FEB421560D34C1B8BCA1F629446CB; Path=/; HttpO
nly..Set-Cookie: 143_userName=""; Expires=Thu, 01-Jan-1970 00:00:10 GM
T; Path=/..Set-Cookie: 143_password=""; Expires=Thu, 01-Jan-1970 00:00
:10 GMT; Path=/..Set-Cookie: 143_CAMPAIGN_SERIAL_ID=Default-Default; E
xpires=Sun, 07-Jan-2018 12:28:39 GMT; Path=/..Set-Cookie: 143_FIRST_BR
OWSER="Default-MSIE 7.0"; Version=1; Max-Age=7776000; Expires=Sun, 07-
Jan-2018 12:28:39 GMT; Path=/..Set-Cookie: 143_CT=1; Expires=Mon, 16-O
ct-2017 12:28:39 GMT; Path=/..Content-Length: 0..P3P: CP="IDC CURa ADM
a DEVa TAIa OUR BUS IND UNI COM NAV"..Keep-Alive: timeout=3, max=800..
Connection: Keep-Alive..Content-Type: text/html......


POST /opTools/clientTracking.jsp?trackEvent=playerinstallationfinished HTTP/1.1


User-Agent: AHTTPConnection
Host: player.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: 143_TURNKEY=Default-261507552109961866; 143_CAMPAIGN_SERIAL_ID=Default-Default; 143_FIRST_BROWSER="Default-MSIE 7.0"; 143_CT=1; JSESSIONID=EF1FEB421560D34C1B8BCA1F629446CB


HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:28:42 GMT
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Keep-Alive: timeout=3, max=799
Connection: Keep-Alive
Content-Type: text/html
HTTP/1.1 200 OK..Date: Mon, 09 Oct 2017 12:28:42 GMT..Server: Apache..
Content-Length: 0..P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI CO
M NAV"..Keep-Alive: timeout=3, max=799..Connection: Keep-Alive..Conten
t-Type: text/html..



POST /opTools/errorReport.jsp?t=1&e=65&p=0&sty=0&dty=1 HTTP/1.1
User-Agent: AHTTPConnection
Host: player.freeridegames.com
Content-Length: 2552
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: 143_TURNKEY=Default-261507552109961866; 143_CAMPAIGN_SERIAL_ID=Default-Default; 143_FIRST_BROWSER="Default-MSIE 7.0"; 143_CT=1

tAQAAAAAAADhewoAAQAxAAwA4AAqAMAilAAAAAYAAAAeAAAAqW0AAAIAAAeTZXxGa8NlIFehYGqCMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiFeQcAAAAAAAAAAA-AAAA3M-YGOTAyWTxeQjcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:28:44 GMT
Server: Apache
Set-Cookie: JSESSIONID=5DBDD410F8856C001FC33E979D1183C2; Path=/; HttpOnly
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 1
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Keep-Alive: timeout=3, max=800
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
0HTTP/1.1 200 OK..Date: Mon, 09 Oct 2017 12:28:44 GMT..Server: Apache.
.Set-Cookie: JSESSIONID=5DBDD410F8856C001FC33E979D1183C2; Path=/; Http
Only..Pragma: no-cache..Cache-Control: no-cache..Content-Length: 1..P3
P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Keep-Alive: t
imeout=3, max=800..Connection: Keep-Alive..Content-Type: text/html;cha
rset=ISO-8859-1..0..



GET /ps/conduitinstaller/stublogic.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: storage.conduit.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Mon, 09 Oct 2017 12:28:44 GMT
Content-Length: 1245
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>....
<<< skipped >>>


GET /do/conversionTracking?conversionName=PlayerInstallationCompleted&format=fullHtml HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: player.freeridegames.com
Connection: Keep-Alive
Cookie: JSESSIONID=2F414CCB8CFD85AA7DE47BF1E71CE7EC; 143_TURNKEY=Default-261507552109961866; 143_CAMPAIGN_SERIAL_ID=Default-Default; 143_FIRST_BROWSER="Default-MSIE 7.0"; 143_CT=1


HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:28:43 GMT
Server: Apache
Content-Length: 95
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Keep-Alive: timeout=3, max=800
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
 ..........<html>.<head>.<title></title>.</
head>.<body>.....   .....</body>.</html>..HTTP/1.
1 200 OK..Date: Mon, 09 Oct 2017 12:28:43 GMT..Server: Apache..Content
-Length: 95..P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
..Keep-Alive: timeout=3, max=800..Connection: Keep-Alive..Content-Type
: text/html;charset=ISO-8859-1.. ..........<html>.<head>.&
lt;title></title>.</head>.<body>.....   .....<
/body>.</html>......


POST /opTools/clientTracking.jsp?trackEvent=SDM_InstallFinished&sdmVersion=01.51.00.47&muid=303000300050563BAEACF7ED10F5FDFF00000800F5842E75C2685063D8C2EEE100067EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: player.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=2F414CCB8CFD85AA7DE47BF1E71CE7EC; 143_TURNKEY=Default-261507552109961866; 143_CAMPAIGN_SERIAL_ID=Default-Default; 143_FIRST_BROWSER="Default-MSIE 7.0"; 143_CT=1


HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:28:44 GMT
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Keep-Alive: timeout=3, max=799
Connection: Keep-Alive
Content-Type: text/html
HTTP/1.1 200 OK..Date: Mon, 09 Oct 2017 12:28:44 GMT..Server: Apache..
Content-Length: 0..P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI CO
M NAV"..Keep-Alive: timeout=3, max=799..Connection: Keep-Alive..Conten
t-Type: text/html..



GET /free/frg/products/480860/boxshot_sm.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 12 Jun 2011 09:08:48 GMT
Content-Type: image/jpeg
Content-Length: 4632
Accept-Ranges: bytes
X-Varnish: 1341931841
Cache-Control: private, max-age=259200
Expires: Thu, 12 Oct 2017 12:28:31 GMT
Date: Mon, 09 Oct 2017 12:28:31 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......P......Adobe.d....................
......................................................................
.......................................................<.3.........
......................................................................
..............!"..1.A23QBR#$..bCaq...c4d5E&6.....................!...1
...AQ"..aq.2...B...b#34...R..c$Tr..CSDd5...%E&............?........v.$
....id\G..v...WH.T.h........8I.zcN........M..i.hS.6..c..b.s.)....>.
m....N.....r.\.2.b..'p4...W...cSZ....>..._D.........Z...<l9...S.
.J........Dc..4z.l.....r.Whi.u".s..Nz.oR..........q.Jd(..2-....:z.`..f
].Q..6:..[....Q@$ .|....0,...Mc.....HQ\@>.)@@F.....4..V*....!w....3
o...4!Ra....].=/.(......v...t._".gP..UApa..........^..zM q2...AL.{....
lM.e..G2..Y...p...y...6.g..cnr.p*.MsGN..$.T*'U..............t......H(Z
..<J...lf..;FP...(x%b...=6......'.....~..O.|....~._...,.....?....sR
$....-........fp&W//.~.i?g..E.O...2.......,|y....y..*@4..R...#..5..t..
2..*.Z.......'rm.. 0..Z...N.^$.}..g.lI...e.....c6.J)2.A.,.E..p.T.7WUB.
..^9>k2......q$...Y.....`>A`cUO...X..*(.S2Z5.Dq{..A.P.B......4..
.x~.mE.' [3.`..*..#..Z.r..k.F._.#..k..heI .T...$.G..eD.kD...-)...#....
.V.R.....<....)y.@/@.}K.. .*<.L(o%..n0)....e....y..g....L.S..\.s
(e....H.1.8r....8..g,.BrI..*T.....Z.w4 .Sb....  .lK....^..D..b.<..$
..b.Qq.Z...Na.....KR..z.......K.`-..R1.;..-..n.q.....t.G.{wm..... ....
......y...7...._.6.T...u]...;.[o3.......$..a=*.....X<........2g...M
......y#........CO.....O'...j..........W?..9.8.q\.Y..H>U.....$p
<<< skipped >>>


GET /freeride_marketing/SDM/SDM_standard/header.html HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: dts1.freeridegames.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Apache/2.4.4 (Win64)
Last-Modified: Thu, 21 Feb 2013 10:04:09 GMT
Accept-Ranges: bytes
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 1002
Date: Mon, 09 Oct 2017 12:28:31 GMT
Connection: keep-alive
Vary: Accept-Encoding
...........Umo.6......W.Km,.....m5pl7)....n.."....F....#...=./s......I
Q....{....../......j.7..g...Z....s>YN./^...,.(LjSU....5{........Q.n
......og.....4f!3.....-.[..2...Kc..5&![[[.9.q....6.*..F.i....wh.b... .
.5V......7....t...O...qE*.......!..}.#.....1.....PxC. c.....&..Z...GZj
.W.r..j._..1tfE.vO.....)......u.V..q|...n..o.3Pf.@Yi.m.^...m..........
.......c.."....P.a...t..........WR$HH}.CV..P."2*.,.t.Z.~.....V...[...g
....,........h6....d..........l.....0.4..\8..M.$..3.)).P..`..v...^.kth
C.........)9-C.y....4RP#...4G....;.`.&.Df.S#......|.D.....p.XB.*0..$Z.
.,.'.5.5&....8. I.d ...LYo.F...)...)......=...S.U!U.......G.x9VeM...V.
4"01D5...Z..iJN.....CP...). d..9.&... ....A...N.'?.....|..y.i...H.....
.....T....t.Ic7(..:.'.85e&.~....H.....^h.%..;..._...O.gs......_@v.....
.......n...[..7......M.....b.{.d....n.....S.m...)`vlF...1..R..Ic.Y.l..
.....I.....6..U....S..p...........&.gph,.1...V.X........5...r.... ....
...,(I...V1.iaHt.....q.m...l.....0,.QM|{....x"~y&;t..n.......A.D~.;...
.....~.....7....w..)0l...HTTP/1.1 200 OK..Server: Apache/2.4.4 (Win64)
..Last-Modified: Thu, 21 Feb 2013 10:04:09 GMT..Accept-Ranges: bytes..
Content-Type: text/html..Content-Encoding: gzip..Content-Length: 1002.
.Date: Mon, 09 Oct 2017 12:28:31 GMT..Connection: keep-alive..Vary: Ac
cept-Encoding.............Umo.6......W.Km,.....m5pl7)....n.."....F....
#...=./s......IQ....{....../......j.7..g...Z....s>YN./^...,.(LjSU..
..5{........Q.n......og.....4f!3.....-.[..2...Kc..5&![[[.9.q....6.*..F
.i....wh.b... ..5V......7....t...O...qE*.......!..}.#.....1.....Px
<<< skipped >>>

GET /FRG_site/downloads/geo/es/Exetender_toolbar_homepage_search_Default.exe HTTP/1.1


Range: bytes=0-2379010
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Mon, 11 Nov 2013 14:00:35 GMT
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Expires: Mon, 09 Oct 2017 12:28:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 Oct 2017 12:28:33 GMT
Content-Range: bytes 0-2379010/11895056
Content-Length: 2379011
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......d... ... ...
 .......5...O...(.......4...O...i......./... .......&...*.......!...Ri
ch ...........PE..L...>.J=.................0...0...............@...
.@..................................&.................................
.....hI..........(............m..P....................................
........................@...............................text...6$.....
..0.................. ..`.rdata.......@... ...@..............@..@.data
...dn...`...@...`..............@....rsrc...(..........................
.@..@.................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /ps/conduitinstaller/stublogic.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: storage.conduit.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Date: Mon, 09 Oct 2017 12:28:44 GMT
Content-Length: 1245
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>....
<<< skipped >>>


GET /beacon.js HTTP/1.1
Accept: */*
Referer: hXXp://dts1.freeridegames.com/freeride_marketing/SDM/SDM_standard/header.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: b.scorecardresearch.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Mon, 23 Oct 2017 12:28:35 GMT
Date: Mon, 09 Oct 2017 12:28:35 GMT
Content-Length: 901
Connection: keep-alive
Cache-Control: private, no-transform, max-age=1209600
..........mT.k.6..W.e.....t.........F..}.&(..k.%#.. u..];N[x.`,...9.9*
;..m.. .].0...t3C...9.N.....].L@M....W ....@.B}.,.;...}p...%A..!T.%]/.
.`.9....`.....<b..z.E....!Q&.....po........e.R]Fzk...x%J..#-. ....!
...6Tle..o.......1;7a.....S.w..d4f.,jc.mB.T.......,..z..!..1..~.1.J:..
...csI.J.....~...8:.1.`....{uI ..<?./.j...b..Z.......u.}{.k,.m.;U*.
.....]9...R%..L.&5PXb...Hj....J...ES.>s............@..F...D-.......
......G....*[.....~.q..5......k..>.....X.....".....;.\..0.....^..R.
P1...^t..q$k.|.....c7...d.Z..V.:.^j....Gb...`...W........#.....Y?.....
.yX.....6C..Yb..].....l=.f........A..9L...ab.f.....[.eT.....q... .k..4
...t5P.....0*..e.....T..I%.........eR..}.1..eB&...;.......[G.3.......s
.......bL.~0....cXX..m..l...uv)'.q..D...B.....{.].WO...zp....C.U..a...
....{.J2j ..p. .....f....5....w...?V...':?1..../..J..?.........%.N.0av
.sH..K...|{&.i...=.>..qmr........b.;..;(......5...R@ocv...[..)...1.
.p........


GET /b?c1=2&c2=6035233&ns__t=1507552116545&ns_c=windows-1252&ns_if=1&cv=3.1&c8=&c7=http://dts1.freeridegames.com/freeride_marketing/SDM/SDM_standard/header.html&c9= HTTP/1.1


Accept: */*
Referer: hXXp://dts1.freeridegames.com/freeride_marketing/SDM/SDM_standard/header.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: b.scorecardresearch.com
Connection: Keep-Alive

GET /b2?c1=2&c2=6035233&ns__t=1507552116545&ns_c=windows-1252&ns_if=1&cv=3.1&c8=&c7=http://dts1.freeridegames.com/freeride_marketing/SDM/SDM_standard/header.html&c9= HTTP/1.1
Accept: */*
Referer: hXXp://dts1.freeridegames.com/freeride_marketing/SDM/SDM_standard/header.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: b.scorecardresearch.com
Connection: Keep-Alive
Cookie: UID=10462a140236159146f9dac1507552115; UIDR=1507552115


HTTP/1.1 204 No Content
Content-Length: 0
Date: Mon, 09 Oct 2017 12:28:35 GMT
Connection: keep-alive
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
HTTP/1.1 204 No Content..Content-Length: 0..Date: Mon, 09 Oct 2017 12:
28:35 GMT..Connection: keep-alive..Pragma: no-cache..Expires: Mon, 01 
Jan 1990 00:00:00 GMT..Cache-Control: private, no-cache, no-cache=Set-
Cookie, no-store, proxy-revalidate..



GET /freeride_marketing/SDM/SDM_standard/js/defines.js HTTP/1.1
Accept: */*
Referer: hXXp://player.freeridegames.com/product/SDM/SDM_standard/SDM_PROGRESS.html?GameName=The Rise of Atlantis&GameId=480860
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: cdn.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 12 Apr 2011 11:54:25 GMT
Content-Type: application/javascript
Content-Length: 1371
Accept-Ranges: bytes
X-Varnish: 1341931849
Cache-Control: private, max-age=259200
Expires: Thu, 12 Oct 2017 12:28:33 GMT
Date: Mon, 09 Oct 2017 12:28:33 GMT
Connection: keep-alive
Exent = function()..{..};..Exent.SDM = function()..{..};..Exent.SDM.Ma
rkting = function()..{..};..Exent.SDM.Markting.Defines = function()..{
..};....Exent.SDM.Markting.Defines.BASE_URL = ..{...cdn : "hXXp://cdn.
exent.com/freeride_marketing/SDM/SDM_standard/img/",...freeride : "htt
p://VVV.freeridegames.com/product/img/SDM/"..}..if (navigator.userAgen
t.indexOf("Windows NT 6.0") != -1) ..{..  Exent.SDM.Markting.Defines.S
ERVICE_PROMOTION = ..  {..  .servicePromotion1 : "url('"   Exent.SDM.M
arkting.Defines.BASE_URL.cdn   "servicePromotion1.jpg')",..  .serviceP
romotion2 : "url('"   Exent.SDM.Markting.Defines.BASE_URL.cdn   "servi
cePromotion2.jpg')",..    servicePromotion3 : "url('"   Exent.SDM.Mark
ting.Defines.BASE_URL.cdn   "servicePromotion3vista.jpg')",..  .servic
ePromotion4 : "url('"   Exent.SDM.Markting.Defines.BASE_URL.cdn   "ser
vicePromotion4.jpg')"..  };..}..else..{ ..  ..  Exent.SDM.Markting.Def
ines.SERVICE_PROMOTION = ..  {..  .servicePromotion1 : "url('"   Exent
.SDM.Markting.Defines.BASE_URL.cdn   "servicePromotion1.jpg')",..  .se
rvicePromotion2 : "url('"   Exent.SDM.Markting.Defines.BASE_URL.cdn   
"servicePromotion2.jpg')",..    servicePromotion3 : "url('"   Exent.SD
M.Markting.Defines.BASE_URL.cdn   "servicePromotion3.gif')",..  .servi
cePromotion4 : "url('"   Exent.SDM.Markting.Defines.BASE_URL.cdn   "se
rvicePromotion4.jpg')"..  };..}....
<<< skipped >>>

GET /freeride_marketing/SDM/SDM_standard_2010/css/SDM_PROGRESS.css HTTP/1.1


Accept: */*
Referer: hXXp://cdn.exent.com/freeride_marketing/SDM/SDM_standard_2010/SDM_PROGRESS.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: cdn.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 12 Apr 2011 11:54:29 GMT
Content-Type: text/css
Accept-Ranges: bytes
X-Varnish: 1341931853
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: private, max-age=259200
Expires: Thu, 12 Oct 2017 12:28:34 GMT
Date: Mon, 09 Oct 2017 12:28:34 GMT
Content-Length: 347
Connection: keep-alive
.............N.0......M..)..k..I......`biI)....v)..F..z...L?.N..!...0(
..kC..P.A..c-75*F.=.:. ...=..noZ..AK.f.C..[0..;....6#....[e .>...n,
..z$.4..@U{G....V........r....\b.X......XB.YUie....Z?...(...@1..X.....
Zj.......G....=.._..|....`.A!...wS...d..?..;....[^C.s....K..|."s..$...
..PY.g....,]....-;.|.7$6.......4N.O..'.').k.iJ.xO.3.a.F..$............
HTTP/1.1 200 OK..Last-Modified: Tue, 12 Apr 2011 11:54:29 GMT..Content
-Type: text/css..Accept-Ranges: bytes..X-Varnish: 1341931853..Vary: Ac
cept-Encoding..Content-Encoding: gzip..Cache-Control: private, max-age
=259200..Expires: Thu, 12 Oct 2017 12:28:34 GMT..Date: Mon, 09 Oct 201
7 12:28:34 GMT..Content-Length: 347..Connection: keep-alive...........
....N.0......M..)..k..I......`biI)....v)..F..z...L?.N..!...0(..kC..P.A
..c-75*F.=.:. ...=..noZ..AK.f.C..[0..;....6#....[e .>...n,..z$.4..@
U{G....V........r....\b.X......XB.YUie....Z?...(...@1..X.....Zj.......
G....=.._..|....`.A!...wS...d..?..;....[^C.s....K..|."s..$.....PY.g...
.,]....-;.|.7$6.......4N.O..'.').k.iJ.xO.3.a.F..$..............
..


GET /freeride_marketing/SDM/SDM_standard_2010/img/servicePromotion3.gif HTTP/1.1


Accept: */*
Referer: hXXp://cdn.exent.com/freeride_marketing/SDM/SDM_standard_2010/SDM_PROGRESS.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: cdn.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 12 Apr 2011 11:54:30 GMT
Content-Type: image/gif
Content-Length: 79037
Accept-Ranges: bytes
X-Varnish: 1341931859
Cache-Control: private, max-age=259200
Expires: Thu, 12 Oct 2017 12:28:35 GMT
Date: Mon, 09 Oct 2017 12:28:35 GMT
Connection: keep-alive
GIF89a|.=.................u..f...^.v..i.Q..3..Ku..W....o...........Vho
/g...S.n.e.-f..h..F......R{......&...j.W.....0...R......W........d...(
............H........F....F..............9UgQ..3.....u..3u.......%...-
^....s....U..5..G........x...]...3.....4.......mOk........"..x.."...x.
..,p...B....*V./JY....d........J........6.$...Y.l........L...vS......G
...........0...3..I...... .w.....Y....r)W...S..3...Y.I.........{......
...........!'w...T.>dye.....u............2.j"$`r....x.....)R.....X.
g..G...U.....G.7..X...k..I.g........E......Z.......:}.K...............
..t...4=...R...~|wR=x.........ok......................................
......................................................................
................................................~........ .c1J........
..............!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="...
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:m
eta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 
       "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-s
yntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpRights="http:
//ns.adobe.com/xap/1.0/rights/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1
.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" x
mlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpRights:Marked="False" xmpMM
:OriginalDocumentID="uuid:E075493B8A63DD11AC50F33A9CF1BD4A" xmpMM:Docu
mentID="xmp.did:370D4B19B36411DF92A0A43CC032876F" xmpMM:InstanceID="xm
p.iid:370D4B18B36411DF92A0A43CC032876F" xmp:CreatorTool="Adobe Pho
<<< skipped >>>


GET /FRG_site/downloads/geo/es/Exetender_toolbar_homepage_search_Default.exe HTTP/1.1
Range: bytes=4758022-7137032
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Mon, 11 Nov 2013 14:00:35 GMT
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Expires: Mon, 09 Oct 2017 12:28:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 Oct 2017 12:28:33 GMT
Content-Range: bytes 4758022-7137032/11895056
Content-Length: 2379011
Connection: keep-alive
HTTP/1.1 206 Partial Content..Server: Apache/2.4.4 (Win64)..Last-Modif
ied: Mon, 11 Nov 2013 14:00:35 GMT..Accept-Ranges: bytes..Content-Type
: application/x-msdownload..Expires: Mon, 09 Oct 2017 12:28:33 GMT..Ca
che-Control: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Mo
n, 09 Oct 2017 12:28:33 GMT..Content-Range: bytes 4758022-7137032/1189
5056..Content-Length: 2379011..Connection: keep-alive...,ny........bq.
....L...>......5.QS.....M..9.$..Ym.0..]...z.G.[Y?T.n...u[...@9_/...
.k...#.m....z~....{...b...1W0?.Ir.._.5.`....._.....0..)V..r..zH.4.y/..
...s.C...m.b9....:...m.7...qT.!H.c....o.% .....16.....|.-....V..g.....
7...wI...v.....}.....<......H,....4.j......;.];X.)6..R...|...OJ.@K.
,P.[..w...[..nz%..._. ..].g......@..`=..u.........]Q}]C/fo...Z.=.`.4N.
...jb`Z........TCz.......1......}n.......s.B.w.......q7-...&g1Nz._.!..
X..$.Y...?bj.......&P*.k.....C.<....z)l.ZGaY.2..]..T.>-.....f.L.
.......BQ........*o..A..W..."...yR.B.......&.......x.(%....hc.....O..m
I....)....9.....j....@,...J.......;.4...P.hz.....l..6mNX..`TY..R.%|.,.
.J6B_...|..uW.(qV.G..:..;o.9....J.5Qj..].M1.Y.A.K.I.e.k=s......!?./o..
nw.......>..Lz0.X.!....l;u....../C6A~@\c.L*.....*......._.S...cNP".
./.d3........R.........[.3..M....d.._.<.. s{......do'......n....b{t
...).fG..7e- d...".Bf..E.H.........%..^#>R..SQ<f...S..(.;....=l.
.....|.....C..A..V[.........lOhq...|.~....&..L.`n)..n..F6S..2|...E&q..
..l^.Z...'*.=.;....Mor..v.{..... }.`:.wkZ.....W.....-.tr...........:.:
..y..8..}{..au. Y4&.v.E._..`im...F..Z~.e".....%......u ..b....=.{v
<<< skipped >>>


HEAD /FRG_site/downloads/geo/es/Exetender_toolbar_homepage_search_Default.exe HTTP/1.1
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: Apache/2.4.4 (Win64)
Last-Modified: Mon, 11 Nov 2013 14:00:35 GMT
Accept-Ranges: bytes
Content-Length: 11895056
Content-Type: application/x-msdownload
Expires: Mon, 09 Oct 2017 12:28:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 Oct 2017 12:28:31 GMT
Connection: keep-alive
....


GET /FRG_site/downloads/geo/es/Exetender_toolbar_homepage_search_Default.exe HTTP/1.1


Range: bytes=2379011-4758021
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Mon, 11 Nov 2013 14:00:35 GMT
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Expires: Mon, 09 Oct 2017 12:28:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 Oct 2017 12:28:33 GMT
Content-Range: bytes 2379011-4758021/11895056
Content-Length: 2379011
Connection: keep-alive
HTTP/1.1 206 Partial Content..Server: Apache/2.4.4 (Win64)..Last-Modif
ied: Mon, 11 Nov 2013 14:00:35 GMT..Accept-Ranges: bytes..Content-Type
: application/x-msdownload..Expires: Mon, 09 Oct 2017 12:28:33 GMT..Ca
che-Control: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Mo
n, 09 Oct 2017 12:28:33 GMT..Content-Range: bytes 2379011-4758021/1189
5056..Content-Length: 2379011..Connection: keep-alive....a...F....2...
.I..~.9n.. ..k89..O...wo7..w.....=.......o0.]5...O.{..A..d... ...9....
...^|J...Sg..?P..}.....t...Vf...2]....&.K.k...J....w..!|v.X.. ....|'..
.C...e..3..1.......AY...V.U........7......O.....c...d..K..x>..Y.,..
..,*.....[.DB....I.w....6..4K..)...o.c.x.....$7.N....f.f.kb....S....K.
[.Ltd...<.0........'~...r.>.Ps.?.....h?......X...X.]....;......u
......n............0....Z....l..Tj.&..e=.......'..N.....Xa....w..._m..
.C.C.}s.!......7.....M..m.!..?.......!.........b....!p..=........w.c..
..H|...R'JG..x.C....ft...P/9....r~ykO9?.%.....-..m.r.@.=@...Yt....q.F.
.......kO.q.}j..K._.A.d^*@..I'.......J.#.:..<.b..qW.#%hho..=U@.M;.U
..O.o.......a....T..We...uJ.#....S.s...B..}..bd)..)...._..>%....W..
#q.......uZ.....U..."k. ..f.3..y.*.@....5.^m.T....l.1!S.g.(H....=..a.=
.&....[.....K.9.Zi......z...]..R| ...@..oL:.I..6H.uTJ....B.88....x...2
..vYy..]w.i.......>..>5|w..W.i.......o.].C.UH.8...A..S...4}....D
..h.P../..BA...E.-H.xA..=..:.}..:}...1..a..w...?..@q..........|.......
........E#..6....l..s.u.......k..YY.C_.(R...G... .S..........t......R.
.U.kP[......."...I.)^...9~$..v/....\..g..b^K.O..)..q.9...*..Z....:
<<< skipped >>>


GET /FRG_site/downloads/geo/es/Exetender_toolbar_homepage_search_Default.exe HTTP/1.1
Range: bytes=7137033-9516043
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Mon, 11 Nov 2013 14:00:35 GMT
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Expires: Mon, 09 Oct 2017 12:28:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 09 Oct 2017 12:28:33 GMT
Content-Range: bytes 7137033-9516043/11895056
Content-Length: 2379011
Connection: keep-alive
HTTP/1.1 206 Partial Content..Server: Apache/2.4.4 (Win64)..Last-Modif
ied: Mon, 11 Nov 2013 14:00:35 GMT..Accept-Ranges: bytes..Content-Type
: application/x-msdownload..Expires: Mon, 09 Oct 2017 12:28:33 GMT..Ca
che-Control: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Mo
n, 09 Oct 2017 12:28:33 GMT..Content-Range: bytes 7137033-9516043/1189
5056..Content-Length: 2379011..Connection: keep-alive...... Y...*.H.q_
y....-..;L\..I...LA. c..T...9.T.9.....7..e..q..]......T...q. &.\V*bO..
.T$..j..L.:1..4\7u.u......n.q.$.zC.(.h.Q.2m...2..l|n..Q.....9.<u}..
Q..........r@.......t~B.>u...S WKv..]..1|:....:.Y.v....,.....2.....
.8Ju..b*..En.2$..4...Lo..2/@..f.....E...".d.@#.:6Tu....T.......4C,..I?
....2........t..GU...a.H...hc....m .:.C..2].i.:..s...as..Xx .0........
.6c.jK..-.M.w..{..0L..B]D..<O...s....\..}1W.aU*.U..0...].0.R:..i_.3
......Esu...0Lah.....x...c..3.&..R...qh..14.".....D...?r..:.aX..).....
.N.0....zJ.a..Xoh0L.c........@'..0...^..0..o...x...h1l.........9G.a...
a...0......4[....=.0....e..f..a.Z...w.S1Li.a].pJa.!.R.1..eH.v. .a.....
.).NC.1.S4...Q.p#..........I...5.U...5a.A.a%..nm.a...x.f.C..b.5S. ....
.y....u^..Y..3....B......[.1.j..1..Y*..g..l..bX...`.....ese.."..2K....
..6r......`X..a5.1,....u'.L.......}...0U.aO.u.F...Q0`..M.a<5mW..zD.
D.`....I:.."..C.I.a.!..gr..q...:.#..t\Gu.u...(C.74...Q..2.2h1..G6..I.a
<..M:.....:......b....... ..z....4:...O1.(.jY.......k0.....*..0..f)
.6...5t.v..N..1.T.=.........0..m..x...l....g..1..T2H.M...W1...j.~...Aq
{e3..{..l.R... .y..3.6*q/R.Q....j.}..Q...*T7,..j7,K.7....4...L..g.
<<< skipped >>>


GET /meter/VVV.freeridegames.com/13.gif HTTP/1.1
Accept: */*
Referer: hXXp://dts1.freeridegames.com/freeride_marketing/SDM/SDM_standard/header.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: images.scanalert.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/gif; charset=UTF-8
Content-Length: 57
Connection: keep-alive
Cache-Control: public
Content-Encoding: gzip
Date: Mon, 09 Oct 2017 12:28:34 GMT
Expires: Mon, 09 Oct 2017 13:28:34 GMT
Server: Apache
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
X-Cache: Miss from cloudfront
Via: 1.1 fd0b6604a702c913fca13c5d665f0604.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 0242j95Ufqqs21kcGrQ7M7YRNj3GJJUQdvfRUDD6Aa3nncK1z32TBg==
..........s.t..Ldd`dh``8s......O.F ..."@2.LL.......G. ...HTTP/1.1 200 
OK..Content-Type: image/gif; charset=UTF-8..Content-Length: 57..Connec
tion: keep-alive..Cache-Control: public..Content-Encoding: gzip..Date:
 Mon, 09 Oct 2017 12:28:34 GMT..Expires: Mon, 09 Oct 2017 13:28:34 GMT
..Server: Apache..X-Content-Type-Options: nosniff..X-Xss-Protection: 1
; mode=block..X-Cache: Miss from cloudfront..Via: 1.1 fd0b6604a702c913
fca13c5d665f0604.cloudfront.net (CloudFront)..X-Amz-Cf-Id: 0242j95Ufqq
s21kcGrQ7M7YRNj3GJJUQdvfRUDD6Aa3nncK1z32TBg==............s.t..Ldd`dh``
8s......O.F ..."@2.LL.......G. .....



POST /usage.ashx HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: usage.integration.toolbar.conduit-services.com
Content-Length: 360
Connection: Keep-Alive
Cache-Control: no-cache

{"installationType":"NSISBundle","installationVersion":"6.0.1.0","actionType":"initializationReport","bundleGUID":"NULL","parentProcess":"NULL","ctid":"ct3198777","parameters":"-ctid=CT3198777          -startpage=TRUE -defaultsearch=TRUE -openwelcomedialog=FALSE -showpersonalcompdialog=FALSE -searchrevert=TRUE -ie","returnCode":"0","returnMessage":"Success"}
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 09 Oct 2017 12:28:43 GMT
Content-Length: 9
ConduitOKHTTP/1.1 200 OK..Cache-Control: private..Content-Type: text/p
lain; charset=utf-8..Server: Microsoft-IIS/7.5..X-AspNet-Version: 4.0.
30319..X-Powered-By: ASP.NET..Date: Mon, 09 Oct 2017 12:28:43 GMT..Con
tent-Length: 9..ConduitOK....


POST /usage.ashx HTTP/1.1


Content-Type: application/x-www-form-urlencoded
User-Agent: NSIS_Inetc (Mozilla)
Host: usage.integration.toolbar.conduit-services.com
Content-Length: 400
Connection: Keep-Alive
Cache-Control: no-cache

{"installationType":"NSISBundle","installationVersion":"6.0.1.0","actionType":"postInstallReport","bundleGUID":"NULL","parentProcess":"NULL","ctid":"ct3198777","parameters":"-ctid=CT3198777          -startpage=TRUE -defaultsearch=TRUE -openwelcomedialog=FALSE -showpersonalcompdialog=FALSE -searchrevert=TRUE -ie","returnCode":"4","returnMessage":"ERROR: Internet Connection Error - Download Failed"}
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 09 Oct 2017 12:28:44 GMT
Content-Length: 9
ConduitOK..



GET /do/SDMC?action=config_7_5&type=ES_TB_HOMEPAGE_SEARCH&contentId=480860 HTTP/1.1
User-Agent: AHTTPConnection
Host: player.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 302 Moved Temporarily
Date: Mon, 09 Oct 2017 12:28:29 GMT
Server: Apache
Set-Cookie: JSESSIONID=2F414CCB8CFD85AA7DE47BF1E71CE7EC; Path=/; HttpOnly
Set-Cookie: 143_userName=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_password=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_TURNKEY=Default-261507552109961866; Expires=Tue, 09-Oct-2018 12:28:29 GMT; Path=/
Set-Cookie: 143_CAMPAIGN_SERIAL_ID=Default-Default; Expires=Sun, 07-Jan-2018 12:28:29 GMT; Path=/
Set-Cookie: 143_FIRST_BROWSER="Default-MSIE 7.0"; Version=1; Max-Age=7776000; Expires=Sun, 07-Jan-2018 12:28:29 GMT; Path=/
Set-Cookie: 143_CT=1; Expires=Mon, 16-Oct-2017 12:28:29 GMT; Path=/
Location: hXXp://player.freeridegames.com/do/SDM?action=config_7_5&contentId=480860&type=ES_TB_HOMEPAGE_SEARCH
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Keep-Alive: timeout=3, max=800
Connection: Keep-Alive
Content-Type: text/html
....


GET /do/SDM?action=config_7_5&contentId=480860&type=ES_TB_HOMEPAGE_SEARCH HTTP/1.1


User-Agent: AHTTPConnection
Host: player.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=2F414CCB8CFD85AA7DE47BF1E71CE7EC; 143_TURNKEY=Default-261507552109961866; 143_CAMPAIGN_SERIAL_ID=Default-Default; 143_FIRST_BROWSER="Default-MSIE 7.0"; 143_CT=1


HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:28:30 GMT
Server: Apache
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Keep-Alive: timeout=3, max=799
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
7cf..<?xml version="1.0" encoding="utf-8"?><Response><C
ontentConfiguration id="480860"><IS><Url>hXXp://dts1.fr
eeridegames.com/FRG_site/downloads/geo/es/Exetender_toolbar_homepage_s
earch.exe</Url><AddOns><Param><ID>""</ID>
;<Name>noaddons</Name><Priority>0</Priority>&l
t;Checked>false</Checked><Dependencies/></Param>&
lt;/AddOns><CommandLine/></IS><SDMVersion>1.0.0.2
2</SDMVersion><PromotionUrl>hXXp://player.freeridegames.co
m/product/SDM/SDM_standard</PromotionUrl><ReportUrl>http:/
/player.freeridegames.com/opTools/clientTracking.jsp</ReportUrl>
<ConversionUrl>hXXp://player.freeridegames.com/do/conversionTrac
king</ConversionUrl><PartnerName>Default</PartnerName&g
t;<ProviderId>148</ProviderId><ProviderName>FreeRide
Games</ProviderName><ClientVersion>7.2.0.0</ClientVersi
on><EULAUrl>hXXp://player.freeridegames.com/do/general?Partne
r=Default&jspName=licenseAgreement</EULAUrl><ImgServerUrl
>hXXp://img.exent.com/free/frg</ImgServerUrl><HeaderUrl>
;hXXp://dts1.freeridegames.com/freeride_marketing/SDM/SDM_standard/hea
der.html</HeaderUrl><MyGamesUrl/><StartPageId>SDM_EU
LA</StartPageId><Type>ES_TB_HOMEPAGE_SEARCH</Type>&l
t;Game><Id>480860</Id><Name><![CDATA[The Rise 
of Atlantis]]></Name><CommandLine><![CDATA[http:
<<< skipped >>>

POST /opTools/clientTracking.jsp?trackEvent=SDM_TotalProcessStart&sdmVersion=01.51.00.47&muid=303000300050563BAEACF7ED10F5FDFF00000800F5842E75C2685063D8C2EEE100067EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: player.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=2F414CCB8CFD85AA7DE47BF1E71CE7EC; 143_TURNKEY=Default-261507552109961866; 143_CAMPAIGN_SERIAL_ID=Default-Default; 143_FIRST_BROWSER="Default-MSIE 7.0"; 143_CT=1


HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:28:30 GMT
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Keep-Alive: timeout=3, max=798
Connection: Keep-Alive
Content-Type: text/html
....


POST /opTools/clientTracking.jsp?trackEvent=SDM_DownloadStart&sdmVersion=01.51.00.47&fileName=hXXp://dts1.freeridegames.com/FRG_site/downloads/geo/es/Exetender_toolbar_homepage_search_Default.exe&muid=303000300050563BAEACF7ED10F5FDFF00000800F5842E75C2685063D8C2EEE100067EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: player.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=2F414CCB8CFD85AA7DE47BF1E71CE7EC; 143_TURNKEY=Default-261507552109961866; 143_CAMPAIGN_SERIAL_ID=Default-Default; 143_FIRST_BROWSER="Default-MSIE 7.0"; 143_CT=1


HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:28:31 GMT
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Keep-Alive: timeout=3, max=797
Connection: Keep-Alive
Content-Type: text/html
HTTP/1.1 200 OK..Date: Mon, 09 Oct 2017 12:28:31 GMT..Server: Apache..
Content-Length: 0..P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI CO
M NAV"..Keep-Alive: timeout=3, max=797..Connection: Keep-Alive..Conten
t-Type: text/html......


GET /product/SDM/SDM_standard/SDM_PROGRESS.html?GameName=The Rise of Atlantis&GameId=480860 HTTP/1.1


Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: player.freeridegames.com
Connection: Keep-Alive
Cookie: JSESSIONID=2F414CCB8CFD85AA7DE47BF1E71CE7EC; 143_TURNKEY=Default-261507552109961866; 143_CAMPAIGN_SERIAL_ID=Default-Default; 143_FIRST_BROWSER="Default-MSIE 7.0"; 143_CT=1


HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:28:31 GMT
Server: Apache
Last-Modified: Wed, 13 Apr 2011 11:32:31 GMT
ETag: "300000000521b-236c-4a0cb2a10245c"
Accept-Ranges: bytes
Content-Length: 9068
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Keep-Alive: timeout=3, max=796
Connection: Keep-Alive
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">.
.<html>..<head>..<title>Progress</title>..<
!-- <link rel="stylesheet" type="text/css" href="css/SDM_PROGRESS.c
ss"> -->..<!-- <script  type="text/javascript" src="js/def
ines.js"></script> -->..<link rel="stylesheet" type="te
xt/css" href="hXXp://cdn.exent.com/freeride_marketing/SDM/SDM_standard
/css/SDM_PROGRESS.css">..<script  type="text/javascript" src="ht
tp://cdn.exent.com/freeride_marketing/SDM/SDM_standard/js/defines.js"&
gt;</script>..<script language="JavaScript" type="text/javasc
ript">..function checkIframeSize(){..<!--...var viewportwidth;..
.var viewportheight;... // the more standards compliant browsers (mozi
lla/netscape/opera/IE7) use window.innerWidth and window.innerHeight..
. ... if (typeof window.innerWidth != 'undefined')... {.....viewportwi
dth = window.innerWidth,.....viewportheight = window.innerHeight... }.
.. ...// IE6 in standards compliant mode (i.e. with a valid doctype as
 the first line in the document)...... else if (typeof document.docume
ntElement != 'undefined'....  && typeof document.documentElement.clien
tWidth !=....  'undefined' && document.documentElement.clientWidth != 
0)... {..... viewportwidth = document.documentElement.clientWidth,....
. viewportheight = document.documentElement.clientHeight... }... ... /
/ older versions of IE... ... else... {..... viewportwidth = document.
getElementsByTagName('body')[0].clientWidth,..... viewportheight =
<<< skipped >>>


GET /ps/conduitinstaller/stublogic.exe HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: storage.conduit.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Date: Mon, 09 Oct 2017 12:28:44 GMT
Content-Length: 1245
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>....
<<< skipped >>>


POST /opTools/clientTracking.jsp?trackEvent=SDM_TotalProcessFinished&sdmVersion=01.51.00.47&muid=303000300050563BAEACF7ED10F5FDFF00000800F5842E75C2685063D8C2EEE100067EDB HTTP/1.1
User-Agent: AHTTPConnection
Host: player.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JSESSIONID=2F414CCB8CFD85AA7DE47BF1E71CE7EC; 143_TURNKEY=Default-261507552109961866; 143_CAMPAIGN_SERIAL_ID=Default-Default; 143_FIRST_BROWSER="Default-MSIE 7.0"; 143_CT=1


HTTP/1.1 200 OK
Date: Mon, 09 Oct 2017 12:28:43 GMT
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Keep-Alive: timeout=3, max=800
Connection: Keep-Alive
Content-Type: text/html
HTTP/1.1 200 OK..Date: Mon, 09 Oct 2017 12:28:43 GMT..Server: Apache..
Content-Length: 0..P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI CO
M NAV"..Keep-Alive: timeout=3, max=800..Connection: Keep-Alive..Conten
t-Type: text/html..



GET /freeride_marketing/SDM/SDM_standard/css/SDM_PROGRESS.css HTTP/1.1
Accept: */*
Referer: hXXp://player.freeridegames.com/product/SDM/SDM_standard/SDM_PROGRESS.html?GameName=The Rise of Atlantis&GameId=480860
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: cdn.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 12 Apr 2011 11:54:23 GMT
Content-Type: text/css
Accept-Ranges: bytes
X-Varnish: 598296065
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: private, max-age=259200
Expires: Thu, 12 Oct 2017 12:28:33 GMT
Date: Mon, 09 Oct 2017 12:28:33 GMT
Content-Length: 346
Connection: keep-alive
.............n.0.E. ..HYS..I:..j.].?`.......W../...Q[../...... ~..w.u.
^wJ..s,Y/L6h...I....u2.q<..s9m..F.Q..z,........AM...FqG...JVC.(.HUm
 ^oFe.&..$ ;Q.:2.$..S.7..R.bpo.&..P.4.'Y.....U*i.....W.d....j...F.?...
B..a..i....1 .q.Ad...o.V....!&X^^7.}.-.....v...=5...r....&."|.#3]....N
t....$.Q......e.....vC.m;.]v..U4......8Y._............c....../C......<
/font>....


GET /freeride_marketing/SDM/SDM_standard/img/header.jpg HTTP/1.1


Accept: */*
Referer: hXXp://dts1.freeridegames.com/freeride_marketing/SDM/SDM_standard/header.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: cdn.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 12 Apr 2011 11:54:24 GMT
Content-Type: image/jpeg
Content-Length: 24975
Accept-Ranges: bytes
X-Varnish: 1341931851
Cache-Control: private, max-age=259200
Expires: Thu, 12 Oct 2017 12:28:33 GMT
Date: Mon, 09 Oct 2017 12:28:33 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P......hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpRights="hXXp://ns.adobe.com/xap/1.0/rights/" xmlns
:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.
com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0
/" xmpRights:Marked="False" xmpMM:OriginalDocumentID="uuid:E075493B8A6
3DD11AC50F33A9CF1BD4A" xmpMM:DocumentID="xmp.did:635F5D80FD3F11DF973A8
2E7643F8FE6" xmpMM:InstanceID="xmp.iid:635F5D7FFD3F11DF973A82E7643F8FE
6" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:Derived
From stRef:instanceID="xmp.iid:94A0E3898D9311DF986DD6F6636C425C" stRef
:documentID="xmp.did:94A0E38A8D9311DF986DD6F6636C425C"/> </rdf:D
escription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r
"?>....Adobe.d.....................................................
......................................................................
......................d.|.............................................
.................................................!A.1..."...Qaq2.T....
.B..#.U...Rbr.3Ss$DEV...4d..%.F.Cc..t.fvW....5u&6'7...................
....!1Q..Aa...q."....2R....B.D..b...#3.r..C.S...c.$4E5............?..T
...R.q..j3N).0.....mk.Vv0B .....`...v.-_(T.U{0......L.3.P.5?...j..
<<< skipped >>>

GET /freeride_marketing/SDM/SDM_standard_2010/img/servicePromotion1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://cdn.exent.com/freeride_marketing/SDM/SDM_standard_2010/SDM_PROGRESS.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: cdn.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 12 Apr 2011 11:54:30 GMT
Content-Type: image/jpeg
Content-Length: 48259
Accept-Ranges: bytes
X-Varnish: 1341931854
Cache-Control: private, max-age=259200
Expires: Thu, 12 Oct 2017 12:28:34 GMT
Date: Mon, 09 Oct 2017 12:28:34 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P......hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpRights="hXXp://ns.adobe.com/xap/1.0/rights/" xmlns
:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.
com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0
/" xmpRights:Marked="False" xmpMM:OriginalDocumentID="uuid:E075493B8A6
3DD11AC50F33A9CF1BD4A" xmpMM:DocumentID="xmp.did:A1C6773DB36011DFB77BB
4D18C2D0A6A" xmpMM:InstanceID="xmp.iid:A1C6773CB36011DFB77BB4D18C2D0A6
A" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:Derived
From stRef:instanceID="xmp.iid:B3C1E96644B3DF11B72A88327B6583E8" stRef
:documentID="uuid:E075493B8A63DD11AC50F33A9CF1BD4A"/> </rdf:Desc
ription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&
gt;....Adobe.d........................................................
......................................................................
...................=.|................................................
..............................................!a.1.A".Q.q2#.t....B.F..
...Rb..3C$4T%E&8.r.s.D...v.u...S.e6f7........................!1.AQ..aq
.."2........B#D..Rbr3$...4....c5.Cs.dE.............?..Y.......8.....Q.
..?Y...X@....@.....$z....d..8i....(O8..A..HE.W.T.*%....T.....i..c.
<<< skipped >>>

GET /freeride_marketing/SDM/SDM_standard_2010/img/servicePromotion4.jpg HTTP/1.1


Accept: */*
Referer: hXXp://cdn.exent.com/freeride_marketing/SDM/SDM_standard_2010/SDM_PROGRESS.html
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: cdn.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 12 Apr 2011 11:54:31 GMT
Content-Type: image/jpeg
Content-Length: 58728
Accept-Ranges: bytes
X-Varnish: 598296073
Cache-Control: private, max-age=259200
Expires: Thu, 12 Oct 2017 12:28:35 GMT
Date: Mon, 09 Oct 2017 12:28:35 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P......hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpRights="hXXp://ns.adobe.com/xap/1.0/rights/" xmlns
:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.
com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0
/" xmpRights:Marked="False" xmpMM:OriginalDocumentID="uuid:E075493B8A6
3DD11AC50F33A9CF1BD4A" xmpMM:DocumentID="xmp.did:B22AB4A0B36411DFA9EAD
1B5118C216B" xmpMM:InstanceID="xmp.iid:B22AB49FB36411DFA9EAD1B5118C216
B" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:Derived
From stRef:instanceID="xmp.iid:B3C1E96644B3DF11B72A88327B6583E8" stRef
:documentID="uuid:E075493B8A63DD11AC50F33A9CF1BD4A"/> </rdf:Desc
ription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&
gt;....Adobe.d........................................................
......................................................................
...................=.|................................................
..............................................!..1Qa"A2..q...R#.....Bb
3..Cs$t.%E&r..DT..Ffv.....S...7.c..4d.58.Ueu...6V'....................
.....!.1..AQq"a...2....R....Br#D..b3$4...C..Sc5................?.....Y
.....b.........?.h..................H....;.P.g.H.0}.....1.".....$:
<<< skipped >>>


HEAD /check.jsp HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Content-Length: 32
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: no-cache
Date: Mon, 09 Oct 2017 12:28:31 GMT
Connection: keep-alive
HTTP/1.1 200 OK..Server: Apache..Pragma: no-cache..Content-Length: 32.
.P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Ty
pe: text/html;charset=ISO-8859-1..Cache-Control: no-cache..Date: Mon, 
09 Oct 2017 12:28:31 GMT..Connection: keep-alive......


HEAD /check.jsp HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Content-Length: 32
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: no-cache
Date: Mon, 09 Oct 2017 12:28:36 GMT
Connection: keep-alive
HTTP/1.1 200 OK..Server: Apache..Pragma: no-cache..Content-Length: 32.
.P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Ty
pe: text/html;charset=ISO-8859-1..Cache-Control: no-cache..Date: Mon, 
09 Oct 2017 12:28:36 GMT..Connection: keep-alive......


HEAD /check.jsp HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Content-Length: 32
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: no-cache
Date: Mon, 09 Oct 2017 12:28:41 GMT
Connection: keep-alive
HTTP/1.1 200 OK..Server: Apache..Pragma: no-cache..Content-Length: 32.
.P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Ty
pe: text/html;charset=ISO-8859-1..Cache-Control: no-cache..Date: Mon, 
09 Oct 2017 12:28:41 GMT..Connection: keep-alive..

The Malware connects to the servers at the folowing location(s):

SearchProtocolHost.exe_2432:

.text
`.data
.rsrc
@.reloc
ADVAPI32.dll
ntdll.DLL
KERNEL32.dll
msvcrt.dll
USER32.dll
ole32.dll
OLEAUT32.dll
TQUERY.DLL
MSSHooks.dll
IMM32.dll
SHLWAPI.dll
SrchCollatorCatalogInfo
SrchDSSLogin
SrchDSSPortManager
SrchPHHttp
SrchIndexerQuery
SrchIndexerProperties
SrchIndexerPlugin
SrchIndexerClient
SrchIndexerSchema
Msidle.dll
Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default
pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty
d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
RegDeleteKeyW
RegDeleteKeyExW
8%uiP
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
</MSG></TRC>
<MSG>
<ERR> 0xx=
<LOC> %s(%d) </LOC>
tid="0x%x"
pid="0x%x"
tagname="%s"
tagid="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
logname="%s"
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
SHELL32.dll
PROPSYS.dll
ntdll.dll
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
_amsg_exit
MsgWaitForMultipleObjects
SearchProtocolHost.pdb
2 2(20282|2
4%5S5
Software\Microsoft\Windows Search
https
kernel32.dll
msTracer.dll
msfte.dll
lX-X-X-XX-XXXXXX
SOFTWARE\Microsoft\Windows Search
tquery.dll
%s\%s
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
Windows Search Service
<Exception><HR>0xx</HR><eip>%p</eip><module>%S</module><line>%d</line></Exception>
advapi32.dll
WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll
winhttp.dll
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
<MSG>
<LOC> %S(%d) </LOC>
tagname="%S"
logname="%S"
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
Microsoft Windows Search Protocol Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchProtocolHost.exe
Windows
7.00.7601.17610

SearchFilterHost.exe_2408:

.text
`.data
.rsrc
@.reloc
ADVAPI32.dll
ntdll.DLL
KERNEL32.dll
msvcrt.dll
USER32.dll
ole32.dll
OLEAUT32.dll
TQUERY.DLL
IMM32.dll
MSSHooks.dll
mscoree.dll
SHLWAPI.dll
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
RegDeleteKeyW
RegDeleteKeyExW
8%uiP
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
_amsg_exit
SearchFilterHost.pdb
version="5.1.0.0"
name="Microsoft.Windows.Search.MSSFH"
<requestedExecutionLevel
3 3(30383|3
kernel32.dll
Software\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
Windows Search Service
tquery.dll
advapi32.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
<Exception><HR>0xx</HR><eip>%p</eip><module>%S</module><line>%d</line></Exception>
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
<MSG>
<ERR> 0xx=
<LOC> %S(%d) </LOC>
tid="0x%x"
pid="0x%x"
tagname="%S"
tagid="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
logname="%S"
</MSG></TRC>
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
%s\%s
winhttp.dll
Microsoft Windows Search Filter Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchFilterHost.exe
Windows
7.00.7601.17610


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Scan a system with an anti-rootkit tool.
  2. Terminate malicious process(es) (How to End a Process With the Task Manager):

    cmhelper.exe:2748
    cmhelper.exe:3828
    cmhelper.exe:956
    cmhelper.exe:2764
    GPlayer.exe:3368
    FreeRideGames.exe:3024
    Regsvr32.exe:1452
    RegEdit.exe:1988
    RegEdit.exe:3300
    %original file name%.exe:3308
    setup.exe:4048
    Free Ride Games.exe:2452
    FRG_toolbar.exe:768

  3. Delete the original Malware file.
  4. Delete or disinfect the following files created/modified by the Malware:

    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Low\PVXDUYBH.txt (106 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Low\2WG9I57W.txt (214 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Low\XUWLY219.txt (318 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AQW9UQHU\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OPHRS0CG\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FHRXL987\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ROKJ9SS6\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini (67 bytes)
    %Program Files%\FreeRide Games\Info\1.clg (15349 bytes)
    %Program Files%\FreeRide Games\Info\2.clg (1093 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\plf20C9.tmp (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\layout.bin (473 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\0x0409.ini (21 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.inx (7356 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\data1.hdr (2277 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.iss (257 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\pftw1.pkg (23526 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\ISSetup.dll (10675 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.exe (16638 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ext20CA.tmp (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.ini (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\data1.cab (14367 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\data2.cab (158355 bytes)
    %Program Files%\FreeRide Games\AppLoader2KEx.dll (966 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\resourceDll.dll (130 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_uninsep.bat (174 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\Free Ride Games.exe (989 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\0013F160 (917 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\ExentCtlInstaller.dll (200 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\cmhelper.exe (192 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG279c.rra\AppL279c.rra (32102 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\load2dd3.rra (2340 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\masks\logi2cf9.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\icon\IAF2be0.rra (17 bytes)
    %Program Files%\FreeRide Games\myGa28a5.rra (6126 bytes)
    %Program Files%\FreeRide Games\Skin\dat\GPlrLanc.dat (20 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dial2c0f.rra (1 bytes)
    %Program Files%\FreeRide Games\FRGN28a5.rra (17 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\preRoll\play2d66.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\load2b73.rra (2336 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\spla2b44.rra (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG227bc.rra\exs227cb.rra (2335 bytes)
    C:\Users\Public\Desktop\More FREE games.lnk (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\erro2c6c.rra (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\isrt.dll (262 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_u2d47.rra (7 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\yesn2cba.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_m2d47.rra (18 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\bgBo2b54.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\masks\play2cf9.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\atta2b54.rra (4 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\masks\bann2ce9.rra (6 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\titl2da4.rra (2 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\cls_2ab8.rra (31 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\Subs2dc4.rra (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG227bc.rra\exs227bb.rra (12834 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\prvd2912.rra (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setu22eb.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\swit2cba.rra (3 bytes)
    %Program Files%\FreeRide Games\Data\Loca2857.rra (7 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\logo2b73.rra (8 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\dial2b06.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\dat\Loca2867.rra (5 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\pb2c5d.rra (8 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\canc2a0c.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\main2d95.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\dat\Loca2857.rra (7 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\drop2dc4.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\icon\MyGa2bf0.rra (17 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\sign2cab.rra (4 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\flas2b63.rra (4 bytes)
    %Program Files%\FreeRide Games\Skin\icon\Onli2bf0.rra (17 bytes)
    %Program Files%\FreeRide Games\Skin\icon\Exit2bb1.rra (17 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\canc2a2b.rra (2 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\erro2c7c.rra (8 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\game2dd3.rra (4 bytes)
    %Program Files%\FreeRide Games\npEx28a5.rra (8760 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\229d.rra (100 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRide Games.lnk (1 bytes)
    %Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\ISSe26f0.rra (10504 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_a2d08.rra (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{FE55FDF9-85DD-4E1D-A6A3-885E33F44B22}\0x0409.ini (21 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\sear2de3.rra (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\DIFx2329.rra (86 bytes)
    %Program Files%\FreeRide Games\Skin\icon\GPla2be0.rra (17 bytes)
    %Program Files%\Exent Technologies\FreeRide Games\Jugar a mis juegos.lnk (1 bytes)
    %Program Files%\FreeRide Games\Skin\mask\play2cca.rra (144 bytes)
    %Program Files%\FreeRide Games\X6Ex27cb.rra (16732 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\emai2d85.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\GameInfoDefault\Thum28e4.rra (19 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\prvd2932.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_i2d37.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\skin_events\Skin2e02.rra (5 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\prvd2941.rra (26 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\drop2dd3.rra (181 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\ok_22a79.rra (2 bytes)
    C:\Windows\System32\d3dx2876.rra (32512 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\skin2b44.rra (11 bytes)
    %Program Files%\FreeRide Games\Skin\inde28b5.rra (34 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\chk_2a3b.rra (4 bytes)
    %Program Files%\FreeRide Games\Skin\icon\FRGL2bc1.rra (34 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\adGa2af6.rra (4 bytes)
    %Program Files%\FreeRide Games\Skin\Popups\1\pinb29ce.rra (5 bytes)
    %Program Files%\FreeRide Games\report.ini (86 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\key_2c8c.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\GameInfoDefault\Game28d4.rra (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra\Repo278c.rra (31560 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\bgTo2b63.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\cls_2ae6.rra (33 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_s2d47.rra (12 bytes)
    %Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setu26f0.rra (6040 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\YUI\auto2980.rra (36 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\conn2d76.rra (6 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\skin_events\spec2e02.rra (807 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setu22db.rra (6040 bytes)
    %Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\layo26d1.rra (473 bytes)
    %Program Files%\FreeRide Games\Skin\Popups\1\upda29dd.rra (4 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\gplayer\gpla2ba2.rra (15 bytes)
    %Program Files%\FreeRide Games\Skin\Sett28b5.rra (1 bytes)
    %Program Files%\FreeRide Games\exs.ini (1638 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra\GPla2700.rra (154846 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\Most2bff.rra (2334 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG227bc.rra\DoDl27cb.rra (4456 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\core2329.rra (2334 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\titl2db4.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\Popups\1\skip29dd.rra (5 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\cls_2ad7.rra (21 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\clos2a4a.rra (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\setup.log (323 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\masks\bann2cda.rra (6 bytes)
    %Program Files%\FreeRide Games\npGa2e12.rra (13264 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\preR2cab.rra (6 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\skin_events\PreR2df2.rra (3 bytes)
    %Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\data26d1.rra (15968 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\logi2b15.rra (2 bytes)
    %Program Files%\FreeRide Games\Skin\Popups\1\skip29ce.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\Popups\1\yesb29ed.rra (8 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\topL2b82.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\prvd2970.rra (27 bytes)
    %Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setu26e1.rra (14400 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\ap_p28d4.rra (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\isrt2339.rra (8434 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\post2c9b.rra (966 bytes)
    %Program Files%\FreeRide Games\Skin\Popups\1\nobu29be.rra (2 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_d2d08.rra (22 bytes)
    %Program Files%\FreeRide Games\Clie28b5.rra (262 bytes)
    %Program Files%\FreeRide Games\Skin\icon\Chan2bb1.rra (17 bytes)
    %Program Files%\FreeRide Games\Skin\Popups\1\clos299f.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\Popups\1\back298f.rra (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{FE55FDF9-85DD-4E1D-A6A3-885E33F44B22}\setup.ini (1 bytes)
    %Program Files%\FreeRide Games\Data\Loca2867.rra (5 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\preRoll\invi2d66.rra (262 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\Subs2db4.rra (16 bytes)
    C:\ProgramData\FreeRide Games\data3072.rra (172922 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\mg_i2b15.rra (2 bytes)
    %Program Files%\FreeRide Games\Skin\icon\FRGL2bc2.rra (34 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\og_i2c9b.rra (625 bytes)
    %Program Files%\FreeRide Games\Skin\icon\MyDo2be0.rra (17 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\ap_m28c4.rra (24 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\cls_2af6.rra (23 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\logi2c8c.rra (1 bytes)
    %Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setu2700.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\spla2cab.rra (6 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\ap_d28c4.rra (15 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\pids2903.rra (58 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\YUI\anim2980.rra (13 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\dl_i2b06.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\buy_2a0c.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\dott2dd3.rra (35 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\_isr2348.rra (18974 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\ap_c28c4.rra (2334 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra\Game277d.rra (8760 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\prvd2960.rra (40 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\defa2348.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\layo2c4d.rra (5 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\preRoll\play2d76.rra (6 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\prvd2903.rra (4 bytes)
    C:\ProgramData\FreeRide Games\ISSe30b0.rra (10504 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\clos2a3b.rra (2 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_l2d37.rra (7 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\ap_a28c4.rra (3404 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\bgLe2b54.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\post2cab.rra (966 bytes)
    %Program Files%\FreeRide Games\Skin\Skin28b5.rra (352 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\MinC2db4.rra (6 bytes)
    %Program Files%\FreeRide Games\Skin\icon\Help2be0.rra (17 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\cls_2ac7.rra (52 bytes)
    %Program Files%\FreeRide Games\Skin\icon\Sett2bf0.rra (17 bytes)
    %Program Files%\FreeRide Games\Skin\Langs\0409\Stri29fc.rra (11940 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\_isres_0x0409.dll (561 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\trac2cba.rra (7 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\fram2b15.rra (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\Stri2339.rra (2 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\bgRi2b63.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\subm2a89.rra (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra\cmhe279c.rra (4456 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\mg2903.rra (7 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\erro2b06.rra (2 bytes)
    %Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\0x0426f0.rra (21 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\topR2b92.rra (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\exs22eb.rra (12834 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\eror2c1e.rra (8 bytes)
    %Program Files%\FreeRide Games\ExentComponents.ini (1073 bytes)
    %Program Files%\FreeRide Games\Data\vers2857.rra (5 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\preRoll\load2d66.rra (17 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\logo2de3.rra (14 bytes)
    %Program Files%\InstallShield Installation Information\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\setup.ini (5176 bytes)
    %Program Files%\FreeRide Games\Skin\icon\FRGL2bd1.rra (34 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\gmt\cls_2b92.rra (10 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\more2a6a.rra (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG279c.rra\wh_P27ac.rra (4456 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\main2de3.rra (18 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\dl_i2c5d.rra (32 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra\Game275e.rra (65287 bytes)
    %Program Files%\FreeRide Games\Skin\Popups\1\pinb29be.rra (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\19U01AT3.txt (707 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\yesn2b44.rra (2 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\YUI\yaho298f.rra (2334 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\drop2c6c.rra (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\FRG_toolbar.exe (69 bytes)
    C:\ProgramData\FreeRide Games\layo30c0.rra (473 bytes)
    C:\ProgramData\FreeRide Games\setu30c0.rra (14401 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\spac2c5d.rra (49 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\GATr2bff.rra (2326 bytes)
    %Program Files%\FreeRide Games\Skin\Popups\1\canc299f.rra (7 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\YUI\data2980.rra (31 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\chk_2a2b.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\sear2df2.rra (10 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\clie2c5d.rra (509 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\emai2d95.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\hide2a5a.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\preRoll\clos2d56.rra (1106 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_e2d08.rra (11 bytes)
    %Program Files%\FreeRide Games\Skin\dat\Loca2868.rra (6 bytes)
    %Program Files%\FreeRide Games\Skin\NIBmps\NetI28e4.rra (1260 bytes)
    %Program Files%\FreeRide Games\Skin\NIBmps\Thum28f3.rra (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\lice22eb.rra (9 bytes)
    %Program Files%\FreeRide Games\Skin\Popups\1\Chec298f.rra (2 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\chan2dc4.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\cls_2aa8.rra (45 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\GPla22fa.rra (17 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\prvd2951.rra (18 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\NPGa2329.rra (9 bytes)
    %Program Files%\FreeRide Games\Skin\icon\favi2bb1.rra (17 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\bord2d76.rra (1 bytes)
    %Program Files%\Exent Technologies\FreeRide Games\More FREE games.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\exs.dll (380 bytes)
    %Program Files%\FreeRide Games\Skin\GameInfoDefault\md28e4.rra (383 bytes)
    C:\ProgramData\FreeRide Games\setu30d0.rra (6477 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\preRoll\laun2d66.rra (6 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\disp2d85.rra (6 bytes)
    %Program Files%\FreeRide Games\Skin\html\Conn2ba2.rra (296 bytes)
    %Program Files%\FreeRide Games\Skin\icon\GPlr2be0.rra (17 bytes)
    C:\Users\Public\Desktop\Jugar a mis juegos.lnk (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\ok_12a79.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\icon\Tray28a5.rra (17 bytes)
    %Program Files%\FreeRide Games\Skin\icon\FRGL2bb1.rra (34 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra\repo279c.rra (364 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\Regi22eb.rra (29 bytes)
    %Program Files%\FreeRide Games\Skin\NIBmps\NetI28f3.rra (2520 bytes)
    C:\Windows\Downloaded Program Files\Exen2886.rra (32172 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\logi28d4.rra (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\4E2B122G.txt (709 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\ok_12a79.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\retr2b82.rra (3 bytes)
    C:\Windows\Downloaded Program Files\ExentControl.ocx (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_g2d18.rra (17 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\FRG_22fa.rra (3404 bytes)
    %Program Files%\FreeRide Games\Skin\icon\Serv2bf0.rra (17 bytes)
    %Program Files%\FreeRide Games\Skin\mask\erro2cca.rra (144 bytes)
    %Program Files%\FreeRide Games\Skin\GameInfoDefault\Spla28d4.rra (29 bytes)
    %Program Files%\FreeRide Games\Skin\Langs\0409\EXEt29fc.rra (840 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\AC_R2c5d.rra (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pft20CB.tmp\exs2490.rra (7168 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG2700.rra\GPlr274e.rra (32516 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\debu28d4.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\gplayer\gpla2b92.rra (4314 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\main2da4.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_o2d47.rra (6 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\ok_02a79.rra (2 bytes)
    %Program Files%\FreeRide Games\Skin\mask\upda2cda.rra (96 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\FRG_22fb.rra (2104 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\dotn2329.rra (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG27bb.rra\3rdP27bb.rra (26 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\MyGa2c0f.rra (4298 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\righ2da4.rra (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG279c.rra\AX32279c.rra (3404 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\canc2a0c.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\skinUI\tabs2df2.rra (4 bytes)
    %Program Files%\FreeRide Games\Skin\Popups\1\clos29ae.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\Popups\1\upda29ed.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\sett2b34.rra (6 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\flas2c7c.rra (23 bytes)
    %Program Files%\FreeRide Games\Skin\html\OffL2ba2.rra (396 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\{48A7C77D-6AA1-44D6-AAC9-FD3368E89D31}\{6C26A305-4549-4A8A-9F03-25719C03B0FB}\Font2329.rra (39 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\play2c9b.rra (729 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Exent\classes\cls_2a98.rra (37 bytes)
    %Program Files%\FreeRide Games\glut27da.rra (4314 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\dialogBox\bott2b63.rra (2 bytes)
    %Program Files%\FreeRide Games\Skin\icon\FRGL2bd0.rra (34 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\dl2903.rra (7 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\btn\help2a4a.rra (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SFG27bb.rra\lice27bb.rra (9 bytes)
    C:\ProgramData\FreeRide Games\exs30b0.rra (7168 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\defa2903.rra (2 bytes)
    %Program Files%\FreeRide Games\Skin\mask\logi2cca.rra (144 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\pl\pl_e2d18.rra (3 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\og_i2b34.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\jque2c8c.rra (3404 bytes)
    %Program Files%\FreeRide Games\X6XS27da.rra (2334 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\CW2ZUIA5.txt (709 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\settings\info2d95.rra (6 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\css\auto2b06.rra (1 bytes)
    %Program Files%\FreeRide Games\Skin\Popups\1\nobu29ae.rra (6 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\myGa2c5d.rra (22 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\mg_i2c8c.rra (20 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\js\fram2c8c.rra (14 bytes)
    %Program Files%\FreeRide Games\Skin\dat\GPlr2b44.rra (6 bytes)
    %Program Files%\FreeRide Games\Data\Loca2876.rra (6 bytes)
    C:\ProgramData\FreeRide Games\0x043062.rra (21 bytes)
    %Program Files%\FreeRide Games\Skin\html\Skin\Provider\img\icon2c3e.rra (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\beacon[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\controller[1] (11 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\SDM_DB_148.xml (364 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7CFS2HCA.txt (705 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\measurements[1] (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\gamesInQueue[1] (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\defines[1] (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\VZE1PNJ9.txt (705 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\offlineheader[1] (398 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\util[1] (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\close_up[1] (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\configuration[1] (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\defines[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\SDMLog.log (2522745 bytes)
    %Program Files%\FreeRide Games\GameInst.dll (146 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\initialized[1] (401 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\functions[1] (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\SDM_PROGRESS[1].htm (276 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT (1056 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\WNFI8C11.txt (111 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\ZB1BYKS6.txt (295 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\connecting_anim[1] (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\servicePromotion4[1].jpg (8261 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\emptyFooter[1] (817 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\SDM_PROGRESS[1].htm (2373 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\defines[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\pageURLInfo[1] (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\connection[1] (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\util[1] (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\bubbleRight[1] (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\servicePromotion2[1].jpg (9076 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\initialized[1] (401 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\SDM_PROGRESS[1].css (732 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Exent\DACC\SDM_DownloadAcc_148.tmp (234161 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\index[1] (7 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Exent\GI20171009122844GMT.Log (28 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\FreeRideGames.exe (3202 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\connecting_anim[1] (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\conf_defines[1] (510 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\F4SZENBS.txt (705 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\progress[1] (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\servicePromotion3[1].gif (5752 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\servicePromotion1[1].jpg (4766 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\SDM_HEADER2[1].css (471 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\minimize_up[1] (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\conf_defines[1] (510 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\offlineheader[1] (199 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\conf_defines[1] (510 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_uninsdm.bat (185 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\defines[1] (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\bubbleLeft[1] (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\FS67204F.txt (329 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\13[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\SDM_PROGRESS[1].css (732 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\header[1].jpg (2035 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\boxshot_sm[1].jpg (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2VWLEQVN.txt (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\util[1] (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Exent\DACC\SDM_DownloadAcc_148.acc (901 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Temp\ietemp1.dat (748 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\pageURLInfo[1] (8 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\SDMHTMLInterfaces[1] (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\close_disabled[1] (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\initialized[1] (401 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\progressFooter[1] (12 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\extrnalHandler[1] (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\EULAFooter[1] (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Z9G5WK54.txt (705 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\header[1].htm (331 bytes)
    %Program Files%\FreeRide Games\GPlayer.exe (485 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\OPXWUDYK.txt (543 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn3266.tmp\inetc.dll (48 bytes)
    C:\END (18 bytes)

  5. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "Exent_SDM" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\SDM148\Free Ride Games.exe l 'Startup' u 'http://player.freeridegames.com/do/SDMC?action=config_7_5&type=ES_TB_HOMEPAGE_SEARCH&contentId=%d' p '148' c '480860'"

  6. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  7. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2025 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now