Trojan-PSW.Win32.MSNPassword_9b7ec3407f

by malwarelabrobot on April 3rd, 2016 in Malware Descriptions.

Trojan-PSW.Win32.MSNPassword.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan-PSW, Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 9b7ec3407f9398338cfae5e05828cd23
SHA1: 2b4e44837335117d89bc28089e7ca3b72cad2cbf
SHA256: 6d626a693e32b41f1734004b6d31a43abdec78faac0a5ed4ad992c45252ab88d
SSDeep: 24576:5/XvmjWP/UVldAC6hG3GS3ESoivN82Ld6fQyOn2I:ZFHmAY3tUSoeNv2I
Size: 1166168 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-05-11 23:03:42
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan-PSW. Trojan program intended for stealing users passwords.

Payload

No specific payload has been found.

Process activity

The Trojan-PSW creates the following process(es):

iKernel.exe:1512
regsvr32.exe:224
regsvr32.exe:1716
Location_extractor_654250.exe:1072
RegEdit.exe:1632
RegEdit.exe:1084
RegEdit.exe:140
EXEtender_Default.exe:824
Setup.exe:1064
%original file name%.exe:272
Free Ride Games.exe:464
IKernel.exe:460
IKernel.exe:1972

The Trojan-PSW injects its code into the following process(es):

GPlayer.exe:644

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process GPlayer.exe:644 makes changes in the file system.
The Trojan-PSW creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tags[2].js (4774 bytes)
%Program Files%\Free Ride Games\Info\co_adm.dat (911 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribalfusion[1].txt (603 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[6].jpg (3645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[1].jpg (3637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\geoServices[2].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\analytics[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[2].js (2530 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[4].jpg (3637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\rtdGames[1] (1704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[1].jpg (5654 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[10].jpg (4718 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (7290 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\displayAd[1].js (157 bytes)
%Program Files%\Free Ride Games\Info\ExentRssDB_143.xml (23 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (23136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[7].jpg (7506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CARP1BI2.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\utils[1].jsp (303 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[2].jpg (3704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_UEHYMtNAgLnWnse (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[9].jpg (4250 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\controller[2].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[4].jpg (2772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[7].jpg (6057 bytes)
%Program Files%\Free Ride Games\Info\co_adm.dat-journal (26790 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[6].jpg (10151 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[9].jpg (3369 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@freeridegames[2].txt (1173 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[1].jpg (1907 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\160x600_frame_ad[1].htm (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[3].jpg (4616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[5].jpg (3790 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\scriptsIncludes[1].js (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAAJC9MB.ad (231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery.globalEvents[2].js (933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (3894 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[11].jpg (5010 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[5].jpg (2772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tags[1].js (3581 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[7].jpg (3410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\skin[1].xml (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CA8DYDBO.ad (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin[2].xml (398 bytes)
%Program Files%\Free Ride Games\Data\version.ini (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\displayAd[2].js (247 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[2].jpg (2772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[8].jpg (3637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[8].jpg (3645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[9].jpg (2778 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\728x90_default_tribal[1].htm (332 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\160x600_default_tribal[1].htm (335 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\728x90_frame_ad[1].htm (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[5].jpg (2772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\skin[1] (381 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\analytics[1].js (733 bytes)
%Program Files%\Free Ride Games\Info\1.clg (26703 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[4].jpg (3348 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribalfusion[2].txt (310 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\utils[1].htm (907 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[13].jpg (2772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\160x600_frame_ad[1] (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[10].jpg (2772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[1].js (2845 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[10].jpg (2675 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CA8DMB0T.ad (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[1].jpg (2778 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAJIGZ3H.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_AV70pDodfRgPEkH (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\analytics[3].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Exent\GI20160402080912GMT.Log (2201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[8].jpg (2772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[4].jpg (2778 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[2].jpg (3637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[12].jpg (3354 bytes)
%Program Files%\Free Ride Games\Info\NM_CP_143.xml (83 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\json2[1].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[3].jpg (3645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[11].jpg (5664 bytes)
%Program Files%\Free Ride Games\Data\version.tmp.http.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\geoServices[1].js (580 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@freeridegames[1].txt (1878 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[8].jpg (2772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin[1] (309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\track[1].htm (356 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[5].jpg (6190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[6].jpg (3340 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@~~local~~[1].txt (1840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\728x90_frame_ad[1] (771 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[12].jpg (3645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\json2[2].js (17 bytes)
%Program Files%\Free Ride Games\Info\2.clg (3603 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[9].jpg (5654 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[6].jpg (8217 bytes)
%Program Files%\Free Ride Games\Info\sXp.dat (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[3].jpg (2778 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[2].jpg (4446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[7].jpg (3348 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\controller[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[3].jpg (2679 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\analytics[2].js (733 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery.globalEvents[1].js (436 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[10].jpg (2778 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[11].jpg (3637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin[1].xml (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CA77YAVH.ad (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAJQTKHL.gif (43 bytes)

The Trojan-PSW deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@freeridegames[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[8].jpg (0 bytes)
%Program Files%\Free Ride Games\Info\co_adm.dat-journal (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin[1] (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribalfusion[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\geoServices[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\analytics[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@freeridegames[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\skin[1] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\analytics[2].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tribalfusion[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAAJC9MB.ad (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CA8DMB0T.ad (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAJIGZ3H.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\controller[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tags[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\skin[1].xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\displayAd[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\analytics[3].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CA8DYDBO.ad (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CA77YAVH.ad (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery.globalEvents[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\json2[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Exent\GI20160402080905GMT.Log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CARP1BI2.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin[1].xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\utils[1].jsp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAJQTKHL.gif (0 bytes)

The process Location_extractor_654250.exe:1072 makes changes in the file system.
The Trojan-PSW creates and/or writes to the following file(s):

C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\dmAssetsXmlFile_assets.xml (666 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\GameImage_DefaultGameImage.gif (12 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Content.wav (2995 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\GPlrLanc.exe (15414 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\ch1.ix (1 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\ProviderMD_checkRSSFeed.jsp.dat (6 bytes)
%Documents and Settings%\%current user%\Desktop\Play Zombie Bowl-O-Rama.lnk (1 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\exs.dll (16131 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\ch1.dat (19057 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\SplashScreenGameImage_DefaultSplashScreenGameImage.jpg (1967 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\GameInfoXML_654250_GameInfo.xml.dat (3 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\GameIcon_icon.ico.dat (5331 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\Thumbs.db (18 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\ch0_1.ix (171 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\SC-0000654250-001.ico (15 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Default\GPlrLanc\GPlrLanc.dat (6 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\ch0.ix (2104 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\ch0_3.ix (171 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\ch0.dat (1547741 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\md.dat (570 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Preload.dat (1 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\GameImage_player_boxshot.jpg.dat (5 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\ch0_2.dat (4 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\00000000.VIX (10 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Content.md (3 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Free Ride Games\Zombie Bowl-O-Rama\Play Zombie Bowl-O-Rama.lnk (1 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\splash_screen.gif (1372 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\ch0_3.dat (4 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\SplashScreenGameImage_splash_screen.jpg.dat (1967 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\ch0_2.ix (171 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\CacheSettings.ini (231 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\Default\GPlrLanc\GPlayer.ico (17 bytes)
C:\Remote Programs\Zombie Bowl-O-Rama\ch0_1.dat (4 bytes)

The Trojan-PSW deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp (0 bytes)

The process EXEtender_Default.exe:824 makes changes in the file system.
The Trojan-PSW creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\layout.bin (417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\ExentCtl.ocx (8744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\data1.hdr (2478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\setup.ini (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\plf4.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\data1.cab (8949 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\exs.dll (12304 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\setup.iss (169 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\FRGN.ico (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\data2.cab (170938 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\setup.inx (7746 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\ikernel.ex_ (6410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ext5.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\pftw1.pkg (43502 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\Setup.exe (2246 bytes)

The Trojan-PSW deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\layout.bin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\setup.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\ExentCtl.ocx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\data1.hdr (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\setup.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\plf4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\data1.cab (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\exs.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\FRGN.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\setup.iss (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\data2.cab (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\setup.inx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\ikernel.ex_ (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ext5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\pftw1.pkg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\Setup.exe (0 bytes)

The process Setup.exe:1064 makes changes in the file system.
The Trojan-PSW creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\IEC7.tmp (2105 bytes)
%Program Files%\Common Files\InstallShield\Engine\6\Intel 32\temp.000 (11328 bytes)

The Trojan-PSW deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\IEC7.tmp (0 bytes)
%Program Files%\Common Files\InstallShield (0 bytes)
%Program Files%\Common Files\InstallShield\IScript (0 bytes)
%Program Files%\Common Files\InstallShield\Engine\6 (0 bytes)
%Program Files%\Common Files\InstallShield\Engine\6\Intel 32 (0 bytes)
%Program Files%\Common Files\InstallShield\Engine (0 bytes)

The process %original file name%.exe:272 makes changes in the file system.
The Trojan-PSW creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splash\loader5.jpg (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\resourceDll.dll (7532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\ExentCtlInstaller.dll (4169 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse2.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splash\loader1.jpg (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splash\loader3.jpg (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splasher.dll (10805 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Free Ride Games.exe (38850 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\cmhelper.exe (5571 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splash\loader2.jpg (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splash\loader4.jpg (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splash\loader6.jpg (14 bytes)

The Trojan-PSW deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsj1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse2.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~DF8EED.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splasher.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Free Ride Games.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse2.tmp (0 bytes)

The process Free Ride Games.exe:464 makes changes in the file system.
The Trojan-PSW creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\D41693DAFE5DEF0C36959FF1FCEF5C96 (603 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10000\SDM_DownloadAcc_10000.acc (941 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10044\98b43d77-a569-462a-ae12-61dee42f9d55 (172915 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10044\bd545434-2192-46fb-9923-badb71c13adc (172915 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\207B9FD92391B9B2A60A89B4C965D5DF (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10000\23f0ee32-947c-464e-962e-446b6ee3ddf2 (56983 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10044\4304aba4-1da2-4a0c-8789-287cede31fe7 (172915 bytes)
%System%\d3d8caps.dat (1532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10044\SDM_DownloadAcc_10044.acc (970 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10044\fc47f249-b55b-4517-b36b-886ae45a6231 (172915 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10000\bf70f11d-afeb-453b-a5b8-6d4777353ea7 (56983 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10000\410b41c5-ab34-47d7-a9ec-155b75d584dd (56983 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10044\66076066-8968-4cff-8baf-3013e33672d5 (172915 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10000\810df9da-fa6e-4327-9b11-88e738dc8833 (56983 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Exent\GI20160402080905GMT.Log (28 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\207B9FD92391B9B2A60A89B4C965D5DF (588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\SDM_DB_143.xml (1226 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (1819 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\D41693DAFE5DEF0C36959FF1FCEF5C96 (308 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (3072 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Location_extractor_654250.exe (327251 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10000\ab8b2c37-22fb-4040-b117-85e02e49544e (56983 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\SDMLog.log (5592558 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (8676 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SDM143\EXEtender_Default.exe (92241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_uninsdm.bat (175 bytes)

The Trojan-PSW deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)

The process IKernel.exe:1972 makes changes in the file system.
The Trojan-PSW creates and/or writes to the following file(s):

%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\dl670f.rra (7 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\MyGa7066.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\skin_events\Skin6eff.rra (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\_IsR5d7a.rra (8474 bytes)
%Program Files%\Free Ride Games\Skins\000005\Skin64ed.rra (30 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_66d1.rra (27 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_s6fca.rra (12 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6692.rra (15 bytes)
%Program Files%\Free Ride Games\glut6450.rra (2712 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\bgTo6b26.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\bann6b84.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\erro6e14.rra (8 bytes)
%Program Files%\Free Ride Games\Skins\000005\mask\play70a5.rra (144 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_e6f7d.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6654.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\repl6c7e.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\errS6838.rra (6 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\load6d49.rra (6 bytes)
%Program Files%\Free Ride Games\X7Ex648f.rra (20620 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\load6d3a.rra (2334 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\laun6cbd.rra (6 bytes)
%Program Files%\Free Ride Games\Game6402.rra (64414 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\skip71bf.rra (3 bytes)
%Program Files%\Free Ride Games\exs63d3.rra (828 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\Most6932.rra (7308 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\play6cdc.rra (6 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\chan6cfb.rra (4 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\dela6de5.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\FRGL7018.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\jque6e43.rra (16 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\play6ea1.rra (729 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\genr6c5f.rra (4456 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_65c7.rra (5 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\clos6cad.rra (247 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_u6fd9.rra (7 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\erro6829.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6673.rra (10 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd679c.rra (5 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\game6d2a.rra (4 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd67cb.rra (2336 bytes)
%Documents and Settings%\All Users\Application Data\Free Ride Games\Exen7a78.rra (10160 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\load6ccc.rra (17 bytes)
%Program Files%\Free Ride Games\d3dx7316.rra (32512 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\mg_i6e72.rra (21 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\adGa67ea.rra (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\lice5cde.rra (2334 bytes)
%Program Files%\Free Ride Games\Skins\000005\GameInfoDefault\Thum650c.rra (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\lice5cce.rra (9 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\key_6e62.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dial68e4.rra (1 bytes)
%Program Files%\InstallShield Installation Information\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}\layo627c.rra (417 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\flas6e34.rra (19 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_655a.rra (15 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\bann6ba3.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\yesn6ed0.rra (3 bytes)
%Documents and Settings%\All Users\Application Data\Free Ride Games\Setu7ac6.rra (1568 bytes)
%Program Files%\Free Ride Games\Skins\000005\dat\GPlrLanc.dat (22 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\layo6923.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6606.rra (14 bytes)
%Documents and Settings%\All Users\Application Data\Free Ride Games\setu7ad6.rra (2 bytes)
%Program Files%\Free Ride Games\cmhe63b4.rra (6134 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\YUI\anim6f1e.rra (13 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6625.rra (12 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\bgRi6b17.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\fram6e43.rra (14 bytes)
%Program Files%\Free Ride Games\EXEt64cd.rra (8 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\chk_6a0d.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\auto67fa.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\FRGL7037.rra (34 bytes)
%Program Files%\Free Ride Games\EXEt6366.rra (4 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\chk_69fd.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\dial6819.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\more6aa9.rra (3 bytes)
%Program Files%\Free Ride Games\exs63e3.rra (24854 bytes)
%Program Files%\Free Ride Games\X7XS64ae.rra (2334 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\lice5ca0.rra (29 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\skip71cd.rra (6 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\post6858.rra (389 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\bott6b26.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\upda71dd.rra (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\lice5cfd.rra (23 bytes)
%Program Files%\Free Ride Games\Skins\000005\mask\erro7095.rra (144 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\sign6eb1.rra (4 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\upda71de.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\pinb71ae.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\subm6ad8.rra (2 bytes)
%Program Files%\Common Files\InstallShield\Engine\6\Intel 32\core5a0f.rra (28 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\smal6c7e.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\mask\logi7095.rra (96 bytes)
%Program Files%\Free Ride Games\GUpd63c4.rra (2334 bytes)
%Program Files%\Free Ride Games\glut648f.rra (2712 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\GATr68f4.rra (2326 bytes)
%Program Files%\Free Ride Games\X6XS647f.rra (1568 bytes)
%Documents and Settings%\All Users\Application Data\Free Ride Games\iker7aa7.rra (6720 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\logi6848.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\Tray64cd.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\yesn6877.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6664.rra (4 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\back70f3.rra (12 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_65a8.rra (7 bytes)
%Program Files%\Free Ride Games\X6Ex6470.rra (9120 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6579.rra (6 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\ok_16ab9.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\clos7131.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\drop6e05.rra (6 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\bott6b36.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\load6b46.rra (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\defa5d5b.rra (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\setu5c80.rra (7384 bytes)
%Documents and Settings%\All Users\Application Data\Free Ride Games\layo7ac6.rra (417 bytes)
%Documents and Settings%\All Users\Start Menu\Free Ride Games.lnk (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\YUI\auto6f2e.rra (37 bytes)
%Program Files%\Free Ride Games\X4Ex62aa.rra (16732 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\drop6d1a.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\spla6877.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\mikado_font\2DCC6886.rra (6648 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\clos7122.rra (1 bytes)
%Program Files%\Free Ride Games\X363b4.rra (6 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\Chec7112.rra (1264 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\play6e82.rra (21802 bytes)
%Program Files%\Free Ride Games\Clie6366.rra (395 bytes)
%Program Files%\Free Ride Games\X5XS64ae.rra (1568 bytes)
%Program Files%\Free Ride Games\Skins\000005\Langs\0409\Stri7085.rra (11940 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\eror68e4.rra (8 bytes)
%Program Files%\Free Ride Games\Skins\000005\GameInfoDefault\spla64fc.rra (27 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\gplayer\gpla66e1.rra (3404 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\comm6809.rra (92 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd67ac.rra (9 bytes)
%Program Files%\Free Ride Games\Skins\000005\sound\Popu721c.rra (2334 bytes)
%Program Files%\InstallShield Installation Information\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}\Setup.ini (12 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd674e.rra (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\59b2.rra (7560 bytes)
%Program Files%\Free Ride Games\wh_P63d3.rra (4456 bytes)
%Program Files%\Free Ride Games\glut6441.rra (4314 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\isrt5d3c.rra (11940 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\Chan6fd9.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\canc69cf.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\logo6923.rra (18 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_e6f8b.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\ok_26ac9.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\sear6d97.rra (10 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\devi6d0b.rra (1 bytes)
%Program Files%\Free Ride Games\npEx72f6.rra (8474 bytes)
%Program Files%\Free Ride Games\Skins\000005\mask\upda70b4.rra (1 bytes)
%Program Files%\Free Ride Games\repo6366.rra (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\lice5caf.rra (9 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\MyDo7056.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\NIBmps\NetI70d3.rra (630 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\clie6dd6.rra (581 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\errS6c20.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\NIBmps\NetI70c4.rra (1890 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd675e.rra (10 bytes)
%Program Files%\Free Ride Games\glut741f.rra (2712 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\og_i6e82.rra (625 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\Exit6fe9.rra (17 bytes)
%Program Files%\Free Ride Games\DoDl63e3.rra (6134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\setup.log (139 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\FRGL7008.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\pinb71a0.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\canc69de.rra (1 bytes)
%Documents and Settings%\All Users\Application Data\Free Ride Games\Exen723b.rra (10160 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\swit6ec0.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\stil6cfb.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\YUI\data6f3d.rra (31 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\bgLe6b07.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\clos6a3c.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\main6d59.rra (25 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6589.rra (23 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\skin6867.rra (10 bytes)
%Program Files%\Free Ride Games\npGa7335.rra (51622 bytes)
%Program Files%\Free Ride Games\Skins\000005\GameInfoDefault\Game64fc.rra (12 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\errS6c40.rra (29 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\mikado_font\2DCC68b5.rra (6648 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_65d7.rra (7 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\dl_i6df5.rra (32 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\FRGL6fe9.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_656a.rra (15 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\tabs6dc6.rra (6 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\mikado_font\2DCC68d5.rra (2326 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\upda71ed.rra (6 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\FRGL6ffa.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\topL6b74.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd67db.rra (7 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\ap_c652b.rra (2334 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\bann6bd2.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\logi655a.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\skin_events\Skin6f0e.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\pinb718f.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\Subs6db7.rra (12 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\preR6eb1.rra (14 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\repl6c6e.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\GPlr7047.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\Thum6b65.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\FRGL7009.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\clos6c9d.rra (483 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\ad6700.rra (697 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6598.rra (13 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\FRGL6ff9.rra (34 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\conf6de5.rra (585 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd673e.rra (8 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_65f6.rra (16 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\sear6da7.rra (6 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\mikado_font\2DCC6896.rra (2334 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\clos6c11.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\invi6cbd.rra (262 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\gplayer\gpla6700.rra (16 bytes)
%Documents and Settings%\All Users\Application Data\Free Ride Games\setu7b05.rra (90 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\pb6961.rra (8 bytes)
%Program Files%\Free Ride Games\X8Ex6450.rra (16732 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (2333 bytes)
%Documents and Settings%\All Users\Application Data\Free Ride Games\data79bd.rra (171356 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\help6a6b.rra (3 bytes)
%Program Files%\Free Ride Games\AX326347.rra (3404 bytes)
%Program Files%\Free Ride Games\GPlr6385.rra (18290 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_65b8.rra (4 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\effe6c11.rra (7 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\logi6be2.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_66c1.rra (15 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_d6f5c.rra (22 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\ap_m653b.rra (24 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\clos7123.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\canc69ee.rra (2 bytes)
%Program Files%\Free Ride Games\ProviderComponents.ini (671 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd67bb.rra (7 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\post6ea1.rra (4 bytes)
%Program Files%\Free Ride Games\NPGa7373.rra (10 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\bgBo6b07.rra (1 bytes)
%Documents and Settings%\All Users\Desktop\More FREE games.lnk (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_g6fab.rra (9 bytes)
%Program Files%\InstallShield Installation Information\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}\setu628b.rra (7384 bytes)
%Program Files%\Common Files\InstallShield\Engine\6\Intel 32\iuse5a6d.rra (6134 bytes)
%Program Files%\Free Ride Games\exs.ini (10726 bytes)
%Program Files%\Free Ride Games\GPla62d9.rra (154846 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\gmt\cls_66e1.rra (10 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\yesb720c.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\fram6838.rra (5 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\IAF7056.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\ap_p654a.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\pinb719f.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\skin_events\PreR6eef.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\bann6bc3.rra (1 bytes)
%Program Files%\InstallShield Installation Information\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}\Setu628b.rra (1570 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\butt68d5.rra (7 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\GPla7047.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_i6fab.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd678c.rra (6 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6644.rra (8 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_e6f7c.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\logo6b55.rra (8 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\AC_R6dd6.rra (8 bytes)
%Program Files%\Free Ride Games\Skins\000005\mask\logi70a5.rra (48 bytes)
%Program Files%\Free Ride Games\report.ini (140 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\nobu7141.rra (9 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\debu654a.rra (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7} (4 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\og_i6858.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\yesb71fc.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\jque6e53.rra (3404 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\subm6ae8.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\hide6a8a.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\yesb71fd.rra (6 bytes)
%Program Files%\Free Ride Games\myGa64dd.rra (2334 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd676d.rra (7 bytes)
%Documents and Settings%\All Users\Desktop\Play Free Games.lnk (1 bytes)
%Program Files%\Free Ride Games\FRGN64dd.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\skin_events\Post6edf.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\errS6c4f.rra (988 bytes)
%Program Files%\Free Ride Games\GUpd63b4.rra (3404 bytes)
%WinDir%\GPlrLanc.dat (64 bytes)
%Program Files%\Free Ride Games\Clie63d3.rra (262 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6615.rra (10 bytes)
%Documents and Settings%\All Users\Application Data\Free Ride Games\setu7ae6.rra (7384 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\mg671f.rra (8 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (2333 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\MyGa6942.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\Serv6fe9.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\Langs\0409\EXEt7085.rra (843 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\ok_06ab9.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\myGa6952.rra (2356 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\logi6bf1.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\bann6b94.rra (4 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\Sett7076.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\Onli7066.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\mg_i6848.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\ap_a652b.rra (3404 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\retr6b65.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_g6f9b.rra (8 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\Thum69af.rra (6 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\pinb717f.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\spac6971.rra (49 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\FRGL7019.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd677d.rra (8 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\drop6d2a.rra (181 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\help6a5b.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\stil6ceb.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\play6ccc.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\skip71be.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\ap_d653b.rra (10 bytes)
%WinDir%\Downloaded Program Files\Exen722b.rra (18290 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6683.rra (9 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\adGa67fa.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\flas6e24.rra (4 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Conn650c.rra (296 bytes)
%Program Files%\InstallShield Installation Information\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}\data627c.rra (11728 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\Subs6da7.rra (6 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\bann6bb3.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\more6a9a.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\clos6a5b.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\chk_6a1d.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\defa670f.rra (2 bytes)
%WinDir%\FRGN7b05.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\MyGa6932.rra (8752 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\OffL651b.rra (396 bytes)
%Program Files%\Free Ride Games\AppL6395.rra (33818 bytes)
%Program Files%\Free Ride Games\lice6395.rra (13 bytes)
%Program Files%\Free Ride Games\Skins\000005\NIBmps\NetI70b4.rra (1260 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\buy_69bf.rra (1 bytes)
%Program Files%\Free Ride Games\Repo6356.rra (22774 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_a6f4d.rra (6 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (5784 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_e6f6c.rra (9 bytes)
%WinDir%\Exen64be.rra (2334 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\genr6c4f.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\YUI\yaho6f4d.rra (2334 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_l6fba.rra (8 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\flas6b46.rra (4 bytes)
%Program Files%\Common Files\InstallShield\IScript\iscr5abb.rra (7348 bytes)
%Program Files%\Free Ride Games\Data\vers63d3.rra (4 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\load6b55.rra (15 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\errS6e24.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_m6fba.rra (18 bytes)
%Program Files%\Free Ride Games\Cras63c4.rra (7348 bytes)
%Program Files%\Free Ride Games\X4HS62ca.rra (2334 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\atta6af7.rra (4 bytes)
%Documents and Settings%\All Users\Application Data\Free Ride Games\exs7a88.rra (12280 bytes)
%Documents and Settings%\All Users\Application Data\Free Ride Games\setu7af5.rra (169 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\erro6e05.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\logi6e72.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_o6fca.rra (6 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\canc7102.rra (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\lice5ccf.rra (9 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\gplayer\gpla66f0.rra (961 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6635.rra (25 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\play6c01.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\Sett64ed.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\MinC6d59.rra (4 bytes)
%Documents and Settings%\All Users\Application Data\Free Ride Games\FRGN7aa7.rra (17 bytes)
%Program Files%\Free Ride Games\Game6376.rra (4456 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\nobu7131.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\spla6ec0.rra (2 bytes)
%Program Files%\Free Ride Games\X5Ex649e.rra (11328 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\dott6d1a.rra (35 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\genr6c6e.rra (5 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\errS6c30.rra (996 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\layo6903.rra (3 bytes)
%Program Files%\Common Files\InstallShield\Engine\6\Intel 32\ctor5a1f.rra (3404 bytes)
%Program Files%\Free Ride Games\Skins\000005\dat\GPlr64ed.rra (5 bytes)
%Program Files%\Free Ride Games\Skins\000005\icon\Help7047.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\topR6b74.rra (1 bytes)
%Program Files%\Free Ride Games\ExentComponents.ini (31433 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd67ea.rra (16 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pids671f.rra (58 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\layo6913.rra (1 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\logo6d49.rra (17 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\clos6c8e.rra (376 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\hide6a7a.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\GameInfoDefault\md64fc.rra (383 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\chk_6a2c.rra (2 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\mikado_font\2DCC68a6.rra (2326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\lice5cee.rra (8 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\icon6903.rra (8 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_66b2.rra (5 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\mikado_font\2DCC68c5.rra (2334 bytes)
%Documents and Settings%\All Users\Application Data\Free Ride Games\data79ad.rra (10160 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\json6e53.rra (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\valu5d2c.rra (4 bytes)
%Program Files%\Common Files\InstallShield\Engine\6\Intel 32\obje5a4e.rra (798 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\canc70f3.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\Popups\1\canc70f4.rra (3 bytes)
%Program Files%\Free Ride Games\X8XS6470.rra (2334 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\trac6ed0.rra (10 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\dl_i6819.rra (3 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\skin_events\spec6f1e.rra (807 bytes)
%Program Files%\Free Ride Games\Skins\000005\NIBmps\Thum70d3.rra (5 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd672f.rra (11 bytes)
%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\clos6a4c.rra (1 bytes)

The Trojan-PSW deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\license admuse.txt (0 bytes)
%Program Files%\Free Ride Games\EXEtenderDefaults.reg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\default.pal (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\license.Old.txt (0 bytes)
%Program Files%\Free Ride Games\glutil.dll (0 bytes)
%Documents and Settings%\All Users\Application Data\Free Ride Games\ExentCtl.ocx (0 bytes)
%Program Files%\Free Ride Games\X3.vxd (0 bytes)
%Program Files%\Free Ride Games\NPGameTreatPlugin.reg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\license FRG.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\license PT.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\value.shl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\_IsRes.dll (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\license.txt_old (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Program Files%\Free Ride Games\EXEtenderDefaultsProvider.reg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\isrt.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\license default.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\setup.inx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\license BellCanada.txt (0 bytes)

Registry activity

The process iKernel.exe:1512 makes changes in the system registry.
The Trojan-PSW creates and/or sets the following values in system registry:

[HKCR\Setup.LogServices.1\CLSID]
"(Default)" = "{22D84EC7-E201-4432-B3ED-A9DCA3604594}"

[HKCR\Interface\{AF57A6F0-4101-11D3-88F6-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCR\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCR\CLSID\{22D84EC7-E201-4432-B3ED-A9DCA3604594}]
"(Default)" = "SetupLogServices Class"

[HKCR\Interface\{AA7E2062-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Setup.LogServices]
"(Default)" = "SetupLogServices Class"

[HKCR\Setup.Kernel]
"(Default)" = "InstallShield setup kernel"

[HKCR\Interface\{AA7E2060-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCR\CLSID\{22D84EC7-E201-4432-B3ED-A9DCA3604594}\LocalServer32]
"(Default)" = "C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe"

[HKCR\Interface\{AA7E2066-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\TypeLib\{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Common Files\InstallShield\engine\6\Intel 32\"

[HKCR\Interface\{AF57A6F1-4101-11D3-88F6-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\TypeLib\{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}\1.0\0\win32]
"(Default)" = "%Program Files%\Common Files\InstallShield\engine\6\Intel 32\iKernel.exe"

[HKCR\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\CLSID\{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}\ProgID]
"(Default)" = "Setup.Kernel.1"

[HKCR\Setup.Kernel.1\CLSID]
"(Default)" = "{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\CLSID\{8c3c1b17-e59d-11d2-b40b-00a024b9dddd}\TreatAs]
"(Default)" = "{22D84EC7-E201-4432-B3ED-A9DCA3604594}"

[HKCR\Interface\{8C3C1B13-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{8C3C1B11-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\CLSID\{22D84EC7-E201-4432-B3ED-A9DCA3604594}\ProgID]
"(Default)" = "Setup.LogServices.1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\CLSID\{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}\VersionIndependentProgID]
"(Default)" = "Setup.Kernel"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\Setup.Kernel\CLSID]
"(Default)" = "{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AA7E2061-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\CLSID\{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}\LocalServer32]
"(Default)" = "C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCR\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Setup.Kernel.1]
"(Default)" = "InstallShield setup kernel"

[HKCR\CLSID\{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}]
"(Default)" = "InstallShield setup kernel"

[HKCR\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\CLSID\{22D84EC7-E201-4432-B3ED-A9DCA3604594}\VersionIndependentProgID]
"(Default)" = "Setup.LogServices"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E3 59 28 19 4A 50 24 30 FE A2 F6 D0 52 68 57 9F"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCR\CLSID\{8c3c1b17-e59d-11d2-b40b-00a024b9dddd}]
"(Default)" = "SetupLogServices Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCR\Interface\{AA7E2065-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{CC096170-E2CB-11D2-80C8-00104B1F6CEA}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCR\Setup.LogServices\CLSID]
"(Default)" = "{22D84EC7-E201-4432-B3ED-A9DCA3604594}"

[HKCR\Interface\{DED5FEEC-225A-11D3-88AA-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Setup.LogServices.1]
"(Default)" = "SetupLogServices Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The process GPlayer.exe:644 makes changes in the system registry.
The Trojan-PSW creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\2]
"TicketID" = "1204111893"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\SkinStyle]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\CMC]
"LastShutdownOK" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\TK\TKFT]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\2]
"filepath" = "%Program Files%\Free Ride Games\Info\2.clg"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\TK\TKFT]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\Partner]
"Value" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssChannelGroup]
"Value" = ""

[HKLM\SOFTWARE\Exent\AOD\Client\CLG]
"MaxFilesCount" = "16"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssFeedUrlExtension]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client]
"EnableStopBeforeNavigate" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\1]
"PlayTime" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client]
"ProviderId" = "143"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\1]
"STyp" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\MessagesSoundEnable]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\2]
"PlayTime" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssChannelGroup]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Reminders]
"RssReminder" = "80 97 AC 3D B7 8C D1 01"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\TK\TKEnabled]
"Value" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\Partner]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\1]
"TicketID" = "1204111893"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssCheckReminderTimerIntervalInSec]
"Value" = "3600"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "GPlayer.exe"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\TK\TKEnabled]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\2]
"ErrorID" = "0"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\1]
"TargetURL" = ""

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssFeedUrlExtension]
"Value" = ""

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssCheckReminderTimerIntervalInSec]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\1]
"ErrorID" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\SkinCode]
"Value" = "000005"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG]
"LastFileIndex" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\1]
"RTyp" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssChannelGroup]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\2]
"RTyp" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssFeedUrlExtension]
"IsReadOnly" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\1]
"filepath" = "%Program Files%\Free Ride Games\Info\1.clg"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\MessagesSoundEnable]
"Value" = "1"
"IsVisible" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 54 AE 91 6B 94 5A 1D 49 2A 1A E7 27 E8 44 70"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1458054252"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssCheckReminderTimerIntervalInSec]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\2]
"TargetURL" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\2]
"STyp" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\SkinStyle]
"IsVisible" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\TK\TKEnabled]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\SkinStyle]
"IsReadOnly" = "1"

[HKCU\Software\Classes\Applications\GPlayer.exe]
"TaskbarGroupIcon" = "%Program Files%\Free Ride Games\Skins\000005\icon\GPlayer.ico"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushFadingScheme]
"Value" = "168,3600"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\TK\TKFT]
"Value" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG]
"RecoverSendFilesCount" = "3"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\Partner]
"IsReadOnly" = "1"

The Trojan-PSW modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-PSW modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-PSW modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-PSW deletes the following registry key(s):

[HKLM\SOFTWARE\Exent\AOD\Client\CLG\1]

The Trojan-PSW deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@shdoclc.dll,-880"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9227"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Free Ride Games]
"GPlayer.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-8964"
"SHELL32.dll,-9319"
"SHELL32.dll,-9217"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9216"

The process regsvr32.exe:224 makes changes in the system registry.
The Trojan-PSW creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2D 32 8B D3 C9 7E 1E E3 47 52 97 FC BF 39 73 69"

[HKLM\System\CurrentControlSet\Control\WOW]
"DefaultSeparateVDM" = "yes"

The process regsvr32.exe:1716 makes changes in the system registry.
The Trojan-PSW creates and/or sets the following values in system registry:

[HKCR\Interface\{220A6516-9695-47EF-9413-7BEDC27C34CF}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ProgID]
"(Default)" = "ExentCtl.ExentInf.1"

[HKCR\Interface\{220A6516-9695-47EF-9413-7BEDC27C34CF}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\TypeLib]
"(Default)" = "{6A06043B-60F9-11D5-A6CD-0002B31F7455}"

[HKCR\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\MiscStatus\1]
"(Default)" = "132497"

[HKCR\TypeLib\{6A06043B-60F9-11D5-A6CD-0002B31F7455}\1.0\0\win32]
"(Default)" = "%WinDir%\Downloaded Program Files\ExentCtl.ocx"

[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}]
"SystemComponent" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\%WinDir%\Downloaded Program Files]
"ExentCtl.ocx" = "1"

[HKCR\ExentCtl.ExentInf.1]
"(Default)" = "ExentInf Class"

[HKCR\TypeLib\{6A06043B-60F9-11D5-A6CD-0002B31F7455}\1.0]
"(Default)" = "ExentCtl 1.0 Type Library"

[HKCR\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
"409" = "Controls that are safely scriptable"

[HKCR\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\InprocServer32]
"(Default)" = "%WinDir%\Downloaded Program Files\ExentCtl.ocx"

[HKCR\Interface\{6A060447-60F9-11D5-A6CD-0002B31F7455}]
"(Default)" = "IExentInf"

[HKCR\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\MiscStatus]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}]
"Installer" = "MSICD"

[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\DownloadInformation]
"CodeBase" = ""

[HKCR\TypeLib\{6A06043B-60F9-11D5-A6CD-0002B31F7455}\1.0\HELPDIR]
"(Default)" = "%WinDir%\Downloaded Program Files\"

[HKCR\ExentCtl.ExentInf\CurVer]
"(Default)" = "ExentCtl.ExentInf.1"

[HKCR\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\ToolboxBitmap32]
"(Default)" = "%WinDir%\Downloaded Program Files\ExentCtl.ocx, 101"

[HKCR\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
"409" = "Controls safely initializable from persistent data"

[HKCR\ExentCtl.ExentInf]
"(Default)" = "ExentInf Class"

[HKCR\Interface\{220A6516-9695-47EF-9413-7BEDC27C34CF}\TypeLib]
"(Default)" = "{6A06043B-60F9-11D5-A6CD-0002B31F7455}"

[HKCR\Interface\{6A060447-60F9-11D5-A6CD-0002B31F7455}\TypeLib]
"(Default)" = "{6A06043B-60F9-11D5-A6CD-0002B31F7455}"

[HKCR\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\VersionIndependentProgID]
"(Default)" = "ExentCtl.ExentInf"

[HKCR\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\Version]
"(Default)" = "1.0"

[HKCR\TypeLib\{6A06043B-60F9-11D5-A6CD-0002B31F7455}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{220A6516-9695-47EF-9413-7BEDC27C34CF}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ExentCtl.ocx]
".Owner" = "{6A060448-60F9-11D5-A6CD-0002B31F7455}"

[HKCR\ExentCtl.ExentInf\CLSID]
"(Default)" = "{6A060448-60F9-11D5-A6CD-0002B31F7455}"

[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\Contains\Files\%WinDir%\Downloaded Program Files]
"ExentCtl.ocx" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ExentCtl.ocx]
"{6A060448-60F9-11D5-A6CD-0002B31F7455}" = ""

[HKCR\Interface\{6A060447-60F9-11D5-A6CD-0002B31F7455}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{220A6516-9695-47EF-9413-7BEDC27C34CF}]
"(Default)" = "_IExentInfEvents"

[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\InstalledVersion]
"(Default)" = "07,03,00,00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1D CD 00 C7 60 B7 93 DE 56 58 B9 92 9E AA D3 71"

[HKCU\Software\AppDataLow\Software\Exent\AOD\ExentCtl]
"runInstallFlag" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6A060448-60F9-11D5-A6CD-0002B31F7455}]
"(Default)" = ""

[HKCR\Interface\{6A060447-60F9-11D5-A6CD-0002B31F7455}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}\InstalledVersion]
"LastModified" = "Thu, 18 Mar 2010 09:18:36 GMT"

[HKCR\ExentCtl.ExentInf.1\CLSID]
"(Default)" = "{6A060448-60F9-11D5-A6CD-0002B31F7455}"

[HKCR\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}]
"(Default)" = "ExentInf Class"

[HKCR\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{6A060447-60F9-11D5-A6CD-0002B31F7455}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

The process Location_extractor_654250.exe:1072 makes changes in the system registry.
The Trojan-PSW creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "92 9E B4 6E 89 FE 84 5F 40 75 67 3C AC EE 02 FD"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

The process RegEdit.exe:1632 makes changes in the system registry.
The Trojan-PSW creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssCheckUpdatesIntervalInSec]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\CS\CSDelExp]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\EnableARP]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\EnableDesktopShortcut]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\GameInfoURL]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushAIGsListUrl]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\SchedulingEnable]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\PropmtBeforeCreatingShortcut]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\PRV]
"eSSTy" = "1"

[HKLM\SOFTWARE\Conduit\AppPaths\GPlayer.exe]
"AppPath" = "%Program Files%\Free Ride Games\GPlayer.exe"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoDiskManagment]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\IGAOptions]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssCheckUpdatesIntervalInSec]
"Value" = "10800"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\OpenShortcutInIE]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushFadingScheme]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\PRV]
"eLPL" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\SkinCode]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushAlreadyRunSuccessfully]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\EnableShortcut]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG]
"LastSuccessfulErrURL" = "http://www.freeridegames.com/opTools/errorReport.jsp"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RunPlayerOnStartUp]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssUserType]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\CS\CSDelExp]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ProxyRadio]
"Value" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssEnable]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushFirstTimeDelayInSec]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\CS\Names]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0]
"Description" = "Exent® AOD Gecko Plugin"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\PropmtBeforeCreatingShortcut]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\GameInfoURL]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushAlreadyRunSuccessfully]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\EnableShortcut]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoClientUpgradeRadio]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0]
"Path" = "%Program Files%\Free Ride Games\npExentCtl.dll"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"GTR.exe" = "9999"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\EnableShortcut]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\CS\Enabled]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ProxyAddress]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\CS\Domain]
"IsVisible" = "0"

[HKLM\SOFTWARE\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0]
"ProductName" = "Games-On-Demand"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\VersionXmlURL]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\SchedulingEnable]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\EnableDesktopShortcut]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoClientUpgradeCheckURL]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\CS\Names]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssDefaultShowMsgDurationInSec]
"Value" = "60"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\EnableARP]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\SkinCode]
"Value" = "000005"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\CS\CSNamesEx]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ProxyPort]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssFeedUrl]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoClientUpgradeReminderIntervalInMinutes]
"Value" = "4320"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoClientUpgradeCheckIntervalInMinutes]
"Value" = "360"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 37 08 93 52 C1 3B D1 CE F4 69 3C 57 B7 58 F2"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ProxyPort]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0]
"vendor" = "Exent Technologies Ltd."

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushShowMsgDurationInSec]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RunPlayerOnStartUp]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\SchedulingEnable]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssFeedUrl]
"Value" = "http://www.freeridegames.com/do/messageRss"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssPersistentMessageFadingScheme]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\VersionXmlURL]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\IGAOptions]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentStatusShowMsgDurationInSec]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\EnableDesktopShortcut]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\PRV]
"eSPT" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushAIGsListUrl]
"Value" = "http://www.freeridegames.com/do/contentPush"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoErrorReport]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoClientUpgradeCheckIntervalInMinutes]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushAlreadyRunSuccessfully]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RunPlayerOnStartUp]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssDefaultShowMsgDurationInSec]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushShowMsgDurationInSec]
"Value" = "1200"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\OpenShortcutInIE]
"Value" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushCheckTimerIntervalInSec]
"Value" = "900"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssDefaultShowMsgDurationInSec]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushFirstTimeDelayInSec]
"Value" = "900"

[HKLM\SOFTWARE\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0]
"Version" = "7.0.0.0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushCheckTimerIntervalInSec]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoClientUpgradeCheckURL]
"Value" = "http://www.freeridegames.com/do/PlayerUpdateInfo"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\CS\Enabled]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\SkinCode]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoErrorReport]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client]
"UseClientReportUrl" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssUserType]
"Value" = "new"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\VersionXmlURL]
"Value" = "http://dts1.freeridegames.com/FRG_site/data/feeds/Os_Build_Supp/version.xml"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushCheckTimerIntervalInSec]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AccessWebPageConnectionTimeout]
"Value" = "20000"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\CS\Enabled]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ProxyAddress]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoErrorReport]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\CS\Domain]
"Value" = "www.freeridegames.com"
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ProxyRadio]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client]
"ClientReportUrl" = "/opTools/clientReport.jsp"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssEnable]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoClientUpgradeReminderIntervalInMinutes]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\GameInfoURL]
"Value" = "http://www.freeridegames.com/do/gameInfo?contentId=%GAME_ID%"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushFadingScheme]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AccessWebPageConnectionTimeout]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\PropmtBeforeCreatingShortcut]
"Value" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssPersistentMessageFadingScheme]
"Value" = "168,86400"

[HKLM\SOFTWARE\Exent\AOD\Client]
"ProviderId" = "143"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssEnable]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\IGAOptions]
"Value" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoClientUpgradeCheckURL]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\CS\Names]
"Value" = "143_CS,143_CAMPAIGN_SERIAL_ID,143_REACTIVATION_ID,143_TURNKEY"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\CS\CSNamesEx]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"GTR.exe" = "9999"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AccessWebPageConnectionTimeout]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoDiskManagment]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssFeedUrl]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ProxyRadio]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\EnableARP]
"Value" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoClientUpgradeRadio]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushAIGsListUrl]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushShowMsgDurationInSec]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ProxyPort]
"Value" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ProxyAddress]
"Value" = ""

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoClientUpgradeCheckIntervalInMinutes]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoClientUpgradeRadio]
"Value" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\CS\CSNamesEx]
"Value" = "ON(143_CAMPAIGN_SERIAL_ID)ON(143_TURNKEY)ON(143_FIRST_BROWSER)NN(143_CAMPAIGN_PERFORMED_CONVERSIONS)NN(143_DAYS_PLAYED)NN(143_REACTIVATION_ID,CM)NN(143_GAG)ON(143_SUB_ID)NN(143_PCKGS)NN(143_TOKEN)NN(143_EX_ID)"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoClientUpgradeReminderIntervalInMinutes]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssPersistentMessageFadingScheme]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssCheckUpdatesIntervalInSec]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentPushFirstTimeDelayInSec]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentStatusShowMsgDurationInSec]
"Value" = "7200"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\AutoDiskManagment]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\ContentStatusShowMsgDurationInSec]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client]
"EnableDumpReport" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\OpenShortcutInIE]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\RssUserType]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}]
"Publisher" = "Exent Technologies Ltd"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\143\Settings\CS\CSDelExp]
"IsReadOnly" = "1"

The process RegEdit.exe:1084 makes changes in the system registry.
The Trojan-PSW creates and/or sets the following values in system registry:

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}]
"(Default)" = "Game Treat Widget"

[HKCR\AppID\{B415CD14-B45D-4BCA-B552-B06175C38606}]
"(Default)" = "FireBreathWin"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"GTR.exe" = "9999"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{C9C1FD39-F2D3-50C9-AA6E-662D0EB26128}\TypeLib]
"(Default)" = "{103DFC4E-147A-5606-9B4E-1C216DF227A1}"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\ProgID]
"(Default)" = "GameTreatWidget.GameTreatWidget.1"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\VersionIndependentProgID]
"(Default)" = "GameTreatWidget.GameTreatWidget"

[HKCR\MIME\Database\Content Type\application/x-gametreatwidget]
"Extension" = ""

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\Version]
"(Default)" = "1"

[HKCR\Interface\{FEFD8F9E-7F71-5307-A9E8-D2E60A4AAECA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\MIME\Database\Content Type\application/x-gametreatwidget]
"(Default)" = "Game Treat Widget"

[HKCR\Interface\{7E8621A2-3513-5BAD-85D8-D624558847C7}]
"(Default)" = "IFBComEventSource"

[HKCR\GameTreatWidget.GameTreatWidget\CLSID]
"(Default)" = "{44d07caa-4fc4-5a84-9951-a485ad808d0e}"

[HKCR\GameTreatWidget.GameTreatWidget\CurVer]
"(Default)" = "GameTreatWidget.GameTreatWidget.1"

[HKCR\Interface\{C9C1FD39-F2D3-50C9-AA6E-662D0EB26128}]
"(Default)" = "IFBComJavascriptObject"

[HKCR\GameTreatWidget.GameTreatWidget.1]
"(Default)" = "Game Treat Widget"

[HKCR\MIME\Database\Content Type\application/x-gametreatwidget]
"CLSID" = "{44d07caa-4fc4-5a84-9951-a485ad808d0e}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"GTR.exe" = "9999"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Interface\{FEFD8F9E-7F71-5307-A9E8-D2E60A4AAECA}]
"(Default)" = "IFBControl"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\TypeLib]
"(Default)" = "{103DFC4E-147A-5606-9B4E-1C216DF227A1}"

[HKCR\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\MiscStatus]
"(Default)" = "0"

[HKCR\Interface\{7E8621A2-3513-5BAD-85D8-D624558847C7}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\GameTreatWidget.GameTreatWidget.1\CLSID]
"(Default)" = "{44d07caa-4fc4-5a84-9951-a485ad808d0e}"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"GtrHost.exe" = "9999"

[HKCR\Interface\{7E8621A2-3513-5BAD-85D8-D624558847C7}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\npGameTreatWidget.dll]
"AppID" = "{B415CD14-B45D-4BCA-B552-B06175C38606}"

[HKCR\Interface\{FEFD8F9E-7F71-5307-A9E8-D2E60A4AAECA}\TypeLib]
"(Default)" = "{103DFC4E-147A-5606-9B4E-1C216DF227A1}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B5 DC 17 5C FE 4F 88 96 B6 FE 07 F6 16 80 E2 A1"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32]
"AppID" = "{B415CD14-B45D-4BCA-B552-B06175C38606}"

[HKCR\GameTreatWidget.GameTreatWidget]
"(Default)" = "Game Treat Widget"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\iexplore\AllowedDomains\*]
"Count" = "0"

[HKCR\Interface\{C9C1FD39-F2D3-50C9-AA6E-662D0EB26128}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{C9C1FD39-F2D3-50C9-AA6E-662D0EB26128}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{7E8621A2-3513-5BAD-85D8-D624558847C7}\TypeLib]
"(Default)" = "{103DFC4E-147A-5606-9B4E-1C216DF227A1}"

[HKCR\Interface\{FEFD8F9E-7F71-5307-A9E8-D2E60A4AAECA}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"GtrHost.exe" = "9999"

[HKCR\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}\1.0]
"(Default)" = "GameTreatWidget 1.0 Type Library"

The process RegEdit.exe:140 makes changes in the system registry.
The Trojan-PSW creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Exent\AOD\Client\CMC]
"MediaChangerHotKey" = "193"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SchedulingEnable]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\EnableShortcut]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client]
"ClientReportUrl" = ""

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\ProxyPort]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\ShowNetworkIndicator]
"Value" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\OpenShortcutInIE]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\AutoErrorReport]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\PRV]
"eSPT" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SchedulingUIEnable]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\ProxyPort]
"Value" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"GPlayer.exe" = "9999"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\ProxyAddress]
"Value" = ""

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SettingLastPage]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\AutoDiskManagment]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\AutoErrorReport]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\EnableDesktopShortcut]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SkinCode]
"Value" = "000001"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\AutoErrorReport]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\ProxyRadio]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\EnableDesktopShortcut]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\PropmtBeforeCreatingShortcut]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\PRV]
"eLPL" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\OpenShortcutInIE]
"Value" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\AutoDiskManagment]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client]
"Version" = "117724672"

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags]
"{df5f2391-cd77-412c-afc6-99fd6d5f07c8}" = "4"

[HKLM\SOFTWARE\Exent\AOD\Client\CLG]
"LastSuccessfulErrURL" = ""

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EBFFAE0-F0A4-4ee6-8524-2751906624C4}]
"AppPath" = ""

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\ProxyRadio]
"Value" = "0"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EBFFAE0-F0A4-4ee6-8524-2751906624C4}]
"AppName" = "GPlayer.exe"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SchedulingEnableOnStartup]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\PropmtBeforeCreatingShortcut]
"Value" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\CMC]
"CheckDiskSpaceInterval" = "86400000"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\ShowNetworkIndicator]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SettingLastPage]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client]
"Mmd" = "8B0424DEFF152C625CB814DF89D8F3C82CE328F87F8F83DCF86A05F35C8852D1890B8F16F4E5285E1DB0B8D2"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SchedulingEnable]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\EnableShortcut]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SchedulingEnable]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\ProxyRadio]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\EnableShortcut]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SchedulingUIEnable]
"Value" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\ProxyAddress]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EBFFAE0-F0A4-4ee6-8524-2751906624C4}]
"Policy" = "3"

[HKLM\SOFTWARE\Exent\AOD\Client]
"UseClientReportUrl" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\AutoDiskManagment]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CD 53 39 28 02 F9 4A D1 3F C5 99 5A A2 D5 99 26"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SchedulingEnableOnStartup]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SkinCode]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\ProxyPort]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\OpenShortcutInIE]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\ShowNetworkIndicator]
"IsVisible" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\PropmtBeforeCreatingShortcut]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SchedulingEnableOnStartup]
"Value" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client]
"EnableDumpReport" = "1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS]
"GPlayer.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"GPlayer.exe" = "9999"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\ProxyAddress]
"IsVisible" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\EnableDesktopShortcut]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SchedulingUIEnable]
"IsReadOnly" = "0"

[HKLM\SOFTWARE\Exent\AOD\Client]
"RamMaxWindowSize" = "12"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SkinCode]
"IsReadOnly" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Providers\0\Settings\SettingLastPage]
"Value" = "0"

The process EXEtender_Default.exe:824 makes changes in the system registry.
The Trojan-PSW creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 F1 BD 64 0B AE 97 F8 7E 12 15 73 27 82 1E F6"

The process Setup.exe:1064 makes changes in the system registry.
The Trojan-PSW creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 A0 E9 EC D4 92 26 04 A2 7B F6 53 B7 C5 7B EC"

The process %original file name%.exe:272 makes changes in the system registry.
The Trojan-PSW creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 49 97 87 73 1C F9 45 82 97 21 C7 CE 1A D5 C0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process Free Ride Games.exe:464 makes changes in the system registry.
The Trojan-PSW creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\AppDataLow\Software\Exent\AOD\Client\DC\GC]
"tsh" = "30510262"

[HKLM\SOFTWARE\AppDataLow\Software\Exent\AOD\Client\DC\C]
"CS" = "3400"

[HKLM\SOFTWARE\Exent\AOD\CLSID]
"NumberOfCLSIDs" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\AppDataLow\Software\Exent\AOD\Client\DC\C]
"Tsl" = "3976568448"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\DirectInput\MostRecentApplication]
"ID" = "FREE RIDE GAMES.EXE53CBEE0200079200"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\DirectInput\MostRecentApplication]
"Version" = "0A 05 00 00"

[HKLM\SOFTWARE\AppDataLow\Software\Exent\AOD\Client\DC\GC]
"gcm" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\AppDataLow\Software\Exent\AOD\Client\DC\GC]
"gcr" = "2"

[HKCU\Software\AppDataLow\Software\Exent\AOD\SDM]
"ResumePage" = "index.html#"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\SDM143]
"Location_extractor_654250.exe" = "Location_extractor_654250"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication]
"Name" = "Free Ride Games.exe"

[HKCU\Software\Microsoft\DirectInput\MostRecentApplication]
"MostRecentStart" = "0C 66 4B EF B6 8C D1 01"

[HKLM\SOFTWARE\AppDataLow\Software\Exent\AOD\Client\DC\GC]
"Tsl" = "3976568448"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{459B62D6-C2AB-471C-BC12-EEF931FDF4EB}\0000]
"Attach.ToDesktop" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Free Ride Games]
"GPlayer.exe" = "EXETender Player"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\SDM143]
"EXEtender_Default.exe" = "Free Ride Games"

[HKLM\SOFTWARE\Exent\AOD\CLSID]
"CLSID1" = "CD51425562152ED701001E0100004C4D467D764D764D4A641AD9223763E5E0B8C44D474F46B8C2E17A49A41D25958473744D43339D"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1405873666"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"_uninsdm.bat" = "_uninsdm"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D 63 7F C5 71 63 F8 F2 9D 8E B2 03 C9 45 C3 55"

[HKCU\Software\Microsoft\DirectInput\MostRecentApplication]
"Name" = "FREE RIDE GAMES.EXE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "Free Ride Games.exe"

[HKLM\SOFTWARE\AppDataLow\Software\Exent\AOD\Client\DC\C]
"tsh" = "30510262"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKLM\SOFTWARE\AppDataLow\Software\Exent\AOD\Client\DC\GC]
"advnid" = "5549"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\AppDataLow\Software\Exent\AOD\Client\DC\GC]
"advr" = "11.08.11.0000 built by: WinDDK"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\AppDataLow\Software\Exent\AOD\Client\DC\GC]
"Ad" = "VMware SVGA II"

To automatically run itself each time Windows is booted, the Trojan-PSW adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DependencyCheck" = "Performed"

The Trojan-PSW modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-PSW modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

To automatically run itself each time Windows is booted, the Trojan-PSW adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Exent_SDM" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\SDM143\Free Ride Games.exe l 'Startup' u 'http://www.freeridegames.com/spdo/feeds/sdmConfig?camp=silent&serial_id=%s&serviceId=143&gameId=%d' p '143' c '654250' m playfincom"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-PSW modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-PSW deletes the following registry key(s):

[HKCU\Software\AppDataLow\Software\Exent]
[HKCU\Software\AppDataLow\Software\Exent\AOD\SDM]
[HKCU\Software\AppDataLow\Software\Exent\AOD\IS]
[HKCU\Software\AppDataLow\Software\Exent\AOD]

The Trojan-PSW deletes the following value(s) in system registry:

[HKCU\Software\AppDataLow\Software\Exent\AOD\IS]
"ErrorNum"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"ProxyServer"
"AutoConfigURL"

[HKCU\Software\AppDataLow\Software\Exent\AOD\IS]
"ErrorDesc"

The Trojan-PSW disables automatic startup of the application by deleting the following autorun value:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Exent_SDM"

The process IKernel.exe:460 makes changes in the system registry.
The Trojan-PSW creates and/or sets the following values in system registry:

[HKCR\Interface\{1B1B8830-C559-11D3-B289-00C04F59FBE9}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{AA7E2060-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AF57A6F1-4101-11D3-88F6-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{1F9922A2-F026-11D2-8822-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{54DADAB3-28A6-11D3-88BA-00C04F72F303}]
"(Default)" = "ISetupFileService"

[HKCR\Interface\{8C3C1B14-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{7BB118F1-6D5B-470E-82D0-AFB042724560}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8415DE38-1C1D-11D3-889D-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{DED5FEEC-225A-11D3-88AA-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{54DADAB2-28A6-11D3-88BA-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AA7E2084-CB55-11D2-8094-00104B1F9838}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{761C8359-55AF-4E7B-9C83-C1A927E0F617}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCR\Interface\{AA7E2065-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{44D61997-B7D4-11D2-80BA-00104B1F6CEA}\TypeLib]
"Version" = "1.0"

[HKCR\Setup.LogServices]
"(Default)" = "SetupLogServices Class"

[HKCR\Interface\{91814EC3-B5F0-11D2-80B9-00104B1F6CEA}\TypeLib]
"Version" = "1.0"

[HKCR\Setup.Kernel]
"(Default)" = "InstallShield setup kernel"

[HKCR\Interface\{8C3C1B13-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{54DADAB3-28A6-11D3-88BA-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{22D84EC7-E201-4432-B3ED-A9DCA3604594}\LocalServer32]
"(Default)" = "C:\PROGRA~1\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe"

[HKCR\Interface\{AA7E2066-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{9CFCFE67-0BB8-43E0-8425-378D0A02ACE4}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}]
"(Default)" = "ISetupTransferEvents"

[HKCR\Interface\{1B1B8830-C559-11D3-B289-00C04F59FBE9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Common Files\InstallShield\Engine\6\Intel 32\"

[HKCR\Interface\{C4AAC3B1-C547-11D3-B289-00C04F59FBE9}]
"(Default)" = "ISetupRegistry2"

[HKCR\Interface\{1B1B8830-C559-11D3-B289-00C04F59FBE9}]
"(Default)" = "ISetupShellLink2"

[HKCR\Interface\{DAB9BF17-267D-11D3-88B6-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{54DADAB2-28A6-11D3-88BA-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{E1B9357F-24B9-11D3-88B2-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{8415DDF9-1C1D-11D3-889D-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2062-CB55-11D2-8094-00104B1F9838}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{348440B0-C79A-11D3-B28B-00C04F59FBE9}]
"(Default)" = "ISetupShell2"

[HKCR\Interface\{3EE77D8B-40C1-4A2A-9B77-421907F02058}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{3EE77D8B-40C1-4A2A-9B77-421907F02058}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8415DDF9-1C1D-11D3-889D-00C04F72F303}]
"(Default)" = "ISetupShell"

[HKCR\Interface\{CC096170-E2CB-11D2-80C8-00104B1F6CEA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8C3C1B13-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}]
"(Default)" = "ISetupOpTypes"

[HKCR\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}]
"(Default)" = "ISetupOpType"

[HKCR\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{BE6115A1-7DE5-48DC-AD2A-25060E00FCE2}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2061-CB55-11D2-8094-00104B1F9838}\TypeLib]
"Version" = "1.0"

[HKCR\Setup.Kernel\CLSID]
"(Default)" = "{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AF57A6F0-4101-11D3-88F6-00C04F72F303}]
"(Default)" = "ISetupTransferErrorInfo"

[HKCR\Interface\{9CFCFE67-0BB8-43E0-8425-378D0A02ACE4}]
"(Default)" = "ISetupCABFile2"

[HKCR\Interface\{65D37452-0EBB-11D3-887B-00C04F72F303}]
"(Default)" = "ISetupRegistry"

[HKCR\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{91814EC5-B5F0-11D2-80B9-00104B1F6CEA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCR\Interface\{1B1B8830-C559-11D3-B289-00C04F59FBE9}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{7D795704-435D-11D3-88FF-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{9CFCFE67-0BB8-43E0-8425-378D0A02ACE4}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{348440B0-C79A-11D3-B28B-00C04F59FBE9}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{1B1B8830-C559-11D3-B289-00C04F59FBE9}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AA7E2066-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCR\Interface\{251753FA-FB3B-11D2-8842-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{8C3C1B13-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{CC096170-E2CB-11D2-80C8-00104B1F6CEA}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCR\Interface\{7D795704-435D-11D3-88FF-00C04F72F303}]
"(Default)" = "ISetupFileErrors"

[HKCR\Interface\{E1B9357F-24B9-11D3-88B2-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{DAB9BF17-267D-11D3-88B6-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{00020430-0000-0000-C000-000000000046}\1.0\FLAGS]
"(Default)" = "1"

[HKCR\Interface\{91814EC5-B5F0-11D2-80B9-00104B1F6CEA}]
"(Default)" = "ISetupComponents"

[HKCR\Interface\{39040274-3D36-11D3-88EE-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{7BB118F1-6D5B-470E-82D0-AFB042724560}]
"(Default)" = "ISetupReboot2"

[HKCR\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AF57A6F0-4101-11D3-88F6-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{1F9922A2-F026-11D2-8822-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{6B15A454-9067-4878-B10E-B9DFFE03049D}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{AA7E2067-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8C3C1B11-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{0BA4BA22-2EF0-11D3-88C8-00C04F72F303}]
"(Default)" = "ISetupSharedFiles"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCR\Interface\{3EE77D8B-40C1-4A2A-9B77-421907F02058}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{8415DE38-1C1D-11D3-889D-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{91814EC3-B5F0-11D2-80B9-00104B1F6CEA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{DAB9BF17-267D-11D3-88B6-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{6B15A454-9067-4878-B10E-B9DFFE03049D}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{65D37452-0EBB-11D3-887B-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{761C8359-55AF-4E7B-9C83-C1A927E0F617}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{39040274-3D36-11D3-88EE-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{AA7E2067-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{CC096170-E2CB-11D2-80C8-00104B1F6CEA}]
"(Default)" = "ISetupBasicFeature"

[HKCR\Interface\{1F9922A2-F026-11D2-8822-00C04F72F303}]
"(Default)" = "ISetupObjectContext"

[HKCR\CLSID\{8c3c1b17-e59d-11d2-b40b-00a024b9dddd}\TreatAs]
"(Default)" = "{22D84EC7-E201-4432-B3ED-A9DCA3604594}"

[HKCR\Interface\{91814EC3-B5F0-11D2-80B9-00104B1F6CEA}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCR\Interface\{7D795704-435D-11D3-88FF-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2084-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AF57A6F1-4101-11D3-88F6-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{DED5FEEC-225A-11D3-88AA-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{91814EC3-B5F0-11D2-80B9-00104B1F6CEA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8C3C1B11-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{65D37452-0EBB-11D3-887B-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AA7E2084-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{BE6115A1-7DE5-48DC-AD2A-25060E00FCE2}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{D4FF39B9-1A05-11D3-8896-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{348440B0-C79A-11D3-B28B-00C04F59FBE9}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{8C3C1B11-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{AA7E2067-CB55-11D2-8094-00104B1F9838}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\TypeLib\{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{BE6115A1-7DE5-48DC-AD2A-25060E00FCE2}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AA7E2061-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\CLSID\{8c3c1b17-e59d-11d2-b40b-00a024b9dddd}]
"(Default)" = "SetupLogServices Class"

[HKCR\Interface\{91814EC1-B5F0-11D2-80B9-00104B1F6CEA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCR\Setup.Kernel.1]
"(Default)" = "InstallShield setup kernel"

[HKCR\Interface\{AF57A6F1-4101-11D3-88F6-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{1F9922A2-F026-11D2-8822-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\CLSID\{22D84EC7-E201-4432-B3ED-A9DCA3604594}\VersionIndependentProgID]
"(Default)" = "Setup.LogServices"

[HKCR\Interface\{BE6115A1-7DE5-48DC-AD2A-25060E00FCE2}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 8A 52 F7 D6 32 58 D9 08 15 84 7D 10 7B FA DF"

[HKCR\TypeLib\{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}\1.0]
"(Default)" = "Setup Kernel 1.0 Type Library"

[HKCR\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{761C8359-55AF-4E7B-9C83-C1A927E0F617}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AF57A6F0-4101-11D3-88F6-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{8415DDF9-1C1D-11D3-889D-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{6B15A454-9067-4878-B10E-B9DFFE03049D}]
"(Default)" = "ISetupLogDB2"

[HKCR\Interface\{8C3C1B13-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{7BB118F1-6D5B-470E-82D0-AFB042724560}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{7BB118F1-6D5B-470E-82D0-AFB042724560}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{54DADAB2-28A6-11D3-88BA-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{348440B0-C79A-11D3-B28B-00C04F59FBE9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8C3C1B13-E59D-11D2-B40B-00A024B9DDDD}]
"(Default)" = "ISetupFeatureLogs"

[HKCR\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{8C3C1B14-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8415DDF9-1C1D-11D3-889D-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\Interface\{AF57A6F0-4101-11D3-88F6-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{91814EBF-B5F0-11D2-80B9-00104B1F6CEA}]
"(Default)" = "ISetupMedia"

[HKCR\Interface\{8C3C1B14-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{91814EBF-B5F0-11D2-80B9-00104B1F6CEA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{DED5FEEC-225A-11D3-88AA-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{54DADAB2-28A6-11D3-88BA-00C04F72F303}]
"(Default)" = "ISetupCopyFiles"

[HKCR\Interface\{91814EC1-B5F0-11D2-80B9-00104B1F6CEA}]
"(Default)" = "ISetupCABFile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCR\Interface\{AA7E2060-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\CLSID\{22D84EC7-E201-4432-B3ED-A9DCA3604594}]
"(Default)" = "SetupLogServices Class"

[HKCR\Interface\{8C3C1B14-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{251753FA-FB3B-11D2-8842-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{9CFCFE67-0BB8-43E0-8425-378D0A02ACE4}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{DAB9BF17-267D-11D3-88B6-00C04F72F303}]
"(Default)" = "ISetupTextSubstitution"

[HKCR\TypeLib\{00020430-0000-0000-C000-000000000046}\1.0\0\win32]
"(Default)" = "%System%\stdole32.tlb"

[HKCR\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}]
"(Default)" = "ISetupOpSequence"

[HKCR\Interface\{C4AAC3B1-C547-11D3-B289-00C04F59FBE9}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{91814EC5-B5F0-11D2-80B9-00104B1F6CEA}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{E1B9357F-24B9-11D3-88B2-00C04F72F303}]
"(Default)" = "ISetupInfo"

[HKCR\Interface\{54DADAB3-28A6-11D3-88BA-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{BE6115A1-7DE5-48DC-AD2A-25060E00FCE2}]
"(Default)" = "ISetupTransferEvents2"

[HKCR\TypeLib\{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}\1.0\0\win32]
"(Default)" = "%Program Files%\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe"

[HKCR\Interface\{65D37452-0EBB-11D3-887B-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{1F9922A2-F026-11D2-8822-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{39040274-3D36-11D3-88EE-00C04F72F303}]
"(Default)" = "ISetupReboot"

[HKCR\Interface\{44D61997-B7D4-11D2-80BA-00104B1F6CEA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{91814EBF-B5F0-11D2-80B9-00104B1F6CEA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{44D61997-B7D4-11D2-80BA-00104B1F6CEA}]
"(Default)" = "ISetupCABFiles"

[HKCR\Interface\{91814EC1-B5F0-11D2-80B9-00104B1F6CEA}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{D4FF39BB-1A05-11D3-8896-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AF57A6F1-4101-11D3-88F6-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{39040274-3D36-11D3-88EE-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{91814EBF-B5F0-11D2-80B9-00104B1F6CEA}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\CLSID\{22D84EC7-E201-4432-B3ED-A9DCA3604594}\ProgID]
"(Default)" = "Setup.LogServices.1"

[HKCR\Interface\{C4AAC3B1-C547-11D3-B289-00C04F59FBE9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2065-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{0BA4BA22-2EF0-11D3-88C8-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2061-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2066-CB55-11D2-8094-00104B1F9838}]
"(Default)" = "ISetupFeature"

[HKCR\Interface\{D4FF39BB-1A05-11D3-8896-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AA7E2066-CB55-11D2-8094-00104B1F9838}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}]
"(Default)" = "InstallShield setup kernel"

[HKCR\Interface\{6B15A454-9067-4878-B10E-B9DFFE03049D}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{348440B0-C79A-11D3-B28B-00C04F59FBE9}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2062-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{91814EC1-B5F0-11D2-80B9-00104B1F6CEA}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{761C8359-55AF-4E7B-9C83-C1A927E0F617}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}\ProgID]
"(Default)" = "Setup.Kernel.1"

[HKCR\Interface\{8415DE38-1C1D-11D3-889D-00C04F72F303}]
"(Default)" = "ISetupShellLink"

[HKCR\Interface\{AA7E2084-CB55-11D2-8094-00104B1F9838}]
"(Default)" = "ISetupObjectHolder"

[HKCR\Interface\{AA7E2060-CB55-11D2-8094-00104B1F9838}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCR\Interface\{D4FF39B9-1A05-11D3-8896-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{AA7E2065-CB55-11D2-8094-00104B1F9838}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{D4FF39BB-1A05-11D3-8896-00C04F72F303}]
"(Default)" = "ISetupTypes"

[HKCR\Interface\{AF57A6F1-4101-11D3-88F6-00C04F72F303}]
"(Default)" = "ISetupFileErrorInfo"

[HKCR\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}]
"(Default)" = "ISetupLogDB"

[HKCR\Interface\{54DADAB3-28A6-11D3-88BA-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AF57A6F0-4101-11D3-88F6-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{D4FF39B9-1A05-11D3-8896-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2061-CB55-11D2-8094-00104B1F9838}]
"(Default)" = "ISetupObjects"

[HKCR\Interface\{AA7E2084-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{0BA4BA22-2EF0-11D3-88C8-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2061-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Setup.LogServices.1\CLSID]
"(Default)" = "{22D84EC7-E201-4432-B3ED-A9DCA3604594}"

[HKCR\Interface\{3EE77D8B-40C1-4A2A-9B77-421907F02058}]
"(Default)" = "ISetupComponent2"

[HKCR\Interface\{8C3C1B11-E59D-11D2-B40B-00A024B9DDDD}]
"(Default)" = "ISetupFeatureLog"

[HKCR\Interface\{3EE77D8B-40C1-4A2A-9B77-421907F02058}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{AA7E2060-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{91814EC5-B5F0-11D2-80B9-00104B1F6CEA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{7D795704-435D-11D3-88FF-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{D4FF39BB-1A05-11D3-8896-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{DAB9BF17-267D-11D3-88B6-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Setup.Kernel.1\CLSID]
"(Default)" = "{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}]
"(Default)" = "ISetupDriver"

[HKCR\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{D4FF39BB-1A05-11D3-8896-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2066-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{8415DE38-1C1D-11D3-889D-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{91814EBF-B5F0-11D2-80B9-00104B1F6CEA}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{AA7E2067-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{DED5FEEC-225A-11D3-88AA-00C04F72F303}]
"(Default)" = "ISetupFilesCost"

[HKCR\Interface\{39040274-3D36-11D3-88EE-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{91814EC5-B5F0-11D2-80B9-00104B1F6CEA}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{8415DDF9-1C1D-11D3-889D-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{E1B9357F-24B9-11D3-88B2-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{C4AAC3B1-C547-11D3-B289-00C04F59FBE9}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AA7E2062-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AA7E2065-CB55-11D2-8094-00104B1F9838}]
"(Default)" = "ISetupFeatures"

[HKCR\Interface\{0BA4BA22-2EF0-11D3-88C8-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{AA7E2062-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{C4AAC3B1-C547-11D3-B289-00C04F59FBE9}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{E1B9357F-24B9-11D3-88B2-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8C3C1B14-E59D-11D2-B40B-00A024B9DDDD}]
"(Default)" = "ISetupLogService"

[HKCR\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8C3C1B11-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{44D61997-B7D4-11D2-80BA-00104B1F6CEA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2067-CB55-11D2-8094-00104B1F9838}]
"(Default)" = "ISetupStringTable"

[HKCR\CLSID\{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}\VersionIndependentProgID]
"(Default)" = "Setup.Kernel"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\Interface\{251753FA-FB3B-11D2-8842-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{251753FA-FB3B-11D2-8842-00C04F72F303}]
"(Default)" = "ISetupFileRegistrar"

[HKCR\Interface\{761C8359-55AF-4E7B-9C83-C1A927E0F617}]
"(Default)" = "ISetupMedia2"

[HKCR\CLSID\{91814EC0-B5F0-11D2-80B9-00104B1F6CEA}\LocalServer32]
"(Default)" = "C:\PROGRA~1\COMMON~1\INSTAL~1\Engine\6\INTEL3~1\IKernel.exe"

[HKCR\Interface\{91814EC1-B5F0-11D2-80B9-00104B1F6CEA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{D4FF39B9-1A05-11D3-8896-00C04F72F303}]
"(Default)" = "ISetupType"

[HKCR\Interface\{251753FA-FB3B-11D2-8842-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2062-CB55-11D2-8094-00104B1F9838}]
"(Default)" = "ISetupTransfer"

[HKCR\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Setup.LogServices.1]
"(Default)" = "SetupLogServices Class"

[HKCR\Interface\{44D61997-B7D4-11D2-80BA-00104B1F6CEA}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{7BB118F1-6D5B-470E-82D0-AFB042724560}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{CC096170-E2CB-11D2-80C8-00104B1F6CEA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{91814EC3-B5F0-11D2-80B9-00104B1F6CEA}]
"(Default)" = "ISetupComponent"

[HKCR\Interface\{6B15A454-9067-4878-B10E-B9DFFE03049D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{7D795704-435D-11D3-88FF-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{0BA4BA22-2EF0-11D3-88C8-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{54DADAB3-28A6-11D3-88BA-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{65D37452-0EBB-11D3-887B-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{AA7E2065-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{D4FF39B9-1A05-11D3-8896-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8415DE38-1C1D-11D3-889D-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{CC096170-E2CB-11D2-80C8-00104B1F6CEA}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{AA7E2060-CB55-11D2-8094-00104B1F9838}]
"(Default)" = "ISetupObject"

[HKCR\Interface\{54DADAB2-28A6-11D3-88BA-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Setup.LogServices\CLSID]
"(Default)" = "{22D84EC7-E201-4432-B3ED-A9DCA3604594}"

[HKCR\Interface\{DED5FEEC-225A-11D3-88AA-00C04F72F303}\TypeLib]
"(Default)" = "{91814EB1-B5F0-11D2-80B9-00104B1F6CEA}"

[HKCR\Interface\{9CFCFE67-0BB8-43E0-8425-378D0A02ACE4}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}]
"(Default)" = "ISetupBasicFeatureStateEvents"

The process IKernel.exe:1972 makes changes in the system registry.
The Trojan-PSW creates and/or sets the following values in system registry:

[HKCR\Interface\{15F051E6-59A9-11D3-A25D-06D730000000}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{787D0980-F63F-462C-86BC-FC23847C70F4}\TypeLib]
"(Default)" = "{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}"

[HKCR\CLSID\{E7D06080-238B-11D3-80D7-00104B1F6CEA}\InprocServer32]
"(Default)" = "%Program Files%\Common Files\InstallShield\IScript\iscript.dll"

[HKLM\SOFTWARE\Exent\AOD\Client\Disks\D]
"Keep Free Space" = "50"

[HKCR\Interface\{EDE94BF2-4FB9-11D5-ABAB-00B0D02332EB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\%Program Files%\Common Files\InstallShield\engine\6\Intel 32]
"iKernel.exe" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client\Disks\C]
"Games Dir" = "Remote Programs"

[HKCR\Interface\{4DFB7010-41EB-11D3-BBBA-00105A1F0D68}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{6494206F-23EA-11D3-88B0-00C04F72F303}]
"(Default)" = "ISetupPropertyBag"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCR\Interface\{FEBEC920-1849-11D3-A8FE-00105A088FAC}\TypeLib]
"(Default)" = "{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}"

[HKCR\CLSID\{C9CD1A93-D7B4-11D2-80C5-00104B1F6CEA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{BDF8B49D-16D0-49A5-B133-ABE7DCC23DAF}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\%Program Files%\Common Files\InstallShield\IScript]
"iscript.dll" = "1"

[HKLM\SOFTWARE\MozillaPlugins\www.exent.com/GameTreatWidget]
"Path" = "%Program Files%\Free Ride Games\NPGameTreatPlugin.dll"

[HKCU\Software\Exent\AOD\Client\Installer]
"GroupFolderPath" = "%Documents and Settings%\All Users\Start Menu\Programs\Free Ride Games"

[HKCR\Setup.ScriptEngine.1]
"(Default)" = "InstallShield Script Engine"

[HKCR\Setup.ScriptEngine.1\CLSID]
"(Default)" = "{E7D06080-238B-11D3-80D7-00104B1F6CEA}"

[HKCR\Interface\{61892D50-28EF-11D3-A8FF-00105A088FAC}\TypeLib]
"(Default)" = "{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}"

[HKCR\Interface\{AA7E2066-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCU\Software\Exent\AOD\Client\CLG]
"MaxFilesCount" = "16"

[HKCR\Interface\{6494206F-23EA-11D3-88B0-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Free Ride Games]
"Path" = "%Program Files%\Free Ride Games"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}]
"LogFile" = "%Program Files%\InstallShield Installation Information\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}\setup.ilg"

[HKCR\Interface\{067DBAA0-38DF-11D3-BBB7-00105A1F0D68}]
"(Default)" = "ISetupScriptEngine"

[HKCR\Interface\{15F051E6-59A9-11D3-A25D-06D730000000}\TypeLib]
"(Default)" = "{DED1EA29-3F89-11D3-BBB9-00105A1F0D68}"

[HKCU\Software\AppDataLow\Software\Exent\AOD\IS]
"ErrorDesc" = "Completed"

[HKCR\Interface\{6494206F-23EA-11D3-88B0-00C04F72F303}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\Interface\{80FDE82A-2CAA-11D3-88C3-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Exent\AOD\Client\Disks\C]
"Size" = "3730"

[HKCR\Interface\{00345390-4F77-11D3-A908-00105A088FAC}]
"(Default)" = "ISetupMultiMedia"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\TypeLib\{DED1EA29-3F89-11D3-BBB9-00105A1F0D68}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Common Files\InstallShield\IScript\"

[HKCR\Interface\{8C3C1B13-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\Setup.ScriptDriverWrapper\CLSID]
"(Default)" = "{AA7E2086-CB55-11D2-8094-00104B1F9838}"

[HKCR\Interface\{AA7E2062-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\Interface\{9E561C6B-425D-4E3D-95CA-A2D289D7C3FB}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{FEBEC920-1849-11D3-A8FE-00105A088FAC}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{AF57A6F0-4101-11D3-88F6-00C04F72F303}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\Interface\{AFED5DD0-0694-11D4-A934-00105A088FAC}\TypeLib]
"(Default)" = "{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}"

[HKCR\Interface\{112EB4F0-5A48-11D3-A90A-00105A088FAC}]
"(Default)" = "ISetupWindowBillBoards"

[HKCR\CLSID\{AA7E2086-CB55-11D2-8094-00104B1F9838}\InprocServer32]
"(Default)" = "%Program Files%\Common Files\InstallShield\engine\6\Intel 32\ctor.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCR\Interface\{3D8B6332-D8B1-11D2-80C5-00104B1F6CEA}]
"(Default)" = "ISetupMainWindow"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCR\Interface\{112EB4F0-5A48-11D3-A90A-00105A088FAC}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{6494206F-23EA-11D3-88B0-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{0C8D0880-1AC4-11D3-A8FF-00105A088FAC}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Setup.User\CLSID]
"(Default)" = "{C9CD1A93-D7B4-11D2-80C5-00104B1F6CEA}"

[HKCR\Setup.ScriptEngine\CLSID]
"(Default)" = "{E7D06080-238B-11D3-80D7-00104B1F6CEA}"

[HKCR\MIME\Database\Content Type\Application/x-rgmx]
"Extension" = ".rgmx"

[HKCR\EXEtender\DefaultIcon]
"(Default)" = "%Program Files%\Free Ride Games\GPlayer.exe,0"

[HKCR\Interface\{112EB4F0-5A48-11D3-A90A-00105A088FAC}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Common Files\InstallShield\engine\6\Intel 32\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCR\CLSID\{AA7E2086-CB55-11D2-8094-00104B1F9838}]
"(Default)" = "InstallShield setup object wrapper"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCR\Interface\{0C8D0880-1AC4-11D3-A8FF-00105A088FAC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{BDF8B49D-16D0-49A5-B133-ABE7DCC23DAF}\TypeLib]
"(Default)" = "{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}"

[HKCR\TypeLib\{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}\1.0]
"(Default)" = "Setup UI 1.0 Type Library"

[HKCR\Interface\{3D8B6331-D8B1-11D2-80C5-00104B1F6CEA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{9B697780-DBBC-11D2-80C7-00104B1F6CEA}\ProxyStubClsid32]
"(Default)" = "{F4817E4B-04B6-11D3-8862-00C04F72F303}"

[HKCU\Software\Exent\AOD\Client\Providers\143\Settings\Skins\000005]
"SchedulingNotifyWhenAppIsReady" = "1"

[HKCR\TypeLib\{27D2CF3C-D5B0-11D2-8094-00104B1F9838}\1.0\0\win32]
"(Default)" = "%Program Files%\Common Files\InstallShield\engine\6\Intel 32\ctor.dll"

[HKCR\Interface\{00345390-4F77-11D3-A908-00105A088FAC}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}]
"UninstallString" = "RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup %Program Files%\InstallShield Installation Information\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}\Setup.exe -l0x9"

[HKLM\SOFTWARE\Exent\AOD\Client]
"BinPath" = "%Program Files%\Free Ride Games"

[HKCR\Interface\{83755DD1-086B-11D3-8868-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{FEBEC920-1849-11D3-A8FE-00105A088FAC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{9E561C6B-425D-4E3D-95CA-A2D289D7C3FB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{00345390-4F77-11D3-A908-00105A088FAC}\TypeLib]
"(Default)" = "{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}"

[HKCR\Interface\{3D8B6331-D8B1-11D2-80C5-00104B1F6CEA}]
"(Default)" = "ISetupUserInterface"

[HKCU\Software\AppDataLow\Software\Exent\AOD\IS]
"Progress" = "0"

[HKLM\SOFTWARE\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0]
"Path" = "%Program Files%\Free Ride Games\npExentCtl.dll"

[HKCR\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\CLSID\{AA7E2086-CB55-11D2-8094-00104B1F9838}\ProgID]
"(Default)" = "Setup.ScriptDriverWrapper.1"

[HKCR\CLSID\{C9CD1A93-D7B4-11D2-80C5-00104B1F6CEA}\InprocServer32]
"(Default)" = "%Program Files%\Common Files\InstallShield\engine\6\Intel 32\iuser.dll"

[HKCR\Interface\{9E561C6B-425D-4E3D-95CA-A2D289D7C3FB}]
"(Default)" = "ISetupMainWindow4"

[HKLM\SOFTWARE\Exent\AOD\Client\Disks\D]
"Size" = "926"

[HKCR\Interface\{112EB4F0-5A48-11D3-A90A-00105A088FAC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{61892D50-28EF-11D3-A8FF-00105A088FAC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{F4817E4B-04B6-11D3-8862-00C04F72F303}\NumMethods]
"(Default)" = "6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\Interface\{80FDE82A-2CAA-11D3-88C3-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{B964AF40-4AB7-11D3-A908-00105A088FAC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Free Ride Games"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\EXEtender]
"EditFlags" = "00 00 01 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCR\Interface\{AA7E2064-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCR\Setup.ScriptObjectWrapper.1\CLSID]
"(Default)" = "{AA7E2087-CB55-11D2-8094-00104B1F9838}"

[HKCR\Interface\{B964AF40-4AB7-11D3-A908-00105A088FAC}]
"(Default)" = "ISetupSDMessage"

[HKCR\Interface\{0C8D0880-1AC4-11D3-A8FF-00105A088FAC}\TypeLib]
"(Default)" = "{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}"

[HKCR\Interface\{9E561C6B-425D-4E3D-95CA-A2D289D7C3FB}\TypeLib]
"(Default)" = "{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}"

[HKCR\Interface\{AF57A6F1-4101-11D3-88F6-00C04F72F303}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\Interface\{AFED5DD0-0694-11D4-A934-00105A088FAC}]
"(Default)" = "ISetupRebootable"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCR\Interface\{3D8B6331-D8B1-11D2-80C5-00104B1F6CEA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3EDC2C10-66FE-11D3-A90F-00105A088FAC}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{00345390-4F77-11D3-A908-00105A088FAC}\TypeLib]
"Version" = "1.0"

[HKCR\Setup.ScriptDriverWrapper.1\CLSID]
"(Default)" = "{AA7E2086-CB55-11D2-8094-00104B1F9838}"

[HKCR\Interface\{15F051E6-59A9-11D3-A25D-06D730000000}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{0C8D0880-1AC4-11D3-A8FF-00105A088FAC}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{AA7E2064-CB55-11D2-8094-00104B1F9838}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\Interface\{AFED5DD0-0694-11D4-A934-00105A088FAC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}]
"UninstallStringOriginal" = "%Program Files%\InstallShield Installation Information\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}\Setup.exe"

[HKCR\Interface\{B964AF40-4AB7-11D3-A908-00105A088FAC}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{AA7E2061-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\TypeLib\{DED1EA29-3F89-11D3-BBB9-00105A1F0D68}\1.0]
"(Default)" = "InstallShield Script 1.0 Type Library"

[HKCR\Interface\{6494206F-23EA-11D3-88B0-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{0C8D0880-1AC4-11D3-A8FF-00105A088FAC}]
"(Default)" = "ISetupWindowImage"

[HKCR\Interface\{BDF8B49D-16D0-49A5-B133-ABE7DCC23DAF}]
"(Default)" = "ISetupProgress2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CB 5D F7 8F 15 3A 6B 9F 34 1F 90 D4 67 F8 88 3B"

[HKLM\SOFTWARE\Exent\AOD\Client\Disks\D]
"Games Dir" = "Remote Programs"

[HKCR\Interface\{BDF8B49D-16D0-49A5-B133-ABE7DCC23DAF}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{4DFB7010-41EB-11D3-BBBA-00105A1F0D68}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{94F4A332-A2AE-11D3-8378-00C04F59FBE9}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\%Program Files%\Common Files\InstallShield\engine\6\Intel 32]
"objectps.dll" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}]
"DisplayName" = "Free Ride Games Player"

[HKCR\Interface\{B964AF40-4AB7-11D3-A908-00105A088FAC}\TypeLib]
"(Default)" = "{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}"

[HKCR\Setup.ScriptDriverWrapper.1]
"(Default)" = "InstallShield setup object wrapper"

[HKCR\Interface\{EDE94BF2-4FB9-11D5-ABAB-00B0D02332EB}\TypeLib]
"(Default)" = "{DED1EA29-3F89-11D3-BBB9-00105A1F0D68}"

[HKCR\Interface\{112EB4F0-5A48-11D3-A90A-00105A088FAC}\TypeLib]
"(Default)" = "{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}"

[HKCR\Interface\{3D8B6332-D8B1-11D2-80C5-00104B1F6CEA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{83755DD1-086B-11D3-8868-00C04F72F303}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{DED1EA29-3F89-11D3-BBB9-00105A1F0D68}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{787D0980-F63F-462C-86BC-FC23847C70F4}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{15F051E6-59A9-11D3-A25D-06D730000000}]
"(Default)" = "ISetupScriptError"

[HKCR\Interface\{15F051E6-59A9-11D3-A25D-06D730000000}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{83755DD1-086B-11D3-8868-00C04F72F303}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\Interface\{FEBEC920-1849-11D3-A8FE-00105A088FAC}]
"(Default)" = "ISetupWindowText"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\%Program Files%\Common Files\InstallShield\engine\6\Intel 32]
"ctor.dll" = "1"

[HKCR\Setup.ScriptEngine]
"(Default)" = "InstallShield Script Engine"

[HKCR\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\Interface\{AA7E2060-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\Interface\{00345390-4F77-11D3-A908-00105A088FAC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{AA7E2087-CB55-11D2-8094-00104B1F9838}\InprocServer32]
"(Default)" = "%Program Files%\Common Files\InstallShield\engine\6\Intel 32\ctor.dll"

[HKCR\CLSID\{E7D06080-238B-11D3-80D7-00104B1F6CEA}\ProgID]
"(Default)" = "Setup.ScriptEngine.1"

[HKCR\Interface\{83755DD1-086B-11D3-8868-00C04F72F303}]
"(Default)" = "ISetupObjectLifetime"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCR\Interface\{83755DD1-086B-11D3-8868-00C04F72F303}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{9B697780-DBBC-11D2-80C7-00104B1F6CEA}\NumMethods]
"(Default)" = "5"

[HKCR\CLSID\{C9CD1A93-D7B4-11D2-80C5-00104B1F6CEA}]
"(Default)" = "InstallShield setup user interafce"

[HKCR\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}]
"(Default)" = "PSFactoryBuffer"

[HKCR\Setup.ScriptDriverWrapper]
"(Default)" = "InstallShield setup object wrapper"

[HKCR\TypeLib\{DED1EA29-3F89-11D3-BBB9-00105A1F0D68}\1.0\0\win32]
"(Default)" = "%Program Files%\Common Files\InstallShield\IScript\iscript.dll"

[HKCR\Interface\{067DBAA0-38DF-11D3-BBB7-00105A1F0D68}\TypeLib]
"Version" = "1.0"
"(Default)" = "{DED1EA29-3F89-11D3-BBB9-00105A1F0D68}"

[HKCR\Interface\{EDE94BF2-4FB9-11D5-ABAB-00B0D02332EB}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCR\Interface\{EDE94BF2-4FB9-11D5-ABAB-00B0D02332EB}]
"(Default)" = "ISetupScriptEngine2"

[HKCR\Setup.ScriptObjectWrapper]
"(Default)" = "InstallShield setup object wrapper"

[HKCR\Interface\{61892D50-28EF-11D3-A8FF-00105A088FAC}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Exent\AOD\Client\Disks\C]
"Keep Free Space" = "50"

[HKCR\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\Interface\{94F4A332-A2AE-11D3-8378-00C04F59FBE9}]
"(Default)" = "ISetupMainWindow2"

[HKCR\Interface\{3EDC2C10-66FE-11D3-A90F-00105A088FAC}]
"(Default)" = "ISetupGUIObject"

[HKCR\Interface\{F4817E4B-04B6-11D3-8862-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{F4817E4B-04B6-11D3-8862-00C04F72F303}"

[HKCR\Interface\{4DFB7010-41EB-11D3-BBBA-00105A1F0D68}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AFED5DD0-0694-11D4-A934-00105A088FAC}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCR\CLSID\{AA7E2086-CB55-11D2-8094-00104B1F9838}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{787D0980-F63F-462C-86BC-FC23847C70F4}]
"(Default)" = "ISetupMainWindow3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCR\Setup.User.1]
"(Default)" = "InstallShield setup user interafce"

[HKCR\CLSID\{AA7E2087-CB55-11D2-8094-00104B1F9838}]
"(Default)" = "InstallShield setup object wrapper"

[HKCR\Interface\{BDF8B49D-16D0-49A5-B133-ABE7DCC23DAF}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{E7D06080-238B-11D3-80D7-00104B1F6CEA}\VersionIndependentProgID]
"(Default)" = "Setup.ScriptEngine"

[HKCR\CLSID\{C9CD1A93-D7B4-11D2-80C5-00104B1F6CEA}\VersionIndependentProgID]
"(Default)" = "Setup.User"

[HKCR\Interface\{787D0980-F63F-462C-86BC-FC23847C70F4}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Exent\AOD\Client]
"muid" = "30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB"

[HKCR\Interface\{AA7E2064-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\EXEtender]
"(Default)" = "EXEtender"

[HKCR\Interface\{61892D50-28EF-11D3-A8FF-00105A088FAC}]
"(Default)" = "ISetupProgress"

[HKCR\Interface\{4DFB7010-41EB-11D3-BBBA-00105A1F0D68}]
"(Default)" = "ISetupScriptController"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCR\Interface\{AA7E2064-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters]
"TrapPollTimeMilliSecs" = "15000"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCR\Interface\{FEBEC920-1849-11D3-A8FE-00105A088FAC}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{94F4A332-A2AE-11D3-8378-00C04F59FBE9}\TypeLib]
"(Default)" = "{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Free Ride Games]
"(Default)" = "%Program Files%\Free Ride Games\Free Ride Games"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\Interface\{9B697780-DBBC-11D2-80C7-00104B1F6CEA}]
"(Default)" = "ISetupObjectClass"

[HKCR\CLSID\{E7D06080-238B-11D3-80D7-00104B1F6CEA}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{3EDC2C10-66FE-11D3-A90F-00105A088FAC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\TypeLib\{27D2CF3C-D5B0-11D2-8094-00104B1F9838}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Common Files\InstallShield\engine\6\Intel 32\"

[HKCR\CLSID\{AA7E2086-CB55-11D2-8094-00104B1F9838}\VersionIndependentProgID]
"(Default)" = "Setup.ScriptDriverWrapper"

[HKCR\CLSID\{C9CD1A93-D7B4-11D2-80C5-00104B1F6CEA}\ProgID]
"(Default)" = "Setup.User.1"

[HKCR\Interface\{AA7E2064-CB55-11D2-8094-00104B1F9838}]
"(Default)" = "ISetupWizardUI"

[HKCR\Interface\{9E561C6B-425D-4E3D-95CA-A2D289D7C3FB}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\%Program Files%\Common Files\InstallShield\engine\6\Intel 32]
"iuser.dll" = "1"

[HKLM\SOFTWARE\Exent\AOD\Client]
"FinishWindow" = "0"

[HKCR\Interface\{94F4A332-A2AE-11D3-8378-00C04F59FBE9}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3D8B6331-D8B1-11D2-80C5-00104B1F6CEA}\TypeLib]
"(Default)" = "{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\%Program Files%\Common Files\InstallShield\engine\6\Intel 32]
"corecomp.ini" = "1"

[HKCR\Interface\{4DFB7010-41EB-11D3-BBBA-00105A1F0D68}\TypeLib]
"(Default)" = "{DED1EA29-3F89-11D3-BBB9-00105A1F0D68}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}]
"DisplayIcon" = ""

[HKCR\Setup.ScriptObjectWrapper\CLSID]
"(Default)" = "{AA7E2087-CB55-11D2-8094-00104B1F9838}"

[HKCR\Interface\{3D8B6332-D8B1-11D2-80C5-00104B1F6CEA}\TypeLib]
"(Default)" = "{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}"

[HKCR\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}\InProcServer32]
"(Default)" = "%Program Files%\Common Files\InstallShield\engine\6\Intel 32\objectps.dll"

[HKCR\.rgmx]
"Content Type" = "application/x-rgmx"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCR\Interface\{EDE94BF2-4FB9-11D5-ABAB-00B0D02332EB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AFED5DD0-0694-11D4-A934-00105A088FAC}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{80FDE82A-2CAA-11D3-88C3-00C04F72F303}]
"(Default)" = "ISetupObjectReboot"

[HKCR\Interface\{61892D50-28EF-11D3-A8FF-00105A088FAC}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\EXEtender\Shell\Open\Command]
"(Default)" = "%Program Files%\Free Ride Games\GPlayer.exe %1"

[HKCR\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}\1.0\0\win32]
"(Default)" = "%Program Files%\Free Ride Games\npGameTreatWidget.dll"

[HKCR\Interface\{3D8B6332-D8B1-11D2-80C5-00104B1F6CEA}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EBFFAE0-F0A4-4ee6-8524-2751906624C4}]
"AppPath" = "%Program Files%\Free Ride Games"

[HKCR\CLSID\{AA7E2087-CB55-11D2-8094-00104B1F9838}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Exent\AOD\Client]
"FinishWindowMessage" = ""

[HKCR\Interface\{3D8B6331-D8B1-11D2-80C5-00104B1F6CEA}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{067DBAA0-38DF-11D3-BBB7-00105A1F0D68}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3D8B6332-D8B1-11D2-80C5-00104B1F6CEA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\CLSID\{AA7E2087-CB55-11D2-8094-00104B1F9838}\VersionIndependentProgID]
"(Default)" = "Setup.ScriptObjectWrapper"

[HKCR\Setup.User]
"(Default)" = "InstallShield setup user interafce"

[HKCR\Interface\{8C3C1B11-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}\InprocServer32]
"(Default)" = "%Program Files%\Free Ride Games\npGameTreatWidget.dll"

[HKCR\Interface\{067DBAA0-38DF-11D3-BBB7-00105A1F0D68}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{94F4A332-A2AE-11D3-8378-00C04F59FBE9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{80FDE82A-2CAA-11D3-88C3-00C04F72F303}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCR\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\Interface\{F4817E4B-04B6-11D3-8862-00C04F72F303}]
"(Default)" = "ISetupServiceProvider"

[HKCR\Setup.ScriptObjectWrapper.1]
"(Default)" = "InstallShield setup object wrapper"

[HKCR\TypeLib\{27D2CF3C-D5B0-11D2-8094-00104B1F9838}\1.0]
"(Default)" = "InstallShield Runtime 1.0 Type Library"

[HKCR\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\Interface\{3EDC2C10-66FE-11D3-A90F-00105A088FAC}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Setup.User.1\CLSID]
"(Default)" = "{C9CD1A93-D7B4-11D2-80C5-00104B1F6CEA}"

[HKCR\CLSID\{AA7E2087-CB55-11D2-8094-00104B1F9838}\ProgID]
"(Default)" = "Setup.ScriptObjectWrapper.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCR\CLSID\{E7D06080-238B-11D3-80D7-00104B1F6CEA}]
"(Default)" = "InstallShield Script Engine"

[HKCR\Interface\{3EDC2C10-66FE-11D3-A90F-00105A088FAC}\TypeLib]
"(Default)" = "{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}"

[HKCR\Interface\{B964AF40-4AB7-11D3-A908-00105A088FAC}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{AA7E2065-CB55-11D2-8094-00104B1F9838}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\Interface\{787D0980-F63F-462C-86BC-FC23847C70F4}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{CC096170-E2CB-11D2-80C8-00104B1F6CEA}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\Interface\{80FDE82A-2CAA-11D3-88C3-00C04F72F303}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCU\Software\AppDataLow\Software\Exent\AOD\IS]
"ErrorNum" = "0"

[HKCR\Interface\{DED5FEEC-225A-11D3-88AA-00C04F72F303}\TypeLib]
"(Default)" = "{27D2CF3C-D5B0-11D2-8094-00104B1F9838}"

[HKCR\TypeLib\{27D2CF3C-D5B0-11D2-8094-00104B1F9838}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\TypeLib\{682C25C5-D7D9-11D2-80C5-00104B1F6CEA}\1.0\0\win32]
"(Default)" = "%Program Files%\Common Files\InstallShield\engine\6\Intel 32\iuser.dll"

[HKCR\.rgmx]
"(Default)" = "EXEtender"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Trojan-PSW adds the following link to its file to the system registry autorun key:

[HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender" = "%Program Files%\Free Ride Games\GPlayer.exe /runonstartup"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender" = "%Program Files%\Free Ride Games\GPlayer.exe /runonstartup"

[HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender" = "%Program Files%\Free Ride Games\GPlayer.exe /runonstartup"

The Trojan-PSW modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan-PSW modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

To automatically run itself each time Windows is booted, the Trojan-PSW adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender" = "%Program Files%\Free Ride Games\GPlayer.exe /runonstartup"

The Trojan-PSW modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-PSW deletes the following value(s) in system registry:

[HKCU\Software\AppDataLow\Software\Exent\AOD\IS]
"Progress"
"ErrorNum"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKLM\SOFTWARE\Exent\AOD\Client]
"FinishWindowMessage"

[HKCU\Software\AppDataLow\Software\Exent\AOD\IS]
"ExtResponse"

[HKCU\Software\Exent\AOD\Client]
"DefaultFeedbackUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

[HKCU\Software\AppDataLow\Software\Exent\AOD\IS]
"ErrorDesc"

[HKLM\SOFTWARE\Exent\AOD\Client]
"FinishWindow"

Dropped PE files

MD5 File path
5fc1bb4249d11957616ab7d1591c93cc c:\Documents and Settings\All Users\Application Data\Free Ride Games\ExentCtl.ocx
ed0907cabd92aa58922a27b21f0eb1cf c:\Documents and Settings\All Users\Application Data\Free Ride Games\Setup.exe
95ebe8539106eb728f0b3d7b466e6942 c:\Documents and Settings\All Users\Application Data\Free Ride Games\exs.dll
2b2267fb5123813bfb6b96edad31c6dd c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Exent\DACC10000\410b41c5-ab34-47d7-a9ec-155b75d584dd
ba400d3fbc358261388f23852212880b c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Exent\DACC10044\66076066-8968-4cff-8baf-3013e33672d5
b3fd01873bd5fd163ab465779271c58f c:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
003a6c011aac993bcde8c860988ce49b c:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
377765fd4de3912c0f814ee9f182feda c:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
8f02b204853939f8aefe6b07b283be9a c:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
b2f7e6dc7e4aae3147fbfc74a2ddb365 c:\Program Files\Common Files\InstallShield\IScript\iscript.dll
72ef2d24d0efd50633e348426acb452f c:\Program Files\Free Ride Games\AX32.dll
159c78a81816dc15cc9fe4d273d2781d c:\Program Files\Free Ride Games\AppLoader2KEx.dll
ab19728f1ec4eba1df9a362939377c8e c:\Program Files\Free Ride Games\CrashDump.dll
4974c51ebfe23ea462f4d081e98e95f1 c:\Program Files\Free Ride Games\DoDlg.exe
eb157205162de69acc96766e2a0cb2a3 c:\Program Files\Free Ride Games\GPlayer.exe
e6e7853bb0b7fde58b0983e2c85ee6ed c:\Program Files\Free Ride Games\GPlrLanc.exe
9235f77aae0362677d15bfc80bb1940a c:\Program Files\Free Ride Games\GUpdater.dll
3aebaa29a87560f522509fc650aecaa9 c:\Program Files\Free Ride Games\GUpdater.exe
b4376b88546e061d5a7dc57416b75a96 c:\Program Files\Free Ride Games\GameInst.dll
b3420537a7df55eb0d774097dcc550f1 c:\Program Files\Free Ride Games\GameLauncher.exe
7afe4044b1c5e45d4991c5c399617cff c:\Program Files\Free Ride Games\Report.exe
6ab44d3bfcbb2a3b25aa5c40c8beb451 c:\Program Files\Free Ride Games\Uninstall.exe
549d2f6d72267e727ed29baef05aa68b c:\Program Files\Free Ride Games\X4Ex_Pr143.sys
51b3cc1f1a2762f31ac35560a1de9004 c:\Program Files\Free Ride Games\X4HSEx_Pr143.sys
d6e78146601f20ba947bc9576c3c0fb4 c:\Program Files\Free Ride Games\X5Ex_Pr143.sys
8ab65f649dd26b8adb9995b31b5d8595 c:\Program Files\Free Ride Games\X5XSEx_Pr143.sys
137008d640c0db7c6c88d444334570e9 c:\Program Files\Free Ride Games\X6Ex_Pr143.sys
636248dae1ff854d29fe7beed971a73a c:\Program Files\Free Ride Games\X6XSEx_Pr143.sys
d6e78146601f20ba947bc9576c3c0fb4 c:\Program Files\Free Ride Games\X7Ex_Pr143.sys
8ab65f649dd26b8adb9995b31b5d8595 c:\Program Files\Free Ride Games\X7XSEx_Pr143.sys
137008d640c0db7c6c88d444334570e9 c:\Program Files\Free Ride Games\X8Ex_Pr143.sys
636248dae1ff854d29fe7beed971a73a c:\Program Files\Free Ride Games\X8XSEx_Pr143.sys
9892dd9fb888c48366996a09052b3868 c:\Program Files\Free Ride Games\cmhelper.exe
39c858645cbf37b83bc907e188f8bc85 c:\Program Files\Free Ride Games\d3dx9_32.dll
a4f48fe01bc3c213ea63f2a66acfd540 c:\Program Files\Free Ride Games\exs.dll
55c38709c3c879b2d0fa24f751d2c824 c:\Program Files\Free Ride Games\glutil.dll
3242c94d9c7e35690d48ca717c3ad4d6 c:\Program Files\Free Ride Games\npExentCtl.dll
91ce51cbf504a58780c51a0c0193799a c:\Program Files\Free Ride Games\npGameTreatWidget.dll
9bc0902f50e58167b4b778ef6f1b1103 c:\Program Files\Free Ride Games\wh_Pr143.dll
ed0907cabd92aa58922a27b21f0eb1cf c:\Program Files\InstallShield Installation Information\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}\Setup.exe
a757e3be4d64a2624e97986ab343471e c:\Remote Programs\Zombie Bowl-O-Rama\GPlrLanc.exe
7e2fce070721c1f55197f3ea61e4fc45 c:\Remote Programs\Zombie Bowl-O-Rama\exs.dll
5fc1bb4249d11957616ab7d1591c93cc c:\WINDOWS\Downloaded Program Files\ExentCtl.ocx
366f15af00817534a1e6485bf0cc0d08 c:\WINDOWS\ExentInfo.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: FreeRide Games
Product Version: 07.03.00.00
Legal Copyright: Copyright (c) 1996-2014 Exent Technologies Ltd.
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 07.03.00.00
File Description: FreeRide Games
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 24032 24064 4.51173 fb829372ec3ee0af33f0926f363d7112
.rdata 28672 4826 5120 3.5354 bed60c9116dbff6d06b51530a732c0c9
.data 36864 152728 1024 3.49454 fc40238f44ce66a60a99356986da33b0
.ndata 192512 32768 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 225280 20184 20480 3.50043 884a371c32e0a56e63815640e7330afd

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://e8296.g.akamaiedge.net/spdo/feeds/sdmConfig?camp=silent&serial_id=playfincom&serviceId=143&gameId=654250
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=SDM_TotalProcessStart&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=SDM_AutoAcceptOfferAccepted&OfferId=10002&OfferOrder=1&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=SDM_AutoAcceptOfferAccepted&OfferId=10000&OfferOrder=2&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=SDM_AddonDownloadStart&OfferId=10002&AddonId=10044&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://a1697.b.akamai.net/FRG_site/SDM_Offer_Assets/GameFirst/All/Location_extractor_654250.exe
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=SDM_AddonDownloadStart&OfferId=10000&AddonId=10000&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://a1697.b.akamai.net/FRG_site/downloads/EXEtender_Default.exe
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=SDM_ProgressBarDisplayed&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=SDM_AddonDownloadFinished&OfferId=10000&AddonId=10000&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=SDM_AddonDownloadFinished&OfferId=10002&AddonId=10044&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=SDM_AddonInstallStart&OfferId=10002&AddonId=10044&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=SDM_AddonInstallFinished&OfferId=10002&AddonId=10044&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=SDM_AddonInstallStart&OfferId=10000&AddonId=10000&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?track=playerinstallationstart&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB&ver=117724672
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=clientInstallationFinished&ver=117724672&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=playerinstallationfinished&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB&ver=117724672
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=SDM_AddonInstallFinished&OfferId=10000&AddonId=10000&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftRootAuthority.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicWinHarComPCA_2010-11-01.crl
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=SDM_PlayerLaunch&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://e8296.g.akamaiedge.net/opTools/clientTracking.jsp?trackEvent=SDM_TotalProcessFinished&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB
hxxp://a1697.b.akamai.net/FRG_site/data/feeds/Os_Build_Supp/version.xml
hxxp://e8296.g.akamaiedge.net/spdo/feeds/gamesByIglFeatureList?serviceId=143&igl_feature=2
hxxp://e8296.g.akamaiedge.net/do/skin?action=cookie
hxxp://e8296.g.akamaiedge.net/spdo/feeds/gameItemList?serviceId=143&genreId=69
hxxp://e8296.g.akamaiedge.net/do/skinAds?adId=MG160x600Frame&userid=Default-881459584499337457
hxxp://e8296.g.akamaiedge.net/spdo/feeds/promoFrame?serviceId=143&name=Skin My Games 160x600 Frame Ad
hxxp://e8296.g.akamaiedge.net/do/skinAds?adId=MG728x90Frame&userid=Default-881459584499337457
hxxp://e8296.g.akamaiedge.net/feeds/rtdGames?camp=silent&serviceId=143&_=1459584554240
hxxp://e8296.g.akamaiedge.net/spdo/feeds/genres?serviceId=143
hxxp://e8296.g.akamaiedge.net/spdo/feeds/gameItemList?serviceId=143&genreId=15
hxxp://e8296.g.akamaiedge.net/opTools/errorReport.jsp?t=1&e=65&p=0&sty=0&dty=1
hxxp://e8296.g.akamaiedge.net/spdo/feeds/promoFrame?serviceId=143&name=Skin My Games 728x90 Frame Ad
hxxp://track.freeridegames.com/skin/track.html?action=SkinFirstLaunch&userid=Default-881459584499337457&muid=BB273423141A58A101001E0100004C680B583B683B68074157FC6F122EC0AD9D89680A6A0B9D8FC4376CE93868B0C95639680E16D0&campaign=Default-silent&playerVersion=07.04.56.00 8.25.144.113
hxxp://e8296.g.akamaiedge.net/do/conversionStatus?conversionName=PlayerInstallationCompleted&playTime=0&muid=40DCCFD8EF1AA35A79001E0100004C4BF17BC14BC14BFD62ADDF9531D4E357BE734BF049F1BE75E7CD4F131B92933375C34BF4352A&_=1459584554818
hxxp://e8296.g.akamaiedge.net/banners/promoframes/160x600_frame_ad
hxxp://e8296.g.akamaiedge.net/banners/promoframes/728x90_frame_ad
hxxp://a1507.b.akamai.net/free/frg/products/529250/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/586350/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/654450/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/807150/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/724450/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/535250/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/783550/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/830850/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/829150/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/764650/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/614950/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/728950/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/695150/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/786450/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/485050/boxshot.jpg
hxxp://e8296.g.akamaiedge.net/system/modules/com.exent.owned.geo.templates/resources/js/json2.js?version=53
hxxp://a1507.b.akamai.net/free/frg/products/622850/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/821250/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/781650/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/480850/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/787850/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/635450/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/784450/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/567950/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/780350/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/670850/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/816150/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/806950/boxshot.jpg
hxxp://e8296.g.akamaiedge.net/system/modules/com.exent.owned.geo.templates/resources/js/jquery.min.js?version=53
hxxp://a1507.b.akamai.net/free/frg/products/825250/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/746650/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/807850/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/452750/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/798350/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/664850/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/445950/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/754550/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/670350/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/725950/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/750650/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/666750/boxshot.jpg
hxxp://e8296.g.akamaiedge.net/system/modules/com.exent.owned.geo.templates/resources/js/jquery.globalEvents.js?version=53
hxxp://a1507.b.akamai.net/free/frg/products/554750/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/663250/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/835250/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/572150/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/807950/boxshot.jpg
hxxp://a1507.b.akamai.net/free/frg/products/654250/boxshot.jpg
hxxp://e8296.g.akamaiedge.net/system/modules/com.exent.owned.cms.utils/resources/js/utils.jsp?version=53
hxxp://e8296.g.akamaiedge.net/system/modules/com.exent.owned.geo.templates/resources/js/controller.js?version=53
hxxp://e8296.g.akamaiedge.net/system/modules/com.exent.owned.geo.templates/resources/js/geoServices.js?version=53
hxxp://e8296.g.akamaiedge.net/system/modules/com.exent.owned.geo.templates/resources/js/scriptsIncludes.js?version=53
hxxp://e8296.g.akamaiedge.net/action/JSONService
hxxp://www-google-analytics.l.google.com/analytics.js
hxxp://www-google-analytics.l.google.com/r/collect?v=1&_v=j41&a=798138249&t=pageview&_s=1&dl=http://www.freeridegames.com/banners/promoframes/728x90_frame_ad&ul=en-us&de=utf-8&sd=32-bit&sr=1276x846&vp=728x90&je=0&fl=11.6 r602&_u=AEAAAAAAI~&jid=224464841&cid=1349977310.1459584557&tid=UA-4994835-11&_r=1&z=1292276131
hxxp://e8296.g.akamaiedge.net/banners/promoframes/banners/Default/Tribal/160x600_default_tribal.html
hxxp://e8296.g.akamaiedge.net/banners/promoframes/banners/Default/Tribal/728x90_default_tribal.html
hxxp://tags.expo9.exponential.com/tags/FreeRideGamescomPlayer/ROW_Player/tags.js 204.11.109.75
hxxp://a.tribalfusion.com/displayAd.js?dver=0.4&th=6964238882 204.11.109.65
hxxp://a.tribalfusion.com/j.ad?flashVer=9&ver=1.27&th=6964238882&tagKey=281869759&site=freeridegamescomplayer&adSpace=row_player&center=1&size=728x90&env=desktopApp&url=http://www.freeridegames.com/banners/promoframes/728x90_frame_ad&f=0&p=4492070&a=1&adContainerId=richmedia_2&rnd=4493329 204.11.109.65
hxxp://a.tribalfusion.com/i.u?flashVer=9&ver=1.27&th=6964238882&tagKey=281869759&postfailed=1&site=freeridegamescomplayer&adSpace=row_player&center=1&size=728x90&env=desktopApp&url=http://www.freeridegames.com/banners/promoframes/728x90_frame_ad&f=0&p=4492070&a=1&adContainerId=richmedia_2 204.11.109.65
hxxp://a.tribalfusion.com/i.u?flashVer=9&ver=1.27&th=6964238882&tagKey=281869759&postfailed=1&site=freeridegamescomplayer&adSpace=row_player&center=1&size=160x600&env=desktopApp&url=http://www.freeridegames.com/banners/promoframes/160x600_frame_ad&f=0&p=4485136&a=1&adContainerId=richmedia_2 204.11.109.65
hxxp://a.tribalfusion.com/j.ad?flashVer=9&ver=1.27&th=6964238882&tagKey=281869759&site=freeridegamescomplayer&adSpace=row_player&center=1&size=160x600&env=desktopApp&url=http://www.freeridegames.com/banners/promoframes/160x600_frame_ad&f=0&p=4485136&a=1&adContainerId=richmedia_2&rnd=4489368 204.11.109.65
hxxp://img.exent.com/free/frg/products/485050/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/system/modules/com.exent.owned.cms.utils/resources/js/utils.jsp?version=53 23.59.117.198
hxxp://dts1.freeridegames.com/FRG_site/downloads/EXEtender_Default.exe 212.30.134.199
hxxp://www.google-analytics.com/r/collect?v=1&_v=j41&a=798138249&t=pageview&_s=1&dl=http://www.freeridegames.com/banners/promoframes/728x90_frame_ad&ul=en-us&de=utf-8&sd=32-bit&sr=1276x846&vp=728x90&je=0&fl=11.6 r602&_u=AEAAAAAAI~&jid=224464841&cid=1349977310.1459584557&tid=UA-4994835-11&_r=1&z=1292276131 216.58.214.206
hxxp://www.freeridegames.com/do/conversionStatus?conversionName=PlayerInstallationCompleted&playTime=0&muid=40DCCFD8EF1AA35A79001E0100004C4BF17BC14BC14BFD62ADDF9531D4E357BE734BF049F1BE75E7CD4F131B92933375C34BF4352A&_=1459584554818 23.59.117.198
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_AddonInstallStart&OfferId=10002&AddonId=10044&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://img.exent.com/free/frg/products/724450/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/764650/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/825250/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/787850/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/572150/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_PlayerLaunch&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://img.exent.com/free/frg/products/807850/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/445950/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/529250/boxshot.jpg 212.30.134.214
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftRootAuthority.crl 212.30.134.167
hxxp://dts1.freeridegames.com/FRG_site/SDM_Offer_Assets/GameFirst/All/Location_extractor_654250.exe 212.30.134.199
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?track=playerinstallationstart&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB&ver=117724672 23.59.117.198
hxxp://www.freeridegames.com/system/modules/com.exent.owned.geo.templates/resources/js/jquery.globalEvents.js?version=53 23.59.117.198
hxxp://www.freeridegames.com/do/skin?action=cookie 23.59.117.198
hxxp://img.exent.com/free/frg/products/635450/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/do/skinAds?adId=MG728x90Frame&userid=Default-881459584499337457 23.59.117.198
hxxp://www.freeridegames.com/system/modules/com.exent.owned.geo.templates/resources/js/json2.js?version=53 23.59.117.198
hxxp://img.exent.com/free/frg/products/622850/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/783550/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/750650/boxshot.jpg 212.30.134.214
hxxp://dts1.freeridegames.com/FRG_site/data/feeds/Os_Build_Supp/version.xml 212.30.134.199
hxxp://img.exent.com/free/frg/products/798350/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/spdo/feeds/promoFrame?serviceId=143&name=Skin My Games 160x600 Frame Ad 23.59.117.198
hxxp://img.exent.com/free/frg/products/567950/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_AddonDownloadStart&OfferId=10000&AddonId=10000&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://www.freeridegames.com/banners/promoframes/banners/Default/Tribal/160x600_default_tribal.html 23.59.117.198
hxxp://img.exent.com/free/frg/products/786450/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_AddonDownloadFinished&OfferId=10002&AddonId=10044&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=clientInstallationFinished&ver=117724672&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_AddonDownloadStart&OfferId=10002&AddonId=10044&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://img.exent.com/free/frg/products/654250/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/728950/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/system/modules/com.exent.owned.geo.templates/resources/js/geoServices.js?version=53 23.59.117.198
hxxp://img.exent.com/free/frg/products/806950/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/spdo/feeds/gamesByIglFeatureList?serviceId=143&igl_feature=2 23.59.117.198
hxxp://www.freeridegames.com/feeds/rtdGames?camp=silent&serviceId=143&_=1459584554240 23.59.117.198
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_AutoAcceptOfferAccepted&OfferId=10000&OfferOrder=2&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://www.freeridegames.com/system/modules/com.exent.owned.geo.templates/resources/js/controller.js?version=53 23.59.117.198
hxxp://img.exent.com/free/frg/products/746650/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_TotalProcessFinished&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://crl.microsoft.com/pki/crl/products/MicWinHarComPCA_2010-11-01.crl 212.30.134.167
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=playerinstallationfinished&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB&ver=117724672 23.59.117.198
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_AddonInstallStart&OfferId=10000&AddonId=10000&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_TotalProcessStart&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://img.exent.com/free/frg/products/654450/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/452750/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/835250/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/spdo/feeds/genres?serviceId=143 23.59.117.198
hxxp://img.exent.com/free/frg/products/664850/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_AddonDownloadFinished&OfferId=10000&AddonId=10000&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://www.freeridegames.com/banners/promoframes/banners/Default/Tribal/728x90_default_tribal.html 23.59.117.198
hxxp://www.google-analytics.com/analytics.js 216.58.214.206
hxxp://img.exent.com/free/frg/products/535250/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_AutoAcceptOfferAccepted&OfferId=10002&OfferOrder=1&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://img.exent.com/free/frg/products/754550/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/670350/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_ProgressBarDisplayed&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://img.exent.com/free/frg/products/821250/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/spdo/feeds/gameItemList?serviceId=143&genreId=69 23.59.117.198
hxxp://img.exent.com/free/frg/products/830850/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/spdo/feeds/sdmConfig?camp=silent&serial_id=playfincom&serviceId=143&gameId=654250 23.59.117.198
hxxp://img.exent.com/free/frg/products/816150/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/829150/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/action/JSONService 23.59.117.198
hxxp://img.exent.com/free/frg/products/480850/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/system/modules/com.exent.owned.geo.templates/resources/js/jquery.min.js?version=53 23.59.117.198
hxxp://www.freeridegames.com/banners/promoframes/160x600_frame_ad 23.59.117.198
hxxp://img.exent.com/free/frg/products/614950/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/opTools/errorReport.jsp?t=1&e=65&p=0&sty=0&dty=1 23.59.117.198
hxxp://img.exent.com/free/frg/products/781650/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/725950/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/banners/promoframes/728x90_frame_ad 23.59.117.198
hxxp://img.exent.com/free/frg/products/780350/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/670850/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/784450/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/spdo/feeds/promoFrame?serviceId=143&name=Skin My Games 728x90 Frame Ad 23.59.117.198
hxxp://www.freeridegames.com/do/skinAds?adId=MG160x600Frame&userid=Default-881459584499337457 23.59.117.198
hxxp://img.exent.com/free/frg/products/663250/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/807150/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/586350/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/666750/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_AddonInstallFinished&OfferId=10000&AddonId=10000&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://img.exent.com/free/frg/products/807950/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/opTools/clientTracking.jsp?trackEvent=SDM_AddonInstallFinished&OfferId=10002&AddonId=10044&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB 23.59.117.198
hxxp://img.exent.com/free/frg/products/554750/boxshot.jpg 212.30.134.214
hxxp://img.exent.com/free/frg/products/695150/boxshot.jpg 212.30.134.214
hxxp://www.freeridegames.com/spdo/feeds/gameItemList?serviceId=143&genreId=15 23.59.117.198
hxxp://www.freeridegames.com/system/modules/com.exent.owned.geo.templates/resources/js/scriptsIncludes.js?version=53 23.59.117.198


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Outdated Windows Flash Version IE

Traffic

GET /free/frg/products/654450/boxshot.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 29 Nov 2009 15:19:29 GMT
Content-Type: image/jpeg
Content-Length: 26119
Accept-Ranges: bytes
X-Varnish: 430990036 430922766
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......N......Adobe.d....................
......................................................................
......................................................................
......................................................................
...........!.1.A"..Qa2q.B#...3..Rbr....C$4%....s&....S................
..........!1A..Qaq...."2......BR...b#r3......$..C4.............?....*F
.U...I......i.!",.$-.....H...x.%j.aY......M........t..m1.."..ZhF."/...
:...:.2... l.8..!.j.....O.v.%gl( ....E..8#R...G.....9....F..>n. ..v
c%......bz1....:.R....a.u.Q...=..U[a..&...y..p.;...... ....r.....a.R.Z
.....%..R..2....#Mz......... ..r.B.c.:--...[yy...flAM.......x.&U..rA..
.VH,K.Q.~....O..c.....^..=cK,I.TT..8..w..J...Zu!........on.Dm.T&...!'.
T.....l....?...$z...F.j=.w..]./lvT...V..v..rj;,k...:.:....dy..q%.. ..m
!M?oa.....e..{........u.\k.gV...d~... .....U./_.GJ.;L$.l..J..?...BN."k
....~...=q.H."<.im..P.?.MI?..i.]..1....N:.!..*.."R?....m=q.).#.....
..c...ha>... :..NPvE....A.............../Wl/.'...d|/.Q:bs..OE?WI...
R...f.sh..c...4..8..."^......uDkh....,.....!...Msc&...>...'..H<.
.. ./".t.L..S.f.\....?.^.5.L..A.#..]......J.:.qT.|..:....%.........].o
TB...A..i. .1...x..>.t*L. a.P....X.......v.[1.........g...)..,.....
Cb....=.........A.t|..S.p..wx.x......0..F.0v.?.....a..,"1..o.....G....
...Zr.S.n...v...Tb}.:..O....OWm2....wH.......".]F..K... ....{a?K/n....
...!..l@.`...u._.9.?..q.OOS.....L.lZO..=..MJ..fK..C...g...v._?.....X..
3B.RJ.)..i...r{r).".C.......2.I...*.a...z.U...WS........x...L..S.Y
<<< skipped >>>

GET /free/frg/products/786450/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Mon, 03 Mar 2014 15:50:14 GMT
Content-Type: image/jpeg
Content-Length: 22440
Accept-Ranges: bytes
X-Varnish: 433684629 433666575
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......K......Adobe.d....................
......................................................................
......................................................................
......................................................................
..........!.1.AQ"..a2q#..BR$....b3..%&.r......Sc.E.6F.................
......!.1A..Qa.q...".....2.B.Rb..#.r3......$............?.........Uc.d
@[email protected]/..~B....a....nd..f=I............*..v.-#.Z..
-..)..D.....6(.).. q..w1....Tfz.j.T.Eb.dgu.M{. .....M..jn..>....!..
..2..s.=.E4w..4....R..}..]B..^.v.t..& .......8#.../.pI.....d$B.#Z5.;..
...... R9...............Q.Ho.>........e8....V.......W.N..q.zS.DZU..
.......F....z.:....J......^0....~;... ..yhW$.c .."...Kk..4.ug.y../.\..
.."...I.J.Ly..Kr.b..<...#FLz.B.......3.U.T...Ue.p.$.r\~....4.....".
CJ..y..}:...WS........p....j{w#up*p...0........;.>.......QdC.B.....
V'....)Z....|....I.s.K=.P.lL....KV......j..I...|~._ .....>..}U.....
...;.EB..s...%.....V#s2*!#.r..Mu=]b:..h./.Q.3FTt...v.N>...dx..!4#..
!......:O...De MJ..8D[...,....B{....c.s.....!#...q.Zz.KS.SVPY=......W.
..{....P..,.c0.%.L..U.HT,....3z.p.k...:.s2@..>%H....;.... .F),..kW.
. |[email protected] P.......,B%...U5w...4^......S5}.^..9(o#..H8.4.......
.S.N.......,.. K.7....y7..G..6..Pd......jE[p ...s..Dq.v.g.....!..4.Z~.
.5.8..O>'....V....^.H..*..Z.d.A./`.......u.%....AULa.....Ff..|.....
..A.U.}.~X.n.:.xnY..W.D.#....u#..W.......F..v...yP.s...z./GL.a.=......
*./..1.5. _lrF...BX..:..=........#.gNw.`.Z.....]2.....Pw..N......x
<<< skipped >>>

GET /free/frg/products/821250/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 16 Nov 2014 13:22:07 GMT
Content-Type: image/jpeg
Content-Length: 29234
Accept-Ranges: bytes
X-Varnish: 1019352717 1017859953
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P.....(hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c02
1 79.154911, 2013/10/29-11:47:16        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:438C799E6D9111E496938D2BA
A410607" xmpMM:InstanceID="xmp.iid:438C799D6D9111E496938D2BAA410607" x
mp:CreatorTool="Adobe Photoshop CC Windows"> <xmpMM:DerivedFrom 
stRef:instanceID="xmp.iid:A9BC99956D8F11E4BEAABB5B3ECF1C67" stRef:docu
mentID="xmp.did:A9BC99966D8F11E4BEAABB5B3ECF1C67"/> </rdf:Descri
ption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
;....Adobe.d..........................................................
......................................................................
......................................................................
..............................................!1.A"..Qa2.qB#...$..b3..
R.C4...r.Sc.%5&6'........................!..1A.Qa"..q..2B.Rb#....r....
.3C...Sc$.%...4.............?.Uh.[..5..b.....'....2..q...u.4..).....Q.
...c..m...~:...'U.(1".Y.)'mQf...\..%. .HA>5=...9.,g.h...6.......`&l
t;..W....5d.@F.:....q...I.x....3............!3.#....qe...........8..bx
..q.......~.........!. ..<m....0.0m..7..8..V..?......o.........
<<< skipped >>>

GET /free/frg/products/635450/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Mon, 01 Jun 2009 11:16:49 GMT
Content-Type: image/jpeg
Content-Length: 16908
Accept-Ranges: bytes
X-Varnish: 432007135 431813170
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......P......Adobe.d....................
......................................................................
......................................................................
......................................................................
............#3.".2BRCS$.br.cs4..!....D%...T.1A.d5EQaq....U&.....t..u..
............................#"2B3C..Rbr.Sc$.!1.4D..a....s.TA.....q....
.%.............?..:..h:...........2...}.${... .....=....tq:..d...e..d.
....u0.Lc..r...f.~...6......="J?..yb.OY........oV@.....*.._..A.~n\7.dv
.FaK..33..W..X'x0...#..E......-.....s1.U.......".d.(!..Ju.&N"w...b..u.
M8..l.....5?.t,.\.7k)..N.7;<..c.xqZw}.Q.s... ...P....c'....oPC...,.
.-)#ML.........l...._g...l_fRX.........Z.....`.<.ZX...a.~.....nE..P
a..B.2t.....R.MX...PrZ....l...r....1;o.V?.CL......F...G.._e.j........u
...t..b.....3...q..r..aJN.8d........g...Ol...N.f\.H=*....zf...f....#%.
..R..........y......~......;..8x. X....,F...Z..N.Q#q......\...p]%I.. R
/.%q....:.......mV... ......0!...!qc..v/.P:.g.|e8k.kKs.0c.V,......Y..`
_j,..Z...............Q.-.."..-;].KM..1,.;I.......:.C......L.........I.
.eN.>...[..b^..'..K..,"......Q~.3}w9.........Bxw...OG..8.@.........
......................W#c...qx..`...E..FZ...N.a/}..-.;.eZ..'G..IX..j..
.._..y.qo...<.S.....c>#.r........<.&...a.x8g.......#.o..\..~.
-...Yu$3...../...Qk...[.......J. R/)....,..Vl...}w...;..1t..E...s.}...
..e^...(ZT.Jd'...5.U..Xz^.8.K.....3.9..N *j.....W..$J...X...'.....5WN{
J5ybT.Y..RL.....u.......i...Z.].`...%.VRg..f.[z.F[..gLd|...X...I.1
<<< skipped >>>

GET /free/frg/products/670850/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Thu, 07 Nov 2013 09:30:24 GMT
Content-Type: image/jpeg
Content-Length: 18828
Accept-Ranges: bytes
X-Varnish: 1019352672 1017891884
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......W......Adobe.d....................
......................................................................
......................................................................
......................................................................
............#.."2B3.RC$..bScs4..!1r....%a....DT5Q..d.U&......u'Aq....t
EeV7w.........................."2#..BRb3..!r.CS$..1.....4AQ...a..DT5q.
.c..s.&6.............?..d..JJ.KX.^.`..-.4.D^..#z...........z){........
*7?V..xy<\.cI.[.C.\........E....~.*.A.........@.*.d30...n4.1j}_p>
;.p..%..V../a.L.(^..k.#.......z.2...q...x..rY.5.....i..j...d.(.\.. .. 
].v.....aG..^3!...M>....w.r...%.D-.6.8........9B.q8-W>..4..6.!A.
.|T..r.3....G.. ...ZJ....2.......5.&.L.....E...c.............F...8]...
...z...&..,#.J...H"7B.....n.L.........W..[.d.'.........G.....O...o.m..
h....c..D>d...;.P.^%[..S.B....6..g.....81RH.:f.....G..k.W......_.R.
.U^........z3.....r.:..T].1..Jz6.bQ..a/.^8....oK..P.h.1.%d.h........Ob
z..Luo&.Xt}<..z..y&"QB...Q..........yB.:.._. ...U9|A..& .....F..9..
..*6l.N..J."ix.2g.......0...>.`Ut......a2)=.w.D....5I.jV.f/.@H1../.
........Hr..q.f..."A.....G..f%..w.D...E...5..f.~%......4...&JG........
|8c.4{.}..b...<u<jO.CZQ...<C$..l.qRH9.ck...=N.U. m^D...%e.x.,
.3j...<Q.qI..80......m.2>...."D.9..,....U......f1..G....OO...md.
J,..\F.j.X.A4.N..ce..2.?5HM$...#.,".IV....F...:.(L..=k......%FP..&....
.2)...(.*.7..XOb2.F.1tj.&.zz..xc...]C{*..%F.E....C..b<cY.zEF..s.Q..
..T.....=.e..$a.xF..%/..P..F..TX=.'.......J..K......A.=.I..w.L.^..
<<< skipped >>>

GET /free/frg/products/746650/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Mon, 30 Apr 2012 12:17:51 GMT
Content-Type: image/jpeg
Content-Length: 26476
Accept-Ranges: bytes
X-Varnish: 431099142 430924834
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......F......Adobe.d....................
......................................................................
......................................................................
......................................................................
...........!1"..AQ2.aB#.qR...br3$...CS..s.....4%6.....................
....!1.AQ"..aq2B.......R..br#....3...CS$.cs..4.............?.sW.%..LP.
4.wsV...d........M.Z...U ..a..K}..S.v.F./..p.5s...lGH.-x.........<.
.,'.}....\Q.9.g..X...q...p...;"......AmOQ.4..R@....(x..V..2..x....A:."
. ..ea.....p"...JR.....j..1.)..n....E.....Q."D.b.8Vm<[email protected].
.u]wIH.1i..Y.b.....,.F~"IQ....;........I.(....j.G..*.h..C..*?....5.%..
....J.n.1m_...q.^..k........8..R.1.k....u:0..^.\n......2%..N....a.....
.....#......<.%.....q.Dy.B......<.p9.8.....B.}.wI..3.B|...uE..a.
XuJ\.s..r....pT..P=k...E.........J...Mi.Q.8Eq...s.c ....{..V..K..:...N
...=...n.n.._.4.....Z.v...F.F..C....SZbN......!.Et)..0N.E.S.a..A...../
O.].l.oA]Ky5o.....R.VUT...um.`....O...*..l..S...I(..pF.".$..(....}l.A.
*.....c. ...g.<[email protected]'.M<.k.X........ .E.R...b...r...$.....]..!.
..T..O.......9D.V.X..@."T78..*P...H..?3x..P;..:.....-........t..UKbq.?
!...8jO.(.#.Ei.)..$.B.........9{....J..-............sze.......1.yo..r.
.\i.I...O6...3.1.>%.A..=.,\\.y..>..i.g.J...[u..).m#.2.... ./....
....*.N?.1...{(...2Vx..e......^.,<...N....:.....)...ugA.:T..!......
..,.......U.7:}.).&...Z.H.>:6.[..sA.cV......~.....F.i....V.=..w..Z%
..gj..h.d...4......x...:m.zBI..v.....K....I..Asp.....Rzm....f_.J..
<<< skipped >>>

GET /free/frg/products/798350/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 03 Sep 2013 15:19:54 GMT
Content-Type: image/jpeg
Content-Length: 23462
Accept-Ranges: bytes
X-Varnish: 147377234 146269484
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......P.....XICC_PROFILE......HLino....m
ntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP 
 ................................................cprt...P...3desc.....
..lwtpt........bkpt........rXYZ........gXYZ...,[email protected]...
T...pdmdd........vued...L....view.......$lumi........meas.......$tech.
..0....rTRC...<....gTRC...<....bTRC...<....text....Copyright 
(c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1.......
.....sRGB IEC61966-2.1................................................
..XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ....
..b.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch.....
.......IEC hXXp://VVV.iec.ch..........................................
....desc........IEC 61966-2.1 Default RGB colour space - sRGB.........
...IEC 61966-2.1 Default RGB colour space - sRGB......................
desc.......,Reference Viewing Condition in IEC61966-2.1...........,Ref
erence Viewing Condition in IEC61966-2.1..........................view
.........._...............\.....XYZ .....L.V.P...W..meas..............
..................sig ....CRT curv.......................#.(.-.2.7.;.@
.E.J.O.T.Y.^.c.h.m.r.w.|..............................................
.................%. .2.8.>.E.L.R.Y.`.g.n.u.|.......................
..................&./.8.A.K.T.].g.q.z...............................!.
-.8.C.O.Z.f.r.~......................... .-.;.H.U.c.q.~...............
........ .:.I.X.g.w.....................'.7.H.Y.j.{...............
<<< skipped >>>


POST /opTools/errorReport.jsp?t=1&e=65&p=0&sty=0&dty=1 HTTP/1.1
User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 3724
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1; BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C54529D02DF34276F2B007CAEEA0B80C

tAQAAAAAAADCewQAeCAiAACAiQAKA-QAlAAAAAUAAAAeAAAAKAoAAAIAAAeTZXxGa8NlIFehYGqCMwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe8eAcAAAAAAAAAAA-AAAAGW-Z-OTC1N0MHW-MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
HTTP/1.1 200 OK
Server: Apache
Content-Length: 1
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html;charset=ISO-8859-1
Expires: Sat, 02 Apr 2016 08:09:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:09:03 GMT
Connection: keep-alive
Set-Cookie: bIPs=6da67a80eb8b1aa1cc96ccf1c083a86b;
0HTTP/1.1 200 OK..Server: Apache..Content-Length: 1..P3P: CP="IDC CURa
 ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type: text/html;char
set=ISO-8859-1..Expires: Sat, 02 Apr 2016 08:09:03 GMT..Cache-Control:
 max-age=0, no-cache, no-store..Pragma: no-cache..Date: Sat, 02 Apr 20
16 08:09:03 GMT..Connection: keep-alive..Set-Cookie: bIPs=6da67a80eb8b
1aa1cc96ccf1c083a86b;..0....


GET /system/modules/com.exent.owned.geo.templates/resources/js/jquery.min.js?version=53 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/160x600_frame_ad
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"


HTTP/1.1 200 OK
Server: Apache
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: application/x-javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=518400
Expires: Fri, 08 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Transfer-Encoding:  chunked
Connection: keep-alive
Connection: Transfer-Encoding
00006000.................F.?..<E..).b..(.........v..i.......E.,^"Y*
.E......m|#2...,.g...n.q$....;..v.f.y.o>.}...W....=.z.jq.77.Mq9/.|.
...^..?.[..r..c.....,.....&..m.g.^...\f.{z8....\e..O.<..?..^.O....o
e~....u...;."...U.w.....t6.....xs.Di/Ye.T.M|....]......:_foW~..<.z.
v.{Y.]..O^0.z.|......*DO..j.{.=_{.Cz....-U.n.x..=.../. '.x.{.Jo{|..j..
..n..l7..4/.....T.{.rZ.3........C.jU..<..p.......'.V....e.J........
?.m....fG...{......P.....t..?.B.X....k..s.c.K..-.".pS.n..P.6...:.Y.T5.
4\.W;...U..44....;..,e.=...^..S?]c.i.C..O.h......_.....GK5.M..8....4.4
.E..Q.<...m.{[.....O.....=.lI..8....n....2.?.{/.....?&....}_...v5..
...w..}..G..w4.....l.V.......i.mw..&4Yi.@[&..........i.>.S%..aA0..f
Q.hK..pP......<_......(.]..\-.R..z0Ym."....rPt........o.g..zM..!.P.
..p...Mi.lw.rYx..|4..V.......0F..|4....<....1..-..S/....|Nx...;....
....".w.3.{..Q>Z.i....x.Ut...:Jx. .3..f..G@Z.:.y..g4\j.v..B..]>.
..c...[.. z......\...:\.%.p...AB{[email protected].{?..d.[..dC....h...!
X.V.w.[Q.....:.h9\.i...........1.Ae.yr.W.........M.]..k...y...c.y.J.P.
.O..G....iAJZ.{[email protected].}0.........^......&..5.....`.F.Y....&
lt;...........@[email protected]..`......V....78M.X yM.b.x(u....Q..f.l...
f....E....3.#..l.l...`1Y.t.N...M...o..ZR!.D.<..}.JFJ.bF..A.z.....z3
.a....x.D...S9.D....N.n..j1...)f...$..?.z.Q>.....Q.3.'.n..P....x..|
..v.....<...F..~..M.eh)..Q6..x..]..O.......G(@..N.H.... .Ip../.pjz.
...h.....tUD..V.h2..........].Y4.N5........7j.}...3. [email protected]..}n4Pz
..5.....h>...$...X0....U..S...u;...BV.A._ F.P.........T.F.6..I.
<<< skipped >>>

GET /banners/promoframes/banners/Default/Tribal/728x90_default_tribal.html HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/728x90_frame_ad
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; _ga=GA1.2.1349977310.1459584557; _gat=1; geoCountryCode=UA; gfad_160x600={"refreshCount":1,"sessionRefreshCount":0,"lastRefreshTime":1459584556771}; gfad_728x90={"refreshCount":1,"sessionRefreshCount":0,"lastRefreshTime":1459584556786}


HTTP/1.1 200 OK
Server: Apache
Content-Length: 332
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=86400
Date: Sat, 02 Apr 2016 08:09:06 GMT
Connection: keep-alive
<html>..<head>..</head>..<body style="padding:0;m
argin:0;">....<script type="text/javascript"><!--..e9 = ne
w Object();.    .e9.size = "728x90";.    .e9.env = "desktopApp";.//--&
gt;</script>.<script type="text/javascript" src="hXXp://tags.
expo9.exponential.com/tags/FreeRideGamescomPlayer/ROW_Player/tags.js"&
gt;</script>...</body>.</html>HTTP/1.1 200 OK..Serve
r: Apache..Content-Length: 332..P3P: CP="IDC CURa ADMa DEVa TAIa OUR B
US IND UNI COM NAV"..Content-Type: text/html;charset=UTF-8..Cache-Cont
rol: max-age=86400..Date: Sat, 02 Apr 2016 08:09:06 GMT..Connection: k
eep-alive..<html>..<head>..</head>..<body style="
padding:0;margin:0;">....<script type="text/javascript"><!
--..e9 = new Object();.    .e9.size = "728x90";.    .e9.env = "desktop
App";.//--></script>.<script type="text/javascript" src="h
ttp://tags.expo9.exponential.com/tags/FreeRideGamescomPlayer/ROW_Playe
r/tags.js"></script>...</body>.</html>..



GET /spdo/feeds/sdmConfig?camp=silent&serial_id=playfincom&serviceId=143&gameId=654250 HTTP/1.1
User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: Apache
Content-Length: 9714
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: application/xml;charset=UTF-8
Expires: Sat, 02 Apr 2016 08:08:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:19 GMT
Connection: keep-alive
Set-Cookie: 143_TURNKEY=Default-881459584499337457; Expires=Sun, 02-Apr-2017 08:08:19 GMT; Path=/
Set-Cookie: 143_FIRST_BROWSER="Default-MSIE 8.0"; Version=1; Max-Age=7776000; Expires=Fri, 01-Jul-2016 08:08:19 GMT; Path=/
Set-Cookie: 143_CAMPAIGN_SERIAL_ID=Default-silent; Expires=Fri, 01-Jul-2016 08:08:19 GMT; Path=/
Set-Cookie: BIGipServerFRG_Web-pool-http=2869563564.20480.0000; path=/
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.<SDMC
onf>.    <Settings>.        <SettingsItem Name="cookieSync
DelEx"><![CDATA[1]]></SettingsItem>.        <Setting
sItem Name="cookieSyncNamesExPriority"><![CDATA[ON(143_CAMPAIGN_
SERIAL_OW,143_CAMPAIGN_SERIAL_ID)ON(143_TURNKEY)ON(143_FIRST_BROWSER)N
N(143_CAMPAIGN_PERFORMED_CONVERSIONS)NN(143_DAYS_PLAYED)NN(143_REACTIV
ATION_ID,CM)NN(143_GAG)ON(143_USER_EMAIL_ADDRESS)ON(143_EMAIL_COLLECTI
ON_ENETERED)ON(143_SUB_ID)NN(143_TOKEN)NN(143_PCKGS)NN(143_EX_ID)]]>
;</SettingsItem>.        <SettingsItem Name="cookieSyncDomain
"><![CDATA[VVV.freeridegames.com]]></SettingsItem>.    
    <SettingsItem Name="errorReportFilter"><![CDATA[45(0[0259
]|1[123])]]></SettingsItem>.        <SettingsItem Name="cl
ientGetRgmxUrl"><![CDATA[hXXp://VVV.freeridegames.com/opTools/ge
tRGMX.jsp]]></SettingsItem>.        <SettingsItem Name="co
okieSyncNamesPriority"><![CDATA[143_CS,143_CAMPAIGN_SERIAL_ID,14
3_TURNKEY,143_REACTIVATION_ID]]></SettingsItem>.        <S
ettingsItem Name="conversionTrackingUrl"><![CDATA[hXXp://VVV.fre
eridegames.com/do/conversionTracking]]></SettingsItem>.      
  <SettingsItem Name="errorReportUrl"><![CDATA[hXXp://VVV.fre
eridegames.com/opTools/errorReport.jsp?t=1&e=%ErrorCode%]]></Set
tingsItem>.        <SettingsItem Name="clientTrackingUrl"><
;![CDATA[hXXp://VVV.freeridegames.com/opTools/clientTracking.jsp]]
<<< skipped >>>

POST /opTools/clientTracking.jsp?trackEvent=SDM_TotalProcessStart&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: BIGipServerFRG_Web-pool-http=2869563564.20480.0000; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:20 GMT
Connection: keep-alive
Set-Cookie: JSESSIONID=00123866C92325C4F0E8921A9C764732; Path=/; HttpOnly
Set-Cookie: 143_userName=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_password=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_CAMPAIGN_SERIAL_ID=Default-silent; Expires=Fri, 01-Jul-2016 08:08:20 GMT; Path=/
Set-Cookie: 143_FIRST_BROWSER="Default-MSIE 8.0"; Version=1; Max-Age=7776000; Expires=Fri, 01-Jul-2016 08:08:20 GMT; Path=/
Set-Cookie: 143_CT=1; Expires=Sat, 09-Apr-2016 08:08:20 GMT; Path=/
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
....


POST /opTools/clientTracking.jsp?trackEvent=SDM_AutoAcceptOfferAccepted&OfferId=10002&OfferOrder=1&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; BIGipServerFRG_Web-pool-http=2869563564.20480.0000; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; JSESSIONID=00123866C92325C4F0E8921A9C764732; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:20 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
....


POST /opTools/clientTracking.jsp?trackEvent=SDM_AutoAcceptOfferAccepted&OfferId=10000&OfferOrder=2&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; BIGipServerFRG_Web-pool-http=2869563564.20480.0000; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; JSESSIONID=00123866C92325C4F0E8921A9C764732; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:20 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
....


POST /opTools/clientTracking.jsp?trackEvent=SDM_AddonDownloadStart&OfferId=10002&AddonId=10044&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; BIGipServerFRG_Web-pool-http=2869563564.20480.0000; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; JSESSIONID=00123866C92325C4F0E8921A9C764732; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:21 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
....


POST /opTools/clientTracking.jsp?trackEvent=SDM_AddonDownloadStart&OfferId=10000&AddonId=10000&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; BIGipServerFRG_Web-pool-http=2869563564.20480.0000; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; JSESSIONID=00123866C92325C4F0E8921A9C764732; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:21 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
....


POST /opTools/clientTracking.jsp?trackEvent=SDM_ProgressBarDisplayed&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; BIGipServerFRG_Web-pool-http=2869563564.20480.0000; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; JSESSIONID=00123866C92325C4F0E8921A9C764732; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:21 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
HTTP/1.1 200 OK..Server: Apache..Content-Length: 0..P3P: CP="IDC CURa 
ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type: text/html..Expi
res: Sat, 02 Apr 2016 08:08:21 GMT..Cache-Control: max-age=0, no-cache
, no-store..Pragma: no-cache..Date: Sat, 02 Apr 2016 08:08:21 GMT..Con
nection: keep-alive..Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956
;......


POST /opTools/clientTracking.jsp?trackEvent=SDM_AddonDownloadFinished&OfferId=10000&AddonId=10000&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; BIGipServerFRG_Web-pool-http=2869563564.20480.0000; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; JSESSIONID=00123866C92325C4F0E8921A9C764732; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:27 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
HTTP/1.1 200 OK..Server: Apache..Content-Length: 0..P3P: CP="IDC CURa 
ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type: text/html..Expi
res: Sat, 02 Apr 2016 08:08:27 GMT..Cache-Control: max-age=0, no-cache
, no-store..Pragma: no-cache..Date: Sat, 02 Apr 2016 08:08:27 GMT..Con
nection: keep-alive..Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956
;......


POST /opTools/clientTracking.jsp?trackEvent=SDM_AddonDownloadFinished&OfferId=10002&AddonId=10044&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; BIGipServerFRG_Web-pool-http=2869563564.20480.0000; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; JSESSIONID=00123866C92325C4F0E8921A9C764732; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:35 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
HTTP/1.1 200 OK..Server: Apache..Content-Length: 0..P3P: CP="IDC CURa 
ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type: text/html..Expi
res: Sat, 02 Apr 2016 08:08:35 GMT..Cache-Control: max-age=0, no-cache
, no-store..Pragma: no-cache..Date: Sat, 02 Apr 2016 08:08:35 GMT..Con
nection: keep-alive..Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956
;......


POST /opTools/clientTracking.jsp?trackEvent=SDM_AddonInstallStart&OfferId=10002&AddonId=10044&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; BIGipServerFRG_Web-pool-http=2869563564.20480.0000; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; JSESSIONID=00123866C92325C4F0E8921A9C764732; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:38 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
HTTP/1.1 200 OK..Server: Apache..Content-Length: 0..P3P: CP="IDC CURa 
ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type: text/html..Expi
res: Sat, 02 Apr 2016 08:08:38 GMT..Cache-Control: max-age=0, no-cache
, no-store..Pragma: no-cache..Date: Sat, 02 Apr 2016 08:08:38 GMT..Con
nection: keep-alive..Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956
;......


POST /opTools/clientTracking.jsp?trackEvent=SDM_AddonInstallFinished&OfferId=10002&AddonId=10044&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; BIGipServerFRG_Web-pool-http=2869563564.20480.0000; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; JSESSIONID=00123866C92325C4F0E8921A9C764732; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:40 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
HTTP/1.1 200 OK..Server: Apache..Content-Length: 0..P3P: CP="IDC CURa 
ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type: text/html..Expi
res: Sat, 02 Apr 2016 08:08:40 GMT..Cache-Control: max-age=0, no-cache
, no-store..Pragma: no-cache..Date: Sat, 02 Apr 2016 08:08:40 GMT..Con
nection: keep-alive..Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956
;......


POST /opTools/clientTracking.jsp?trackEvent=SDM_AddonInstallStart&OfferId=10000&AddonId=10000&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; BIGipServerFRG_Web-pool-http=2869563564.20480.0000; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; JSESSIONID=00123866C92325C4F0E8921A9C764732; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:42 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
HTTP/1.1 200 OK..Server: Apache..Content-Length: 0..P3P: CP="IDC CURa 
ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type: text/html..Expi
res: Sat, 02 Apr 2016 08:08:42 GMT..Cache-Control: max-age=0, no-cache
, no-store..Pragma: no-cache..Date: Sat, 02 Apr 2016 08:08:42 GMT..Con
nection: keep-alive..Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956
;......


POST /opTools/clientTracking.jsp?trackEvent=SDM_AddonInstallFinished&OfferId=10000&AddonId=10000&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; BIGipServerFRG_Web-pool-http=2869563564.20480.0000; JSESSIONID=00123866C92325C4F0E8921A9C764732; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:54 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
HTTP/1.1 200 OK..Server: Apache..Content-Length: 0..P3P: CP="IDC CURa 
ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type: text/html..Expi
res: Sat, 02 Apr 2016 08:08:54 GMT..Cache-Control: max-age=0, no-cache
, no-store..Pragma: no-cache..Date: Sat, 02 Apr 2016 08:08:54 GMT..Con
nection: keep-alive..Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956
;......


POST /opTools/clientTracking.jsp?trackEvent=SDM_PlayerLaunch&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; BIGipServerFRG_Web-pool-http=2869563564.20480.0000; JSESSIONID=00123866C92325C4F0E8921A9C764732; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:59 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
....


POST /opTools/clientTracking.jsp?trackEvent=SDM_TotalProcessFinished&sdmVersion=01.02.00.26&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; BIGipServerFRG_Web-pool-http=2869563564.20480.0000; JSESSIONID=00123866C92325C4F0E8921A9C764732; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:59 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
HTTP/1.1 200 OK..Server: Apache..Content-Length: 0..P3P: CP="IDC CURa 
ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type: text/html..Expi
res: Sat, 02 Apr 2016 08:08:59 GMT..Cache-Control: max-age=0, no-cache
, no-store..Pragma: no-cache..Date: Sat, 02 Apr 2016 08:08:59 GMT..Con
nection: keep-alive..Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956
;..



GET /free/frg/products/783550/boxshot.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Thu, 07 Mar 2013 10:16:26 GMT
Content-Type: image/jpeg
Content-Length: 20138
Accept-Ranges: bytes
X-Varnish: 432033305 432017633
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......K......Adobe.d....................
......................................................................
......................................................................
......................................................................
...........!.1.A"..Qa2#q.....BR.$.br3C%....S.5......................!.
.1.AQa.q"......2......BRr3..#Cb...S.............?..W..V...}5.y..PH....
....rO.*.]#.t....4....8.y.....i.G J...........J.`......BC.3.P2..4,....
.... .J..u..n.:......'..../.}t.w.....ez./YC(.P.....?./p$a...e=..{....#
j.p.G.....I.:......@..$....3y*.].X.5..c..$#...f'E..?..3'."4L2..A..r.J.
.P...F.. .R..k..A..\..n..{uZG.Y........4...94E`*...e.O.i..f.}.H.....].
.T...N...m....y....a.K.y.y.f......p.O....M.F..F........N.....u...:@,.u
=.I......j.u`....(....:w....]J5Q!l.dR..)Ps.6e......uV.R....T..z.|..>
;.......Ax..y.%[.."........z.t)E..:.X..Z...u.c.p>[email protected].........
o.=J.......tk...Gx);.....S........;..C.. .2'.ym..!*.[...$2.GBH.H....&l
t;TL...l..Qc#.....h..)..sN)..d.Q.)....i..::=...B..v..P;........B.Y..p6
m%D..d.Q.G=s.6.........W"...,.C<.A0..n...R."..`.p.D...9".f.....Z..E
.v.p]....N......5...p...=.. Y.....`vD...Q..HTTP/1.1 200 OK..Last-Modif
ied: Thu, 07 Mar 2013 10:16:26 GMT..Content-Type: image/jpeg..Content-
Length: 20138..Accept-Ranges: bytes..X-Varnish: 432033305 432017633..C
ache-Control: private, max-age=259200..Expires: Tue, 05 Apr 2016 08:09
:04 GMT..Date: Sat, 02 Apr 2016 08:09:04 GMT..Connection: keep-alive..
......JFIF.....d.d......Ducky.......K......Adobe.d................
<<< skipped >>>


GET /FRG_site/downloads/EXEtender_Default.exe HTTP/1.1
Range: bytes=7429329-9905771
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Thu, 24 Mar 2016 13:53:10 GMT
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Expires: Sat, 02 Apr 2016 08:08:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:21 GMT
Content-Range: bytes 7429329-9905771/12382216
Content-Length: 2476443
Connection: keep-alive
HTTP/1.1 206 Partial Content..Server: Apache/2.4.4 (Win64)..Last-Modif
ied: Thu, 24 Mar 2016 13:53:10 GMT..Accept-Ranges: bytes..Content-Type
: application/x-msdownload..Expires: Sat, 02 Apr 2016 08:08:21 GMT..Ca
che-Control: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Sa
t, 02 Apr 2016 08:08:21 GMT..Content-Range: bytes 7429329-9905771/1238
2216..Content-Length: 2476443..Connection: keep-alive..<}f.E/Q.S.xr
......Z.......v......0b.Y..gCd%).1..v....9S..upV.V....;V..b.l?M.'..u.&
.....r..kO....pI...R...&Z.A.3(...... . .....x;..]...:V.....|.^.%9.....
p. .=b.x{.E.............K....5.O....!.r..?.N.kxQh..n......G.......5..)
.J...Wl.......w/..0...2..C..;.......T:d>p..^..5#y.;..T...b1..U.M?..
w.g..-...3...,..~i.........3...q....A..#$....B.....'k....Z.P .Q.....&.
#_.T.<...D:..x.*q\]..F.=U6..ZX..........u.S..6.n=.....T2...z.U..Yr{
b.6.=e..W..O/......CK........K...u...vl>.i....$*y..O.}e..H .w......
.._q.I..}...]..R[[2...;[email protected]$.mGR..I...&_H$u..k..G:!......3...Dl
m&.Y.[..B...].mm",.A.Xac.a....uF....{.,....T..V.....}..x..R.Y..b(.....
yPx8...U...3C...V.......Xr-.=.L......}.[O ...Y.[.<.h..~Mk.5.=....ge
.g..17...9.....8..W}~.......n.k..gg5....l..~`...|......a...m[...PydJ\.
..M....D.Yp.M.p....Y.m...^......L...4.jM.......K.......9..]e]....f..f.
..-.6u.n..%.....4..[j..;[email protected].\ns....W."......i.
.WWU.......@..`s......6...kjRNa...~...I....k..n.c..../f.}.{...../...l{
."k.6`0XdE.....b......~.d<.....(. -}w.A........K.&.5...&53 % ...x.!
.... t# ...G.h..b5......:.d`[email protected]'.;e
<<< skipped >>>


GET /free/frg/products/830850/boxshot.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Wed, 15 Jul 2015 05:45:36 GMT
Content-Type: image/jpeg
Content-Length: 26448
Accept-Ranges: bytes
X-Varnish: 1287477663 1287282835
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P.....(hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c02
1 79.155772, 2014/01/13-19:44:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:B734D4B02AB411E59DD88EA20
EB9C7A5" xmpMM:InstanceID="xmp.iid:B734D4AF2AB411E59DD88EA20EB9C7A5" x
mp:CreatorTool="Adobe Photoshop CC Windows"> <xmpMM:DerivedFrom 
stRef:instanceID="xmp.iid:DE9CA4D8159011E5BC45BC31931EEAF5" stRef:docu
mentID="xmp.did:DE9CA4D9159011E5BC45BC31931EEAF5"/> </rdf:Descri
ption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
;....Adobe.d..........................................................
......................................................................
......................................................................
.............................................!1.A"Q2..aq#..B...Rb3...r
$..C%...s5&........................!1..AQaq.."......2B...R.b#.r..3....
C$4............?....]... Ofn [email protected]..#......ZB.Z..JA'W
.. .*a...`..3,[..i.I.a.-.....S.'sN.8.v.u.BG(9...E...%.J...tk]P V.. .{.
...k. e.t...#^........J.........m..<q|...l.hN..\\......=.*Q.H..$...
5.Z.\p... .... ..n.oz5..%QeAI. ...x.{.._....:...z... .,T.....z4Yw.
<<< skipped >>>


GET /FRG_site/SDM_Offer_Assets/GameFirst/All/Location_extractor_654250.exe HTTP/1.1
Range: bytes=0-8750805
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Wed, 16 Jul 2014 12:08:24 GMT
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Expires: Sat, 02 Apr 2016 08:08:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:22 GMT
Content-Range: bytes 0-8750805/43754032
Content-Length: 8750806
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..i
u..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L.....
oS.................^...|.......0.......p....@.........................
.................................................t..........0L........
......@............................................................p..
.............................text....].......^.................. ..`.r
data.......p.......b..............@[email protected]..........
....@....ndata...................................rsrc...0L.......N...z
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u....r@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Tp@[email protected]
....E..9}[email protected].}.j.W.E......E.......@[email protected]..
[email protected]<[email protected] [email protected]...\r@._
^3.[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G
.....t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i.
<<< skipped >>>


GET /FRG_site/downloads/EXEtender_Default.exe HTTP/1.1
Range: bytes=2476443-4952885
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Thu, 24 Mar 2016 13:53:10 GMT
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Expires: Sat, 02 Apr 2016 08:08:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:21 GMT
Content-Range: bytes 2476443-4952885/12382216
Content-Length: 2476443
Connection: keep-alive
......Mp..Z....{R\T'./w YN......u..x.....fXM....6.U._....w.g.~.E..a.)s
R....$,....Te'b|9.........m.N0.x.....&3x{X...`..a..g7(...f/.....f7...G
S.JFp..W.... R[E...N..=...0.f.....M.X.1......eS.A\...# ....P[......bBg
4bn.b...........p5..||i.......G......>......?.jh.....7Z...3..K_.k..
>.6..........~..<|........'..[t.....!,(....... ...zPPT...r0(....
..zPp..=(.....cjK%o...].......u..{..&vS...B^...5z=._.[#.K.{.........q.
. ..i....6.%{J....w@...." ...u.....~X.......P....v....5S.4..`......;..
..9.y...O....s..W.Ka......e]}...U......z...yh}...(.v.4.....6....Z].F@'
...1....~..F}.>j......,[7..B........;~....kXh...3....^..X..h..V.C^.
=..~........G.2.../:..4.xQ.....<.B..v..,.dJ...2(|..c... k..k....?y&
gt;T...........:gn.)!'.....hN...9......p...U..2.........Z.........i.,:
-.A;...!...;.^Eg..'`.R........[8.T.{P.....T..:.T....*.u..,..E._..hf...
.._|...._.R....*.........6...G....8.@...=.Q......vx....^.c-)....6.>
.=..ag.i.....R.D.8?....#Cjp8w...d.UZb.R.;r.=.'.V.o...1-.....9..F.|..|]
<.....8.q...i............f....<....Do...o.o.v.y...QcO.Fk.....Esj
..:........9bA<..L..$].... .WV..............O.<?.L*..J.!......;.
L.../N-._.....F.%......<[email protected]..?../..E0.].po
.#Q...Nb...A.5.`....tD:..E.?.{^..{..... ....`.X.|0.Q.X..`Q...x7.#....c
..G.T..-......p.s...9\.Nu..>.=...3...1Za...a..... ..3'!....V....8}{
U.%.[i}r}[.>.o....oo..x.}{.o......o_.....?A..........d^k.?.7`...J..
..{[email protected]...~.........D..}...-........^l.Z>..f........$a^.T.O.
"........g[.mUj,4..s...P..9L)7Ou4........v....,\...D..jH.A.i0.C...
<<< skipped >>>


GET /spdo/feeds/genres?serviceId=143 HTTP/1.1
Accept: */*
Accept-Language: en-us
Referer: file://%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd_Skin.html
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1; BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C54529D02DF34276F2B007CAEEA0B80C


HTTP/1.1 200 OK
Server: Apache
Content-Length: 962
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: application/json;charset=UTF-8
Expires: Sat, 02 Apr 2016 08:09:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:09:03 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
{"genres":[{"name":"Time Management","url":"hXXp://VVV.freeridegames.c
om/games-genres/gameList?partner=Default&genre=Time Management"},{"n
ame":"Strategy-Sim","url":"hXXp://VVV.freeridegames.com/games-genres/g
ameList?partner=Default&genre=Strategy-Sim"},{"name":"Newest","url":"h
ttp://VVV.freeridegames.com/games-genres/gameList?partner=Default&genr
e=Newest"},{"name":"Online","url":"hXXp://VVV.freeridegames.com/online
Games"},{"name":"Hidden Object","url":"hXXp://VVV.freeridegames.com/ga
mes-genres/gameList?partner=Default&genre=Hidden Object"},{"name":"P
uzzle-Match-3","url":"hXXp://VVV.freeridegames.com/games-genres/gameLi
st?partner=Default&genre=Puzzle-Match-3"},{"name":"All Games","url":"h
ttp://VVV.freeridegames.com/games-genres/gameList?partner=Default&genr
e=All Games"},{"name":"Casino","url":"hXXp://VVV.freeridegames.com/g
enres/casino"},{"name":"Arcade","url":"hXXp://VVV.freeridegames.com/ga
mes-genres/gameList?partner=Default&genre=Arcade"}]}HTTP/1.1 200 OK..S
erver: Apache..Content-Length: 962..P3P: CP="IDC CURa ADMa DEVa TAIa O
UR BUS IND UNI COM NAV"..Content-Type: application/json;charset=UTF-8.
.Expires: Sat, 02 Apr 2016 08:09:03 GMT..Cache-Control: max-age=0, no-
cache, no-store..Pragma: no-cache..Date: Sat, 02 Apr 2016 08:09:03 GMT
..Connection: keep-alive..Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d
15956;..{"genres":[{"name":"Time Management","url":"hXXp://VVV.freerid
egames.com/games-genres/gameList?partner=Default&genre=Time Manageme
nt"},{"name":"Strategy-Sim","url":"hXXp://VVV.freeridegames.com/ga
<<< skipped >>>

GET /system/modules/com.exent.owned.geo.templates/resources/js/json2.js?version=53 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/160x600_frame_ad
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"


HTTP/1.1 200 OK
Server: Apache
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: application/x-javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=518400
Expires: Fri, 08 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Content-Length: 5435
Connection: keep-alive
...........<ks.8...j.....J.L..L.F....8u...)..\..TA$h..H-..u........
.....J.".4..~.......p-.|5.........G7I/..Y.?w/3n.|o..w..........T....o.
..c...x,.....~<.*.........[q|"..........|z$......'...Gq...?l.S.z.q.
.2.f..l.f.K|%.ERD.. ...0.....T._..d.Tq..._.k.yi..]/M. ...^.......{!...
7.......x...;;9.p..W........X.~|....=..N.?........b.......Z|<;9..mL
(.#%.T.\eB..(..H .D2.T^.S.s.w._.|.......MD.....6.M..X.4S..x.9m.....5.)
.Iz*..l..a../j...x#~......._d....|5H&..i*7...2C10...0.a.......|!sX8...
.DX$k....."....L....Tw.`..t0"p..........b..H..5kM..ei.;.l.<D).G%...
........f..,`....T.$.....$Y.9|...\..b.FQ?8.6.z...!0L....J.^..i8..p).b9
.~.....zf.B.;... L6.s.@.%.E?.H].....\...[...g.;.,..x..^9...i1a.{.X...#
.^......7..D.%L.../<.J.G"z.&K|...../..W..E..=)bX.0 4...#...U...@.&l
t;....."...H#..U....)..|m0p)..8l....n....4.Q._j..M.p#S.KS....@\...3@..
.u%C#.Vm[.~cMa..>*.E.#....2EWW.VK.'P.f........R...,.B.k...Z.1.a.:I7
..CV.=.....W7r...H.".-..-.....q........y.oV...|]*...e(n.e....qo#..cDz.
....]......Z..DJf9Y.?...s..1..X........s.3x...Uw...iW@!.....>{.....
J..!|~&.]....L.......:>...o...0.....=......if:C................._..
..A..WM..M.2..r.!.XU.fm8K....p..........AZw.........U..4...I.x.H...3..
.G....7tcC.U....j{....!S..^.v....../*|[email protected]@ .vA4.a.>7
.-S....[.....u....bi'......y..\<..V..5.QH^J....x.G.oo...;{q..&dxH..
..V...d0~Ai ....h.l..B...."..=..<..{?MV ....4;.......6#1.(...,K..,)
e.3,.~...L1 .=.....g..b.f...F...^l.y.W...'./.....A....!.............l.
....._.6&D...!..kyi..^k....*.h.......d....`.P...>.........[. $.
<<< skipped >>>

GET /banners/promoframes/banners/Default/Tribal/160x600_default_tribal.html HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/160x600_frame_ad
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; _ga=GA1.2.1349977310.1459584557; _gat=1; geoCountryCode=UA; gfad_160x600={"refreshCount":1,"sessionRefreshCount":0,"lastRefreshTime":1459584556771}


HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 01 Sep 2014 12:48:19 GMT
Content-Length: 335
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=86400
Expires: Sun, 03 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
<html>..<head>..</head>..<body style="padding:0;m
argin:0;">....<script type="text/javascript"><!--..e9 = ne
w Object();.    .e9.size = "160x600";.    .e9.env = "desktopApp";.//--
></script>.<script type="text/javascript" src="hXXp://tags
.expo9.exponential.com/tags/FreeRideGamescomPlayer/ROW_Player/tags.js"
></script>....</body>..</html>HTTP/1.1 200 OK..Se
rver: Apache..Last-Modified: Mon, 01 Sep 2014 12:48:19 GMT..Content-Le
ngth: 335..P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..
Content-Type: text/html;charset=UTF-8..Cache-Control: max-age=86400..E
xpires: Sun, 03 Apr 2016 08:09:05 GMT..Date: Sat, 02 Apr 2016 08:09:05
 GMT..Connection: keep-alive..<html>..<head>..</head>
;..<body style="padding:0;margin:0;">....<script type="text/j
avascript"><!--..e9 = new Object();.    .e9.size = "160x600";.  
  .e9.env = "desktopApp";.//--></script>.<script type="tex
t/javascript" src="hXXp://tags.expo9.exponential.com/tags/FreeRideGame
scomPlayer/ROW_Player/tags.js"></script>....</body>..&l
t;/html>..



GET /FRG_site/SDM_Offer_Assets/GameFirst/All/Location_extractor_654250.exe HTTP/1.1
Range: bytes=8750806-17501611
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Wed, 16 Jul 2014 12:08:24 GMT
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Expires: Sat, 02 Apr 2016 08:08:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:22 GMT
Content-Range: bytes 8750806-17501611/43754032
Content-Length: 8750806
Connection: keep-alive
HTTP/1.1 206 Partial Content..Server: Apache/2.4.4 (Win64)..Last-Modif
ied: Wed, 16 Jul 2014 12:08:24 GMT..Accept-Ranges: bytes..Content-Type
: application/x-msdownload..Expires: Sat, 02 Apr 2016 08:08:22 GMT..Ca
che-Control: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Sa
t, 02 Apr 2016 08:08:22 GMT..Content-Range: bytes 8750806-17501611/437
54032..Content-Length: 8750806..Connection: keep-alive....I....!.....w
[email protected]..=2r..x5...*.....7:NW07...n..."... w..j.Y.../~.C.bJ.!J...\Y.v..
...%....{....k...Q...]${..2......G.j7.xs."...&...S...i.....'(..9i.e"@6
1......LM!}.....|..5."...._o..>^...0'.-Q.T"sH....l..z....nD....~' c
.....0.?... *M.....R.W...Y'...=.....*.....T.sX...}E.8...-|..C...G..o.&
_...-..&.;..|.....tG...5..Hf..-.nm.N3..^...pb...I....{9>7.4h:.y....
.d..8i...C..P2....WH.W_I.eX....L.r}@...!./.........!.........r[...I..2
.#.h,z.3.,....%t[r.......w[.).Z.5.u3$4F......U....=.ZG(... .....|..(=6
8..H*l A....&....a.^...^..R%'...N.(f..:Z..R.A.....,...<.....0......
.W...B.'HwS.......SU.4.._...Q....h....1..?..t.kO.....).#...;h..li..ow.
R$=.Bc....].w.0g.........S..E..;.!......Y.........>A1...z..b...S.)w
..7.[..|Z.!r....q.h.A.J..`....U.:...T.. .I.j..C.-.#...|...O....C.k....
.E?h....e..f............w;[email protected]..._.}....
..:.}....|........r......*....l:..Y.....<..n...X..K.iW./.. ....3...
....,.M. RhZ..2A$=.....l..X.l.....7..l..de.v.....7M..|.)..._d.Q.Y.A...
:...$....w..\..~...)...C.u.T'........!.'.....pO..E*..#...$...~[#.....!
... ;..A.....j...F...xY...([email protected]..
<<< skipped >>>


GET /do/skin?action=cookie HTTP/1.1
Accept: */*
Referer: file://%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd_Skin.html
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: bIPs=6da67a80eb8b1aa1cc96ccf1c083a86b; BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C54529D02DF34276F2B007CAEEA0B80C; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"


HTTP/1.1 200 OK
Server: Apache
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Sat, 02 Apr 2016 08:09:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:09:03 GMT
Content-Length: 205
Connection: keep-alive
Set-Cookie: JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; Path=/; HttpOnly
Set-Cookie: 143_userName=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_password=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_CAMPAIGN_SERIAL_ID=Default-silent; Expires=Fri, 01-Jul-2016 08:09:03 GMT; Path=/
Set-Cookie: 143_FIRST_BROWSER="Default-MSIE 8.0"; Version=1; Max-Age=7776000; Expires=Fri, 01-Jul-2016 08:09:03 GMT; Path=/
Set-Cookie: 143_CT=1; Expires=Sat, 09-Apr-2016 08:09:03 GMT; Path=/
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
...............@.._..^M\q.U..b)-.....5$. 5z.$..B......p..,....M^W:..9.
Xu./yu.A.f<...........{i......b...CZt..".&!..86..1.!..'.......O.&..
..... Z...V........i.....MA.j.,.PQ......d.o...#7..:...?..P.....2....HT
TP/1.1 200 OK..Server: Apache..P3P: CP="IDC CURa ADMa DEVa TAIa OUR BU
S IND UNI COM NAV"..Content-Type: text/html..Vary: Accept-Encoding..Co
ntent-Encoding: gzip..Expires: Sat, 02 Apr 2016 08:09:03 GMT..Cache-Co
ntrol: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Sat, 02 
Apr 2016 08:09:03 GMT..Content-Length: 205..Connection: keep-alive..Se
t-Cookie: JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; Path=/; HttpOnl
y..Set-Cookie: 143_userName=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT;
 Path=/..Set-Cookie: 143_password=""; Expires=Thu, 01-Jan-1970 00:00:1
0 GMT; Path=/..Set-Cookie: 143_CAMPAIGN_SERIAL_ID=Default-silent; Expi
res=Fri, 01-Jul-2016 08:09:03 GMT; Path=/..Set-Cookie: 143_FIRST_BROWS
ER="Default-MSIE 8.0"; Version=1; Max-Age=7776000; Expires=Fri, 01-Jul
-2016 08:09:03 GMT; Path=/..Set-Cookie: 143_CT=1; Expires=Sat, 09-Apr-
2016 08:09:03 GMT; Path=/..Set-Cookie: bIPs=d601db896e2d6d4a523fc61211
d15956;.................@.._..^M\q.U..b)-.....5$. 5z.$..B......p..,...
.M^W:..9.Xu./yu.A.f<...........{i......b...CZt..".&!..86..1.!..'...
....O.&....... Z...V........i.....MA.j.,.PQ......d.o...#7..:...?..P...
..2........
<<< skipped >>>

GET /system/modules/com.exent.owned.geo.templates/resources/js/controller.js?version=53 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/160x600_frame_ad
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"


HTTP/1.1 200 OK
Server: Apache
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: application/x-javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=518400
Expires: Fri, 08 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Content-Length: 1037
Connection: keep-alive
...........V]o.H.}&R....V.S.J}"...S..8X...jeQ<v......Z........6i..J
E6.s..9...#[email protected].._P$.}J.F..3.>^.....K..)%...........;[email protected].
\O|4....Q$..>...6..cZ?.qB.[LVx5..8....Yr7,....C..,C...w......P.q0..
i.......<[email protected]..$.....pr.A.6N..$1..F,z..E.p..\r.0%..
..... .=..`..Z,...N...(..L....F.s&7..E..0...X6%....X.........X..<..
.K ).^.^.|..4w.6BY.|.U\..%Q..^...0F....[DV.........%....6W..S..m:..<
;3r.un..*..=.d..... .CX.X..so^D....^.c.\..4_.y...U..:h...._.....*.u{i.
.N....V.G...v....../..Fm...QE..L.Q......)....f.ej.p3e...zU.j\..T.jtE..
$.|...!#..x..:s....ld1.T..&q.......=~S...........B....U..h.l.d...%...Q
x.vy...q7/XJ6.zo....d....9%j^....%[[email protected]@..2.
..F.X.$(\U-R...p..'..J|...zZ......n"jK..i..l.u.IZ...R./.;.Uh.X...$&..(
.......2....b......"......8...V.C.l.0i>..aY...a~.LSr.......~U.. .gR
3d.k....w.......a.S]..y...$...X.F..s._....G.J.N...y....5.#.6.H;'E.i...
..=.p[ .\.,.5..j.....W..........I........l.V.......w..?.&.....}.@.....
c...J!.S=q.=......|h.j......>...^..........i....]......?.k~. ..J..K
...../H....HTTP/1.1 200 OK..Server: Apache..P3P: CP="IDC CURa ADMa DEV
a TAIa OUR BUS IND UNI COM NAV"..Content-Type: application/x-javascrip
t;charset=UTF-8..Vary: Accept-Encoding..Content-Encoding: gzip..Cache-
Control: max-age=518400..Expires: Fri, 08 Apr 2016 08:09:05 GMT..Date:
 Sat, 02 Apr 2016 08:09:05 GMT..Content-Length: 1037..Connection: keep
-alive.............V]o.H.}&R....V.S.J}"...S..8X...jeQ<v......Z.....
...6i..JE6.s..9...#[email protected].._P$.}J.F..3.>^.....K..)%.....
<<< skipped >>>


GET /skin/track.html?action=SkinFirstLaunch&userid=Default-881459584499337457&muid=BB273423141A58A101001E0100004C680B583B683B68074157FC6F122EC0AD9D89680A6A0B9D8FC4376CE93868B0C95639680E16D0&campaign=Default-silent&playerVersion=07.04.56.00 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: track.freeridegames.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 02 Apr 2016 08:09:03 GMT
Server: Apache
Last-Modified: Thu, 15 Nov 2012 10:17:29 GMT
ETag: "3000000000145-164-4ce85f55f0daa"
Accept-Ranges: bytes
Content-Length: 356
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Connection: close
Content-Type: text/html
<html>..<head>..<meta http-equiv="cache-control" conten
t="max-age=0" />..<meta http-equiv="cache-control" content="no-c
ache" />..<meta http-equiv="expires" content="0" />..<meta
 http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />..&l
t;meta http-equiv="pragma" content="no-cache" />..</head>..&l
t;body>..callbackName({success:true})..</body>..</html>
..



GET /do/skin?action=cookie HTTP/1.1
Accept: */*
Referer: file://%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd_Skin.html
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: bIPs=6da67a80eb8b1aa1cc96ccf1c083a86b; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1; BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C54529D02DF34276F2B007CAEEA0B80C


HTTP/1.1 200 OK
Server: Apache
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Sat, 02 Apr 2016 08:09:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:09:03 GMT
Content-Length: 205
Connection: keep-alive
Set-Cookie: JSESSIONID=7454BEAF8F0A32301425FD0CFE37A02B; Path=/; HttpOnly
Set-Cookie: 143_userName=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_password=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_CAMPAIGN_SERIAL_ID=Default-silent; Expires=Fri, 01-Jul-2016 08:09:03 GMT; Path=/
Set-Cookie: 143_FIRST_BROWSER="Default-MSIE 8.0"; Version=1; Max-Age=7776000; Expires=Fri, 01-Jul-2016 08:09:03 GMT; Path=/
Set-Cookie: 143_CT=1; Expires=Sat, 09-Apr-2016 08:09:03 GMT; Path=/
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
[email protected]\aU6.XJ.."DDj....F..D^U....?..`.Y.......t .s.
..\_......x.L.[u}.Y34........p.{k..........,.l...fY..-....MA.j.,.PQ...
.'-.....~.&..{......P.C.|.l.wG..Kz..MB.....V.....&.......^.AG....HTTP/
1.1 200 OK..Server: Apache..P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS I
ND UNI COM NAV"..Content-Type: text/html..Vary: Accept-Encoding..Conte
nt-Encoding: gzip..Expires: Sat, 02 Apr 2016 08:09:03 GMT..Cache-Contr
ol: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Sat, 02 Apr
 2016 08:09:03 GMT..Content-Length: 205..Connection: keep-alive..Set-C
ookie: JSESSIONID=7454BEAF8F0A32301425FD0CFE37A02B; Path=/; HttpOnly..
Set-Cookie: 143_userName=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Pa
th=/..Set-Cookie: 143_password=""; Expires=Thu, 01-Jan-1970 00:00:10 G
MT; Path=/..Set-Cookie: 143_CAMPAIGN_SERIAL_ID=Default-silent; Expires
=Fri, 01-Jul-2016 08:09:03 GMT; Path=/..Set-Cookie: 143_FIRST_BROWSER=
"Default-MSIE 8.0"; Version=1; Max-Age=7776000; Expires=Fri, 01-Jul-20
16 08:09:03 GMT; Path=/..Set-Cookie: 143_CT=1; Expires=Sat, 09-Apr-201
6 08:09:03 GMT; Path=/..Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15
956;[email protected]\aU6.XJ.."DDj....F..D^U....?..`.Y......
.t .s...\_......x.L.[u}.Y34........p.{k..........,.l...fY..-....MA.j.,
.PQ....'-.....~.&..{......P.C.|.l.wG..Kz..MB.....V.....&.......^.AG...
.....
<<< skipped >>>

GET /system/modules/com.exent.owned.cms.utils/resources/js/utils.jsp?version=53 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/160x600_frame_ad
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"


HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 29 Mar 2016 07:40:47 GMT
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 02 Apr 2016 08:09:05 GMT
Content-Length: 4232
Connection: keep-alive
...........:ks.F...*...Ne.K...Z'&E.d=..F....{'),........Jdd...... )i.v
.......~MOwO../.{Q..K.RN..a.W. ..i..?.yY.l...y..,................I.s..
....'..2.| .....jq........'..G.C..|ES..hN.......9.....hN.!.iN,...9G(..
.y..9Hsb...i._...e..O.."..E.?C...sT.|y...9.h...c-..g..U.........kp....
....;.xf.')..A.j...r...}..C...$....|....QL=Aw.....3.'mKbA.y.!..W...S..
...8.8......U.F.E.....t.B=.u|g..}.8.A.r.@...<..9..E.....Ow..5.c.x.&
lt;.aG..3$;..$.Y.3..YqA........g...S4...5F..hJU.R.......|.......ngc...
<&...E..}......$............).q./...i.D.x.......c....m.4.'.!.X..E..
Ze../..b#.....0..fQA..k.QY..SN.J........y......-M7).....b.^..n.m..l>
;.8..R<[email protected]...].M4.5..T.......bX...W.]):.W..G%..J..D(7
7`.._.4...Sp..i.. ...V.........a.Q..7Q|;.Y.;.8j...I=Z".!.1..<6...Qz
..C..o.Mc..,)'.C]...Y.....ka(q.(b..)s.K.[5J.#....2..I........(-!..L..L
..i^.0..%/.4...<[email protected]~..$..<..............tV..Yf4...6y...lJ
.y.Y......V[...X...I<Q..,.X."..(%.6..#RN...'.......`I..../.3....gYQ
[email protected]...".y.b.W.....C......Dr).......Fy.*..`\..r,...m.|...{-]h
../..'e.`"`..*'>.Wpr{d..|.J..HJV....U.6#....h-N.nYyzS.J.*l.....r...
....!......S...sbY.\#..'[email protected];_*...)O.G<...@~.dc%..L.....
..9..IPDY.O.t*su..............K43x:0O...A..25............4.V....1.Tl..
.0Q[...A.......C....).hQ.......c.d#ax.......]..w.7W...3R.%........#w..
:.%[email protected].#9..........lMt...{.....}.[.Eq./.NY.)pD....7=.
#.;.l.'...&..P.#..-&.....m...f.'[email protected]
.(.u....|/[email protected]........|
<<< skipped >>>


GET /spdo/feeds/gameItemList?serviceId=143&genreId=15 HTTP/1.1
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Referer: file://%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd_Skin.html
Accept: application/json, text/javascript, */*; q=0.01
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1; BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C54529D02DF34276F2B007CAEEA0B80C


HTTP/1.1 200 OK
Server: Apache
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: application/json;charset=UTF-8
Expires: Sat, 02 Apr 2016 08:09:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:09:04 GMT
Transfer-Encoding:  chunked
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
00006000..{"allGames":[{"id":797750,"name":"1 Moment of Time - Silentv
ille","type":0},{"id":795050,"name":"100 Percent Hidden Objects","type
":0},{"id":835050,"name":"1001 Jigsaw Earth Chronicles 3","type":0},{"
id":835750,"name":"1001 Jigsaw Earth Chronicles 4","type":0},{"id":666
550,"name":"1001 Nights - The Adventures of Sindbad","type":0},{"id":6
81050,"name":"2 Tasty","type":0},{"id":834450,"name":"2D Knifflis ","t
ype":0},{"id":758250,"name":"3 Days - Amulet Secret","type":0},{"id":8
34350,"name":"3D Mahjong","type":0},{"id":606250,"name":"4 Elements","
type":0},{"id":554350,"name":"5 Realms of Cards","type":0},{"id":20039
9,"name":"5STRIKE","type":1},{"id":610050,"name":"7 Wonders 3 - Treasu
res of  Seven","type":0},{"id":586350,"name":"7 Wonders II","type":0},
{"id":814950,"name":"9 Clues - The Secret of Serpent","type":0},{"id":
671850,"name":"A Dwarf's Story","type":0},{"id":730950,"name":"A Girl 
in The City","type":0},{"id":621650,"name":"Aerial Mahjong","type":0},
{"id":780150,"name":"Age of Adventure - Playing the Hero","type":0},{"
id":572250,"name":"Age of Atlantis","type":0},{"id":674950,"name":"Age
 of Japan 2","type":0},{"id":731450,"name":"Akhra: The Treasures","typ
e":0},{"id":656350,"name":"Alabama Smith in the Quest of Fate","type":
0},{"id":585550,"name":"Alex Gordon","type":0},{"id":736750,"name":"Al
ice in Wonderland - The Incredible Adventure","type":0},{"id":830950,"
name":"Alice's Patchwork ","type":0},{"id":671350,"name":"Alice's Tea 
Cup Madness","type":0},{"id":696250,"name":"Alien Stars","type":0}
<<< skipped >>>

GET /system/modules/com.exent.owned.geo.templates/resources/js/geoServices.js?version=53 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/160x600_frame_ad
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"


HTTP/1.1 200 OK
Server: Apache
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: application/x-javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=518400
Expires: Fri, 08 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Content-Length: 580
Connection: keep-alive
...........U.n.0..i.....(@..t.:....h..]..`....&....H..%E..m..:..{.xw..
...Z...........#m:].4.....\.....g._J:...y..]..7`...I.eG.....4.? #`e...
.|..Y..<..V...p.b....R.r....k....;6......eW...O..`yNC..........0#..
._.9.....]../W......y(.2.., v.:[email protected]?.V.@,..&.t;.u.eT3.
..|..;.....v.F....DQ"..D..u..}\.ew.".-`g.XU.a.i.3.......{..s...:..N...
`..h..4R...?..s....Nav..i..,[email protected].....
..K.Sk....7..sE.|o.y..i...,......J.{_....;...va.....K..t.|.W....t.A.|u
./l. /....:...g.TT......E).be.;....... u.....S.....'P5..JE'......u..pq
.7..c...N>......rp[o...HTTP/1.1 200 OK..Server: Apache..P3P: CP="ID
C CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type: applicat
ion/x-javascript;charset=UTF-8..Vary: Accept-Encoding..Content-Encodin
g: gzip..Cache-Control: max-age=518400..Expires: Fri, 08 Apr 2016 08:0
9:05 GMT..Date: Sat, 02 Apr 2016 08:09:05 GMT..Content-Length: 580..Co
nnection: keep-alive.............U.n.0..i.....(@..t.:....h..]..`....&.
...H..%E..m..:..{.xw.....Z...........#m:].4.....\.....g._J:...y..]..7`
...I.eG.....4.? #`e....|..Y..<..V...p.b....R.r....k....;6......eW..
.O..`yNC..........0#..._.9.....]../W......y(.2.., v.:[email protected]..
..C?.V.@,..&.t;.u.eT3...|..;.....v.F....DQ"..D..u..}\.ew.".-`g.XU.a.i.
3.......{..s...:..N...`..h..4R...?..s....Nav..i..,[email protected]
7..I.Ff......r.Zc.......K.Sk....7..sE.|o.y..i...,......J.{_....;...va.
....K..t.|.W....t.A.|u./l. /....:...g.TT......E).be.;....... u.....S..
...'P5..JE'......u..pq.7..c...N>......rp[o.....
<<< skipped >>>


GET /free/frg/products/586350/boxshot.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Wed, 05 Jun 2013 12:44:05 GMT
Content-Type: image/jpeg
Content-Length: 30730
Accept-Ranges: bytes
X-Varnish: 2135088825 2133058471
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P.....)hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM
:InstanceID="xmp.iid:AE897B72CC2211E29DC2D5C04C685A5E" xmpMM:DocumentI
D="xmp.did:AE897B73CC2211E29DC2D5C04C685A5E"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:AE897B70CC2211E29DC2D5C04C685A5E" stRef:doc
umentID="xmp.did:AE897B71CC2211E29DC2D5C04C685A5E"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
......................................................................
............................................!.1".A.Qa2.q.B#...3$....4.
.Rb.CS%.s........................!1.AQa.q..."......2..BRr.b..#...3.S.C
4...c$.............?...l.....v1.:........f[[...JCh...'S..tL.I....%j.47
.................C2..xDD.<.[...$'O..?.P...OuJd...9cB6......np2...2.
.......I..$.....c].5....(b.tU.V..Ds..%.&B.,.jR.J.J.....i......o.>.'
.......^.>@&,..........w)..#.4.H.j..... N...Lu"zt%........7$..G
<<< skipped >>>

GET /free/frg/products/485050/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Wed, 26 Jun 2013 11:10:18 GMT
Content-Type: image/jpeg
Content-Length: 27244
Accept-Ranges: bytes
X-Varnish: 1081303958 1081159588
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......d.....mhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:F8E4D0DB03DCE211B
B4FB0C483C69A6F" xmpMM:DocumentID="xmp.did:4B96B081DE5011E2AC1BC02DDBF
4E143" xmpMM:InstanceID="xmp.iid:4B96B080DE5011E2AC1BC02DDBF4E143" xmp
:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom s
tRef:instanceID="xmp.iid:3D69252ADC1211E29183C8B6B4102691" stRef:docum
entID="xmp.did:3D69252BDC1211E29183C8B6B4102691"/> </rdf:Descrip
tion> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
....Adobe.d...........................................................
......................................................................
......................................................................
...............................................!1..A$..Qaq..4.....#3DT
.."2BSd.%6.Ct.5U..v.....Eu&V.r.e...W.9.R...Ff'7..x....................
....!...1A...Qa..$.q.....4DT%5."2dt...B........EUe&6.R.#..uV'7Wbr.....
3.G...............?.f'....I....7m.....n.5..>.QD.zg~.dS./.~.-..X$ ~.
....-.d...]........y/..h..f..>..K(..............,v..\.~.w...X..
<<< skipped >>>

GET /free/frg/products/480850/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 12 Jun 2011 09:08:48 GMT
Content-Type: image/jpeg
Content-Length: 29410
Accept-Ranges: bytes
X-Varnish: 161989697 160697930
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......H......Adobe.d....................
......................................................................
......................................................................
......................................................................
..........!.1".A2.Q#.qBa.3..R$...b%....C.4......................!..1..
AQa".q.2......BR..b...r.#3.......S%$............?.I..M../(....R}..]...
./....i...L....(......v3.U.p8'.j.RTZx./...{Sm..hkHI...........Zv......
....6...O..$p..@...>......].m...m.....mn.J.S...Q`v.n...6..Ky.......
....[.......I..Aj.I#..W.V...T.....gn...ZP.c..|M2.l...w.Q....A.."...$_g
..z.m..B...2...\....$ j..-....._.Q.........{..8...&9F......*..a..F....
.z!.-.O,....|._.J..*K.E......L...Dv.5...=.....'.S.jx[..h...?....L....]
..4...4].j.0 BR.|5.U3S.v.R...}{....]:3/..N.5.`..L.vK.o......:...X.)#.j
}x|#Fg..U..S..R.......X.T].F....=.Pw......~..l....5I..;e.....<....K
P.(<7.o..9..'...l.v:..M.5..A...?.MI*.......=:....=....,U..~.67dx:..
....e.?.....<..}.'Z...%.q..Ea.ES.X........?..B.@i......%H.....Y..e.
.r..._....../..^.g.%.nY.rIrn...8.V.B...d..i.>..T..q.R.4 ....s..c.n.
..!.......a.Dz...yk...-=..P....A..(...a..*0.&.|].a.....4...m$.....N|..
4...[.......O..I..............i-(...<E.......7|I..#E.]v.s...v....@.
......t...=P.....x........3....;...2[4'........6,J.h.." ..c..N....N...
.pQ0.G..w......pU.....>.a...p....2.....1x..\..6..e......^.C.9...q .
B.\6..h.......u=Mp,..=..x.....|....C.b. [email protected]*Zi>..,....J..
.=..y..J..._.>...X...5.X)r ;&.5e|....Y.8kaNA`J....J1....c...J..
<<< skipped >>>

GET /free/frg/products/567950/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Thu, 11 Aug 2011 12:55:52 GMT
Content-Type: image/jpeg
Content-Length: 23578
Accept-Ranges: bytes
X-Varnish: 1081304028 1081169680
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......P......Adobe.d....................
......................................................................
......................................................................
......................................................................
.............!..1AQ"..a2BR#.q3....brC.$%..Ss.....c4...................
.......!1A..Q..aq.."2.......BR..b.#..r....3C$S%.4.............?.O>.
3...n>....-.t...\JdLgg.C}.`:k.p..~...g....#.:....Lj.........a_Fv|Q*
:T...Y.m;...>.$=~...Y!.I..........~.|.8'...P!.......jz.H.).=.Jv'rV.
.3............Y6.9..).CR.......nk.dy8...q...>?.....H.s.9^.......Lu.
%..O6..Z=O.....R......3..U..%.7,....yg ..c.]......{9r.f<.u.....oxB.
...)=zh.=k.n.iS3.m...i*f...14....V9'.Z....9d#}...1."D..e_4O.c..V......
.]}1.qY.1...........>.....N..../.>.."...]E.)..:......8....<x.
.G.W..N.8*.N~....X..z.c.q.N....NI..s.\...#...H..&.G..Yc..2,j ....T....
.$..........:../.qKU..7D.e.@....}.K.S..3...X.V........b'...~3..M.g%.{.
[email protected]`.!......)..=..:[email protected]..
....m.x...a~4...4...-....kRX B.....~>....>..{.q.dT...$..F....S..
....Z..V..........?.....?"{.L...L.. ...S#)...J...J...:w..:.HU.. `..'..
T0<.1U...*p...s....P.j.o..L....$.VY|..k..D..%...RaKe..<wZl8. .d.
g.^./i.)kL.)..P.........IO..u......\..L.d ^.....>........r2\......$
."...Jf9`...%....8W.}JN.\...F.W}.}.....D..8..w{..9.4.p. eL.!......p..c
..6k...........BV.Ku..f?t..m%.ZK....;...............4.!)....r.Nv.....[
.UN...s.e ... ..}.v.......^.....D.m.......r.fS.[fJZ_.jJR.....u...F
<<< skipped >>>

GET /free/frg/products/806950/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 07 Jan 2014 20:10:46 GMT
Content-Type: image/jpeg
Content-Length: 25025
Accept-Ranges: bytes
X-Varnish: 1287376222 1287283567
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......Z......Adobe.d....................
......................................................................
......................................................................
......................................................................
...............!1.A.Qa".q.2..B#......b3..Rr.$4...Cc.%5................
........!1...A.Qa".q.2..B.....R..b#.r..3...$....Cc4..............?..!.
..?..........fZ.R.*q&...{....:..R.RS&....8..../..-....=q#..H=.q_.t D2'
Z..g.R[.....#..H..-...W.. ......]..L.S.f....M?M\_...R.t...%...e...b...
#.E.(.b.z!..d}...../....P..EKS3..}..S].-a zW....I.....4mp.u....E......
....5..WT.S).=([email protected].*O}..Q......%iBe..T..........
..*..MC....BG...,T~.....%(.^Hzs....T:.>.....^Z.. gUe3.}.[.SD..q}...
t:..~...h.\.....q{A.}.....4...)........-..).....}t ^.QQ...)m.{....)%..
(....C.h..........F.@MOm.....'.]z.]V..$.S..W^&..j...AH..._.I../.....J.
...... u...h.. ..U...t.A". . ..k..H.*.......... .......$....{.^.. ..C%
{*../j...E8..A...8...........TU.E..'..-..E3.....*...Q..('i.....Q.6q_/[
..:..i..N..&..:TEY.....%..=.(P.t.>[email protected]..... *(5y..C..#.M.....3..@
q.)(`%...:.....\.(Z..T....).v<j..v.......ia2.P..$..P=..P.h>...z.
5.(....n..$Q.....T.WQ......r.....J... .......V5..AJ.r ...-...Z......T.
...W...D.......^T.{[email protected]...(l0..[|8.T..S..tEr-2|.E..v...
..J|.ZE....{J..{[email protected].{[email protected].^ZI...b..p.....:W...Sr.....
.d4L..t7.BdOR..Yd.%n.7RBA'h.t..{XKF....=..*V.$..q.......!.t67.\..*..]9
K/.f...x..8...im<......R.C....$=R.ZiM.c.ov.........C....k.1...c
<<< skipped >>>

GET /free/frg/products/807850/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 04 Feb 2014 21:31:42 GMT
Content-Type: image/jpeg
Content-Length: 22900
Accept-Ranges: bytes
X-Varnish: 1281998376 1281920900
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......K......Adobe.d....................
......................................................................
......................................................................
......................................................................
...........!.1A".Q2..aqB#...R3$...brC4..%.......ScD...................
....!1A.Qa.q.".......2B..R.br.#..3..4....C$............?..p...o.'rno..
..F..V...q.I$......^......f.....]c.^.Zr..Cq..'..BcC[.QS#.y.F.}.RB....&
...R.*'cS....cg1=.!.."8b...<..C.U.X..%.......M.....\....V.d..D.RB..
.Y}.....v...%yasp..... ...x.........Z...=..Ux.eE=...c.....m%.......g=.
.Sx...?y...9...=.*K.<<C#s`.>B...V..(M..rXt..1.T.....P...?....
.S.X............) ..mvjQ...`...x....t...8... ...L....}........|..ML...
#..J..B..n..c.......1....r..g...w.......W....p..B...Y.-...q.....e....C
m.F.[..l..imnDf.UM.*.)_....Ng.w......9....h:l.daqnd.. .. :w..f.....)mo
..kh.l2..X......t-...F4.........<....;;...[.h...z.).H...ML.....C=..
.9.......ZF.Mw,.,...\u&........f.L...R.. ..[.zY~m..5)...z9<..^.-...
gR..X.:.e6\..3.Tl........4....qL.j.;...?.!.....K._..../.....w....5....
..2.eE.m...k...4o...;{(...u...3.VQ....du...AMn8..p..1..K.a,...#Y.Q.). 
..kW.0).L........[..s...{...z...U..q.bf.Mh.......W.\^..=...(.Y..Y..f?3
..../...B..F...p......fl-F$..%..d.D..]. ..|.x.........;.)....>.j.7.
..K-..q92...I!.b~...N....p.r....1.QYF..."...f..........D_AC:C...L.q.T.
8..Y..1mT....Ei.....t..5...-xm.....Y....{.Zny..[..u.......'2...)Se..@.
...8..m1....v.EXbj.A..V.4....`.QZ*F}.q...].q]...E.h...'....#v..6.@
<<< skipped >>>

GET /free/frg/products/664850/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Mon, 17 Jan 2011 12:50:36 GMT
Content-Type: image/jpeg
Content-Length: 21624
Accept-Ranges: bytes
X-Varnish: 277996664 277900884
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......N......Adobe.d....................
......................................................................
......................................................................
......................................................................
......s.......!.1AQ..a"q..2.....B#.R..3.b.$r..ÄS...cs.5D'...6.Tdt...
.&.......EF..V.U(........eu........fv........7GWgw........8HXhx.......
.)9IYiy........*:JZjz........................m......!.1A.Q.a".q..2....
...#B.Rbr.3$4C...S%.c...s.5.D..T......&6E.'dtU7....()...........eu....
....FVfv........GWgw........8HXhx........9IYiy........*:JZjz..........
..........?..:?../..F.=s<.......ON....i..c.O......&..[E.}.XE...a~.3
....VTO..|.=..f..........oja...&....?..v.....h.l..2.*.)h.)f....z.^..M.
..s...\X...8....N....g.19*..}..S..x./l...cR...3..j29.2..O......Nw...Nl
.&MT.......W........_6...=r.^.RI..r.Q.....=.[..fkt....@yr.<.......d
2...(.&.8Q.......C....q_.m;.H.a...f/.M;y.W.Gc=.m5....2<...~../...W.
.._...$h...3.|..q...c...G......=.?.z.]h......v:-.0.0.`wW..3...".O>y
.tNp.... .s}.O...p..wX..&Ql.'...KV<}....-.9..v..#U.6 U|......n[..&G
.....g.}....SI.-B{......`...}.`.5h.[d#......'...N..x.QVr.....a.1....:B
.Y.1......5;ta...q.v>..R?2.L..:p. /'....T.....a<LgN.%.7.\.......
[email protected]..?.d.f.v.........e.....|.......f.,...0....W.....x.g.
..O.T....]....s....1it.O...=.....W...(.I|....?.g...!.K.%..,../K.Q.b. i
...W.. ..3..x...L..S.N....c..}.........|.......k.@..=b3.O.K.K...\Z....
2.OP3;/..[6q..\.C..`Kk.w...X.H......cF2.c8zT.....\..$23..Y...Tq...
<<< skipped >>>

GET /free/frg/products/725950/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Thu, 11 Aug 2011 12:57:19 GMT
Content-Type: image/jpeg
Content-Length: 26262
Accept-Ranges: bytes
X-Varnish: 1269897884 1269774590
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......O......Adobe.d....................
......................................................................
......................................................................
......................................................................
............!.1A".Qa2.q...B#$....Rb....r3C%....Sc4T...................
....!1..AQ.aq.".....2..BR..br.#...S...3C$..%..s5............?...-...i.
y..~.p.>D.h....u..7....s.|( .h..b.......*.U.;.......f[..5....B....t
GS.:....Z...z.*:..W.t...,.co.#....t...a.Yu.....9....%-%.....a..m.b8O..
.&........NGE../\....\t...........S.O......[..8....;i....)HJ.J....|...
=&.\.hw..~@.}.......................Ko"7m=. ....n"b.UN.E; ].>.w....
[email protected]}?....{*...U...).._ow..s.x...[[email protected]
.F\.|.tD~n>.4U.....)N.#...1J...H./...hz...............UR.q..O1KY...
.1..............C....5.8...S..0.W..R?.%cn%o.}w.-.S....ot1.c.h../....lb
,..-......y.l....D:.d-M:.D..E:...:^..6Ics.G...g..v....n.do...<.....
...d.I.k=HR..K............UG.5...{}0c..x... ..;kX..X..qZ.t..M..D...r#.
.q.u..).2j...,m...w}..m.._....S.....u......qk..Qh.a.Ko.-.Z!J...:.q...)
.U!....D.5...w.<21!..|.4w.~f..r..as....bOy...;.......a.H..-lJ[tJ]K.
......E...N...62...>.....=...=...}Mc....I.>.....Q....N..g{)qIe .
.-....[.&...b...1.M.........m.".%..5..n..o../....6.......J.^d.P..\..Rn
.5..p@/.....p..:..r.......].?u..c...-.....TyV........}..$...*;..p.7...
&..o.....]...Y.d-...O.....N4M."Cr.]R]....BEh.KI!g..*..M....>9......
....}o1.........K.c.Z..pV....M.[.}..?.)mU ........K......=Z..4.y.,
<<< skipped >>>


GET /free/frg/products/535250/boxshot.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Thu, 27 Jun 2013 06:28:45 GMT
Content-Type: image/jpeg
Content-Length: 30737
Accept-Ranges: bytes
X-Varnish: 428666709 428466106
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......d.....mhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:F8E4D0DB03DCE211B
B4FB0C483C69A6F" xmpMM:DocumentID="xmp.did:1BD8927ADEF211E2B89DBCE169F
89EA1" xmpMM:InstanceID="xmp.iid:1BD89279DEF211E2B89DBCE169F89EA1" xmp
:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom s
tRef:instanceID="xmp.iid:4AD9D714DCBF11E2AA3C9CE9008A9947" stRef:docum
entID="xmp.did:4AD9D715DCBF11E2AA3C9CE9008A9947"/> </rdf:Descrip
tion> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
....Adobe.d...........................................................
......................................................................
......................................................................
...............HTTP/1.1 200 OK..Last-Modified: Thu, 27 Jun 2013 06:28:
45 GMT..Content-Type: image/jpeg..Content-Length: 30737..Accept-Ranges
: bytes..X-Varnish: 428666709 428466106..Cache-Control: private, max-a
ge=259200..Expires: Tue, 05 Apr 2016 08:09:04 GMT..Date: Sat, 02 Apr 2
016 08:09:04 GMT..Connection: keep-alive........Exif..II*.........
<<< skipped >>>


GET /FRG_site/SDM_Offer_Assets/GameFirst/All/Location_extractor_654250.exe HTTP/1.1
Range: bytes=35003224-43754031
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Wed, 16 Jul 2014 12:08:24 GMT
Accept-Ranges: bytes
Content-Length: 8750808
Content-Range: bytes 35003224-43754031/43754032
Content-Type: application/x-msdownload
Expires: Sat, 02 Apr 2016 08:08:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:22 GMT
Connection: keep-alive
BW.s..E..S@........`/.;'...F@l.|O.Z;.....k.IT.~.E..d .YX....L..>.k!
.MvK....... ?~..Z...N.g.<]....4*..m\.2y.t.C8?.A........|.../..Fg..P
...4Q.a7h..Cf.I-c..\Ds.j6..."........$......vt.;1..b-1.....O.p......[.
..;..)x#.3I.NyR.(....q.x./..7...O.sL..T...T..8....[Q.T...f.CJ\.$......
81.b...2..aJ.g.....I.[F,;...i..EN....ZO.H..!.v.7..t,H...0...8]....,...
*M~._6joE.-.I......n........E...(.g@~..;..ye<..-G..q.r...1...1:..$.
V...|c...S<S&(....X...j..p...Ut.........mj.C.1...Hb... .\.h3I....o.
O..YG.q....O.?..T..^..2]..o..D.k. .....y. Sv.....G.J.O.?)y.A.pT...8VI.
h..%L...{S.....F.u..t.[9.t.......... ...M`.p..G.FM\.E7...".....X....z 
.s..Y.h.._.K..v._..R.aV.L.." .N....C6.C.[.}.Z......... y....m.W...O...
C.5r.\\....?6..:....L]..8}....J.....b.9T.$.3(..N^&.F..[G..?}...p0.\.mO
....... .H..g..QC.].......`)...gH.G.#7.G....b..O....rz..........1..|..
n...ZJ....le......'..z.;.x~X.|q...6.v=...B.-.F.H.vY..S^...}... X.?.rb3
........1..~...V...|K....O..;.<&...O:...~..U.wd.....:.7n...I...._!.
....&F.xTE. ..{y..?iD..iam.'..b..t..)[email protected].
....3.x.^:4.....s.iB.aW....Qr.....v.z...B.u.UA._...nc]>j..T..K..C.m
...e.9..........,....O.A..<Y......."~zq....j. ...v.r.A..].;.UE..)..
.I.......gd8.2..5).......,.m..CyL.YXH....0o%..".\.....$OCQ............
......................................................................
......................................................................
....F..?."[email protected].,..KI#b..AB.5&....so&<..............
.j{C.......2I.....?...m...o...(...Vv.m.;Y>.Zo...$........0.(.q[
<<< skipped >>>


HEAD /FRG_site/data/feeds/Os_Build_Supp/version.xml HTTP/1.1
If-Modified-Since: Tue, 01 Jan 1980 01:00:00 GMT
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: Apache/2.4.4 (Win64)
Last-Modified: Thu, 14 Jan 2016 15:42:43 GMT
Accept-Ranges: bytes
Content-Length: 4933
Content-Type: application/xml
Date: Sat, 02 Apr 2016 08:08:59 GMT
Connection: keep-alive



GET /FRG_site/downloads/EXEtender_Default.exe HTTP/1.1
Range: bytes=4952886-7429328
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Thu, 24 Mar 2016 13:53:10 GMT
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Expires: Sat, 02 Apr 2016 08:08:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:21 GMT
Content-Range: bytes 4952886-7429328/12382216
Content-Length: 2476443
Connection: keep-alive
HTTP/1.1 206 Partial Content..Server: Apache/2.4.4 (Win64)..Last-Modif
ied: Thu, 24 Mar 2016 13:53:10 GMT..Accept-Ranges: bytes..Content-Type
: application/x-msdownload..Expires: Sat, 02 Apr 2016 08:08:21 GMT..Ca
che-Control: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Sa
t, 02 Apr 2016 08:08:21 GMT..Content-Range: bytes 4952886-7429328/1238
2216..Content-Length: 2476443..Connection: keep-alive....7...E...0XZkj
.....v......5...T.F.H.C6...$4..u._....2T@=. {a.....h...T..RJ.. .JL..:E
.....A..D.....[B....Xzk.;.X&/.u...DjM..o....`<......n....]w.@....._
V...@'..9....}|.{o.i...!...n..>c *..`.-.8.......^....3..^.WMr'.]...
f...}........(..K.fVI.i..Lq......8.....oI.........3z.][email protected]......
......TTXg.j.p.........S..Y.....4..%........|$.HB.?.L.R.s.....x=.m..j?
.X..JZ1Ao.a.....L..I)p\.l.....l#....\..*..$5.$.CY.0.f.........u6.ch..w
.B.1..P.z..n.Fa*2....|.....g..58.[.......G..S_...O(pn'..3b...9.t....Q%
_"..|......r.V..%..T..u=$2.-.......,...k|..<..}.?.N...?.8..F.......
.U4..P._.G.j.....H.h..B.1.h.J.y.......}nI..9.....D..7.....P.,G........
B).....x..,.g.n..2.4}.......m..}.. F....$...{.M...t.6=.L_..H...R...z#.
..EO.n..r.....1...!.t ....&.6......j....y.PN...Q...t.......4nup...Pa.$
. .^a)y..IN~O.$7'...Tp....kc....]..B.7.=.m...F ..@|..8.&.....i.;\(..m.
.-.>A.I3.7.0....C^.^.`hL.[[email protected]~...xl}...X.#N.
.N6[A[J.4..\.'.7.u`x#N...Juc.....Ly.......b..4...G.(.F(....uj..i...3L;
u..:.\...P.bb.v.s.'.u.Lt^r%.. .6@D...`f.S.`S.....k!....x.j}$j.....u...
.!..B.GpTM..G.y.!..U.?.."....r....}Y.W.e.....U.od..\p^Q...}.....o.
<<< skipped >>>


GET /i.u?flashVer=9&ver=1.27&th=6964238882&tagKey=281869759&postfailed=1&site=freeridegamescomplayer&adSpace=row_player¢er=1&size=160x600&env=desktopApp&url=http://VVV.freeridegames.com/banners/promoframes/160x600_frame_ad&f=0&p=4485136&a=1&adContainerId=richmedia_2 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/banners/Default/Tribal/160x600_default_tribal.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: a.tribalfusion.com
Connection: Keep-Alive
Cookie: ANON_ID=aVnrejpyXaxUqiVTFV7ZdVlysE33iZaclA335CcsXgMvYEbcODZaMK1ZbTjledrHJB8W0D9SIsmW


HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
Date: Sat, 02 Apr 2016 08:09:07 GMT
X-Function: 302
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
GIF89a.............!.......,[email protected]..;..



GET /free/frg/products/724450/boxshot.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Thu, 07 Nov 2013 09:30:37 GMT
Content-Type: image/jpeg
Content-Length: 30572
Accept-Ranges: bytes
X-Varnish: 162561873 160707364
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......Y......Adobe.d....................
......................................................................
......................................................................
......................................................................
................!1..".AQ.aq.2#..B..R3...b..$%.r..C...Sc..D............
...........!1..AQ.aq"..........2B...R#.br.....$..3CS4.D............?..
..jND.%.1...t....][email protected]< ......2g.....{..LF.`
v.J.b.....-.*A2..-S........mH.>.......m..Y!...9.E.P....w"...I.WK...
h....m.(...E.:..p.........4.C.).'I.8p..-.$.....w.T.6......`.a.#.C...0.
......I.'T$...v.....".......(...o.%...D....-....lr.vb.........~0.Q....
..NN......K..../.[f..4Tgu\.(.].?Q....'-JC.c.o1.5D..RS....o.b..........
.}._..3.s..D;-.m.F2]..IU.\..2c=.|..C.8.....8.....{.[.?.....".v..i....N
D.T.P..O.A<~=.m....p..u.........q|z.....5.e...~0]..j....E....g.P.=N
..`\..cR.....%_.......LB ......&...........w..............e.jPR.ia*P..
Q...D.....R../.......V..~5.R.../c>..IL....z*........W........w....i
.N....pS.maOp...TT..=OBx...j.K.=..C.;.....'.../;ya..j..6."U....4...Z .
.kgI....>.L.........;....;[.<d.X..u.J*J...D.....?d..!..".-......
O...R..../.(L.E.X...S.......9|..?.>o......%.m>Fg.i?...5.eU.2..l.
E..(....I}....N})m"....kwCYA.....Tk.U$..,.?....#.=Y....Fj...u.m-hA#..v
....y..*..W. ...4..[......>.T..[........*...5E..K..J.q..lm.........
....9-..$..a)O...~.d..4.h.=m;..../.....a!...>.Mr..~E.Yk....&...u~(.
&e.A...Z..d......z.....y.1.z.$..,y{......#^.>..$.V.x...L....f.&
<<< skipped >>>

GET /free/frg/products/654250/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 01 Aug 2010 07:53:40 GMT
Content-Type: image/jpeg
Content-Length: 24931
Accept-Ranges: bytes
X-Varnish: 436395564 436175202
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......V......Adobe.d....................
......................................................................
......................................................................
......................................................................
..............!..1AQ"..a2.q..#...BR3$....br..S5..C....%...............
........!1..AQaq......."2R.....Bb#S$.r....3.Cc.s4%............?..g..G.
&a.B.H.}...9.2mW8....P.Se..w-.RH......{..O.i..r%(.i...g.W..w,;,ND...*.
9-.S.VY.u-..c&-...a..v.U...;.......SB."L9U ...P..d.'...P.\.e:.....=.%.
......!H..*....hG...L ..|{.|..P..a.}.*.iq.....|..i..k.k(.t....}7.w*Xe.
.Qo/..0.[....Dw...C.%.C.X.J.A..]I$..SJ.Oc)..^...4....{......a.}.....}{
Z..Zn.._...an$k.S.U...)....g0..-Y.gl...E_]...m...W....S..j.......!...T
..@..#..4.....&}...2_ ..QM.>..MI'[email protected]..}...Qa.R..J8....u#....A.
..i.k]..J.}.Ji.,..h;.d.{.....7.L....D~OC.n.!]G..g...w...=....^..g...n.
,..V...~d)Q....R.m#.t.b...1.'......0..].DTw....i....D..P....5h...*n&..
.nk...]g.Z~.;...I1{.........p]A2.ok.4 . .H.......`...I.qP*K.Z[.*...l)F
.u...-`W..E.|..r{k..p.\Xm=7...$ .J....D.....\..XW...W.#z.~s@~?.VX*7W..
T.>C.j.JQ.....:...7...`....o0..o1.'_.Z...%.kx......ed...u...{.6....
..H..b.....3......U.K..K...ho][`.&4...G5.o...G...R0.NF....c..t5.yT.{q.
[email protected]....*um.."...4....Ww..9.0H'.......;.
....i?W7......o".....p.%.lJ_t$|.....>..eGSQ..\.;..#.~..|....m..Q&W.
.y.."[email protected]=.l.Y...{.`h.Z W5.....@0.'.g.M..8..{(.
......X.Lx1.H%(Ci([email protected].$.jjN.Kn..7..K3..I....9..<.Wz8v........
<<< skipped >>>


GET /free/frg/products/529250/boxshot.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Wed, 26 Jun 2013 09:31:09 GMT
Content-Type: image/jpeg
Content-Length: 37589
Accept-Ranges: bytes
X-Varnish: 2140413287 2139166464
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......d.....mhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:F8E4D0DB03DCE211B
B4FB0C483C69A6F" xmpMM:DocumentID="xmp.did:7B0010BADE4211E283D1D6ED51C
A0B74" xmpMM:InstanceID="xmp.iid:7B0010B9DE4211E283D1D6ED51CA0B74" xmp
:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom s
tRef:instanceID="xmp.iid:61EA487ADC0811E2861CF2C739669183" stRef:docum
entID="xmp.did:61EA487BDC0811E2861CF2C739669183"/> </rdf:Descrip
tion> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
....Adobe.d...........................................................
......................................................................
......................................................................
...............................................$..4!D%.1A.T5.Qq.dt.&aE
6......U#u.F'...."2r3c...f(.....................!..1...AQ....aq.$%...4
DT5.....".dt..2..E&6.B....UeRb.uF.r.V'...v7G.............?..["...y....
.{.ig...0{..t-..}[email protected]....).=..u..z .In.X.xLpN..:k..h..=..
.Cf" .n.m..7...v........]...I.q.Q)..........o.;..h....I.S...u.....
<<< skipped >>>

GET /free/frg/products/695150/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Mon, 07 Oct 2013 15:24:34 GMT
Content-Type: image/jpeg
Content-Length: 19388
Accept-Ranges: bytes
X-Varnish: 432007134 431815130
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......C......Adobe.d....................
......................................................................
......................................................................
......................................................................
..........!1.A.Qa"..2.q.#...BRb3$...rC.......c4S..%...................
.....!1..AQa"q......2..B#...Rb..r.3C...c$............?.X.......j,.Xj{.
.....w..k!$j.L).u..0.....B.A..We..*.O.J.$y.*.@I|.1.Y...dKs...70.SV.=..
........EP)..$L.H..........#Y.qQ./.y.............. [email protected].&..1..e.
y.\....-.~.j.....u........e...!WEQS..I...3...CCB...l..D..~.Z...AZ.....
...&@%...e..{.H....K<.h........-...x..(J..-....N/..|.5.......&H, .H
h... )..z~U.R.O({t0..>..K...G5.y/.7.?.....&......q..Kr7.wl...g.Q...
b..O.1.....8.w.a. X^}.......]......z}A.0(W._M ..h.Z.j.d.sj.%..........
F....AJ~..q...I".;a .y~.]EB.... W..d...b.`$.[y.....J...U...n......l.S.
..;...u..DJA`71.BGp....`..Q{A*.....<.Q ...!U.#.#.j.6G.....U.l}.....
..kO..Ru...eH0r_E...Tam..A..._.O.^..... ..sl..S...T....@ ....Sc.....S.
.>.Y=....K~B..J....S..A.q $UZX..8....v.W.........~._.R.J.......k.8$
..G$F8....$......S......=-.I.....Og....!..p.^Y.e'[email protected]:
kE.....Q....u....i.%.5.....6S#.9>Op,.......o.....%H.9.].{P..[......
.>JB.f3.'g.#..X._.Y.....p.v.3....[..Q.o...t........:...Z8)'.....GrL
7..Oi..[.=.. .....>....k....]....PrV..". ......7.u%......en./$.-v..
.En......(.*Fz..Mm..... ...........5xW.|......(..%.2..X..)...Kn.R$!...
..ZIH...........3.>.........../.oc}...k...Yh..T.r..P.j.#.....a.
<<< skipped >>>

GET /free/frg/products/622850/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Thu, 05 Mar 2009 13:27:00 GMT
Content-Type: image/jpeg
Content-Length: 15662
Accept-Ranges: bytes
X-Varnish: 1287376223 1287289026
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................
......................................................................
......................................................................
......................................................................
............!1AQ"..a.q...2B.Rr#...b...3..CSs$..c..4%.DTd&.............
..........!1..AQaq."2......B....R#3.b..$.............?....r.}.....i.4.
...P|....:..."v>.d..'.II .....j......w..M4y.....Grbp...u..Q4.....#U
[...j...Eu.F,.'..#....?...~....9oG.c..i.B.}.QE...x...$upM..z..;:k6s.).
..!EJ.a;....:}:......2.n..........LWi....g..O...J.....j.......>....
.E..].tO..?`..J.E.4.........u.\.gm ;...T...*T..q....OX*.I-....A]._..E.
...Y...~'.....B.N.^.=.....#..H.r...GK9.9.`[email protected]}[email protected].
j...NTGp..{c.0>...l....PQ...E.V({.0.....#,...M......iYK5.t.v.z).-u.
..0EQ{..0....=...b..\..,#.......h"igU.:.....{:W.G.B......L..je..$H...;
Ei.......!...l......A.5.p...V.....$...OC.....(uSr...D.{...../.w/.{....
K....4PQ.....]..!gv....v....i.].... .\.[Q1..D;>[email protected]...]...c.e..!Q|.
J.....r.~.-..S%.o....%x.\. T....)O...d..y.(Z0%Z...H.n!YT.n..o......M..
..9m....L....:.o....J...H......C.....w.3R.J...$...Z._.:.......(...v3W.
..?.:q9.... .^^e...A.2.q7E4.4.$u..q).;8.._V2.......f..l.R~1c?H...|~...
v.E...........:..p.8.W..F...`$...]!..(...W.(`..I...........W.'Z..4.y;{
C.~ ..!.4........X.xl.r....H..Y"K....A.(G]9?..^/9O......Qz..Fc.-AO.Y.8
.w.......A.h........F...t.).t..o.]t.i.kG..0$..%....?....u..}g.....q.CX
<X....I=_..S..rB......W#.]U....g...dnD...........Pug4..........
<<< skipped >>>

GET /free/frg/products/787850/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Thu, 22 Aug 2013 13:29:46 GMT
Content-Type: image/jpeg
Content-Length: 23582
Accept-Ranges: bytes
X-Varnish: 426296126 426231439
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......K......Adobe.d....................
......................................................................
......................................................................
......................................................................
...........!.1A.Qa"..q...2..BR..br#..C...3...Sc%s$4&..................
......!1A.Qa.q........"2..B..Rb#...3r..SC.c$..............?...........
b[y.l.."....>ZD@!.T...!......qL....-..Y...D.G......t.X...RY#,riU0&l
t;.J...9#ex...YMA.....*.S*}..Q.(.%...qR;.........G.<..)w.u.........
W.m.......W(....'..x4#SsC..Z..9..k>..\c.g..-&.v.A.SJ.q..HA..# .....
..K.$..........N..vm...]......_...[...H.}....F. H.\..Y.&.....G.t:F...}
..?............h..)....UwjQ..._.r.?....U...v.WG........b........R...t.
.........Z......N..({..7..,#;...)...(....J.\.N......C.c...9m...9.r..a^
.~..{......Q.78.~..4X....T@:*.....uN.;.\..<g.v/K..#r..Bz....W.>Z
..M.A..g.kPfi,R.=..UJh...w...9~.c-......u...?....:".w.9Q.C......P....#
@..E.B.....i.... .ee...`.....PA. ......;.E...~.G....Tn<.O.~c..{....
{..........I..Z:uG_.".._q..M&{.J.L....M.\.n3.K..A%#...4d...C.~.z.R.9t.
.!c.JzA<70....#.U.q..aPG.. .QNAP..=.....Cn.%..T.........4..1.(..b./
..G..l.I.{.S...r|._....4n..hx...O*2.....9.~w.%.#.Y".$.PS.X....i..#.&{Q
.s..l.7G...!.K-:y1..:cn>.in...{.......z.....T................p;..d.
c........ ...W.Sn.t....n...#...,.....i.(..7.3_.O}=L..4.}.I......SI.R..
...|.)...'...Q.aS..c....[....1.b5x.N_)k..O..4.....f=..y=..s.B.%...i...
...3..Me...<[email protected]\......'u.r?.................u8./<.
<<< skipped >>>

GET /free/frg/products/816150/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 05 Aug 2014 07:25:58 GMT
Content-Type: image/jpeg
Content-Length: 59213
Accept-Ranges: bytes
X-Varnish: 1224830130 1222979293
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
.... CExif..II*.......................................................
................................................(...........1.........
..2...........i........... ..............'.......'..Adobe Photoshop CC
 (Windows).2014:08:05 10:24:24..............0221......................
..........................................n...........v...(...........
........~............)......H.......H.............Adobe_CM......Adobe.
d.....................................................................
......................................................................
..........."................?.........................................
.................................3......!.1.AQa."q.2.....B#$.R.b34r..C
.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw
........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%..
....&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.........
........?................A.....g...>.......Z...u[znk..p..c......v.[
....w..}..k....j...e;.i.$O...dM.6.:8.i...H?W.gL..p.Q..."..G.io.].c...p
.K......h.%..}~.....q.[I..0....6.......7.......|..0..v.0....U.A.._....
2J.O...^.._...c..g&,c?..........._g.Xk<....pU.d.L...........i.&....
..xhsF...%^....*/..h...yk..@ip._..........@.(.w..a...9.q.s...jB2.m..O.
..x1.-==..z.7. F.8......C.'..z.^.q..:O.6.....3..2.6..T.h...<.G.?...
....h..h.....c.,...^.........^s,gC.A.7....=?$.6..u.i......O.~..y.n.x..
V...,c.m.me.......k..O.y......G.~r.\.J:q....,..1..........8......X..?.
.^..C.*ys.xy.G...[.eE...Q'x.8..X.o...[.j.....-.o..U.i{..U\r..-Dc..
<<< skipped >>>


GET /j.ad?flashVer=9&ver=1.27&th=6964238882&tagKey=281869759&site=freeridegamescomplayer&adSpace=row_player¢er=1&size=160x600&env=desktopApp&url=http://VVV.freeridegames.com/banners/promoframes/160x600_frame_ad&f=0&p=4485136&a=1&adContainerId=richmedia_2&rnd=4489368 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/banners/Default/Tribal/160x600_default_tribal.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: a.tribalfusion.com
Connection: Keep-Alive
Cookie: ANON_ID=aVnrejpyXaxUqiVTFV7ZdVlysE33iZaclA335CcsXgMvYEbcODZaMK1ZbTjledrHJB8W0D9SIsmW


HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aPnsAGwZcF1pCXarpfrw3pGB8ALwcZdCxI2eOViTcW1CVsbw1q34RrTpY49IZa1ucDRJgx7xOmHOMEtZbYnsWEXj; path=/; domain=.tribalfusion.com; expires=Fri, 01-Jul-2016 08:09:07 GMT;
Content-Type: application/x-javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 231
Expires: 0
Connection: keep-alive
..........%..N.@...~..C..eiTb..h..F...4!i......<.-..U..9..mul.X.L..
.4.f...e..{..u...T~@~P?H0....<..<. .$|fQ.X.caI....*.%...p....8.[
W.f...m....].......O.wH.$T.....I......'8..6.M..($..:,..n..r........I..
..:aP..a.....h|a.......a.s......



GET /analytics.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/160x600_frame_ad
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Strict-Transport-Security: max-age=604800
Date: Sat, 02 Apr 2016 06:54:11 GMT
Expires: Sat, 02 Apr 2016 08:54:11 GMT
Last-Modified: Mon, 28 Mar 2016 20:26:56 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 10938
Cache-Control: public, max-age=7200
Age: 4494
...........}.s...... .\.j&....r.s(gw.-^...Ii$.&.@f./1|...nI......U.Su.
..K....W..H.....oy.dU...{.i?J...O...Y{U..x.........)...A.1WT..H.....(v
.;.t/Y.4...........a......j...=......j.............kcc..^...f.l.z.....
.v>~...?8.|t|r.....s....z.....f8....tr{w....\..|......~8...x;u.....
.c.N......EC.q...?.......P.."..\.|.....\..a.}YX8.......FB9.-.F..9%.K&.
;[email protected]=..0.~..d...zL...X.l..,R......N!.~..\.\.yf.\...|.......
5..t....k..E.R5..X....%. (........J.O...?\B.....X::N.h.....\...8c.....
v..'.J.......}1.&i<..(.....P... ...:8..m3M5.X.[<.r...y.....8lF.{
."......4K..{.zn9....&.n.."V<Uo..F.S..n`\....d........O)..".v#.....
...O... Wo.......x4...D.&|(po....iq.4..Gw.ea...ni..`.(E...}...[...%...
...r.B."....).}..VK...8T...L.T.].=.8^x....s{.....-.g".h.:x....'U.i.'..
&.2x.0.@......@......*. .]8............7.m\..?.1..."..$*N_)8...%.....v
.s.O.q......#.,d.3 F.../..&..S ....t.ci/C]....w<..d.&...&,..=,..X].
8Vq.......i]./...OU...,.......^_>&.)a6.@'..,..t...z....z,j..{......
r:[email protected]!<......"...........a...l..
....m....]....Yd.N..........a<...<.=....C"...... ..L...De..Jq(..
fgT..]...x..C...M..|[email protected];.x..qCEG.....@T.[..3.\..9I..].4
. ..W.fI's]..q....f.... ^."...x.[[email protected]>....Gwl/.#[email protected]...
....@....%x.............W..pp.uz|MF...j..g....R[=.......|...jU..@L....
.YC......PSO.....XG.v4...9....k...............).....r......N..H...%..K
..*.]y.[....R.0.h....f9..-...S..=.`....T.-.j...2.B.........:.....e....
...hl...$..@P...=..j.............l@Z`.i.....G......S#...0,7Ky.k'.p
<<< skipped >>>

GET /r/collect?v=1&_v=j41&a=798138249&t=pageview&_s=1&dl=http://VVV.freeridegames.com/banners/promoframes/728x90_frame_ad&ul=en-us&de=utf-8&sd=32-bit&sr=1276x846&vp=728x90&je=0&fl=11.6 r602&_u=AEAAAAAAI~&jid=224464841&cid=1349977310.1459584557&tid=UA-4994835-11&_r=1&z=1292276131 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/728x90_frame_ad
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Sat, 02 Apr 2016 08:09:05 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Sat, 02 Apr 2016 08:09:05 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..GIF89a.............,...........D..;..



GET /free/frg/products/829150/boxshot.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Wed, 27 May 2015 06:31:30 GMT
Content-Type: image/jpeg
Content-Length: 32636
Accept-Ranges: bytes
X-Varnish: 1287376411 1287282884
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P.....(hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c02
1 79.154911, 2013/10/29-11:47:16        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:53DA8371043711E5A4AFAC470
7443C93" xmpMM:InstanceID="xmp.iid:53DA8370043711E5A4AFAC4707443C93" x
mp:CreatorTool="Adobe Photoshop CC Windows"> <xmpMM:DerivedFrom 
stRef:instanceID="xmp.iid:2BD67BF0043611E59228D1FFB34C05AF" stRef:docu
mentID="xmp.did:2BD67BF1043611E59228D1FFB34C05AF"/> </rdf:Descri
ption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
;....Adobe.d..........................................................
......................................................................
......................................................................
.............................................!.1".A.Qa2#...q.BR..3C$.b
rS...c%........................!1..AQaq"....2..BR.....#.br....3...C..$
.csD............?..wa#.Z4"....0...d.......c..w.=........wS......H?N_n#
....|.........7.. ..Qt8.z.-~....?Q".N.Q.V.....i/......(8...v..^......v
.}q..rNX.,.e.....o_.D....6.f'<V...j..d.G.S.I...(..8.:....I...w<.
...n. Q..%..3...&._]....~.I..a....0.*.....x........:!........;.rcw
<<< skipped >>>

GET /free/frg/products/781650/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 17 Feb 2013 14:35:03 GMT
Content-Type: image/jpeg
Content-Length: 23430
Accept-Ranges: bytes
X-Varnish: 1268591782 1268548808
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......d......Adobe.d....................
......................................................................
......................................................................
......................................................................
..............!.$.14D.AQa.#3Td%q..Ct5.......E&...S..c..U6".s.e.FV.u...
............................!1A$...Qa.4DT%5.q.d......t.E&.....U6..."2B
.eu..F'.br.V7............?..d.4u.A...C&.;. .. ..[..................$Z.
...i".. <x_......\.[...~8.cm`..zd....K/o....;..S;...\?.c.G...2'"0..
.X....C.8.}...C../p..l8Eu.w'.{L.n=f9]...*J.k8......D.?........]....K.u
.:........G...a....[.c.[l!.#e.......4dv....].M.t..T......~....*X..4p.;
q$.A..B.....y.K{......)H....CKK....... g.....Kg..j.1>...K...$...x&g
t;.V.Y..G.\5Z.]7..Xn*[email protected]...#..@..
.....o....I. ....:....k..-.Vy...m. ......zB..<....h=D.E.>R...PN.
..]:I3...?"..T.T.Zn...D#rM.r.)q......../.(...X...L...e..].f.8...v.w...
..Ma./.......-L...`E....g.fC.....c..?N}.}.x.k.....UGO..e.)..6w..2.n.&.
j0v50eA...Yi.......c.n.I.....|=....(n..$....-..4...M .*.A..Gk..C-.P`..
.M..u.,.......4~O&..b.....Q=.eE,.m.."<..h^.>...w.r...X7....F.f. 
o...........?...D.....*Q......;Z.5.,.....'.....1...U..}r]...o.K.55..g.
RS.aE./.....&...a..b..|..gjU|...*.Je....P....p....4.%....I.2.6~~.G....
~...T]r.........B$..P.0...JT..@}..<I..........R....YA.$U.$9....(.Q.
q.......AAz.TMi.......2l."DO..8AD.2!D.!.....#..K1.E.....6.....S.S.....
R-?..r.Fk...1..)5..t.....&h.]..$..O...\........0...3...p.aK..v...s
<<< skipped >>>

GET /free/frg/products/784450/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 29 Jan 2013 21:54:53 GMT
Content-Type: image/jpeg
Content-Length: 20337
Accept-Ranges: bytes
X-Varnish: 264134815 264128493
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......K......Adobe.d....................
......................................................................
......................................................................
......................................................................
..........!..1A..Q".aq2....Bb#..Rr3....$..C%...cs4.(..................
.....!.1..AQa".q..2....BR....br..#3.....CS....$%.............?.AC..R..
.(.g..X.8.W...d......j......(..)?..d.vP.L..`4..t\.....C|....N7*....T~.
{....8...(VdW4.\p.])P.j.m..ZB[.A..T.i......M.....W...O.r.3.../(.....6.
[email protected]}.m..<f....gn....,......9....-.....7.Q.*..a....F.......
[email protected].=x}Z.s.....H......8y..4.G..$Z....X.N...R.A .r.... ....(.L...k.r.
..'[email protected]..%I...P...y.c..R.EZ..)5p.....jd-} ..G.......5.....:P.
y.?a.....&...G..P.~......c.n....).=....xh..Q....,$....t*.i...F..A.....
.......#.$..g&M.Qc...[...$5.0.i*y...fH....~R$..k.\..wR..l.........7...
.\.ui5..$.....b8.....X...3P9..<'{q.......f..~.D.Am..........O.9.Kr.
.o..&[.F......v.....3% .y.....{.8..,]...3.B*..- ...>..8.....k....#.
....{..D...U...}.......2'.....w....j.`....c....m.......Z....b.&.9m....
....6.:....dj..6O...rs.r....$.....j..:.{..L.s.E..!...r__..6..........^
...r.KqeZ...R..bc.gYY.b...U~..F\...*.*..K..=.....:.."...7......W......
..O..1......P...}43$&B.(..^...Dq...K.iK.7m..K...........I..9.?E.yi....
[email protected]<...4.!...."&S..&.'5W..v].IK...hl.2.F.....=h[....#6.....&
lt;.........O.....t.....Z...}....9.\~.&Eh.O..qe..%....2.c*E...<hRB.
C.\F..D.$.....;.&.F\..4..m...).v...DX..../G.O......1..........sHX.
<<< skipped >>>

GET /free/frg/products/780350/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Mon, 30 Sep 2013 15:06:16 GMT
Content-Type: image/jpeg
Content-Length: 25276
Accept-Ranges: bytes
X-Varnish: 1287502203 1287491122
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......K......Adobe.d....................
......................................................................
......................................................................
......................................................................
............!1.A".Q2a#..q.B.R3..rC$%..b.cs.4..&.......................
!1..AQaq.".......2B..Rb#..3..r..$...%.Ss.............?..6.hs/.'.W.....
.m...S.J....P..K#[email protected]$Q.....-.y7{...mA...........kZ.~:.$.@
..U.(.!.2..N.B.........x.7y...".&.K..-..!.q.,....{o...S.....G._...S...
.......D........-....z<.~...h.Yi..!E.O..,t....[....z..%d..T.......n
/....!..._...R...f.>v.<..e..R.........=`6.....u.o.I....p.:T.NCvq
..D.*r/*YjD..q...N.T4....=k.B6....KCGB%....T.)eq.3...7......[0.r77....
....v.^[email protected]=_......d.2 ...&J.h..E~:..IH.{.....w ...y.
....]S.C....._...n.k.pL.}.;7P....EKM7...U$..........'..:0..9.#5..zQ.?`
[email protected]|..7...z..5..\Oj....".\.7..V....E.u.
.)C..N...5.../..2.<..a...E..\%J.&3... {jT.....S.4*>...Hk.h..na-.
......g.... .B....d....y.I.M...%@.S...Nqp...8!.t...V...... ^/..1n2....
....O...i..uI.]..:\.....4.2...7....g.!..%Y....z...J...&.zk.!'.o.5..}h{
 ...|;~Ox.x..I..oSr...T.B...U..t...`..i'..........3.............sQ....
.....*.:mi]:}u{7.A.-........c../.H..d.....%.]..T..OO. ~Z.".q..P.......
...Tp.x..v.5.g|A;...E.}.v{[email protected]....=I...}j....;..T..
.....[.d....6....m..........9qQh..z.{qb14sFA}.Im..1.....enq..x.D6..q#.
.RG..i..n.Z.0h>...r.........n\...]..>kv9......?...0.j.U e.w.
<<< skipped >>>

GET /free/frg/products/825250/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Wed, 21 Jan 2015 10:08:27 GMT
Content-Type: image/jpeg
Content-Length: 24210
Accept-Ranges: bytes
X-Varnish: 1275159397 1275152674
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P.....rhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c02
1 79.154911, 2013/10/29-11:47:16        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:52B440F57AF111E49
15B94700EDA7761" xmpMM:DocumentID="xmp.did:712E48FBA15511E4BAECCC8DBE1
62659" xmpMM:InstanceID="xmp.iid:712E48FAA15511E4BAECCC8DBE162659" xmp
:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom 
stRef:instanceID="xmp.iid:c4698028-9c4d-6b49-aa80-96d15b83febb" stRef:
documentID="xmp.did:52B440F57AF111E4915B94700EDA7761"/> </rdf:De
scription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"
?>....Adobe.d......................................................
......................................................................
......................................................................
...............................................!.1.AQ".a2..q.#..BR3...
..bC...r4%...$5.........................!1A.Q".aq.2....BR.....br.#....
3...CS..s.Td%.............?...IRB.O..[.5..T.Nm..%.l([email protected]. ..%w.
4Mtm...ll..S`4.zlb.vQBEx......>]*..$.p......P.t...G.E...>t.z6.-.
t.m}........tIm..._.h.&.Z.)...7..i4 ...$l......Q.U.$h..@.|}..~>
<<< skipped >>>

GET /free/frg/products/452750/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Thu, 05 Feb 2009 15:02:41 GMT
Content-Type: image/jpeg
Content-Length: 29207
Accept-Ranges: bytes
X-Varnish: 1463655604 1461264631
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......P......Adobe.d....................
......................................................................
......................................................................
......................................................................
..........!...1.AQ".a2#.q.B..R....b3$..r.S%&.4.7......................
.!1..AQa.q.."2.....B#...R..br.3......S..Cs.$..c.4D%6............?.Q...
=.] ,[email protected]... .....d7G.!...w.........v........kq]..n..[#p..V
.r:..w.kU.N....h.yL...I.^G.u...F..;@LT.%VKN.....-*.e.7.X..e.c.U .>.
..k.._....SS.6......Bm.....]...2]....|..'.<.:.......i..yMQ...oB...z
....N.fr.".X......-...O...0."j....ur./........L.UL.^.........5_..{....
L....]...77.k..e...?w..........4P......=2..2....O@..&.....:.A..w]z.Op.
..u..=u:......C.D..../..Uo.^O.qf7..r..%.3;hX.1>..,O...E.\.SW......z
..<k)..#"Js.q4]].E..^[email protected]}f...q.'...........(.5..
..:-)E....?..}d..5..c.e.Ns,E}{..o.U(t........._.2....>....G..{.Ls.n
..I..6........9..TO)............/.......e{....}.V..Q..........-2...M.U
....k...,G$C3..O..#....]:.s...q...(>S.an....r^..Mzo.....g*.0..l6...
m...O.....-0.yL.....R...8.k#.....I.......^...9.:[.)......IS....,cD \.L
D....H...X.y........=2..1O...=.m.j&...........g..o..3ZQY...A......^.^.
...E...*.... .T...I)..'....j.-.^....#..dh.y.:C.Y..h.a..@.}h..:I.r.....
..`..J4X.)..cde.8...}......_.pE^...8 ..{ ../.....Q.T.T*jI'..~c..p.F]..
...........q^....=m.N..5...K.cqR....b.....$V.., ...H...QS.yk..r.h....2
.L...OU{K.NdT....a...._..[sl.;.M."n.....[)..........[.....:.>g.
<<< skipped >>>

GET /free/frg/products/445950/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Thu, 11 Jul 2013 13:55:29 GMT
Content-Type: image/jpeg
Content-Length: 22447
Accept-Ranges: bytes
X-Varnish: 1275159395 1275141723
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P.....)hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:D6B195B0EA3011E285C1BBF9D
26D6623" xmpMM:InstanceID="xmp.iid:D6B195AFEA3011E285C1BBF9D26D6623" x
mp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:71EC7EE8E92711E2B5808FBFFD9CDFB2" stRef:doc
umentID="xmp.did:71EC7EE9E92711E2B5808FBFFD9CDFB2"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
......................................................................
..............................................!1A"...Qaq2...BR#..3$...
.br.C..4..c'7....SsD%5.......................!1...AQ..aq..."2....B3..R
#.r....b..$4..C.S.5.............?.).$.....................k....&L.d"E.
.......C........SZ.N.<........CIu.y..T....X..H.)....s(.R.j..{.)...i
.)........H.K..l.V....o..i..O....0;B.Z...t.p.{.&.....\t.........$...h*
.!.q..l...d.(."..i....x.5...\s......._.W,n.....=.1.3x.,..J{...'TVg
<<< skipped >>>

GET /free/frg/products/670350/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 06 Feb 2011 15:17:42 GMT
Content-Type: image/jpeg
Content-Length: 24502
Accept-Ranges: bytes
X-Varnish: 433684641 433674678
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......K......Adobe.d....................
......................................................................
......................................................................
......................................................................
..........!.1..A.Qa"#q2...R...B3$.brC...Sc4......Dd%..................
.....!.1A..Qa..q.".....2...BR#.r3.b.C...S..$45............?..r..h2c...
....Q.R.S.....Rt....4....p......|h....8z.n.0]......$....h.......1...I.
|/\......d|"..3.... ...\:.....I\........ ....AB0.8....H............#d.
!La.....kK!jm..`-`.y.....M5=... 5..k..T.."..5...$....e7.IZ.....-.....v
..;............k.8N;.c_......{.....`.8...=....L.............J..^..C.mB
R.R.w1.A...m..!.."..m.-....!q.P.u......W.Y#Z.....p..hp...u.Z..%....MF.
.R.p....^..l..w5.d@.=..{[email protected]."*.$8..Et....R(t.....PIdO..m..iw
l...qB..>......^....r..r%.{.x.....(4..5.R3A)...d.[K)J..H.XS_|m.....
>.f......(..;[..\Ce.OAA..4Y...H.G.p....).K2.|..M}.Yo..i...K.....~NQ
..r9..W....-J..$..p..-0.l.....}...t.].......Z.`..kn.u...6].......%!.d4
.......$. ..D.a.W.~.B....K<f6PCm..IB=9R..Py..J5....v...j.O.YGNh.*..
....m....N). .......=..H.A..>;f.p..d0..]e.............(.V.E[..C^x..
".1.PnKv......?........-.<.Q.a..0...ALV[/..l .^.}^f.....9.67...S...
...,[email protected].<..U..o.p..^'......D....w%.x.l.C.{...{.i..p...19n(..l.
q.PB.E$...:.!.Y....Q...!..........y......U. i.M........q..!.*.........
.c.4...v.GU~r~.....x....%.nD..b.&t ...!......]...:(.........)Fs.2m...R
dG.>.>.i#.........Z.-..e@ p&[.9G...`..Jo.............3T.....
<<< skipped >>>

GET /free/frg/products/666750/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Sun, 30 May 2010 12:07:56 GMT
Content-Type: image/jpeg
Content-Length: 16886
Accept-Ranges: bytes
X-Varnish: 1268234988 1268223175
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......M......Adobe.d....................
......................................................................
......................................................................
......................................................................
.........!.1..AQ".aq.2....B...Rb#....3U..r..Ss..$T..%E.....Cc.d.u.....
.......................!..1AQ.aq"......2BR.S......br.#C.....3......D..
..........?.%.....6........E.H..m..R.]{/.|.#....0..6..6...0.....m.....
wG.4.P..m.r.).Oi>.....B.......o...U.-......o.T..[.=.....Z..p.m (...
...f.......Y}....).{....w....XE.............}....'GP.{...;{S...d?....A
....}.........QM.......;.v.t{/..u...j..n..S{7ov..~....."....o......Q.r
.kc`..&.".Q[.....}.... .X..Q...E#.8.p.D..3C.. .v?J>.}H']..U......\_
...~....?.X.(...$......Tk..)<pQ-.....F.c......5.O.].(Gv6.....>..
..X.l..}.....L......\..{....v..,i..F>.}H..g.... .C.8b............o.
...........'......v.4k/..u..v.S|n....x4.........K.5.....R0.&>.....'
m...&.?.#5oo..4[/..u..7\..Gy.9....E.PH=......d..1.[.M..N=.y.k...~s.Eg.
.O<.....j.....i...Z.0.A.-.&n....D... ....%JO..5.....Pwf...\vU.B{.uM
..e.Q...T...m...e#D...S-`hU.H3..)s.}..Bt....5..8u.u..H.6..T<;....eG
.......[..RU...Q.RUn.......(..A.<..... I'..~.l..Tt..v...zmd......4u
.D..Z.&.32........{.......B.)i..P...`.C;.M...zE.L.6..Kem./......CFm...
w.n..v.RATe_.U..N.u.H....W&.^....(W.S.H..-..v .o.#........r8.(rt...2..
.....O.Q.^L....}..q..K.-"Kj7. ./....&......[.f....2nG .).~.....M!.....
..6.^...$.\q\..C..|..u.....6...#.{Ci.....9.....^.$.8.t,].m...Z.<
<<< skipped >>>

GET /free/frg/products/554750/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Wed, 05 Jun 2013 11:48:31 GMT
Content-Type: image/jpeg
Content-Length: 39319
Accept-Ranges: bytes
X-Varnish: 2136325674 2133452317
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
......Adobe.d.........Exif..MM.*.................J.i.........V........
...v...........>...................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>

GET /free/frg/products/835250/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 15 Dec 2015 12:21:39 GMT
Content-Type: image/jpeg
Content-Length: 24212
Accept-Ranges: bytes
X-Varnish: 426436400 426232454
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P.....*hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c11
1 79.158325, 2015/09/10-01:10:20        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:628B2049A32611E59A71B2A2C
E0575FD" xmpMM:InstanceID="xmp.iid:628B2048A32611E59A71B2A2CE0575FD" x
mp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFro
m stRef:instanceID="xmp.iid:F7846D4AA31F11E585DFE528E86AC8CC" stRef:do
cumentID="xmp.did:F7846D4BA31F11E585DFE528E86AC8CC"/> </rdf:Desc
ription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&
gt;....Adobe.d........................................................
......................................................................
......................................................................
.............................................!.1..A"Q..aq2#.......B3..
RbrC$4..S%6........v7.......................!1..AQaq.".......2B..Rr.#3
..b.......CS4cs$D............?.."F7s....\......o..[.....1...#.jUO(..%.
.m.Fy..O.-....I.......1....H]..%?..S...m^....P:...W...q..9r...E...Z.0.
.n. .....4..L.F...."...M.|....H..;....}.EMS..EN.jL,(.8..A....6...*..._
g"wQ.........Zr..W6,.$9!E....:..jDp.G.D$..B...zi.,'.......B9*.#..u
<<< skipped >>>

GET /free/frg/products/807950/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Mon, 27 Jan 2014 10:20:52 GMT
Content-Type: image/jpeg
Content-Length: 29961
Accept-Ranges: bytes
X-Varnish: 163201964 162920577
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P.....mhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c02
1 79.154911, 2013/10/29-11:47:16        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:E1D3260D2450E311B
D44B19745323D89" xmpMM:DocumentID="xmp.did:28F66A87872711E3929AE1F0E4D
17D55" xmpMM:InstanceID="xmp.iid:28F66A86872711E3929AE1F0E4D17D55" xmp
:CreatorTool="Adobe Photoshop CS4 Windows"> <xmpMM:DerivedFrom s
tRef:instanceID="xmp.iid:20A003634E50E31195639051C2078292" stRef:docum
entID="xmp.did:E1D3260D2450E311BD44B19745323D89"/> </rdf:Descrip
tion> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
....Adobe.d...........................................................
......................................................................
......................................................................
............................................!.1.AQ".a2#.q.B.Rb3$.....r
.c4....%&........................!1AQ".a2..q..BRb....r.#...........3.C
Sc..s$DT&............?.G#J#I.......A4.~./_.. <.}..n$..RY. ......{`.
....c?S....pm....*[email protected].$L.1.....}a>.i......m...$
..8...mEM..=?.D .........5......Fm..y.~d.........#...DARUU.....PN5
<<< skipped >>>


HEAD /FRG_site/SDM_Offer_Assets/GameFirst/All/Location_extractor_654250.exe HTTP/1.1
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: Apache/2.4.4 (Win64)
Last-Modified: Wed, 16 Jul 2014 12:08:24 GMT
Accept-Ranges: bytes
Content-Length: 43754032
Content-Type: application/x-msdownload
Expires: Sat, 02 Apr 2016 08:08:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:21 GMT
Connection: keep-alive



GET /FRG_site/downloads/EXEtender_Default.exe HTTP/1.1
Range: bytes=0-2476442
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Thu, 24 Mar 2016 13:53:10 GMT
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Expires: Sat, 02 Apr 2016 08:08:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:21 GMT
Content-Range: bytes 0-2476442/12382216
Content-Length: 2476443
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......d... ... ...
 .......5...O...(.......4...O...i......./... .......&...*.......!...Ri
ch ...........PE..L...>.J=.................0...0...............@...
.@....................................................................
.....hI..........(....................................................
[email protected]$.....
..0.................. ..`.rdata.......@... ...@..............@[email protected]
...dn...`...@...`[email protected]...(..........................
.@..@.................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


POST /opTools/clientTracking.jsp?track=playerinstallationstart&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB&ver=117724672 HTTP/1.1
User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:46 GMT
Connection: keep-alive
Set-Cookie: JSESSIONID=D67E195B5F84B3B94AD5A96471163CCB; Path=/; HttpOnly
Set-Cookie: 143_userName=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_password=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_CAMPAIGN_SERIAL_ID=Default-silent; Expires=Fri, 01-Jul-2016 08:08:46 GMT; Path=/
Set-Cookie: 143_FIRST_BROWSER="Default-MSIE 8.0"; Version=1; Max-Age=7776000; Expires=Fri, 01-Jul-2016 08:08:46 GMT; Path=/
Set-Cookie: 143_CT=1; Expires=Sat, 09-Apr-2016 08:08:46 GMT; Path=/
Set-Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; path=/
Set-Cookie: bIPs=6da67a80eb8b1aa1cc96ccf1c083a86b;
HTTP/1.1 200 OK..Server: Apache..Content-Length: 0..P3P: CP="IDC CURa 
ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type: text/html..Expi
res: Sat, 02 Apr 2016 08:08:46 GMT..Cache-Control: max-age=0, no-cache
, no-store..Pragma: no-cache..Date: Sat, 02 Apr 2016 08:08:46 GMT..Con
nection: keep-alive..Set-Cookie: JSESSIONID=D67E195B5F84B3B94AD5A96471
163CCB; Path=/; HttpOnly..Set-Cookie: 143_userName=""; Expires=Thu, 01
-Jan-1970 00:00:10 GMT; Path=/..Set-Cookie: 143_password=""; Expires=T
hu, 01-Jan-1970 00:00:10 GMT; Path=/..Set-Cookie: 143_CAMPAIGN_SERIAL_
ID=Default-silent; Expires=Fri, 01-Jul-2016 08:08:46 GMT; Path=/..Set-
Cookie: 143_FIRST_BROWSER="Default-MSIE 8.0"; Version=1; Max-Age=77760
00; Expires=Fri, 01-Jul-2016 08:08:46 GMT; Path=/..Set-Cookie: 143_CT=
1; Expires=Sat, 09-Apr-2016 08:08:46 GMT; Path=/..Set-Cookie: BIGipSer
verFRG_Web-pool-http=2970226860.20480.0000; path=/..Set-Cookie: bIPs=6
da67a80eb8b1aa1cc96ccf1c083a86b;......
<<< skipped >>>

POST /opTools/clientTracking.jsp?trackEvent=clientInstallationFinished&ver=117724672&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=6da67a80eb8b1aa1cc96ccf1c083a86b; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1; JSESSIONID=D67E195B5F84B3B94AD5A96471163CCB; BIGipServerFRG_Web-pool-http=2970226860.20480.0000


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:54 GMT
Connection: keep-alive
Set-Cookie: JSESSIONID=83DC6534B95C095A1C13B5DC44F727D9; Path=/; HttpOnly
Set-Cookie: 143_userName=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_password=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_CAMPAIGN_SERIAL_ID=Default-silent; Expires=Fri, 01-Jul-2016 08:08:54 GMT; Path=/
Set-Cookie: 143_FIRST_BROWSER="Default-MSIE 8.0"; Version=1; Max-Age=7776000; Expires=Fri, 01-Jul-2016 08:08:54 GMT; Path=/
Set-Cookie: 143_CT=1; Expires=Sat, 09-Apr-2016 08:08:54 GMT; Path=/
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
....


POST /opTools/clientTracking.jsp?trackEvent=playerinstallationfinished&muid=30300030000C295C94647A25A8A6F58200010200F584AC3C04E25063D8C23E3200057EDB&ver=117724672 HTTP/1.1


User-Agent: AHTTPConnection
Host: VVV.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1; JSESSIONID=83DC6534B95C095A1C13B5DC44F727D9; BIGipServerFRG_Web-pool-http=2970226860.20480.0000


HTTP/1.1 200 OK
Server: Apache
Content-Length: 0
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Expires: Sat, 02 Apr 2016 08:08:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:54 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
HTTP/1.1 200 OK..Server: Apache..Content-Length: 0..P3P: CP="IDC CURa 
ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type: text/html..Expi
res: Sat, 02 Apr 2016 08:08:54 GMT..Cache-Control: max-age=0, no-cache
, no-store..Pragma: no-cache..Date: Sat, 02 Apr 2016 08:08:54 GMT..Con
nection: keep-alive..Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956
;..



GET /free/frg/products/728950/boxshot.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Mon, 24 Mar 2014 12:37:00 GMT
Content-Type: image/jpeg
Content-Length: 22760
Accept-Ranges: bytes
X-Varnish: 1287477671 1287286573
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......T......Adobe.d....................
......................................................................
......................................................................
......................................................................
......o.......!...1A..Q"a.q.2...#..B......R3.$b.C4%...rS&c.D5.T..s6..'
E7F......dU(..)8..GHVe*9:IJWXYZftu..gvwh..............................
ijxyz........................................i......!..1.A.Qa.."q.....
.2...#.B.R..3b.r$....C.s...c%4S..5&DTdEU'......()*6789:FGHIJVWXYZefghi
jtuvwxyz..............................................................
..........?...n.w.3)......G&...5..u....O..D..9..............K...zM{..d
..fS...%..z.&..n.w.3)......G=^.^..7Y;......I....I.......L...$...W.....
N...e?.._....k...'..2.../.s..5..u....O..D..9..............K...zM{..d..
fS...%..z.&..n.w.3)......G=^.^..7Y;......I....I.......L...$...W.....N.
..e?.._....k...'..2.../.s..5..u....O..D..9..............K...zM{..d..fS
...%..z.&..#.V..#.W..#.W..#.W..#.W..#.W..#.W..#.W..#.W..#.W..#.W..#.W.
.#.W..#.W..#.W..#.W..#.W..#.W..#.W..#.W...q.r.Ni...>.zk.k..........
..........9..i...>.zk.k.........HTTP/1.1 200 OK..Last-Modified: Mon
, 24 Mar 2014 12:37:00 GMT..Content-Type: image/jpeg..Content-Length: 
22760..Accept-Ranges: bytes..X-Varnish: 1287477671 1287286573..Cache-C
ontrol: private, max-age=259200..Expires: Tue, 05 Apr 2016 08:09:04 GM
T..Date: Sat, 02 Apr 2016 08:09:04 GMT..Connection: keep-alive........
JFIF.....d.d......Ducky.......T......Adobe.d......................
<<< skipped >>>


HEAD /FRG_site/data/feeds/Os_Build_Supp/version.xml HTTP/1.1
If-Modified-Since: Tue, 01 Jan 1980 01:00:00 GMT
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: Apache/2.4.4 (Win64)
Last-Modified: Thu, 14 Jan 2016 15:42:43 GMT
Accept-Ranges: bytes
Content-Length: 4933
Content-Type: application/xml
Date: Sat, 02 Apr 2016 08:08:59 GMT
Connection: keep-alive



GET /spdo/feeds/gamesByIglFeatureList?serviceId=143&igl_feature=2 HTTP/1.1
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Referer: file://%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd_Skin.html
Accept: application/json, text/javascript, */*; q=0.01
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
Content-Length: 3861
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: application/json;charset=UTF-8
Expires: Sat, 02 Apr 2016 08:09:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:09:01 GMT
Connection: keep-alive
Set-Cookie: BIGipServerFRG_Web-pool-http=2869563564.20480.0000; path=/
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
{"games":[460850,465950,827450,827650,466150,471950,509450,521350,5235
50,535250,539050,825350,554950,555850,560350,568450,570550,572150,5722
50,573250,578050,829050,496850,828850,748450,828950,616750,619350,8078
50,778350,749650,695050,587450,589550,594750,601550,603950,829150,6173
50,750750,782350,787450,784850,652050,446250,742250,515550,815450,7957
50,524350,744250,531350,607150,675750,795650,664850,554350,672450,6824
50,727550,750350,703850,696450,694650,680650,795450,806750,808650,6138
50,676750,584850,554850,556750,818950,798350,828750,834350,600150,4722
50,601350,605450,784450,610950,613150,613550,615450,619950,621550,6273
50,814650,830450,830350,828150,452750,807950,764650,816150,831750,7622
50,648050,648150,649050,650950,659450,661450,661650,661850,833050,6878
50,684950,719850,586350,835250,687750,782450,757150,643650,758250,6908
50,725850,774950,721050,719150,744150,835750,836550,836450,537150,8356
50,717850,805750,837550,642650,718150,820050,713250,799050,664050,6991
50,636250,663050,706250,729150,812650,654250,811350,821450,400250,7033
50,466550,804150,772150,531850,560450,528950,787750,809450,461050,7086
50,791950,789450,835450,828050,750450,748750,747250,734250,708450,7145
50,791250,707350,695150,751350,824850,681250,830550,662750,802250,6452
50,645550,647550,831050,832450,801450,799350,798550,793150,787850,7803
50,772850,766150,642550,654450,630950,654850,655550,554750,633850,8141
50,644150,714050,657350,719050,833450,740850,736050,745650,797850,8035
50,808550,809250,809150,809850,598150,801750,666750,606250,694550,
<<< skipped >>>

GET /spdo/feeds/gameItemList?serviceId=143&genreId=69 HTTP/1.1


Accept: */*
Accept-Language: en-us
Referer: file://%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd_MyGamesPage.html
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1; BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C54529D02DF34276F2B007CAEEA0B80C


HTTP/1.1 200 OK
Server: Apache
Content-Length: 2297
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: application/json;charset=UTF-8
Expires: Sat, 02 Apr 2016 08:09:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:09:03 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
{"mostPopularGames":[{"id":586350,"name":"7 Wonders II","type":0},{"id
":567950,"name":"Around the World in 80 days","type":0},{"id":452750,"
name":"Atlantis Quest","type":0},{"id":754550,"name":"Avalon Legends S
olitaire","type":0},{"id":529250,"name":"Azteca","type":0},{"id":78035
0,"name":"Build a lot Fairy Tales","type":0},{"id":614950,"name":"Call
 of Atlantis","type":0},{"id":807850,"name":"Call of the Ages","type":
0},{"id":798350,"name":"Clutter","type":0},{"id":622850,"name":"Cookin
g Academy 2","type":0},{"id":554750,"name":"Cradle of Rome","type":0},
{"id":724450,"name":"Cradle of Rome 2: Premium Edition","type":0},{"id
":787850,"name":"Daily Mah Jong","type":0},{"id":746650,"name":"Farm F
renzy - Viking Heroes","type":0},{"id":825250,"name":"Fishdom - Depths
 of Time","type":0},{"id":784450,"name":"Fishdom 3","type":0},{"id":48
5050,"name":"Flip Words 2","type":0},{"id":829150,"name":"Green Ranch"
,"type":0},{"id":664850,"name":"Heroes of Hellas 2 - Olympia","type":0
},{"id":750650,"name":"Heroes of Hellas 3","type":0},{"id":670850,"nam
e":"Jewel Quest 4","type":0},{"id":654450,"name":"Kitchen Brigade","ty
pe":0},{"id":807150,"name":"Legends of Solitaire Curse of the Dragons"
,"type":0},{"id":786450,"name":"Live Novels  Jane Austen - Pride and P
rejudice","type":0},{"id":781650,"name":"Lost In Night","type":0},{"id
":695150,"name":"Luxor","type":0},{"id":663250,"name":"Luxor Mahjong",
"type":0},{"id":728950,"name":"Mad Caps","type":0},{"id":830850,"name"
:"Pirates Solitaire 3","type":0},{"id":635450,"name":"Plant Tycoon
<<< skipped >>>

GET /do/conversionStatus?conversionName=PlayerInstallationCompleted&playTime=0&muid=40DCCFD8EF1AA35A79001E0100004C4BF17BC14BC14BFD62ADDF9531D4E357BE734BF049F1BE75E7CD4F131B92933375C34BF4352A&_=1459584554818 HTTP/1.1


Accept-Encoding: gzip, deflate
Accept-Language: en-us
Referer: file://%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd_Skin.html
Accept: application/json, text/javascript, */*; q=0.01
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=7454BEAF8F0A32301425FD0CFE37A02B; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"


HTTP/1.1 200 OK
Server: Apache
Content-Length: 81
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: application/json
Expires: Sat, 02 Apr 2016 08:09:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
{"conversionName":"PlayerInstallationCompleted","status":"CAMPAIGN_DOE
SNT_EXIST"}HTTP/1.1 200 OK..Server: Apache..Content-Length: 81..P3P: C
P="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type: app
lication/json..Expires: Sat, 02 Apr 2016 08:09:04 GMT..Cache-Control: 
max-age=0, no-cache, no-store..Pragma: no-cache..Date: Sat, 02 Apr 201
6 08:09:04 GMT..Connection: keep-alive..Set-Cookie: bIPs=d601db896e2d6
d4a523fc61211d15956;..{"conversionName":"PlayerInstallationCompleted",
"status":"CAMPAIGN_DOESNT_EXIST"}....


GET /system/modules/com.exent.owned.geo.templates/resources/js/scriptsIncludes.js?version=53 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/160x600_frame_ad
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"


HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 22 Dec 2015 11:33:30 GMT
Content-Length: 217
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: application/x-javascript;charset=UTF-8
Cache-Control: max-age=518400
Expires: Fri, 08 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
$(document).ready(function(){...$("#editButtonsDiv").append('<input
 id="editInputButton" type="button" value="Edit Scripts"/>');......
$("#editInputButton").click(function (){....$("#editScripts").show();.
..});.....});HTTP/1.1 200 OK..Server: Apache..Last-Modified: Tue, 22 D
ec 2015 11:33:30 GMT..Content-Length: 217..P3P: CP="IDC CURa ADMa DEVa
 TAIa OUR BUS IND UNI COM NAV"..Content-Type: application/x-javascript
;charset=UTF-8..Cache-Control: max-age=518400..Expires: Fri, 08 Apr 20
16 08:09:05 GMT..Date: Sat, 02 Apr 2016 08:09:05 GMT..Connection: keep
-alive..$(document).ready(function(){...$("#editButtonsDiv").append('&
lt;input id="editInputButton" type="button" value="Edit Scripts"/>'
);......$("#editInputButton").click(function (){....$("#editScripts").
show();...});.....});..



GET /tags/FreeRideGamescomPlayer/ROW_Player/tags.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/banners/Default/Tribal/160x600_default_tribal.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: tags.expo9.exponential.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 151
X-Reuse-Index: 1
Date: Sat, 02 Apr 2016 08:09:06 GMT
Last-Modified: Sat, 25 Jul 2015 20:22:24 GMT
ETag: 11412123651349429320
Expires: Sat, 02 Apr 2016 09:09:06 GMT
Cache-Control: max-age=3600, private
Content-Type: application/x-javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 12939
Connection: keep-alive
...........}kw....g.W <gWR..r.<lE.r..4.4Mn........%.b-..$.j..~g.
......r..".....`0....Rd...Uz...{..z8;Z.u._...u..%.......g...d".V.l....
..w.o.............{B.VT..........U./.........i....uV...XU.2...vb*O.7..
7.pY.n.k.....?o_|o....f|.a...AZ.^.g.............:............:@...Z..)
W3.d[eW....z....~......x8.gO..uZV..U.{...a..f.9..V.a........2./....cx.
.g.`...O..p:..*?YBM...9/.P\2...S.7..q.|[email protected] .4.Z..2.S....... ...
l.dt...O...;......c.ny.T.Kdm.9...=..\LFc...0<1\f..z._wv.*......5...
.c..$.T....W..44..S..o......T..H..1I..H.Yv.~....../...&...&..aS.T..y.K
..I.x...D}......1[...,.v.X.......).{..J/../9.$....8.^....:.Qu..|......
...X.........V...."...pzQ..ykT.".*].V....B;6n...-ea......k.....|.}...J
1..E........Uz...uQ..W..?.WY.*...8,.W...|...P,...E..~..... f... .|.{./
.~?.N..1..l7..YU.Lm.X.3..f..Uq.J....q.w.^[email protected]
...*....t$>.1.".....n.Y0.....}Eh.<[email protected]...}.$.."..t..
.i..L.E6.V.{"..pU...S'c'k.0..#R.h..0....y....{s....)....^..(......tQS.
..~ ^_..kP.tc...0-.iU.AR..u.....z..........).#.$..W7..z.u].' ..e.$.F.D
,..I...(......HP.uz.3...C.V9.H.Z.QU94....-.2.]B....."..PDb..D...l.....
[email protected]..;.a,G...).I..{.....m6--a`.....~....ez...0a
X.V.P.t...1pu..kP.v.Ibi..T..(......../...8AZ.N....G.p;{}..t...z.K%U"`F
.......L.H.Iv\l...Fv.....WAMk.&*.......eZ..R..1~...A..U...D8.A..7.p..t
8..^M.E......SC..........8.eV...GT.]..&fS.........[y...F..Md.!.A...}:.
...y%...T.|i.. ^.....)..)QQF...&."...`m....|m-c..V..4q.z..va...F..o.*.
....._..rY..9..{50.@...%[b9....vp.*..>...H.O. )m....\.WT....O..
<<< skipped >>>


GET /do/skinAds?adId=MG728x90Frame&userid=Default-881459584499337457 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: bIPs=6da67a80eb8b1aa1cc96ccf1c083a86b; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1; BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C54529D02DF34276F2B007CAEEA0B80C


HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: hXXp://VVV.freeridegames.com/spdo/feeds/promoFrame?serviceId=143&name=Skin My Games 728x90 Frame Ad
Expires: Sat, 02 Apr 2016 08:09:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:09:03 GMT
Connection: keep-alive
....


GET /spdo/feeds/promoFrame?serviceId=143&name=Skin My Games 728x90 Frame Ad HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1; BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C54529D02DF34276F2B007CAEEA0B80C


HTTP/1.1 200 OK
Server: Apache
Content-Length: 817
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html;charset=UTF-8
Expires: Sat, 02 Apr 2016 08:09:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:09:03 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "htt
p://VVV.w3.org/TR/html4/loose.dtd"><html><head><meta
 http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
;<meta http-equiv="Content-Type" content="text/html; charset=utf-8"
 /><meta http-equiv="cache-control" content="max-age=0" /><
;meta http-equiv="cache-control" content="no-cache" /><meta http
-equiv="expires" content="0" /><meta http-equiv="expires" conten
t="Tue, 01 Jan 1980 1:00:00 GMT" /><meta http-equiv="pragma" con
tent="no-cache" /><style>body {margin: 0px;padding: 0px;backg
round: none transparent; height: 100%;} html{height:100%;}</style&g
t;</head><body scroll="no"><iframe src="hXXp://VVV.free
ridegames.com/banners/promoframes/728x90_frame_ad" width="728px" heigh
t="90px" frameborder="0" scrolling="no" ></iframe></body&g
t;</html>HTTP/1.1 200 OK..Server: Apache..Content-Length: 817..P
3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type
: text/html;charset=UTF-8..Expires: Sat, 02 Apr 2016 08:09:03 GMT..Cac
he-Control: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Sat
, 02 Apr 2016 08:09:03 GMT..Connection: keep-alive..Set-Cookie: bIPs=d
601db896e2d6d4a523fc61211d15956;..<!DOCTYPE html PUBLIC "-//W3C//DT
D HTML 4.01 Transitional//EN" "hXXp://VVV.w3.org/TR/html4/loose.dtd"&g
t;<html><head><meta http-equiv="Content-Type" content="
text/html; charset=ISO-8859-1"/><meta http-equiv="Content-Ty
<<< skipped >>>

GET /system/modules/com.exent.owned.geo.templates/resources/js/jquery.globalEvents.js?version=53 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/160x600_frame_ad
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"


HTTP/1.1 200 OK
Server: Apache
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: application/x-javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=518400
Expires: Fri, 08 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Content-Length: 436
Connection: keep-alive
..........uSMo.0.=;R...r...M.=m6..............d...6....].Q9......<.
Q.U..`s..^q.NU.....,..Eg34..0<..5l[.t...f/......~..&..Gm.aA...s.-.D
..B%..gO.wc..\...)..(.....m...cR"..\..c...`.,G..a,.C.*.....To ."..I...
.s..0.....K......n..!.q0\....8;./..].Vd..\..niAw.~.Z....N~..b..I...b.X
m........U.....2...,.S...T..R.C"....w....X./.F.iB....F...(c1J.'l..5.N,
z!.wO......M?.H.C...........%j.X...HD...\....EO......1t.& ......ML2.L#
....y..Th._.>..K......HTTP/1.1 200 OK..Server: Apache..P3P: CP="IDC
 CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Type: applicati
on/x-javascript;charset=UTF-8..Vary: Accept-Encoding..Content-Encoding
: gzip..Cache-Control: max-age=518400..Expires: Fri, 08 Apr 2016 08:09
:05 GMT..Date: Sat, 02 Apr 2016 08:09:05 GMT..Content-Length: 436..Con
nection: keep-alive............uSMo.0.=;R...r...M.=m6..............d..
.6....].Q9......<.Q.U..`s..^q.NU.....,..Eg34..0<..5l[.t...f/....
..~..&..Gm.aA...s.-.D..B%..gO.wc..\...)..(.....m...cR"..\..c...`.,G..a
,.C.*.....To ."..I....s..0.....K......n..!.q0\....8;./..].Vd..\..niAw.
~.Z....N~..b..I...b.Xm........U.....2...,.S...T..R.C"....w....X./.F.iB
....F...(c1J.'l..5.N,z!.wO......M?.H.C...........%j.X...HD...\....EO..
....1t.& ......ML2.L#....y..Th._.>..K........
<<< skipped >>>


GET /FRG_site/SDM_Offer_Assets/GameFirst/All/Location_extractor_654250.exe HTTP/1.1
Range: bytes=17501612-26252417
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Wed, 16 Jul 2014 12:08:24 GMT
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Expires: Sat, 02 Apr 2016 08:08:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:22 GMT
Content-Range: bytes 17501612-26252417/43754032
Content-Length: 8750806
Connection: keep-alive
HTTP/1.1 206 Partial Content..Server: Apache/2.4.4 (Win64)..Last-Modif
ied: Wed, 16 Jul 2014 12:08:24 GMT..Accept-Ranges: bytes..Content-Type
: application/x-msdownload..Expires: Sat, 02 Apr 2016 08:08:22 GMT..Ca
che-Control: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Sa
t, 02 Apr 2016 08:08:22 GMT..Content-Range: bytes 17501612-26252417/43
754032..Content-Length: 8750806..Connection: keep-alive...N....Y3..7c.
s.gZT.PH....Le....6f.{bR...w&....Y..._Q..SR.~..nr..e.L?.J.T.3....U.o..
.28.9.9..\...=lw..fy....... ,...c<.i.W{D\.._..b....v..n=...........
"..1..9`...6...w'.x.fP:X.....10!..*..6wdt.Z&..E.j....y.Tx..?..A.;....j
?&=#a.D..X...`W.w.iH........J(_./:.75/6P.r.? ...Nx..r.^.qz...8].......
.......J,.... ..Y.E#*Zt...jr.Y.hN....h.2mx.............."?Y....%.=uq..
\...c....).>W(..M...5.}B.A...._$......s.'.e.t.Z3.t..C.E.).%tL.mV@4u
.F.]?6..{i.O-l.:.h3 :[email protected]^...CR../z..n......O.15.$..*./......./.
.k.`.p)........Ee<........d4(dT......H!...W{5../C..?s...Ya.dW... @.
......U....a...I..S..{.n...W..:4F[e....k?$<.$...s:......=.....u.s..
L..>.V.{.Y$..._94'..Tb..F.........S6..q...6;<..l..l6Z.--....t...
..........]..".........4..........."..A4..#.'@.%.Ao>.1z..5..0L.(qQ.
....=...]....0.-.....Wv.......1...gJ!...s..@....=~.c..[`......T....h.,
.Fy.....iJ.....*=bP.Y....s....1nc..e..y............ E.....J...........
..F..mj.. f.-..9|.u..8.k...j.AL....X3.s*u....W.r.|of`.9.a f...a.P.}1H.
..*..*.aG..w....kk0'N.>t..v......09.n4.'......4i...G.....:H....hj..
XQ.......h.:.O=a?..<..VFH.4m..'....5cBe..~..8yS....*....D. .<
<<< skipped >>>


GET /i.u?flashVer=9&ver=1.27&th=6964238882&tagKey=281869759&postfailed=1&site=freeridegamescomplayer&adSpace=row_player¢er=1&size=728x90&env=desktopApp&url=http://VVV.freeridegames.com/banners/promoframes/728x90_frame_ad&f=0&p=4492070&a=1&adContainerId=richmedia_2 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/banners/Default/Tribal/728x90_default_tribal.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: a.tribalfusion.com
Connection: Keep-Alive
Cookie: ANON_ID=aVnrejpyXaxUqiVTFV7ZdVlysE33iZaclA335CcsXgMvYEbcODZaMK1ZbTjledrHJB8W0D9SIsmW


HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
Date: Sat, 02 Apr 2016 08:09:07 GMT
X-Function: 302
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
GIF89a.............!.......,[email protected]..;..



GET /analytics.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/728x90_frame_ad
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Strict-Transport-Security: max-age=604800
Date: Sat, 02 Apr 2016 06:54:11 GMT
Expires: Sat, 02 Apr 2016 08:54:11 GMT
Last-Modified: Mon, 28 Mar 2016 20:26:56 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 10938
Cache-Control: public, max-age=7200
Age: 4494
...........}.s...... .\.j&....r.s(gw.-^...Ii$.&.@f./1|...nI......U.Su.
..K....W..H.....oy.dU...{.i?J...O...Y{U..x.........)...A.1WT..H.....(v
.;.t/Y.4...........a......j...=......j.............kcc..^...f.l.z.....
.v>~...?8.|t|r.....s....z.....f8....tr{w....\..|......~8...x;u.....
.c.N......EC.q...?.......P.."..\.|.....\..a.}YX8.......FB9.-.F..9%.K&.
;[email protected]=..0.~..d...zL...X.l..,R......N!.~..\.\.yf.\...|.......
5..t....k..E.R5..X....%. (........J.O...?\B.....X::N.h.....\...8c.....
v..'.J.......}1.&i<..(.....P... ...:8..m3M5.X.[<.r...y.....8lF.{
."......4K..{.zn9....&.n.."V<Uo..F.S..n`\....d........O)..".v#.....
...O... Wo.......x4...D.&|(po....iq.4..Gw.ea...ni..`.(E...}...[...%...
...r.B."....).}..VK...8T...L.T.].=.8^x....s{.....-.g".h.:x....'U.i.'..
&.2x.0.@......@......*. .]8............7.m\..?.1..."..$*N_)8...%.....v
.s.O.q......#.,d.3 F.../..&..S ....t.ci/C]....w<..d.&...&,..=,..X].
8Vq.......i]./...OU...,.......^_>&.)a6.@'..,..t...z....z,j..{......
r:[email protected]!<......"...........a...l..
....m....]....Yd.N..........a<...<.=....C"...... ..L...De..Jq(..
fgT..]...x..C...M..|[email protected];.x..qCEG.....@T.[..3.\..9I..].4
. ..W.fI's]..q....f.... ^."...x.[[email protected]>....Gwl/.#[email protected]...
....@....%x.............W..pp.uz|MF...j..g....R[=.......|...jU..@L....
.YC......PSO.....XG.v4...9....k...............).....r......N..H...%..K
..*.]y.[....R.0.h....f9..-...S..=.`....T.-.j...2.B.........:.....e....
...hl...$..@P...=..j.............l@Z`.i.....G......S#...0,7Ky.k'.p
<<< skipped >>>


GET /do/skin?action=cookie HTTP/1.1
Accept: */*
Referer: file://%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd_Skin.html
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1


HTTP/1.1 200 OK
Server: Apache
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Expires: Sat, 02 Apr 2016 08:09:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:09:01 GMT
Content-Length: 205
Connection: keep-alive
Set-Cookie: JSESSIONID=C54529D02DF34276F2B007CAEEA0B80C; Path=/; HttpOnly
Set-Cookie: 143_userName=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_password=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: 143_CAMPAIGN_SERIAL_ID=Default-silent; Expires=Fri, 01-Jul-2016 08:09:01 GMT; Path=/
Set-Cookie: 143_FIRST_BROWSER="Default-MSIE 8.0"; Version=1; Max-Age=7776000; Expires=Fri, 01-Jul-2016 08:09:01 GMT; Path=/
Set-Cookie: 143_CT=1; Expires=Sat, 09-Apr-2016 08:09:01 GMT; Path=/
Set-Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; path=/
Set-Cookie: bIPs=6da67a80eb8b1aa1cc96ccf1c083a86b;
[email protected]\aU6.XJ.."DDj....F..D^U....?..`.Y.......t .s.
..\_......x.L.[u}.Y34........p.{k..........,.l...fY..-....MA.j.,.PQ...
.'-.....~.&..{......P.C.|.l.wG..Kz..MB.....V.....&.......^.AG....HTTP/
1.1 200 OK..Server: Apache..P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS I
ND UNI COM NAV"..Content-Type: text/html..Vary: Accept-Encoding..Conte
nt-Encoding: gzip..Expires: Sat, 02 Apr 2016 08:09:01 GMT..Cache-Contr
ol: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Sat, 02 Apr
 2016 08:09:01 GMT..Content-Length: 205..Connection: keep-alive..Set-C
ookie: JSESSIONID=C54529D02DF34276F2B007CAEEA0B80C; Path=/; HttpOnly..
Set-Cookie: 143_userName=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Pa
th=/..Set-Cookie: 143_password=""; Expires=Thu, 01-Jan-1970 00:00:10 G
MT; Path=/..Set-Cookie: 143_CAMPAIGN_SERIAL_ID=Default-silent; Expires
=Fri, 01-Jul-2016 08:09:01 GMT; Path=/..Set-Cookie: 143_FIRST_BROWSER=
"Default-MSIE 8.0"; Version=1; Max-Age=7776000; Expires=Fri, 01-Jul-20
16 08:09:01 GMT; Path=/..Set-Cookie: 143_CT=1; Expires=Sat, 09-Apr-201
6 08:09:01 GMT; Path=/..Set-Cookie: BIGipServerFRG_Web-pool-http=29702
26860.20480.0000; path=/..Set-Cookie: bIPs=6da67a80eb8b1aa1cc96ccf1c08
3a86b;[email protected]\aU6.XJ.."DDj....F..D^U....?..`.Y....
...t .s...\_......x.L.[u}.Y34........p.{k..........,.l...fY..-....MA.j
.,.PQ....'-.....~.&..{......P.C.|.l.wG..Kz..MB.....V.....&.......^.AG.
.......
<<< skipped >>>

GET /do/skinAds?adId=MG160x600Frame&userid=Default-881459584499337457 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: bIPs=6da67a80eb8b1aa1cc96ccf1c083a86b; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1; BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C54529D02DF34276F2B007CAEEA0B80C


HTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: hXXp://VVV.freeridegames.com/spdo/feeds/promoFrame?serviceId=143&name=Skin My Games 160x600 Frame Ad
Expires: Sat, 02 Apr 2016 08:09:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:09:03 GMT
Connection: keep-alive
....


GET /spdo/feeds/promoFrame?serviceId=143&name=Skin My Games 160x600 Frame Ad HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: bIPs=d601db896e2d6d4a523fc61211d15956; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1; BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C54529D02DF34276F2B007CAEEA0B80C


HTTP/1.1 200 OK
Server: Apache
Content-Length: 819
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html;charset=UTF-8
Expires: Sat, 02 Apr 2016 08:09:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:09:03 GMT
Connection: keep-alive
Set-Cookie: bIPs=d601db896e2d6d4a523fc61211d15956;
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "htt
p://VVV.w3.org/TR/html4/loose.dtd"><html><head><meta
 http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
;<meta http-equiv="Content-Type" content="text/html; charset=utf-8"
 /><meta http-equiv="cache-control" content="max-age=0" /><
;meta http-equiv="cache-control" content="no-cache" /><meta http
-equiv="expires" content="0" /><meta http-equiv="expires" conten
t="Tue, 01 Jan 1980 1:00:00 GMT" /><meta http-equiv="pragma" con
tent="no-cache" /><style>body {margin: 0px;padding: 0px;backg
round: none transparent; height: 100%;} html{height:100%;}</style&g
t;</head><body scroll="no"><iframe src="hXXp://VVV.free
ridegames.com/banners/promoframes/160x600_frame_ad" width="160px" heig
ht="600px" frameborder="0" scrolling="no" ></iframe></body
></html>HTTP/1.1 200 OK..Server: Apache..Content-Length: 819.
.P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content-Ty
pe: text/html;charset=UTF-8..Expires: Sat, 02 Apr 2016 08:09:03 GMT..C
ache-Control: max-age=0, no-cache, no-store..Pragma: no-cache..Date: S
at, 02 Apr 2016 08:09:03 GMT..Connection: keep-alive..Set-Cookie: bIPs
=d601db896e2d6d4a523fc61211d15956;..<!DOCTYPE html PUBLIC "-//W3C//
DTD HTML 4.01 Transitional//EN" "hXXp://VVV.w3.org/TR/html4/loose.dtd"
><html><head><meta http-equiv="Content-Type" content
="text/html; charset=ISO-8859-1"/><meta http-equiv="Content-
<<< skipped >>>

GET /banners/promoframes/728x90_frame_ad HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.freeridegames.com/spdo/feeds/promoFrame?serviceId=143&name=Skin My Games 728x90 Frame Ad
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"


HTTP/1.1 200 OK
Server: Apache
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 02 Apr 2016 08:09:04 GMT
Content-Length: 6318
Connection: keep-alive
...........=kw..............r^Md.9....u..?....:...L)R%)9....3... %;i..
vW........`.x.......{[.'.......l...........t~~|.........<&O...r..(.
. .h....8....y.....n_?n...s~.ATO:a....g...k..}.e....K.y.O.%M......7.[.
.z...c...t. !^......c.'.z.x...7.#Q....I.X..lJg,m{.L..=........~..\..9&
.....V&....4.....% .<.:.....S4lo.2J.G-.."X....]..A.eI.:....e}'.[.f5
.<.Y...l.f..-i..4c..T.|....V [Yb.q.$,..ts..V..."..9....cbM...n...d.
[email protected].:$M...Io...:.._.,.....# o.....S..!..BS..../...>..q...!}.dI..
.....7....E~0y.j..|.'....%7.Y..%._B.4..4...L.......E...%<....U...p.
Y....d..d...:*...E.I."/\..Rs?A|.s..":...y.. ..6...\w.j..5...<.r....
...S...E.d.u..<.".\...G...|.0......gW....3T.>..E.9.z.w...ro..&Y.
...I...4..~...wF.`6..#k... {...s.8^d.qH._...T...I.l..$.NYb........{.d.
..m..E.q^(r.tZ.^6n%...,>[email protected].{.\Y...
...(.....-.>}"z.............p%.G..T4B..rSV.6..!.lV).....D .....U./.
h..... !....C...s...[.......0...:M......PQ<..\......9...&.D....1dV.
_.`z....S..?.....z<..}.....7.!We..]...0.>..H...%{.T...gW...W....
 ....}.JW.\..Rr..M./......Y..z.DR. ...Sv.FT. .....p.Z.....s0.e....D`..
..........D..}.w..2..x5\.T...2Y...&~7.{5....1V....%H. XP&.fT..uh...N/M
$.....R..T..uh....]..D..:L9......V7..V.<.3..m.....x..Yx...:N.....~.
........'.J{.{B.A....p{.4....ib.Mr[..P..Jm....&..~9..i..{u.....:$..M..
.?H.!..A...]2..L.x.>`.s#s......5l;YjY.........&.p......D....1W..fw*
.kU..iZo..U...7....mo.. x...}.C....h.]5.._.~.-f.........O`E?...G.....p
p....DU4e.i......C."Kn....z..D.a......m9....@."....A...O..A..Nc..N
<<< skipped >>>

POST /action/JSONService HTTP/1.1


x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/728x90_frame_ad
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Content-Length: 89
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"

{"service":"geoService","action":"searchGeo","domainObj":{"site":"","lang":""},"data":""}
HTTP/1.1 200 OK
Server: Apache
Access-Control-Allow-Origin: *
Content-Length: 59
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/plain;charset=UTF-8
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
Set-Cookie: bIPs=706fd546f2e98422fc1f53fd87f02174;
{"error":{"code":"0","msg":[]},"data":{"countryCode":"UA"}}HTTP/1.1 20
0 OK..Server: Apache..Access-Control-Allow-Origin: *..Content-Length: 
59..P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content
-Type: text/plain;charset=UTF-8..Date: Sat, 02 Apr 2016 08:09:05 GMT..
Connection: keep-alive..Set-Cookie: bIPs=706fd546f2e98422fc1f53fd87f02
174;..{"error":{"code":"0","msg":[]},"data":{"countryCode":"UA"}}..



GET /displayAd.js?dver=0.4&th=6964238882 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/banners/Default/Tribal/160x600_default_tribal.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: a.tribalfusion.com
Connection: Keep-Alive


HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 153
X-Reuse-Index: 1
Date: Sat, 02 Apr 2016 08:09:07 GMT
Last-Modified: Sat, 25 Jul 2015 20:22:24 GMT
Expires: Fri, 01 Jul 2016 08:09:07 GMT
Set-Cookie: ANON_ID=aVnrejpyXaxUqiVTFV7ZdVlysE33iZaclA335CcsXgMvYEbcODZaMK1ZbTjledrHJB8W0D9SIsmW; path=/; domain=.tribalfusion.com; expires=Fri, 01-Jul-2016 08:09:07 GMT;
Cache-Control: private
Content-Type: application/x-javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 157
Connection: keep-alive
..........u....0....)~o..{);..7...t.j.v.......C0.@..|..#X.u.=GES....hX
b....a.......,............:c...o.?.........Z.;..X-.77.x..eq.U..Z.z..[.
......T..;.f.........


GET /j.ad?flashVer=9&ver=1.27&th=6964238882&tagKey=281869759&site=freeridegamescomplayer&adSpace=row_player&center=1&size=728x90&env=desktopApp&url=http://VVV.freeridegames.com/banners/promoframes/728x90_frame_ad&f=0&p=4492070&a=1&adContainerId=richmedia_2&rnd=4493329 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/banners/Default/Tribal/728x90_default_tribal.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: a.tribalfusion.com
Connection: Keep-Alive
Cookie: ANON_ID=aVnrejpyXaxUqiVTFV7ZdVlysE33iZaclA335CcsXgMvYEbcODZaMK1ZbTjledrHJB8W0D9SIsmW


HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 2
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=arnsAGNZaiMtmmemFmDwMtf9bbMocSVvwqGWafF9Skc1bB30HU6Sa6GxxtBJfIFZd9nGvPo9vWpV8tvNnsWN9I; path=/; domain=.tribalfusion.com; expires=Fri, 01-Jul-2016 08:09:07 GMT;
Content-Type: application/x-javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 1026
Expires: 0
Connection: keep-alive
............_o.8....Sdy..>.&$!.-.A....u..I4.....J..1...........4/.m
Y:...=N..P.\..".....~..U.s{.T...&.r.,............F...].^.. R.........7
..?._V.....e..JY=....O.~j.qY.I...'c...{..F.Y*D*....~&.T.I.F....&=..9o.
.e.......C........=......6.. .{~.vw..Z....rv.r......%...g..U.......E0.
.^...E...s.....lLy..j%".B...X.......J.g$.....1q..tP..w.2<........:.
...Lq..j..FC..f.l...9..MX.q....na[E.X.9........J..M.A-...i..M}..5. ...
.}.5...:.Yu.....p........J..1.uhX..........V...r......6.....4..O..6or.
.sy~..I....lr...A..)...>..zPn5SU....O3..cO...R$.(.JA.[...\...w...&g
t;.oc^~...{./...T......!.....6!.B....\..QN.Gs.1......(..l5.'"#F0.A..#.
.#......u.F...i-...|...."......$...."[email protected]:.&f...!.1.8.)._..
...V..w&.V%.*y.b.......u......u..E.\.....7-.^U......$.l....;..w....D..
)3t.1#...'"X!O...-}.K..J..nf<...E1.....1.F....=-.~...5......b.G./.0
,.. ...3$p..A.G.....w...]v-r......VC5....... tpN...8-.9|...YwpDa ..O."
.3" .0.%*..z..p.',\?H|...].].......@|.)Xh,...0.....u.......)..}.. ....
.../....1.d........9.}[p?..U...Ix0...1.r.................V.....



GET /FRG_site/data/feeds/Os_Build_Supp/version.xml HTTP/1.1
Range: bytes=0-4932
If-Modified-Since: Tue, 01 Jan 1980 01:00:00 GMT
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Thu, 14 Jan 2016 15:42:43 GMT
Accept-Ranges: bytes
Content-Type: application/xml
Date: Sat, 02 Apr 2016 08:08:59 GMT
Content-Range: bytes 0-4932/4933
Content-Length: 4933
Connection: keep-alive
<XML>...<Product Versions="08.00.01.00">....<Comment>
;Initial release</Comment>....<OS>.....<Comment>wind
ows 2000 SP4</Comment>.....<Versions>5.0</Versions>.
....<SP>4</SP>.....<Bit_32>......<Pointer>-0x1
8</Pointer>......<Handle>-0x14</Handle>......<Typ
e>-0x10</Type>......<Name>0x40</Name>......<Fl
ags>0x78</Flags>.....</Bit_32>....</OS>....<OS
>.....<Comment>windows XP SP 0-1</Comment>.....<Vers
ions>5.1</Versions>.....<SP>0-1</SP>.....<Bit_
32>......<Pointer>-0x18</Pointer>......<Handle>-0
x14</Handle>......<Type>-0x10</Type>......<Name&g
t;0x40</Name>......<Flags>0x7C</Flags>.....</Bit_
32>....</OS>....<OS>.....<Comment>windows XP SP 2
-3</Comment>.....<Versions>5.1</Versions>.....<SP
>2-3</SP>.....<Bit_32>......<Pointer>-0x18</Po
inter>......<Handle>-0x14</Handle>......<Type>-0x
10</Type>......<Name>0x40</Name>......<Flags>0
x88</Flags>.....</Bit_32>....</OS>....<OS>....
.<Comment>windows Server 2003</Comment>.....<Versions&g
t;5.2</Versions>.....<SP>0-2</SP>.....<Bit_32>
......<Pointer>-0x18</Pointer>......<Handle>-0x14<
;/Handle>......<Type>-0x10</Type>......<Name>
<<< skipped >>>


GET /free/frg/products/614950/boxshot.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Wed, 23 Oct 2013 12:02:09 GMT
Content-Type: image/jpeg
Content-Length: 28314
Accept-Ranges: bytes
X-Varnish: 1015362477 1013344808
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......P......Adobe.d....................
......................................................................
......................................................................
......................................................................
............!.1.A"..Qa2.q.B#.$..R3C...b.4.r..S...D....................
.....!1..AQ.aq".....2....BR...br#...3.CS...cs$4.............?....b.T..
}.t...t...[3..dO..h.8a.....T.>..:l9E1 .....".C6....MN...j .Y.HQMPQ.
UWP.Xj......AJ..63. .=(<.fSS.....5.,>.3....3.....).LjTx........S
FcSc.E.Q.....A........8.*<..D.......N.*9.4..be.9.].*.....:..X....#O
.....=.h........v.....h.b......>.....~c...V.G..Z......f....".F..8.X
...G..us.u-...:.a j*p\.J...].g!...=Yj..Q.0Q...=z...C.....H..]...x...]Y
.Fe].].2 0 i..^.Y.[[.$.m.K.n.......d.F.."wK....&..9....^._.....6.....5
...H...%...RGq.....7x.-.....(..nh....m..,....OsC........i..#......TF..
[email protected]<*U.W.......<.Z3&.I..Zj....A..iIb.
.%..........?.B......q..s..Ir.[.8.....z..:[email protected]."
..nW?.J...Ui.4.......W71..g.3..&6?.MX..^..y....52H...,je(.HW.L.0......
i..4...H..:....#.........\0..[...;W...... 2F>..#.7*.....u..........
..v.........i%.:[email protected]~.|zV..]Dap....8.2..3a)6S-.....-.].. 
.....]:.....V.wv..8....@}.o..[7M.....,.4;.T.j%[...........j.>g..a.b
....Z.k.%.nkv-..`.[`..(....&.....W;t;.......j....q......3^...'l...O,D.
.5..%q).J...q...8...r.|.J...g....r.&.U.m<......d....../L.n.Sg....{u
[email protected]../..y/.P4..<.....J.8._!...P.u8.\..o...K.
<<< skipped >>>

GET /free/frg/products/754550/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 22 May 2012 13:05:31 GMT
Content-Type: image/jpeg
Content-Length: 28467
Accept-Ranges: bytes
X-Varnish: 207628318 205772734
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......Z......Adobe.d....................
......................................................................
......................................................................
......................................................................
......o.......!...1A..Q"a.q.2...#..B......R3.$b.C4%...rS&c.D5.T..s6..'
E7F......dU(..)8..GHVe*9:IJWXYZftu..gvwh..............................
ijxyz........................................i......!..1.A.Qa.."q.....
.2...#.B.R..3b.r$....C.s...c%4S..5&DTdEU'......()*6789:FGHIJVWXYZefghi
jtuvwxyz..............................................................
..........?......)...$I..:.M....rDy....4.K...!.#O..N;..Tfr.E..........
.........................w....K.t6.zt...L...._.A...e......_......?....
..N...K9Z....y ..=.|..\.....Os............7.m..O......e.S...1........#
.....:s.F...S....):FS0fM...`...#..Z.......M...$.....C.T.f.b?2....K,I54
...........4rf..:....?....<..1,..$..).......E.p2.......|.9..yUxWu.\
0..4j.[.}.::.R..z.d...h.H.G.......b.P.S.d\..2.d.=.l.gG|S..#.....O...M.
..[t...P.q\.>_..oGMM..T..~O..."........w5.N.Ek.A.........~.J.;...&l
t;..._.7....%.]..)....p.lo...1.F.L..)..y.?s.{....P....<..._...6.9_.
...ar='.$...D..M..c.........~....2t.0..q......0}.Y..n.........g.8.7...
.3.A.M5N.Y..~..T....G*l....8c...k.m6%..p.pVa..r..G'.......|D.x.o.H,O..
..9.....m.5.4M.R.yO.4..x.....%....g.-D1.q.........t>.K.y.5e.c3.....
VW.83.....bXk.=Ed..m..........x.....]8.<.b....GG...3'P.~7.uk...K...
.X..q*j..5;(....aM...._..>...3....B..........M.....4M4N.....6K&
<<< skipped >>>

GET /free/frg/products/750650/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Mon, 03 Jun 2013 08:13:48 GMT
Content-Type: image/jpeg
Content-Length: 27083
Accept-Ranges: bytes
X-Varnish: 1877356322 1877354778
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P.....)hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM
:InstanceID="xmp.iid:EAF71110CC2411E2865FCE6BC211A47B" xmpMM:DocumentI
D="xmp.did:EAF71111CC2411E2865FCE6BC211A47B"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:EAF7110ECC2411E2865FCE6BC211A47B" stRef:doc
umentID="xmp.did:EAF7110FCC2411E2865FCE6BC211A47B"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
......................................................................
............................................!.1.A".Qaq2#...B.Rb..3$..r
c%...CSs..DT........................!1.AQ".aq.2.....BRb....r#......3..
..CS..c$4D.T............?..........d...3....{h..N.zt|..2.@|...e..:...X
_]6H@.....$....$dc%..^..' h.J.,..iJ..0..Y].eTE,...Hp."f8.R..q..(..0.O2
.>..yK5q.$..6.blYEm.g:k..5P;....x. .....B.#.....2|..9./ ....O0.c_.$
....~...7^.....>....dQ.. >..'...y....o-....oh...B..w......q.
<<< skipped >>>

GET /free/frg/products/663250/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Mon, 26 May 2014 11:32:25 GMT
Content-Type: image/jpeg
Content-Length: 17111
Accept-Ranges: bytes
X-Varnish: 1287475800 1287286980
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......B......Adobe.d....................
......................................................................
......................................................................
......................................................................
......s.......!.1AQ..a"q..2.....B#.R..3.b.$r..ÄS...cs.5D'...6.Tdt...
.&.......EF..V.U(........eu........fv........7GWgw........8HXhx.......
.)9IYiy........*:JZjz........................m......!.1A.Q.a".q..2....
...#B.Rbr.3$4C...S%.c...s.5.D..T......&6E.'dtU7....()...........eu....
....FVfv........GWgw........8HXhx........9IYiy........*:JZjz..........
..........?..qy.....j*<@...<.9.r...#!..V.3...o.e.uD..e. Xy......
.y..D........<m....v<%...*....6...v..O:...Gw3M...<........=..
Suo..V...X........P..w.x?7....^....%.v?<.......!..yQ.......]@....'.
..zE.G...4.>k~h.O...!.. O$.Y....I ^R#.8.^[S|......r......8.wlWL....
.U.....5.....~...C. ....N...]..x....4P..N....=.Y...-/$.....-..nn.Im.w.
<.\r5?...0......I.$...,.-.mV.<y........oW.u....S..m...e[.b~...zg
....1.h...yn.E..8Z.^..s~a~`O...ip.........:[email protected].*
.:..~....l....4n.=H_.S...p..k...-.~..du.6?hF...2....e.............Ri..
ey...0.j..Z.........Y.mJL[..-.......le.:...S...dk..:xG....6...j.h._B.&
.m..W.].[Ip.M...Y......;..~.....G...~j4..v%^.....D.^.. . f........b...
yQ......\[.M... ..k...........%@[.W...[:....0.,e...F...?..y_..m5...{2[
YY.k.yen.VN.....'.....6A..?o.....#.Iz..g|.]....}ubO.=. ....N[..L.O9..u
|6R.G[..N...i..f(.S..&8....]C..#......).....*.83....n........\....
<<< skipped >>>

GET /free/frg/products/572150/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Wed, 26 Jun 2013 12:38:03 GMT
Content-Type: image/jpeg
Content-Length: 39169
Accept-Ranges: bytes
X-Varnish: 432033306 432014024
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......d.....mhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:4CB992A52B3DE2119
55FE55656C7D978" xmpMM:DocumentID="xmp.did:7CBC7DE2DE5C11E2AC268ECE56E
A92AE" xmpMM:InstanceID="xmp.iid:7CBC7DE1DE5C11E2AC268ECE56EA92AE" xmp
:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom s
tRef:instanceID="xmp.iid:1A1C9A48DCBC11E2ADF8A4010C492328" stRef:docum
entID="xmp.did:1A1C9A49DCBC11E2ADF8A4010C492328"/> </rdf:Descrip
tion> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
....Adobe.d...........................................................
......................................................................
......................................................................
..............................................!.1..A"..Qa2#.qB$..3R...
..b..c.......................!..1A..Qa".q.2......B#.....Rb3..r..$.4CS.
............?...{W..I.:......R.....z..U.....Fm.v......]y..m#V.S.J...q.
s.W..j.Z. i..........eH..E..G.....{...,Y@URw..&......]..U.A4........C.
...8c.a............._?c..#.R..&G....!%l..7..4EN....t....T...9.....
<<< skipped >>>

GET /free/frg/products/825250/boxshot.jpg HTTP/1.1


Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Wed, 21 Jan 2015 10:08:27 GMT
Content-Type: image/jpeg
Content-Length: 24210
Accept-Ranges: bytes
X-Varnish: 1275159397 1275152674
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:05 GMT
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P.....rhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c02
1 79.154911, 2013/10/29-11:47:16        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:52B440F57AF111E49
15B94700EDA7761" xmpMM:DocumentID="xmp.did:712E48FBA15511E4BAECCC8DBE1
62659" xmpMM:InstanceID="xmp.iid:712E48FAA15511E4BAECCC8DBE162659" xmp
:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom 
stRef:instanceID="xmp.iid:c4698028-9c4d-6b49-aa80-96d15b83febb" stRef:
documentID="xmp.did:52B440F57AF111E4915B94700EDA7761"/> </rdf:De
scription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"
?>....Adobe.d......................................................
......................................................................
......................................................................
...............................................!.1.AQ".a2..q.#..BR3...
..bC...r4%...$5.........................!1A.Q".aq.2....BR.....br.#....
3...CS..s.Td%.............?...IRB.O..[.5..T.Nm..%.l([email protected]. ..%w.
4Mtm...ll..S`4.zlb.vQBEx......>]*..$.p......P.t...G.E...>t.z6.-.
t.m}........tIm..._.h.&.Z.)...7..i4 ...$l......Q.U.$h..@.|}..~>
<<< skipped >>>


GET /feeds/rtdGames?camp=silent&serviceId=143&_=1459584554240 HTTP/1.1
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Referer: file://%Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd_Skin.html
Accept: application/json, text/javascript, */*; q=0.01
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_CT=1; BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C54529D02DF34276F2B007CAEEA0B80C


HTTP/1.1 200 OK
Server: Apache
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: application/json;charset=UTF-8
Content-Length: 16984
Date: Sat, 02 Apr 2016 08:09:03 GMT
Connection: keep-alive
Set-Cookie: bIPs=afa26c0c6ce6a4f5fe0c6ff42346a4e5;
[{"id":825250,"name":"Fishdom - Depths of Time","type":0,"totalDiskSpa
ceRequiredKB":412672,"params":{},"validationInfo":null,"screenShotList
":["hXXp://img.exent.com/Free/FRG/products/825250/screenshot1.jpg","ht
tp://img.exent.com/Free/FRG/products/825250/screenshot2.jpg","hXXp://i
mg.exent.com/free/FRG/products/825250/screenshot3.jpg","hXXp://img.exe
nt.com/free/FRG/products/825250/screenshot4.jpg"],"smallScreenShotList
":["hXXp://img.exent.com/Free/FRG/products/825250/screenshot1_sm.jpg",
"hXXp://img.exent.com/Free/FRG/products/825250/screenshot2_sm.jpg","ht
tp://img.exent.com/free/FRG/products/825250/screenshot3_sm.jpg","http:
//img.exent.com/free/FRG/products/825250/screenshot4_sm.jpg"],"systemR
equirements":{"os":"[[2.5.0.-1.-1]]","osname":"Windows 2000","directX"
:"4.08.00.0800","ramphysicalRec":"512","videoMemMin":"32","videoMemRec
":"64","ramphysicalMin":"512","cpuspeedRec":"1000","cpuspeedMin":"1000
"},"recordId":7649,"rank":182,"hidden":0,"genres":[{"type":1,"strSocia
lDescription":"Play all of your favourite online PUZZLE and MATCH 3 GA
MES\r\nPLAY FREE NOW!","url":"hXXp://VVV.freeridegames.com/games-genre
s/gameList?partner=Default&genre=Puzzle-Match-3","includeInFeed":true,
"nameInFeed":null,"subGenres":[],"name":"Puzzle-Match-3","id":18,"desc
ription":"\"Love a good challenge? Get addicted to our mind-bending pu
zzles and smash-hit Match-3 games. \"\r\n","cssTag":"puzzle_match_3"},
{"type":1,"strSocialDescription":"Check out our most popular games and
 choose the ones that get your adrenaline pumping!","url":"hXXp://
<<< skipped >>>

GET /banners/promoframes/160x600_frame_ad HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.freeridegames.com/spdo/feeds/promoFrame?serviceId=143&name=Skin My Games 160x600 Frame Ad
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Connection: Keep-Alive
Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"


HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 29 Mar 2016 07:38:25 GMT
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 02 Apr 2016 08:09:04 GMT
Content-Length: 6319
Connection: keep-alive
...........=.w.6.?.......*..g.d...<.VZ..q....... ...R.JRr\..... ...
.............`0..._../...v.....~3"..<$o..<=9"N.....Q.s|yL.......
.=r..(.. .h...^;....E.....i.<m...sy.AT{.0.S..3.9.5a.!.2..o.%."....&
..........g}.i..GC|..../......S2 .z.x.....cQ....i.X..lF.,m{.\..9......
/O~.....pL...)q.L2...i.;[email protected]$.{hW.h...e. .Z..e..8G..f..8..8t...,.
.N..<.j.xJ.8...2.Z.[.0.i......&..9.@....."HX.....;..;.E.1r2".{..5.W
$.].....Y..]Q...4..N'.M36..c.....\o......D.o.X...E.MI;P{.L<x.......
....%)H...S.....;....}.uH...L..K....A.......0..p..2.?..o...Y.Z..$.{..b
.'[email protected]\...$.... 5....8..,......~...j..Y.ug..L]3{... G..
YYZ.{.}......N...V.].."..Z\.....u.B>...t=.x...gS..3g_..n..A.]..$...
I4....&.......(....zdm..ee.A.w.....?.i........1i..x..7)K.|..9.2.}.....
.KX.L"..E..NK............K.h.......T.*....W[Q.....Z[......x..  .X.BT..
...y....OD......90.......%.....Fh.Vn...F.4...*..W...h.=.........2aQ.b%
.6.c{(T.a..r}.q`...V.F..W.i....a.*.'S. ..z.......D.h.2=7....k......z.M
.g.vb.A.G....aX...<..l........g~.I...b..j\"......:.\;../.?..T.*...S
J......./A.t3 .B..Hj.D.7t......Du..|C.Xk._A`r...........Q...W.9._=.h@.
..n5AF....K...uY&.b|....b.F.&<8.*......i......*.....R......v..U...*
.....R......>..).Z.\~....q....qF..mZ9.y...2.O".^...w....R.oy.!.8...
.^...y.-7..........&..$w.......v...i.z......i._.>..H.Cr...........&
gt;....'...,....f87...x...}.......A..[...x...<_!z.J...0.r..jv...V.}
...vA\u_.y... ..n....-}0.<.H.!.f.uC......r.Ll....0...V....t<<
......?C.ITES..f..:.:?T ...`.....N..........s*...tkr..h.D.......x.
<<< skipped >>>

POST /action/JSONService HTTP/1.1


x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://VVV.freeridegames.com/banners/promoframes/160x600_frame_ad
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.freeridegames.com
Content-Length: 89
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: BIGipServerFRG_Web-pool-http=2970226860.20480.0000; JSESSIONID=C067E4BFFB66F66F72B2624F2DA17AE3; 143_CT=1; 143_CAMPAIGN_SERIAL_ID=Default-silent; 143_TURNKEY=Default-881459584499337457; 143_FIRST_BROWSER="Default-MSIE 8.0"

{"service":"geoService","action":"searchGeo","domainObj":{"site":"","lang":""},"data":""}
HTTP/1.1 200 OK
Server: Apache
Access-Control-Allow-Origin: *
Content-Length: 59
P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"
Content-Type: text/plain;charset=UTF-8
Date: Sat, 02 Apr 2016 08:09:05 GMT
Connection: keep-alive
Set-Cookie: bIPs=afa26c0c6ce6a4f5fe0c6ff42346a4e5;
{"error":{"code":"0","msg":[]},"data":{"countryCode":"UA"}}HTTP/1.1 20
0 OK..Server: Apache..Access-Control-Allow-Origin: *..Content-Length: 
59..P3P: CP="IDC CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV"..Content
-Type: text/plain;charset=UTF-8..Date: Sat, 02 Apr 2016 08:09:05 GMT..
Connection: keep-alive..Set-Cookie: bIPs=afa26c0c6ce6a4f5fe0c6ff42346a
4e5;..{"error":{"code":"0","msg":[]},"data":{"countryCode":"UA"}}..



GET /free/frg/products/807150/boxshot.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Mon, 03 Feb 2014 12:25:25 GMT
Content-Type: image/jpeg
Content-Length: 23237
Accept-Ranges: bytes
X-Varnish: 1273734246 1273688103
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......P......Adobe.d....................
......................................................................
......................................................................
......................................................................
...........!...1A".Qa2.qB#..R....3$....bS.r%.Cc.4&.'..................
.....!1...AQa"..q......2BR..b#..r.....3C$..c%............?.... .n...U.
|...86....Bs...:..b.Q..5.....GD....s.fN...UJ...p. .B...p.....B...=....
..P$....eZ .Uw....CM.}.|..LM..*&....:A[....>.97!......m.:.....U....
[email protected](.}Y.Z....z{g.v..^,..Nc0r...e.J...T.......J.....~......y...P
3.%.Z-.^.#.....q*.%V...gH..\..b0.j.`-...QS.....$...,....?...~..<yUS
.md..j..PP....y.43..1U./..bv.D..%...u.Cu.p...>./.k..-.....VE...y...
.....'....5...U./.Wog.L.....l.f$$.'Lc...i77....x.=I....._?(.Mi........
..<...!..5......]t..R...I..m....RU.J....KoT..YQ.R!......>:..r3A.
...u.X..*........4........{....6_..O..c....Z Ap..... .n...:M...l{*..H.
..V.h*...o.1.J,r2..l..*..$U_....yH...3";d....U>...........UID..a.#r
.UD.O%.........T........pw..-...Y.. Z.a..S.....I#f6.fU..7[.....G @.x..
...x..hJ:_.......o...j.....{..cy..z3...k... ...HTTP/1.1 200 OK..Last-M
odified: Mon, 03 Feb 2014 12:25:25 GMT..Content-Type: image/jpeg..Cont
ent-Length: 23237..Accept-Ranges: bytes..X-Varnish: 1273734246 1273688
103..Cache-Control: private, max-age=259200..Expires: Tue, 05 Apr 2016
 08:09:04 GMT..Date: Sat, 02 Apr 2016 08:09:04 GMT..Connection: keep-a
live........JFIF.....d.d......Ducky.......P......Adobe.d..........
<<< skipped >>>


GET /FRG_site/SDM_Offer_Assets/GameFirst/All/Location_extractor_654250.exe HTTP/1.1
Range: bytes=26252418-35003223
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Wed, 16 Jul 2014 12:08:24 GMT
Accept-Ranges: bytes
Content-Length: 8750806
Content-Range: bytes 26252418-35003223/43754032
Content-Type: application/x-msdownload
Expires: Sat, 02 Apr 2016 08:08:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:22 GMT
Connection: keep-alive
.. ..s?X>..L..r. -f...v......O...U...."..l..{..a%.o......c.......Gg
...4.vu:.t.M0........g...@<./.#V...!H...t..z44#..4.N.].(E..{z 7...(
BX./...E.c4'*..O-$sZ.....K.y....2.pt..|.P..2 Y...W.....=Cok.....y.J.qi
3...r......s.X.....4..v..t&.{.g...e.X.KwuR.....9.&...*..{...Gs.N.Q....
J...z.E...J..R.n..(..s.hz\..8..0.VAg.dv3..\B.tP........../.K.|C.gB.4..
Q.~.9...|9.U$w...H.P..../.8.Cd.PO.....(.....F.T.GLE...g{...K?...8X..o.
RV.(..B..Xc..I...64......y......r...YQ.W.E.u.X..s 8..*x&N].....Kz.V.&g
t;.!.D.c.'.p.Vp..8'...tQn..Q..,.ax.....J....GN.....$.1..R[...[.w6.p...
B&....../@N.........g.M.S......x.\b..V....d.-..p>....v.:J..dU;.L..9
....Y6.o...W....J......).._;.u.s....-.....Z...a..5GMXy...........-....
&.....g!;>js...QJ.Q<...(I.N..<.>.-.j....$...O..]^..[..L.A.
.*..sk.]k....I..).?.k....../..Pj..o&~.H.Il..f.F........au.!..S..G..'3.
e......[....X....2[_.h.%G.?..V'....C..1.F..?1...^.-.]9 .1M...9C..lq.{.
V-Q...l.....,TyEo.>.nD...T......."....8B.v.f.3..l.q{.W[..1}r6...w..
.u.V....M.`...40..l.5.......7[...."...!R=..Q.|.8BhW:-l......x3...%E...
....q....Z.?v.G...?.....%...{.......V. N....f.G.h(.q..xH.....89..2d.i.
....~u.......=%1..ZN..4....Z. Bi..m..D..t..oq4..Z.4.$<C......M..q.F
)N........4......u........b|h....t..0Tk.]?.......|l.@Jc<~..........
V..{......... .... .Al.1.<.....?../...c.:.."cW..........]R1&.yT...c
.N... .}.S.\?ur.B..<Z.G2...O..U...*.q...B.6....O*....o3...C*....j..
........m.K...v.Vi.m....L.>....2.j}..{Q&S.<....._....ay.J.k.<
...B....`....]w...g.bXM..V.|.....S[.dG.."...y...=..G....g>..|p.
<<< skipped >>>


GET /FRG_site/downloads/EXEtender_Default.exe HTTP/1.1
Range: bytes=9905772-12382215
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 206 Partial Content
Server: Apache/2.4.4 (Win64)
Last-Modified: Thu, 24 Mar 2016 13:53:10 GMT
Accept-Ranges: bytes
Content-Type: application/x-msdownload
Expires: Sat, 02 Apr 2016 08:08:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:21 GMT
Content-Range: bytes 9905772-12382215/12382216
Content-Length: 2476444
Connection: keep-alive
HTTP/1.1 206 Partial Content..Server: Apache/2.4.4 (Win64)..Last-Modif
ied: Thu, 24 Mar 2016 13:53:10 GMT..Accept-Ranges: bytes..Content-Type
: application/x-msdownload..Expires: Sat, 02 Apr 2016 08:08:21 GMT..Ca
che-Control: max-age=0, no-cache, no-store..Pragma: no-cache..Date: Sa
t, 02 Apr 2016 08:08:21 GMT..Content-Range: bytes 9905772-12382215/123
82216..Content-Length: 2476444..Connection: keep-alive..d*.b.".......,
!.........Z..5%...7..... .\A.o..5w.=.=C.RL.....\.!...b..^.l.K.........
[email protected]........=....xf[..Sq~8.[...B<E)..[...7
...u.x....Dx."F............X*..t.oQ.W......(*.....~..v.v...~j/..h..p..
........=...c.,....1.pA$.D. ..3...U...o........f~.......l..."..$..V...
......>;,.s?^.......*........0We..{3.....Os...D...'...c........`.0.
.!.......I-M.Ay..|....X.)..Il...s.a.....1\QC%1..=>[email protected]
...F......E.f".... a../..,...[\......<H& ..h......... vs.:.o$.`...n
.z..........Q'.......R.(.*.x..!...'..........A...!Y.!R2S..\..b=.{vAPL.
E..... .n../.;^..........z....I...E.a.6V....R..$j.HgO...v}...;.%..`H.X
...E..k........}....u$/D. h..R...."0..7.j0.;e..|.r>.8..Hg.~|\t.L\..
k.K [email protected].#e...b.6|./n.F....[..c...Y...^..D..F.!
K.[..3..nW.'...1.6..O......]hG..-..]}......M.....B..*.<^..8.....s..
[...>.=(....<.........4..m....?..J.'..3......#..l].w...N.HU...S.
.......n..... dNXU&9.g/np..|:.. DH=.r,..bn.....Q|....w..D.#..]......MI
V..)*NJ...q../M.H.~>.<D.%....z,v..k.g..]{A.~.DT./..7..^M..'..t.1
.B.&.z..NXD]........T.-.&*(.'6.1...5..$._9..!q.f|.XNc gaVh..<..
<<< skipped >>>


GET /free/frg/products/764650/boxshot.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.exent.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 01 May 2012 20:56:30 GMT
Content-Type: image/jpeg
Content-Length: 24995
Accept-Ranges: bytes
X-Varnish: 2134528483 2133047596
Cache-Control: private, max-age=259200
Expires: Tue, 05 Apr 2016 08:09:04 GMT
Date: Sat, 02 Apr 2016 08:09:04 GMT
Connection: keep-alive
......JFIF.....d.d......Ducky.......P......Adobe.d....................
......................................................................
......................................................................
......................................................................
.............!.1A".Qa..q.2#BR.......br..3$.....Cs%5...................
...!..1A..Qaq.."2.....B....Rb#.r....3....s..CS$............?..Z.Z..X.`
..KAI....\..]....4.........b..z. .!....)IyE.B.P...S.Jp[..P..g;.'p.....
@....)..B......:..,teS...GF5?....G.!A=?Mt.P..<?...Lish..B...N...8..
lJ[.;c...~>zi%'........P.8teP?.]...> .2t.....@$.. ..BG.!...C....
B.PG.WL.Fg..4..!`.=......,....r..)Q.W.FAN....kM..Q.b.V.{[email protected]
*......y .......4H(......b..l......]...2...us....m.w...[..SJ...5..7=..
..5.e>RyDT..U\....k.8..p..8..s.Yf.t. ...x.}..;[email protected]
...V.`..|.T....S4....).\.......3.bB..A.....]xo7..z~$....;6Swd2kGZ.r..O
 .v.....zj.l..|..y.6.....-...>...N..!...;...g...X.5.G.........t....
..).....=!*}..,8...P......Cg...K =....t.....9$>..Gi} .0.....F..k...
.....(..,g.L.>......d..m.y.'c....p([email protected]%.k.q..
....yr...8...o:...y..8.. ..<Bu..9p...-.4.}..]..-.}HTTP/1.1 200 OK..
Last-Modified: Tue, 01 May 2012 20:56:30 GMT..Content-Type: image/jpeg
..Content-Length: 24995..Accept-Ranges: bytes..X-Varnish: 2134528483 2
133047596..Cache-Control: private, max-age=259200..Expires: Tue, 05 Ap
r 2016 08:09:04 GMT..Date: Sat, 02 Apr 2016 08:09:04 GMT..Connection: 
keep-alive........JFIF.....d.d......Ducky.......P......Adobe.d....
<<< skipped >>>


GET /pki/crl/products/MicrosoftRootAuthority.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.microsoft.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Sat, 20 Feb 2016 06:01:51 GMT
Accept-Ranges: bytes
ETag: "dd7d1731a46bd11:0"
Server: Microsoft-IIS/8.5
VTag: 43847427400000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 603
Cache-Control: max-age=900
Date: Sat, 02 Apr 2016 08:08:58 GMT
Connection: keep-alive
0..W0..?...0...*.H........0p1 0)..U..."Copyright (c) 1997 Microsoft Co
rp.1.0...U....Microsoft Corporation1!0...U....Microsoft Root Authority
..160219183831Z..160520065831Z0:0...:..../...V..091210010336Z0........
$... ..020225080156Z._0]0...U.#..0...J\u".F....9.N...`...0... .....7..
.....0...U......,0... .....7......160519184831Z0...*.H..............W.
...e [email protected].{z...........`..3....s.@$...rG.E.^.IU.i......A.&.",.
Mm ...2......`..b...~.(.........,%..iS4.t{`............a..:.}..*[email protected].
..~.O.O;8....K..... .=.lG..p.>T...!H<.#......SPQf.q...7..N.o;9..
..cK.Q....Au....;l.........yK.[.....!*T..].....mQ....


GET /pki/crl/products/MicWinHarComPCA_2010-11-01.crl HTTP/1.1


Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.microsoft.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Sat, 24 May 2014 05:04:55 GMT
Accept-Ranges: bytes
ETag: "4af46b4d77cf1:0"
Server: Microsoft-IIS/8.5
VTag: 791415805600000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 588
Cache-Control: max-age=900
Date: Sat, 02 Apr 2016 08:08:58 GMT
Connection: keep-alive
0..H0..0...0...*.H........0..1.0...U....US1.0...U....Washington1.0...U
....Redmond1.0...U....Microsoft Corporation1 0)..U..."Copyright (c) 20
02 Microsoft Corp.1503..U...,Microsoft Windows Hardware Compatibility 
PCA..140523172754Z..440522173902Z.C0A0...U.#..0...[...M..L.UL..>..A
.B}0... .....7.........0...U......L0...*.H.............!0..0......R \0
....C....Y.D....a..|9...6..4.....Wg...Z....{\...... S[...i.....6.....(
....hTccx..3...;!....L....FT*._n..Ai...Z..z.;.......2B...<..m...0S.
...t.!aju.b}...%..m.J..:=...R..R9.......B./.._.E......... .......(L...
..dgC. ...t.........8..9......g..qHTTP/1.1 200 OK..Content-Type: appli
cation/pkix-crl..Last-Modified: Sat, 24 May 2014 05:04:55 GMT..Accept-
Ranges: bytes..ETag: "4af46b4d77cf1:0"..Server: Microsoft-IIS/8.5..VTa
g: 791415805600000000..P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo
 IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"..
X-Powered-By: ASP.NET..Content-Length: 588..Cache-Control: max-age=900
..Date: Sat, 02 Apr 2016 08:08:58 GMT..Connection: keep-alive..0..H0..
0...0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Red
mond1.0...U....Microsoft Corporation1 0)..U..."Copyright (c) 2002 Micr
osoft Corp.1503..U...,Microsoft Windows Hardware Compatibility PCA..14
0523172754Z..440522173902Z.C0A0...U.#..0...[...M..L.UL..>..A.B}0...
 .....7.........0...U......L0...*.H.............!0..0......R \0....C..
..Y.D....a..|9...6..4.....Wg...Z....{\...... S[...i.....6.....(....hTc
cx..3...;!....L....FT*._n..Ai...Z..z.;.......2B...<..m...0S....
<<< skipped >>>


HEAD /FRG_site/downloads/EXEtender_Default.exe HTTP/1.1
User-Agent: AHTTPConnection
Host: dts1.freeridegames.com
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: Apache/2.4.4 (Win64)
Last-Modified: Thu, 24 Mar 2016 13:53:10 GMT
Accept-Ranges: bytes
Content-Length: 12382216
Content-Type: application/x-msdownload
Expires: Sat, 02 Apr 2016 08:08:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 02 Apr 2016 08:08:21 GMT
Connection: keep-alive







The Trojan-PSW connects to the servers at the folowing location(s):







GPlayer.exe_644:




.text
`.rdata
@.data
.rsrc
u.WhX
bt<Ht.Ht Ht
u8SSh
SSSSh$
SSSSSSh
vhSSSSSSh
u.Wh9!
PSSh8
j%SPQ
PSSSSSSh
E@SSSSSh|/
t8Ht.Ht
HHt.Ht
.tTPV
?%u#f
FTPjK
FtPj;
F.PjRWj
u.WWj
u.VVj
3|$@3|$\
3|$83|$@
3|$03|$$
3|$43|$(
3|$83|$$
3|$`3|$83|$$
3|$,3|$\
3|$@3|$,
3|$(3|$,
.VSWRQ
SSSSh
<.up3
<8%u=
.FGy/
Fd t.SPW
N.VAPQW
G.f;E.uJ3
N.AQPWjhS
N.AQS
N.AQUS
V.BRUS
f9~.vX
P$8^%uX
D8^Ht)SSh
u$SShe
?%uMf
ContentPushShowMsgDurationInSec
ContentStatusShowMsgDurationInSec
ParentalControlSupportUrl
RssFeedUrl
RssFeedUrlExtension
RssDefaultShowMsgDurationInSec
ProxyPort
AutoErrorReport
ParentalControlESRBRatingUrl
ParentalControlGODRatingUrl
AutoClientUpgradeCheckURL
ScheduleCmdlnStartUpDelayMSec
TKBaseUrl
DisableOnlineLicenseWebPages
RamMaxWindowSize
AccessWebPageConnectionTimeout
VersionXmlURL
OfflineFeedbackUrl
ScheduleCmdlnStartUpMgrConnectTries
ClientErrorLogUrl
BannerUrl
ClientMoreInfoUrl
ClientUpgradeUrl
client_web_ui_url
client_install_url
client_game_assets_url
client_osl_usage_report_url
game_frames_url
EndURL
Feedback_URL
Client_Report_URL
provider_service_url
client_schedule_url
shortcuts_base_url
client_get_rgmx_url
CmdlineSNumber
GameInfoURL
PlayerPostUpgradeCmdline
ContentPushAIGsListUrl
Content_CMD_Line
CmdOptions
CmdLine
CmdStartDir
CMDLINETYPE
CMDList
muid_integrity_key
ApsPort
CmdlineProviderDescription
CmdlineDescription
CmdlineProviderTitle
CmdlineTitle
PreloadMaxBandwidthBeforeCmdlnKBps
Prediction_Tx_URL
CD_Key_Info
CmdParams
global_user_cmdline_parameters_filter
Prediction_Rx_URL
InternetCheckUrls
user_settings_proxy_port
ClientCDMHttpOnConnectRetries
ClientCDMHttpConnectionTimeoutMS
ClientCDMHttpRequestsTimeoutMS
ClientCSMHttpOnConnectRetries
ClientCSMHttpConnectionTimeoutMS
ClientCSMHttpRequestsTimeoutMS
[%d.%d.%d.%d.%d]
Windows Installer
SOFTWARE\CLASSES\CLSID\{C46C1BC1-3C52-11D0-9200-848C1D000000}\InprocServer32
SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc
SOFTWARE\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers
SOFTWARE\Classes\MDACVer.Version\CurVer
QuickTimeCheckObject.QuickTimeCheck\CLSID
dplayx.dll
dxmedia.exe
QuickTime.cpl
Qtwmci32.dll
QuickTime.qts
Dirapi.dll
Iml32.dll
MSI.DLL
COMCTL32.DLL
CCmdTarget
CNotSupportedException
KERNEL32.DLL
__MSVCRT_HEAP_SELECT
portuguese-brazilian
RSA part of OpenSSL 0.9.8a 11 Oct 2005
passed a null parameter
DSO support routines
x509 certificate routines
error:lX:%s:%s:%s
USER32.DLL
NETAPI32.DLL
ADVAPI32.DLL
ssl_sess_cert
ssl_cert
evp_pkey
x509_pkey
%s(%d): OpenSSL internal error, assertion failed: %s
certicom-arc
Proxy Certificate Information
proxyCertInfo
Microsoft Smartcardlogin
msSmartcardLogin
joint-iso-itu-t
JOINT-ISO-ITU-T
set-rootKeyThumb
setAttr-Cert
setCext-cCertRequired
setCext-certType
setct-CertResTBE
setct-CertReqTBEX
setct-CertReqTBE
setct-AcqCardCodeMsgTBE
setct-CertInqReqTBS
setct-CertResData
setct-CertReqTBS
setct-CertReqData
setct-PCertResTBS
setct-PCertReqData
setct-AcqCardCodeMsg
certificate extensions
set-certExt
set-msgExt
id-ecPublicKey
id-cmc-confirmCertAcceptance
id-cmc-getCert
id-regInfo-certReq
id-regCtrl-protocolEncrKey
id-regCtrl-oldCertID
id-it-revPassphrase
id-it-keyPairParamRep
id-it-keyPairParamReq
id-it-unsupportedOIDs
id-it-caKeyUpdateInfo
id-it-encKeyPairTypes
id-it-signKeyPairTypes
id-it-caProtEncCert
id-mod-attribute-cert
id-mod-qualified-cert-93
id-mod-qualified-cert-88
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certValues
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-otherSigCert
id-smime-aa-smimeEncryptCerts
id-smime-aa-signingCertificate
id-smime-aa-encrypKeyPref
id-smime-aa-msgSigDigest
id-smime-ct-publishCert
id-smime-mod-msg-v3
sdsiCertificate
x509Certificate
localKeyID
certBag
pkcs8ShroudedKeyBag
keyBag
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
TLS Web Client Authentication
TLS Web Server Authentication
X509v3 Extended Key Usage
extendedKeyUsage
X509v3 Authority Key Identifier
authorityKeyIdentifier
X509v3 Certificate Policies
certificatePolicies
X509v3 Private Key Usage Period
privateKeyUsagePeriod
X509v3 Key Usage
keyUsage
X509v3 Subject Key Identifier
subjectKeyIdentifier
Netscape Certificate Sequence
nsCertSequence
Netscape CA Policy Url
nsCaPolicyUrl
Netscape Renewal Url
nsRenewalUrl
Netscape CA Revocation Url
nsCaRevocationUrl
Netscape Revocation Url
nsRevocationUrl
Netscape Base Url
nsBaseUrl
Netscape Cert Type
nsCertType
Netscape Certificate Extension
nsCertExt
extendedCertificateAttributes
challengePassword
dhKeyAgreement
%d.%lu
.\crypto\evp\evp_key.c
nkey <= EVP_MAX_KEY_LENGTH
EVP part of OpenSSL 0.9.8a 11 Oct 2005
CERTIFICATE
cert_info
CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
RSA PRIVATE KEY
PUBLIC KEY
DSA PRIVATE KEY
EC PRIVATE KEY
Big Number part of OpenSSL 0.9.8a 11 Oct 2005
lhash part of OpenSSL 0.9.8a 11 Oct 2005
RAND part of OpenSSL 0.9.8a 11 Oct 2005
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
Stack part of OpenSSL 0.9.8a 11 Oct 2005
ASN.1 part of OpenSSL 0.9.8a 11 Oct 2005
RC4 part of OpenSSL 0.9.8a 11 Oct 2005
MD5 part of OpenSSL 0.9.8a 11 Oct 2005
PEM part of OpenSSL 0.9.8a 11 Oct 2005
phrase is too short, needs to be at least %d chars
Enter PEM pass phrase:
TRUSTED CERTIFICATE
X509 CERTIFICATE
PRIVATE KEY
ANY PRIVATE KEY
ENCRYPTED PRIVATE KEY
X509_PUBKEY
public_key
.\crypto\asn1\x_pubkey.c
AUTHORITY_KEYID
keyid
X509_CERT_PAIR
X509_CERT_AUX
EC part of OpenSSL 0.9.8a 11 Oct 2005
.\crypto\ec\ec_key.c
ECDSA part of OpenSSL 0.9.8a 11 Oct 2005
DSA part of OpenSSL 0.9.8a 11 Oct 2005
Diffie-Hellman part of OpenSSL 0.9.8a 11 Oct 2005
value.single
value.set
pubkey
enc_key
key_enc_algor
cert
d.encrypted
d.digest
d.signed_and_enveloped
d.enveloped
d.sign
d.data
d.other
priv_key
pub_key
EC_PRIVATEKEY
publicKey
privateKey
value.implicitlyCA
value.parameters
value.named_curve
p.char_two
p.prime
p.ppBasis
p.tpBasis
p.onBasis
p.other
PKCS8_PRIV_KEY_INFO
pkey
pkeyalg
.\crypto\evp\evp_pkey.c
NETSCAPE_CERT_SEQUENCE
certs
.\crypto\pem\pem_pkey.c
SHA1 part of OpenSSL 0.9.8a 11 Oct 2005
SHA-256 part of OpenSSL 0.9.8a 11 Oct 2005
DlSHA-512 part of OpenSSL 0.9.8a 11 Oct 2005
Verifying - %s
%lu:%s:%s:%d:%s
d.usernotice
d.cpsuri
CERTIFICATEPOLICIES
%*sCPS: %s
%*sExplicit Text: %s
%*sNumber%s:
%*sOrganization: %s
d.registeredID
d.iPAddress
d.uniformResourceIdentifier
d.ediPartyName
d.directoryName
d.dNSName
d.rfc822Name
d.otherName
.\crypto\dh\dh_key.c
RIPE-MD160 part of OpenSSL 0.9.8a 11 Oct 2005
SHA part of OpenSSL 0.9.8a 11 Oct 2005
MD4 part of OpenSSL 0.9.8a 11 Oct 2005
MD2 part of OpenSSL 0.9.8a 11 Oct 2005
PROXY_CERT_INFO_EXTENSION
%d.%d.%d.%d
CONF part of OpenSSL 0.9.8a 11 Oct 2005
%d.%d.%d.%d/%d.%d.%d.%d
%*s%s:
%*sPolicy Text: %s
%*scrlUrl:
EXTENDED_KEY_USAGE
%*sZone: %s, User:
certificateHold
Certificate Hold
cessationOfOperation
Cessation Of Operation
keyCompromise
Key Compromise
name.relativename
name.fullname
<UNSUPPORTED>
.\crypto\x509v3\v3_akey.c
<unsupported>
IP Address:%d.%d.%d.%d
URI:%s
DNS:%s
email:%s
EdiPartyName:<unsupported>
X400Name:<unsupported>
othername:<unsupported>
PKEY_USAGE_PERIOD
keyCertSign
Certificate Sign
keyAgreement
Key Agreement
keyEncipherment
Key Encipherment
.\crypto\x509v3\v3_skey.c
'() ,-./:=?
CONF_def part of OpenSSL 0.9.8a 11 Oct 2005
[[%s]]
[%s] %s=%s
crlUrl
certStatus
certId
OCSP_CERTSTATUS
value.unknown
value.revoked
value.good
value.byKey
value.byName
reqCert
OCSP_CERTID
issuerKeyHash
%s - d:d:d %d%s
\X
- %-15s
%s.dll
3.8.1
SQLite format 3
CREATE TABLE sqlite_master(
sql text
CREATE TEMP TABLE sqlite_temp_master(
REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLYHerF
Broken pipe
Inappropriate I/O control operation
Operation not permitted
WINMM.dll
USER32.dll
GDI32.dll
KERNEL32.dll
RegOpenKeyExW
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
ADVAPI32.dll
ShellExecuteW
ShellExecuteA
ShellExecuteExA
SHELL32.dll
COMCTL32.dll
ole32.dll
OLEPRO32.DLL
OLEAUT32.dll
InternetCrackUrlW
InternetCrackUrlA
WININET.dll
WTSAPI32.dll
SHLWAPI.dll
ImageGetCertificateData
ImageGetCertificateHeader
ImageEnumerateCertificates
imagehlp.dll
WSOCK32.dll
VERSION.dll
MPR.dll
oledlg.dll
SensApi.dll
GetKeyState
MsgWaitForMultipleObjects
GetKeyNameTextW
MapVirtualKeyW
GetKeyboardLayout
GetAsyncKeyState
CreateDialogIndirectParamW
UnhookWindowsHookEx
SetWindowsHookExW
GetProcessWindowStation
SetWindowsHookExA
SetViewportOrgEx
GetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
GetWindowsDirectoryA
GetProcessHeap
GetWindowsDirectoryW
GetCPInfo
RegEnumKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegEnumKeyA
ReportEventA
RegOpenKeyA
WINSPOOL.DRV
comdlg32.dll
CRYPT32.dll
ShellExecuteExW
HttpQueryInfoA
HttpEndRequestA
HttpSendRequestExA
HttpAddRequestHeadersA
HttpOpenRequestA
CommitUrlCacheEntryA
CreateUrlCacheEntryA
DeleteUrlCacheEntry
FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
GPlayer.exe
%d, %d
IDS_CONTENT_PUSH_COMPLETE_INFO_MSG_FORMAT
IDS_CONTENT_PUSH_COMPLETE_TITLE_MSG_FORMAT
p_%u_general
IDS_CONTENT_INFO_MSG_FORMAT
IDS_CONTENT_TITLE_MSG_FORMAT
GetItem( %d )
%C,,%d,
Exentender_ContentIdGetRgmxForPlay_0d
AHTTPConnection
%d %d %s %S
%d %d %d %d %S
%S %d
GetExeDirPath
cid=%d, pid=%d
dest=%S
src=%S
%d, %S, %s, %S, %d, %d, %S, %S, %S
%S, %d
%S, %S, %d
%s %S
%d %d
%d,%d,%c,%d
IDS_SETTINGS_PARENTAL_CONTROL_ACTIVE_SUPPORT
IDS_SETTINGS_PARENTAL_CONTROL_ACTIVE_PASSWORD_RETRIEVED_INTRO
IDS_SETTINGS_PARENTAL_CONTROL_ACTIVE_FORGOT_PASSWORD
Wrong Password
Fill in password
&#%u;
_SetParam(),ContentId = %d, strSec = %s, strKey = %s
%d %d %s %s
Warning !!!! - Content doesn't exist %d
_GetParam(),ContentId = %d, strSec = %s, strKey = %s
%s_%d
CalculateProgress: m_dwLastTime = <%d>, m_LastTimeBytesRead = <%f> m_LastBytesPerSec = <%f>
trackEvent=playermessagedisplayed&rsschannelid=newuser&messageid=%s&time=%s
%d,%d,%d,%d
ASchedulingMgr::ActivateNextTask m_dwNextActivatedPriority = %d
ASchedulingMgr::Stop m_SchedulingStatus = %d
ASchedulingMgr::Execute m_SchedulingStatus = %d, ContentId = %d
Prevent double execute
%d %d %d %d
ASchedulingMgr::ClearTaskFailCount cid=%d, pid=%d
ASchedulingMgr::IncrementTaskFailCount cid=%d,pid=%d NewFailureCount = %d
ASchedulingMgr::NotifyScheduledTaskFailure m_CurrentExecutedContnetId = %d
cid=%d,pid=%d %s %s %s
cid=%d, pid=%d %s %s %s
IDS_EXETENDER_COPY_RIGHT
IDS_OPERATING_SYSTEM
IDS_LAST_EXECUTION
IDS_LICENSE_EXECUTIONS
%d,%d
%d,%d).
IDS_PORT
,%d,,
,%d,%d,
IDS_SETTINGS_GENERAL_AUTO_SEND_ERR_REPORT
Sounds (*.wav)|*.wav||
IDS_SETTINGS_PARENTAL_CONTROL_ACTIVE_PASSWORD_INTRO
IDS_SETTINGS_PARENTAL_CONTROL_ERROR_WRONG_PASSWORD
IDS_SETTINGS_PARENTAL_CONTROL_ERROR_NO_PASSWORD
IDS_SETTINGS_PARENTAL_CONTROL_PASSWORD_HINT_INTRO
IDS_SETTINGS_PARENTAL_CONTROL_CONFIRM_PASSWORD_INTRO
IDS_SETTINGS_PARENTAL_CONTROL_SET_PASSWORD_INTRO
IDS_SETTINGS_PARENTAL_CONTROL_ERROR_PASSWORD_CONFIRMATION_MISMATCH
IDS_SETTINGS_PARENTAL_CONTROL_ERROR_INVALID_PASSWORD
IDS_SETTINGS_PARENTAL_CONTROL_ERROR_EMPTY_PASSWORD
ASettingsSheet
%d,%d,,
ShContentFolderCmd_
ShStartMenuCmd_
ShDesktopCmd_
%s %S %d %d
%S %S %S %S %S %S %d
%d %s
%d %S
%S %S %S %S
%d %S %S %d
%S %S %S
%d %d %S %s %d
Shell32.dll
%S %d %S %s
%d %d %s %d
%S %S %d
%d %S %S
%S %d %S %S
IDS_START_MENU_SHORTCUT_STATUS_INITIAL_DOWNLOAD_COMPLETE_TRY_CMD1
IDS_START_MENU_SHORTCUT_STATUS_FULL_DOWNLOAD_COMPLETE_TRY_CMD1
IDS_START_MENU_SHORTCUT_STATUS_INITIAL_DOWNLOAD_COMPLETE_OFFLINE_ENABLED_TRY_CMD1
IDS_START_MENU_SHORTCUT_STATUS_FULL_DOWNLOAD_COMPLETE_OFFLINE_ENABLED_TRY_CMD1
IDS_START_MENU_SHORTCUT_STATUS_DOWNLOAD_TRY_CMD1
IDS_START_MENU_SHORTCUT_STATUS_INITIAL_DOWNLOAD_COMPLETE_PM_CMD1
IDS_START_MENU_SHORTCUT_STATUS_FULL_DOWNLOAD_COMPLETE_PM_CMD1
IDS_START_MENU_SHORTCUT_STATUS_DOWNLOAD_OFFLINE_ENABLED_CMD1
IDS_START_MENU_SHORTCUT_STATUS_INITIAL_DOWNLOAD_COMPLETE_OFFLINE_ENABLED_CMD1
IDS_START_MENU_SHORTCUT_STATUS_FULL_DOWNLOAD_COMPLETE_OFFLINE_ENABLED_CMD1
IDS_START_MENU_SHORTCUT_STATUS_DOWNLOAD_PM_CMD1
%d %s %S
%S %s
Content.md
ClientShortcutUrl
CurrnetCmdLine
MaxCmdLine
%d %s %s %d %d
%s %s %d %d
IDS_SILENT_UPGRADE_EXETENDER_UPDATE_DESC
IDS_SILENT_UPGRADE_EXETENDER_UPDATE_CAPTION
.PAVCException@@
FindItem() failed: GetItem( %d ) failed.
GetItem( %d )
CreateWindow() %d
RegisterClass() %d
UnregisterClass() %d
DestroyWindow() %d
Shell_NotifyIcon() %d
%A, %B %d, %Y
dwPercentComplete = %d
%s,Unable to create directory,%d
%s,Not a directory,
ShellExecute for strFileName = %s failed in AHttpShellExecute
ShellExecute for strFileName = %S failed in AHttpShellExecute
Skn%s_%S
EI%s_%S.exe
ReadFile,%S,%d
Opened %S on second try.
CreateFile,%S,%d
DeleteFile() %s,%d.
CopyFile() %S,%S,%d
"%S%S" %S
"%S%S" %S %d
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
%d,%d,%d
%d %d %d
%S %S
%S&AppId=%d&RunIndex=%d&LangId=%x&AppName=%S&MUID=%s&PlayTimeLeft=%d&PlayCountLeft=%d&Type=%s&DisplayMode=%s
%S?AppId=%d&RunIndex=%d&LangId=%x&AppName=%S&MUID=%s&PlayTimeLeft=%d&PlayCountLeft=%d&Type=%s&DisplayMode=%s
FormatWebUIErrUrlParams szPostBuffer = %s
AppId=%d&AppName=%s&Type=%d&DisplayMode=%s&LangId=%x&License=%d&OfflineEnabled=%d&CDwnd=%I64u&IDwnd=%I64u&FDwnd=%I64u
WebUI
%s %d %d
IDS_WEB_UI_DEFAULT_PAGE_TITLE
IDS_WEB_UI_DELAYED_START_PAGE_TITLE
IDS_WEB_UI_AUTHENTICATION_PAGE
IDS_WEB_UI_END_SESSION_PAGE_TITLE
IDS_WEB_UI_TRIAL_LICENSE_EXPIRED_PAGE_TITLE
IDS_WEB_UI_PURCHASE_USE_END_PAGE_TITLE
IDS_WEB_UI_PURCHASE_USE_START_PAGE_TITLE
IDS_WEB_UI_TRIAL_END_PAGE_TITLE
IDS_WEB_UI_TRIAL_START_PAGE_TITLE
IDS_WEB_UI_INVALID_LICENSE_PAGE_TITLE
IDS_WEB_UI_LICENSE_EXPIRED_PAGE_TITLE
Exentender_ContentIdInUse_0d
Exentender_GUIActiveContent_0d
ValidateAndFixFileName() strFileName after validation = %S
HTTP/1.0
CGPlayerApp::CGPlayerApp() - m_SingletoneCreationMutex.Create failed
%s started
ExentCtl.ocx
GameInst.dll
%s version %s
IDS_EXETENDER_INFO
exs.dll
&MUID=%s
%s,%s
IsLaptop=%d
NotifyStatus status = %d, reason = %d, ContenId = %d, m_ContentId = %d
%d %d %d %d %d %d %s %d
%s, %d
%u %d
%d, %d, %d
%s,%d
%S %d,%d
%s,%s,%s,%s
ClientReportUrl
SOFTWARE\Exent\AOD\Client
%d,%d,%d,
%d, %d, %S
RunContent ContentId %d = SUCCESS
TerminateContent ContentId %d = SUCCESS
%d,%d,%d,%C,%d
IDS_LOCAL_EXECUTION_MISSING_DATA_QUESTION
RemoveContent ContentId %d = SUCCESS
%d,WaitForSingleObject return %d
IDS_BUTTON_EXENT_TOOL_TIP
SOFTWARE\Classes\Applications\GPlayer.exe
TRAY_ICON_BALLON_START_DOWNLOADING_MSG_FORMAT
TRAY_ICON_BALLON_PLAYER_MINIMIZED_MSG
TRAY_ICON_BALLON_PLAYER_FIRST_RUN_MSG
WaitForSingleObject() return %d
WaitForMultipleObjects() return %d
version.tmp
version.xml
version.xml.dat
version.ini
UsageReportMgr
%d, %d, %S, %d
%s %d %S %d
%d %S %d
owebui, type=%d
OnNotifyLicenseStatusMsg()
%S, %d, %S
IDS_ONLINE_EXECUTION_RECOMMENDATION_CLICK_NO
IDS_ONLINE_EXECUTION_RECOMMENDATION_CLICK_YES
IDS_ONLINE_EXECUTION_RECOMMENDATION_QUESTION
<none>, %S
%S, %S
SwitchSkin fail with skin code %s
SetLanguage fail with Language Id %d
cid=%d, m_cid=%d; pid=%d, m_pid=%d
cid=%d. pid=%d
.?AVMessageException@ExentExceptions@Exent@@
%S,%d
%s %d %s
%s %d %s %s
%s %d
%s%c%c%c
%s%c%c
<%S>, %d
NTDLL.DLL
XXXXXXXXX
Global\{EB900DF8-0D3D-46c3-9B60-1E7A0D34870A}
inetmib1.dll
WS2_32.dll
XXXXXX
SOFTWARE\Exent\AOD\Client\MUID
user32.dll
SOFTWARE\Exent\AOD\Client\Providers\%d\Settings\SkinCode
%s&AppId=%d&RunIndex=%d&PrvId=%d&AcID=%S&OpenShInIE=%d&PrvDir=%S
%s?AppId=%d&RunIndex=%d&PrvId=%d&AcID=%S&OpenShInIE=%d&PrvDir=%S
kernel32.dll
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BitBucket
AWebUIDlg
%d, %d, %d, %d
NavigateBrowser catch(...) Url = %S
TimerWndCLASS%d%s
TimerWndTITLE%d%s
IDispatch error #%d
SOFTWARE\Exent\AOD\Client\Reminders
%x.%x.%x.%x
.?AVExentException@ExentExceptions@Exent@@
.?AVRuntimeException@ExentExceptions@Exent@@
.?AVSystemException@ExentExceptions@Exent@@
.?AVWaitOnLockException@ExentExceptions@Exent@@
.?AVNullPointerException@ExentExceptions@Exent@@
Err: timerThread: Wait return with invalid code: %u
AWebBrowserIE2
CWebBrowserIE
AWebBrowserIE2::SetHeadContext has changed from <%x> to <%x>
AWebBrowserIE2::NavigateEx called with the following parameters %S %S %S %x
%s %u
Scheme=%u, URL=%S
URL=%S, Schema=%S
AWebBrowserIE2::Stop called CWebBrowserIE::Stop()
AWebBrowserIE2::Stop cancel context <%x>
AWebBrowserIE2::OnAsyncHeadOK context <%x> is already canceled
AWebBrowserIE2::OnAsyncHeadFail context <%x> is already canceled
AWebBrowserIE2::destroyContext delete context <%x>
Skin=%s_Prov=%d
Strings.ini
Strings.xml
Langs/Lang[@Id="%S"]/%S[@Id="%S"]/%S
Langs/Lang[@Id="%S"]
Sft=%X, Ctrl=%X, Alt=%X, bck=%X, Tab=%X, wParam=%X
TranslateAccelerator (lpMsg->message=%d)
%s NotInUse %d
StoreStr %s %s hRoot=0xX rootPath=%s
OpenCreate %s %s hRoot=0xX rootPath=%s
StoreDWORD %s %s hRoot=0xX rootPath=%s
SOFTWARE\Exent\AOD\Client\Providers\%d\Settings
Settings.xml
SOFTWARE\Exent\AOD\Client\Providers\%d\Settings\Skins\%s
Settings[@Type="%s" and @Id="%s"]
Group[@Name="%s"]
Setting[@Id="%s"]
noName, %u
%u %u
%s\a%u.rgms
temp.rgmx
SOFTWARE\Exent\AOD\Client\SL
%s %s
cid=%u, pid=%u
cid=%u, pid=%u (ln=%d)
sXp.dat
s9x.dat
%d = %u
.?AVTextException@ExentExceptions@Exent@@
.?AVUnSupportedTextFormatException@ExentExceptions@Exent@@
.?AVMemoryAllocationException@ExentExceptions@Exent@@
C:\Work\AOD7.3Branch\Client\Exceptions\SystemException.cpp
C:\Work\AOD7.3Branch\Client\Exceptions\WaitOnLockException.cpp
C:\Work\AOD7.3Branch\Client\Exceptions\NullPointerException.cpp
.?AVLoaderInitDbgDetectedException@Driver@Client@Exent@@
.?AVLoaderInitDriverLockedException@Driver@Client@Exent@@
.?AVLoaderInitUnSupportedOsException@Driver@Client@Exent@@
.?AVLoaderInitIncompatibleVersionsException@Driver@Client@Exent@@
.?AVLoaderInitDriverNotFoundException@Driver@Client@Exent@@
.?AVLoaderAlreadyInitiatedException@Driver@Client@Exent@@
MediaChangerHotKey
SOFTWARE\Exent\AOD\Client\CMC
C:\Work\AOD7.3Branch\Client\Exceptions\RuntimeException.cpp
.?AVContractException@ExentExceptions@Exent@@
.?AVPreConditionException@ExentExceptions@Exent@@
.?AVIllegalArgumentValueException@ExentExceptions@Exent@@
.?AVNoSuchElementException@ExentExceptions@Exent@@
.?AVUtilException@ExentExceptions@Exent@@
.?AVNoSuchSectionException@ExentExceptions@Exent@@
.?AVNoSuchGroupException@Information@Exent@@
.?AVInternalContractException@ExentExceptions@Exent@@
.?AVTypeFormatException@ExentExceptions@Exent@@
.?AVNumberFormatException@ExentExceptions@Exent@@
.?AVStringEncodingException@ExentExceptions@Exent@@
C:\Work\AOD7.3Branch\Client\Exceptions\UnSupportedTextFormatException.cpp
.?AVTextFormatException@ExentExceptions@Exent@@
%d,%u
%d %s %d
AUsageReportMgr
<Session ID="%s" ContentId="%d" GGID="%s" SNumber="%d" StartPlayTime="%s" DurationInSec="%d"/>
<Session ID="%S" ContentId="%S" GGID="%S" SNumber="%S" StartPlayTime="%S" DurationInSec="%S"/>
<?xml version="1.0" encoding="UTF-8"?><UpdateOSLUsageRequest><Header version="1.0"><Signature>%S</Signature></Header>%s</UpdateOSLUsageRequest>
<Data ProviderId="%S" MUID="%S" ClientClockSendTime="%S" >%S</Data>
targetURL
07.04.10.00
%d,%c
%c,%d,%d,%d
LicMgr, %u
C:\Work\AOD7.3Branch\Client\Exceptions\IllegalArgumentValueException.cpp
C:\Work\AOD7.3Branch\Client\Exceptions\NoSuchElementException.cpp
C:\Work\AOD7.3Branch\Client\Information\NoSuchGroupException.cpp
C:\Work\AOD7.3Branch\Client\Exceptions\InternalContractException.cpp
C:\Work\AOD7.3Branch\Client\Exceptions\NumberFormatException.cpp
C:\Work\AOD7.3Branch\Client\Exceptions\StringEncodingException.cpp
C:\Work\AOD7.3Branch\Client\Exceptions\TextFormatException.cpp
.?AVDirectionsException@Directions@Client@Exent@@
.?AVDirectionsInformationException@Directions@Client@Exent@@
%s %s %d
User_Setting_%d
Service_Setting_%d
Info_Url
Target_Url
Upgrade_Info_%d
SOFTWARE\Exent\AOD\Client\CLG
Global\.ALogMux
CLG Opened OK. Boot=d/d/d d:d:d Path=<%ws>
%s,%s,%s
LastSuccessfulErrURL
%s,%s,%d
\%d.clg
%s,%s,%u,%u,%u
%d,%d,%s
%d,%s
TargetURL
%s\%d
%s,%s - cont
%s,%s - cont.
%d,%d,<%s>
Report.exe
C:\Work\AOD7.3Branch\Client\DriverAdapter\LoaderInitIncompatibleVersionsException.cpp
C:\Work\AOD7.3Branch\Client\DriverAdapter\LoaderInitUnSupportedOsException.cpp
C:\Work\AOD7.3Branch\Client\DriverAdapter\LoaderInitDriverLockedException.cpp
C:\Work\AOD7.3Branch\Client\DriverAdapter\LoaderInitDriverNotFoundException.cpp
C:\Work\AOD7.3Branch\Client\DriverAdapter\LoaderAlreadyInitiatedException.cpp
C:\Work\AOD7.3Branch\Client\DriverAdapter\LoaderInitDbgDetectedException.cpp
0xx
.?AVLoaderInvalidRequestException@Driver@Client@Exent@@
.?AVObjectInitiationException@ExentExceptions@Exent@@
%s,%d,%d,%s,%s
%s\%c
SOFTWARE\Exent\AOD\Client\Disks
%c,%d,%s,%s
Err = 0x%X, RemName=%s
%d,%S,%S,%u,%s
%d,%S,%S
%u,%s
%d,%s,%d
%d %u,%s
%d,%u,%s
%d, %u, %s
%d,%u,%u
%d %d %d %d %d %d %d
\//:*<>|
%u,%u
%u %d %d
%d,%d,%d,%d,%d,%d,%d
GPlrLanc.dat
GPlrLanc.exe
*.lnk
*.rgmxold
2k.rif
2k.Rif
HttpPool
%d, %s, %d
%s, %s, %d
%d, %s, %d, %d
info:%u,%I64u,0x%I64x,%u
%u,%I64u,%u,0x%I64x,%u
%I64u,%u,0x%I64x
.?AVPMLicenseException@ExentExceptions@Exent@@
%u,%u,0x%I64x,%u
0x%I64x,%u,%u,%u,%u,%u,%u
%u,0x%I64x
%s,%u
%s %s %u
C:\Work\AOD7.3Branch\Client\Exceptions\PreConditionException.cpp
SOFTWARE\Exent\AOD\Client\ICC
_d
.?AVDirectionsFormatIsNotSupportedException@Directions@Client@Exent@@
Cmdline_%d
[%d]%s
CD_KEY_INFO_%d
%s,%S
xxxx
<%s %s="%d"><%s>%s</%s><%s>%s</%s><%s>%s</%s><%s>%d</%s><%s>%s</%s></%s>
%s,%u,%u
C:\Work\AOD7.3Branch\Client\DirectionsManager\DirectionsInformationException.cpp
SOFTWARE\Exent\AOD\Client\PRV
EnableDumpReport
AppLoader2kEx.dll
C:\Work\AOD7.3Branch\Client\DriverAdapter\LoaderInvalidRequestException.cpp
.?AVElementAlreadyExistsException@ExentExceptions@Exent@@
%u,0x%I64x,%u,%d
ListCount=%u, ListSize=%u, RemainingTime=%u, RemainingPlayCount=%u, nRemainingLevels=%u
%u,0x%I64x,%u
%u,%u,%I64u
.?AVContentException@ContentsRunnerEngine@Client@Exent@@
.?AVContentIsAlreadyInitiatedException@ContentsRunnerEngine@Client@Exent@@
.?AVContentsRunnerException@ContentsRunnerEngine@Client@Exent@@
.?AVAnOtherContentIsAlreadyInitiatedException@ContentsRunnerEngine@Client@Exent@@
.?AVIllegalContentStateOperationException@ContentsRunnerEngine@Client@Exent@@
.?AVContentNotFoundException@ContentsRunnerEngine@Client@Exent@@
.?AVNotEnoughDiskSpaceException@ExentExceptions@Exent@@
.?AVInvalidLicenseException@ContentsRunnerEngine@Client@Exent@@
.?AVInCompatibleContentDependenciesException@ContentsRunnerEngine@Client@Exent@@
<?xml version="1.0" encoding="UTF-8"?><CreateOSLRequest><Header version="1.0"><Signature>%S</Signature></Header>%s</CreateOSLRequest>
<Data><GGID>%S</GGID><MUID>%S</MUID><ClientBlock>%s</ClientBlock></Data>
<![CDATA[<ClientBlock><ClockID>%S</ClockID><CurrentClockIDTime>%S</CurrentClockIDTime></ClientBlock>]]>
<?xml version="1.0" encoding="UTF-8"?><RemoveOSLRequest><Header version="1.0"><Signature>%S</Signature></Header>%s</RemoveOSLRequest>
<Data><GGID>%S</GGID><MUID>%S</MUID><CR>%S</CR></Data>
OfflineSupported
CmdLineSNumber
CmdLineDesc
CmdLineTitle
CmdLineInfo_%u
%u,%u,%s,%u
DefCmdLine
%u,%u,%s,%s
%u,%u,%s
p_%u_lic
CmdLineParams
p_%u_cmd_%u
%u,%lu
C:\Work\AOD7.3Branch\Client\DirectionsManager\DirectionsFormatIsNotSupportedException.cpp
C:\Work\AOD7.3Branch\Client\Exceptions\ElementAlreadyExistsException.cpp
.?AVAPSAddressCanNotBeTranslatedException@Driver@Client@Exent@@
.?AVIOException@ExentExceptions@Exent@@
.?AVNetworkException@ExentExceptions@Exent@@
%d,%d,%d,%d,%s
%d.%d.%d.%d.%d.%d.%d.%d.%d.%d.%d.%d.%d.%d.%d.%d
C:\Work\AOD7.3Branch\Client\DriverAdapter\PMlicenseException.cpp
C:\Work\AOD7.3Branch\Client\ContentsRunnerEngine\ContentIsAlreadyInitiatedException.cpp
C:\Work\AOD7.3Branch\Client\ContentsRunnerEngine\AnOtherContentIsAlreadyInitiatedException.cpp
C:\Work\AOD7.3Branch\Client\ContentsRunnerEngine\IllegalContentStateOperationException.cpp
C:\Work\AOD7.3Branch\Client\ContentsRunnerEngine\ContentNotFoundException.cpp
C:\Work\AOD7.3Branch\Client\ContentsRunnerEngine\InvalidLicenseException.cpp
C:\Work\AOD7.3Branch\Client\Exceptions\NotEnoughDiskSpaceException.cpp
C:\Work\AOD7.3Branch\Client\ContentsRunnerEngine\InCompatibleContentDependenciesException.cpp
HTTPConnection
StartConnect (cid=%d, cn=%d)
Disconnect (cid=%d)
C:\Work\AOD7.3Branch\Client\DriverAdapter\APSAddressCanNotBeTranslatedException.cpp
C:\Work\AOD7.3Branch\Client\Exceptions\NetworkException.cpp
http=hXXp://%s:%d
ReqId=%d
HTTP/1.1
Range: bytes=%d-%d
%d, %d, %d, %s
%s/	u/	u/%s
Content.rgx
pid=%d
, Msg:
.?AVUnKnownContentStatusIDException@Driver@Client@Exent@@
.?AVIllegalContentNotificationException@Driver@Client@Exent@@
%d,%d,%d,%d,%d,%d,%d,%d,%d,%d
%s %d %d %s
%d,%s,%s,%s
.?AVDirectionsApsInfoNotFoundException@ContentsRunnerEngine@Client@Exent@@
.?AVParseException@ExentExceptions@Exent@@
%u(0xX),%u(0xx)
NotFullyDownloaded %d %d %d %d %d %d
%d,%u(0xX),%d
NotUsed,%s:%d
User,Port,%d
Manual,%s:%d
Machine,Port,%d
AutoDetect,%s:%d
Provider,Port,%d
%s:%d
Failed to save bypass information to registry.
ProxyBypassList
%d,%d,%d,%s:%d,%s:%d,%d
%d %S %d %d %s
%d, ,%d
%s, %d, %d
%d,%s,%s
CID-0d/CN-d/%s
predict.dat
%d,%S,%S,%d
\SC-0d-d.ico
Cmd[@id="%d"]
ExentMCEEvent_0d_d
C:\Work\AOD7.3Branch\Client\DriverAdapter\UnKnownContentStatusIDException.cpp
C:\Work\AOD7.3Branch\Client\DriverAdapter\IllegalContentNotificationException.cpp
ggid=%s
%d, %u, %s, %u
%s,%d,%d
C:\Work\AOD7.3Branch\Client\ContentsRunnerEngine\DirectionsApsInfoNotFoundException.cpp
-----BEGIN PUBLIC KEY-----
fVEhSlxxjE5s15XohAaeiTJKYxcveCzZw2CiIpeHOD26hZXMt2s9xkEYkQLtcN5x
-----END PUBLIC KEY-----
Init, IsAlreadyInitialized=%s, cURLSIsEmpty=%s, cstrTicket=%s, cstrClientVersion=%s, TicketId=%lu
HTTPConnPool
http:\\VVV.yahoo.com
http:\\VVV.microsoft.com
http:\\VVV.google.com
Certificate Request
%d, errId=%d, subErrId=%d
last ATTEMPT to send KA at: %s ;last SUCCESS to send KA at: %s ;last KA response time: %s
Unable to generate symmetric key
Received invalid certificate
C:\Work\AOD7.3Branch\Client\Exceptions\ParseException.cpp
GSCertReq
GSCertRes
CertData
./CacheKey
%s, %s
.?AVHardwareCheckerOperationException@DependencyChecker@Client@Exent@@
[%s:%u:%s]
[%s:%x:%s]
%s\%s
Joystick%dOEMName
%s\%s\%s
.?AVSoftwareCheckerOperationException@DependencyChecker@Client@Exent@@
D3D10.DLL
WINDOWS
INST.EXE
GLU32.DLL
CLSID\%s\InprocServer32
Software\AppDataLow\Software\Exent\AOD\Client\DC\GC
Software\AppDataLow\Software\Exent\AOD\Client\DC\C
Software\AppDataLow\Software\Exent\AOD\Client\DC
D3D8.DLL
DINPUT.DLL
DDRAW.DLL
AffinityMask = %d; Initial APIC = %d; Physical ID = %d, Core ID = %d, SMT ID = %d
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
C:\Work\AOD7.3Branch\Client\DependencyChecker\SoftwareCheckerOperationException.cpp
Local video memory = %d MB
Toal video memory = %d MB
megs = %d / (1024*1024) = %d MB
On-screen memory = %d MB
lpdd7->GetAvailableVidMem(DDSCAPS_LOCALVIDMEM) returned dwTotal=%d Bytes
last_megs (Sub-Total Video memory) = %d / (1024*1024) = %d MB
lpdd7->GetAvailableVidMem(DDSCAPS_NONLOCALVIDMEM) returned dwTotal=%d Bytes
winmm.dll
exent_%u
SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
%u, %S, %S
Error=0x%X, File=%S
%s %s %s
%s %s %s %d %d %S
web:length = %d, str = %S
DirectionXMLRequest ansi: %s
DirectionXMLRequest unicode: %S
%S %S %d %d %S
<WebUIInfo>
%d, %S
CWebBrowserMZ
%S->%S
Style_%d-View_%d
Software\AppDataLow\Software\Exent\AOD\Broadcasting\
Exent EXEtender
Mozilla Firefox 3/4
Google Chrome
%s %d %x
SOFTWARE\Exent\AOD\Client\IGA
STRINGS_%d_%d_%s
%hs %d, %d
Unknown Asset dl Ok %d, %d
check: bad widget err=%d %ws
check: IGL files=%d dirs=%d Mb=%d %ws
check: err=%d %ws
%s\%x\
s2i %s
%s\%x
%s\tmp
not zip err=%d %ws %ws
not 7z err=%d %s %ws
%s&AppId=%d&PrvId=%d
%s?AppId=%d&PrvId=%d
d/d/d-d:d:d
CertGetNameStringA
CertFreeCertificateContext
crypt32.dll
wintrust.dll
//Password
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCResourceException@@
.PAVCArchiveException@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCOleException@@
.PAVCOleDispatchException@@
.PAVCFileException@@
zcÁ
Err: Error while waiting on object, Windows error: %s.
C:\Work\AOD7.3Branch\Share\AWin32Util\ASyncObject.cpp
Err: Failed to create object, Windows error: %s.
Err: Failed to open object, Windows error: %s.
Err: Failed to set/reset event, Windows error: %s.
Err: Failed to release object, Windows error: %s.
[%d]%-20s: %-120s ::%s(=)
!!! %s- %s
AodDebug.ini
%s%s:X
Exception on DoLog(File: %u, LineNumber: %d)
Exception on DoLog(FileName: %s, LineNumber: %d)
Exception on DoLogEx(FileName: %u, LineNumber: %d)
Exception on DoLogEx(FileName: %s, LineNumber: %d)
netmsg.dll
C:\Work\AOD7.3Branch\Share\AWin32Util\ARegistryKey.cpp
Err: Error openning registry key NULL Key.
Err: Error openning/creating registry key %s, Windows error: %s.
Err: Error openning/creating registry key NULL Key.
Err: Error reading from registry key NULL Parameter.
Err: Invalid registry key type at registry key %s.
Err: Error reading from registry key NULL Key.
Err: Error reading from registry key %s, Windows error: %s.
Err: Registry entry %s too long.
Err: Error writing to registry key NULL Parameter.
Err: Error writing to registry key %s, Windows error: %s.
Err: Error writing to registry key NULL Key.
Err: Error deleting registry key %s, Windows error: %s.
Err: Error deleting registry key NULL Parameter.
Err: Error deleting registry key NULL Key.
Err: Error enumerating registry key %s, Windows error %s.
C:\Work\AOD7.3Branch\Share\AWin32Util\AThread.cpp
Err: Error creating thread, Windows error: %s.
Err: Operation is not allowed within thread context.
Err: Error terminating thread, Windows error: %s.
C:\Work\AOD7.3Branch\Share\ErrorLogger\ErrorLoggerMgr.cpp
C:\Work\AOD7.3Branch\Share\ErrorLogger\AErrorsLoggerMgrBlocking.cpp
%s - %s
?456789:;<=
!"#$%&'()* ,-./0123
\StringFileInfo\xx\%s
C:\Work\AOD7.3Branch\Share\AAodUtilities\ABufferPool.cpp
C:\Work\AOD7.3Branch\Share\AAodUtilities\AWorkQueue.cpp
C:\Work\AOD7.3Branch\Share\AAodUtilities\AInternetConnectionTrigger.cpp
wininet.dll
%s: %s
Invalid schema (%u).
Invalid url.
Server return HTTP code:%u. err:%s
%s: %u
Failed to read http response. err
Page: %s not found: %s
Fail to query status code err: %s
AHTTPConnection::_Work() - Error. Did not Receive exactly the requested Range.
Failed to end http request. err
%s: %d
Failed to send http request. err
%s: %s
Failed to add http header. err
undefined operation!
Fail to crack URL. err:schema <%u> is not supported.
Fail to crack URL err:%u.
%s %S to %S err: %u
Range: bytes=%u-%u
Fail to read file. err:%u.
Fail to open file %S. err:%u.
C:\Work\AOD7.3Branch\Share\AAodUtilities\ASharedListEx.cpp
SharedListEventName_%s
d/d/%d d:d
assets.xml
CLSID%d
SOFTWARE\Exent\AOD\CLSID
Kernel32.dll
%X%X%X
HardwareInformation.AdapterString
\\.\PhysicalDrive%d
winio.sys
\\.\Scsi%d:
The data file expired ftime=%s, stime=%d:%d:%d
CREATE TABLE cookies (creation_utc INTEGER NOT NULL UNIQUE PRIMARY KEY, host_key TEXT NOT NULL,name TEXT NOT NULL,value TEXT NOT NULL, path TEXT NOT NULL,expires_utc INTEGER NOT NULL, secure INTEGER NOT NULL,httponly INTEGER NOT NULL, last_access_utc INTEGER DEFAULT 0)
host_key
SELECT creation_utc, name, value, host_key, path, expires_utc, secure, httponly FROM cookies
SELECT creation_utc, name, value, host_key, path, expires_utc, secure, httponly, encrypted_value FROM cookies
\Google\Chrome\User Data\Default\
UPDATE cookies SET name = ?1, value = ?2, host_key = ?3, path = ?4, expires_utc = ?5, secure = ?6, httponly = ?7 WHERE creation_utc = ?8
UPDATE cookies SET name = ?1, value = ?2, host_key = ?3, path = ?4, expires_utc = ?5, secure = ?6, httponly = ?7, encrypted_value = ?9 WHERE creation_utc = ?8
INSERT INTO cookies (creation_utc, host_key, name, value, path, expires_utc, secure, httponly, last_access_utc) VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9)
UPDATE moz_cookies SET value = ?2, host = ?3, path = ?4, expiry = ?5, isSecure = ?6, isHttpOnly = ?7, lastAccessed = ?8, baseDomain = ?9, creationTime = ?10 WHERE id = ?1
INSERT INTO moz_cookies (name, value, host, path, expiry, isSecure, isHttpOnly, lastAccessed, baseDomain, creationTime) VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10)
SELECT id, name, value, host, path, expiry, isSecure, isHttpOnly, creationTime FROM moz_cookies
UPDATE moz_cookies SET value = ?2, host = ?3, path = ?4, expiry = ?5, isSecure = ?6, isHttpOnly = ?7, lastAccessed = ?8, baseDomain = ?9 WHERE id = ?1
INSERT INTO moz_cookies (id, name, value, host, path, expiry, isSecure, isHttpOnly, lastAccessed, baseDomain) VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10)
UPDATE moz_cookies SET value = ?2, host = ?3, path = ?4, expiry = ?5, isSecure = ?6, isHttpOnly = ?7, lastAccessed = ?8 WHERE id = ?1
INSERT INTO moz_cookies (id, name, value, host, path, expiry, isSecure, isHttpOnly, lastAccessed) VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9)
UPDATE moz_cookies SET value = ?2, host = ?3, path = ?4, expiry = ?5, isSecure = ?6, isHttpOnly = ?7 WHERE id = ?1
INSERT INTO moz_cookies (id, name, value, host, path, expiry, isSecure, isHttpOnly) VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8)
SELECT id, name, value, host, path, expiry, isSecure, isHttpOnly FROM moz_cookies
\cookies.sqlite
profiles.ini
\Mozilla\Firefox\
Mozilla Firefox 2
#HttpOnly_
# HTTP Cookie File
# hXXp://VVV.netscape.com/newsref/std/cookie_spec.html
\cookies.txt
*.txt
#!*.*
Microsoft.MicrosoftEdge_*.*
shell32.dll
cmhelper.exe
ietemp1.dat
SELECT name FROM sqlite_master WHERE type = 'table' AND name = '
large file support is disabled
unknown operation
SQL logic error or missing database
foreign_keys
foreign_key_list
foreign_key_check
defer_foreign_keys
sqlite_compileoption_get
sqlite_compileoption_used
sqlite_log
sqlite_source_id
sqlite_version
sqlite_attach
sqlite_detach
sqlite_stat4
sqlite_stat3
sqlite_stat1
sqlite_rename_parent
sqlite_rename_trigger
sqlite_rename_table
RowKey
SQLITE_
d-d-d d:d:d
d:d:d
d-d-d
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
os_win.c:%d: (%lu) %s(%s) - %s
delayed %dms for lock/sharing conflict
%s-shm
%s%s%s
unknown database %s
recovered %d pages from %s
cannot limit WAL size: %s
recovered %d frames from WAL file %s
MJ delete: %s
-mjX9X
MJ collide: %s
%s-mjXXXXXX9XXz
foreign key constraint failed
922337203685477580
%s(%d)
keyinfo(%d
bind on a busy prepared statement: [%s]
statement aborts at %d: [%s] %s
constraint failed at %d in [%s]
abort at %d in [%s]: %s
database table is locked: %s
cannot change %s wal mode from within a transaction
SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid
sqlite_master
sqlite_temp_master
cannot commit transaction - SQL statements in progress
cannot release savepoint - SQL statements in progress
no such savepoint: %s
cannot open savepoint - SQL statements in progress
Outstanding page count goes from %d to %d during this analysis
Pointer map page %d is referenced
Page %d is never used
Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)
Failed to read ptrmap key=%d
failed to get page %d
%d of %d pages missing from overflow list starting at %d
freelist leaf count too big on page %d
2nd reference to page %d
invalid page number %d
Fragmentation of %d bytes reported as %d on page %d
Multiple uses for byte %d of page %d
Corruption detected in cell %d on page %d
On page %d at right child:
On tree page %d cell %d:
btreeInitPage() returns error code %d
unable to get the page. error code=%d
Page %d:
zeroblob(%d)
cannot open %s column for writing
no such column: "%s"
cannot open view: %s
cannot open virtual table: %s
indexed
foreign key
cannot open value of type %s
%.*s"%w"%s
%s%.*s"%w"
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
unable to open database: %s
database %s is already in use
too many attached databases - max %d
database %s is locked
cannot detach database %s
no such database: %s
%s: %s.%s
API call with %s database connection pointer
error during initialization: %s
no entry point [%s] in shared library [%s]
sqlite3_
unable to open shared library [%s]
%s.%s
sqlite3_extension_init
malformed database schema (%s)
SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid
unsupported file format
database schema is locked: %s
sqlite3_get_table() called with two or more incompatible queries
INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'
SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'
SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0
PRAGMA vacuum_db.synchronous=OFF
cannot VACUUM - SQL statements in progress
no such module: %s
vtable constructor did not declare schema: %s
vtable constructor failed: %s
the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers
the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers
Expression tree is too large (maximum depth %d)
too many SQL variables
variable number must be between ?1 and ?%d
too many columns in %s
there is already another table or index with this name: %s
UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q
sqlite_sequence
UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
view %s may not be altered
%s OR name=%Q
type='trigger' AND (%s)
table %s may not be altered
sqlite_
UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q
Cannot add a PRIMARY KEY column
sqlite_altertab_%s
DELETE FROM %Q.%s WHERE %s=%Q
CREATE TABLE %Q.%s(%s)
misuse of aggregate: %s()
EXECUTE %s%s SUBQUERY %d
invalid name: "%s"
not authorized to use function: %s
%s: %s.%s.%s
misuse of aliased aggregate %s
%s prohibited in partial index WHERE clauses
%s prohibited in CHECK constraints
%r %s BY term out of range - should be between 1 and %d
too many terms in %s BY clause
access to %s.%s.%s is prohibited
access to %s.%s is prohibited
object name reserved for internal use: %s
there is already an index named %s
duplicate column name: %s
too many columns on %s
default value of column [%s] is not constant
AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY
table "%s" has more than one primary key
CREATE TABLE %Q.sqlite_sequence(name,seq)
UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d
CREATE %s %.*s
%s %T cannot reference objects in database %s
%s cannot use variables
view %s is circularly defined
use DROP VIEW to delete view %s
use DROP TABLE to delete table %s
table %s may not be dropped
sqlite_stat
sqlite_stat%d
DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d
unknown column "%s" in foreign key definition
number of columns in foreign key does not match the number of columns in the referenced table
foreign key on %s should reference only one column of table %T
INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
CREATE%s INDEX %.*s
table %s has no column named %s
sqlite_autoindex_%s_%d
index %s already exists
there is already a table named %s
virtual tables may not be indexed
views may not be indexed
table %s may not be indexed
cannot create a TEMP index on non-TEMP table "%s"
indexed columns are not unique
DELETE FROM %Q.%s WHERE name=%Q AND type='index'
index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped
no such index: %S
a JOIN clause is required before %s
unable to identify the object to be reindexed
no such collation sequence: %s
cannot modify %s because it is a view
table %s may not be modified
foreign key mismatch - "%w" referencing "%w"
table %S has no column named %s
%d values for %d columns
table %S has %d columns but %d values were supplied
PRIMARY KEY must be unique
constraint %s failed
%s.%s may not be NULL
unsupported encoding: %s
*** in database %s ***
unknown or unsupported join type: %T %T%s%T
RIGHT and FULL OUTER JOINs are not currently supported
no such index: %s
no such table: %s
%s.%s.%s
too many references to "%s": max 65535
sqlite_sq_%p
cannot join using column %s - column not present in both tables
cannot have both ON and USING clauses in the same join
a NATURAL join may not have an ON or USING clause
USE TEMP B-TREE FOR %s
SELECTs to the left and right of %s do not have the same number of result columns
LIMIT clause should come after %s not before
ORDER BY clause should come after %s not before
COMPOUND SUBQUERIES %d AND %d %s(%s)
SCAN TABLE %s%s%s
cannot create INSTEAD OF trigger on table: %S
cannot create %s trigger on view: %S
INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
no such trigger: %S
-- TRIGGER %s
no such column: %s
UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d
at most %d tables in a join
automatic index on %s(%s)
%s VIRTUAL TABLE INDEX %d:%s
%s (rowid<?)
%s (rowid>?)
%s (rowid>? AND rowid<?)
%s (rowid=?)
%s USING INTEGER PRIMARY KEY
%s USING %sINDEX %s%s
%s USING AUTOMATIC %sINDEX%.0s%s
%s AS %s
%s TABLE %s
%s SUBQUERY %d
%s.xBestIndex() malfunction
table %s: xBestIndex returned an invalid plan
unable to use function %s in the requested context
unknown database: %s
no such vfs: %s
%s mode not allowed: %s
no such %s mode: %s
automatic extension loading failed: %s
database corruption at line %d of [%.10s]
misuse at line %d of [%.10s]
cannot open file at line %d of [%.10s]
UrlMon.dll
UMUploadRequestHTTP
0x%X (S)
\\.\%s
X4EXT.Sys
code %d bits %d->%d
gen_codes: max_code %d
bl code -
opt %lu(%lu) stat %lu(%lu) stored %lu lit %u dist %u
last_lit %u, last_dist %u, in %ld, out ~%ld(%ld%%)
1.1.3
CD%sWndTITLE
CD%sWndCLASS
%s_%s
MAILSLOT%s
fail to create mailSlot. err: %d
fail to create 'AllAccess' object. err:<%d>
fail to open mailSlot. err: %d
\\.\mailslot\
fail to write to mailSlot, err:<%u>
fail to read from mailSlot, err:<%u>
fail to get mailSlot info. err: %d
windows
Service Pack: %d
Windows XP
Windows 2000
Windows NT
Windows ??
Windows Millenium Edition
Windows 98 Second Edition
Windows 98 SP1
Windows 98
Windows 95 OSR2
Windows 95 SP1
Windows 95
Windows CE
Windows
Microsoft Windows Me
Microsoft Windows 98
Microsoft Windows 95
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows NT
01000000000000000001
10000000000000000010
version="4.34.0.0"
<description>EXEtender Player</description>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel
yw}nlwWRuA8v1%u 
3333331
3333333
^UeA9[6.V2(X1)X1(]6.fA9}\S
commctrl_DragListMsg
tAfx:%x:%x:%x:%x:%x
Afx:%x:%x
t%*.*f
A.INI
tMSWHEEL_ROLLMSG
888816666554443
6666554443
!6666554443
e.exe
>%s%s
& ErrCode=%d
?ErrCode=%d
SGPlayer.exe
Please install the latest version of the EXEtender Player now.
%d second(s) left
NM_CP_%u.xml
%s\a%u.rgmt
%s %s %d %s
GameLauncher.exe
PLAY_INFO_IDS_LAUNCHER_INSTALL_URL
ExetenderOptionsHelp.htm
%s (%s %d/%d)
Show again in %d hour(s)
D%s%s%s
!@#$%^&*()_ 
!@#$%^&*()_ 
%c:\%s
SUrl
rLink[@Id="%d"]
S<cmdlinetitle>
%d, %S, %d, %d, %S, %S, %s %d %d %d %d %d
(%.1f %s/%s)
%.2f%s/%.2f%s
,%.2f %s
%.2f%s
%s\x\%s
http\shell\open\command
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Software\Classes\ChromeHTML
Software\Classes\ChromeHTML\shell
Software\Classes\ChromeHTML\shell\open
Software\Classes\ChromeHTML\shell\open\command
SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
%d %s
d %s
dDirection[%d].rgmxold
%c:\%s\%s\
.rgmt
%s\%s\%s-%s
PU.rgmxold
PM.rgmxold
SBMP-0d-d.pic
SC-0d-d.ico
-UserCmdline
ExetenderPlayerHelp.htm
CrashDump.dll
CM.dll
UI_OpenWebDialog
UI_LoginPopupWindow
http:\\VVV.exent.com\logo_click.html
%s/%s
-WebLaunch
%d.ico
AuthKey
%s?%s
string number %u is empty
string %u Title: %s,
string %u Question: %s
%s=%d&%s=%d&%s=%s&%s=%d&%s=%d
%s=%d&%s=%d&%s=%d&%s=%d
%s=%d&%s=%d
&%s=%s
\IGL.ini
ComponentMgrConfig.xml
Widget.dll
GFComponent.dll
w%SystemRoot%\ehome\ehshell.exe
ExentControl.ExentInf1
ExentCtl.ExentInf
dat\GPlrLanc.dat
regsvr32.exe
Can't read config file <%s>
(error:%s)
Can't open config file <%s>
fail to load XML string. <%s>
x%d.%d.%d.%d
%X.%X.%X.%X
%s\x
%s\*x
HTTPpool
uxtheme.dll
168,3600
168,43200
5,3600,-1,86400
./Url
e%S\%s\
clientErrorLogUrl
clientMoreInfoURL
clientUpgradeURL
bannerUrl
progressUrl
cmdParams
cmdStartDir
cmdLine
proxyPort
apsPort
x	u/	u/x/%s
x/
x.dat
%S.lic
e2.0.0.0
nHidE.dll
HidEmu.xml
//InternetCheckUrls/Url
OSLMgrURL
grant/forAll[@varName="%S"]/xmlExpresion[. = "ContentId/%d"]
00.00.00.00
Win32_VideoController.DeviceId="VideoController1"
\\.\root\cimv2
'%c' (%hu, 0x%hX)
%d (0x%X)
URLInfoAbout
lcid=%u;name=%s;dir=%s;prvid=%u;cmdid=%u;prvdir=%s
<?xml version="1.0" encoding="UTF-8"?><GetDirectionRequest><AppId>%s</AppId><RunIndex>%s</RunIndex><Muid>%s</Muid><AcID>%s</AcID><AuthKey>%s</AuthKey><DirectionsType>%s</DirectionsType><UserType>%s</UserType><UserChannel>%s</UserChannel><AdditionalInfo>%s</AdditionalInfo></GetDirectionRequest>
Directions/AuthUiUrl
Directions/SilentAuthUrl
Authentication/Key
WEB_UI
File://%sConnecting.html
File://%shtml\Connecting.html
File://%sOffLineErrUI.html?%s
File://%shtml\OffLineErrUI.html?%s
File://%sOffLineWebUI.html
File://%shtml\OffLineWebUI.html
File://%sPromotion.html
File://%shtml\Promotion.html
OfflineSplash.jpg
%spics\OfflineSplash.jpg
BUTTON_EXENT
WEB_UI_BUY
WEB_UI_AUTHENTICATION
WEB_UI_END_SESSION
SkinCfg.ini
SkinCfg.xml
res://%s/%d
hGPlrLanc.dat
ExetenderPlayerSkin/%s/%s[@Id="%d"]/Path
DefaultUrl
DefaultUrls
ExetenderPlayerSkin/%s/%s[@Id="%d"]
PopupWindows
WebUIs
ExetenderPlayerSkin/Views/Style[@Id="%d"]/View[@Id="%d"]
View[@Id="%d"]/Menus
./Resources/Resource[@Id="%s"]
./Configurations/Configuration[@Id="%d"]/Setting
ContentExecutionErrId
ActivationKey
IsHttpOnly
CmdlineId
ReportOSLUsageRequest
GetExecutionStateRequest
DirectionsUrl
BaseUrl
CreateUrl
RemoveUrl
widget.dll
USERMSG/
INFO_URL
TARGET_URL
r.xml
<DBItemWebURL><![CDATA[
]]></DBItemWebURL>
//DBItemWebURL
exent_msg:name
exent_msg:expiration_time
exent_msg:show_duration_time_in_sec
exent_msg:is_message_persistent
web_type_url
AIGsXML_%u.xml
//cp:dsurl
</Password>
<Password>
.http.tmp
md.dat
%s\%S_%S
%s\%S_%s
GF.env
\%sEnvironment\%s.env
SOFTWARE\Exent\Games Enhancement
GameInfoUrl
RulesUrl
UrlPrototype
<Header Version="%d" />
<GEMEnvironment><Header Version="%d" /><Data /></GEMEnvironment>
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
<CacheMgr><CacheInfo><StorageID>%S</StorageID><Signature/></CacheInfo><Records/></CacheMgr>
./URL
xmlns:xsi="hXXp://VVV.w3.org/2001/XMLSchema-instance"
%Program Files%\Free Ride Games\GPlayer.exe
1996-2016 Exent Technologies Ltd. All rights reserved.
$$Not enough disk space - The EXEtender cannot continue running the application...
$$ Free disk reqired for play %s (%s)
$$Free disk space for %s full download (%s)
$$Currently selected %s...
$$You need to free at least %s disk space in order to run %s...
$$Preserve all settings and saved information (will leave %s)...
$$|| / >
$$Automatic error report sending...
$$Are you sure you want to remove %s?...
$$3.5.3...
$$%Program Files%\Exetender...
1996-2004 Exent Technologies...
$$Click 'Finish' to return to Exetender Player...
$$Port:
$$EXEtender recommends of the following steps:...
$$Increase the reserved space for application caching on drive %c:...
$$Free disk space required to play %s
$$Set Password:
$$Confirm Password:
$$Password Hint:
$$Parental Controls settings lets you control your subscription game content on Verizon Games On Demand. Once you set your settings a password will be required to play any game you don't allow.
$$Please Enter Your Parental Control Password to access this feature:
$$Forgot Password?
$$Please send an e-mail to our Customer Support
$$Your Password:
Please enter your Parental Controls Password:
All Files (*.*)
No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.
Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.
Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.
Disk full while accessing %1..An attempt was made to access %1 past its end.
No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.
#Unable to load mail system support.






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    iKernel.exe:1512
    regsvr32.exe:224
    regsvr32.exe:1716
    Location_extractor_654250.exe:1072
    RegEdit.exe:1632
    RegEdit.exe:1084
    RegEdit.exe:140
    EXEtender_Default.exe:824
    Setup.exe:1064
    %original file name%.exe:272
    Free Ride Games.exe:464
    IKernel.exe:460
    IKernel.exe:1972
    

    2. 

  2. Delete the original Trojan-PSW file.
    3. 

  3. Delete or disinfect the following files created/modified by the Trojan-PSW:
    

    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tags[2].js (4774 bytes)
    %Program Files%\Free Ride Games\Info\co_adm.dat (911 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@tribalfusion[1].txt (603 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[6].jpg (3645 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[1].jpg (3637 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\geoServices[2].js (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\analytics[1].js (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[2].js (2530 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[4].jpg (3637 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\rtdGames[1] (1704 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[1].jpg (5654 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[10].jpg (4718 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (7290 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\displayAd[1].js (157 bytes)
    %Program Files%\Free Ride Games\Info\ExentRssDB_143.xml (23 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (23136 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[7].jpg (7506 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CARP1BI2.gif (43 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\utils[1].jsp (303 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[2].jpg (3704 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_UEHYMtNAgLnWnse (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[9].jpg (4250 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\controller[2].js (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[4].jpg (2772 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[7].jpg (6057 bytes)
    %Program Files%\Free Ride Games\Info\co_adm.dat-journal (26790 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[6].jpg (10151 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[9].jpg (3369 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@freeridegames[2].txt (1173 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[1].jpg (1907 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\160x600_frame_ad[1].htm (36 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[3].jpg (4616 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[5].jpg (3790 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\scriptsIncludes[1].js (217 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAAJC9MB.ad (231 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery.globalEvents[2].js (933 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (3894 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[11].jpg (5010 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[5].jpg (2772 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tags[1].js (3581 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[7].jpg (3410 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\skin[1].xml (398 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CA8DYDBO.ad (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin[2].xml (398 bytes)
    %Program Files%\Free Ride Games\Data\version.ini (48 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\displayAd[2].js (247 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[2].jpg (2772 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[8].jpg (3637 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[8].jpg (3645 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[9].jpg (2778 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\728x90_default_tribal[1].htm (332 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\160x600_default_tribal[1].htm (335 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\728x90_frame_ad[1].htm (36 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[5].jpg (2772 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\analytics[1].js (733 bytes)
    %Program Files%\Free Ride Games\Info\1.clg (26703 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[4].jpg (3348 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@tribalfusion[2].txt (310 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\utils[1].htm (907 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[13].jpg (2772 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\160x600_frame_ad[1] (725 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[10].jpg (2772 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[1].js (2845 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[10].jpg (2675 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CA8DMB0T.ad (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[1].jpg (2778 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAJIGZ3H.gif (35 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_AV70pDodfRgPEkH (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\analytics[3].js (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Exent\GI20160402080912GMT.Log (2201 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[8].jpg (2772 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[4].jpg (2778 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[2].jpg (3637 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[12].jpg (3354 bytes)
    %Program Files%\Free Ride Games\Info\NM_CP_143.xml (83 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\json2[1].js (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[3].jpg (3645 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[11].jpg (5664 bytes)
    %Program Files%\Free Ride Games\Data\version.tmp.http.tmp (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\geoServices[1].js (580 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@freeridegames[1].txt (1878 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[8].jpg (2772 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin[1] (309 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\track[1].htm (356 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[5].jpg (6190 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[6].jpg (3340 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@~~local~~[1].txt (1840 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\728x90_frame_ad[1] (771 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[12].jpg (3645 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\json2[2].js (17 bytes)
    %Program Files%\Free Ride Games\Info\2.clg (3603 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[9].jpg (5654 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[6].jpg (8217 bytes)
    %Program Files%\Free Ride Games\Info\sXp.dat (34 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[3].jpg (2778 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[2].jpg (4446 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\boxshot[7].jpg (3348 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\controller[1].js (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[3].jpg (2679 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\analytics[2].js (733 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery.globalEvents[1].js (436 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\boxshot[10].jpg (2778 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\boxshot[11].jpg (3637 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin[1].xml (398 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CA77YAVH.ad (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAJQTKHL.gif (43 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\dmAssetsXmlFile_assets.xml (666 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\GameImage_DefaultGameImage.gif (12 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Content.wav (2995 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\GPlrLanc.exe (15414 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\ch1.ix (1 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\ProviderMD_checkRSSFeed.jsp.dat (6 bytes)
    %Documents and Settings%\%current user%\Desktop\Play Zombie Bowl-O-Rama.lnk (1 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\exs.dll (16131 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\ch1.dat (19057 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\SplashScreenGameImage_DefaultSplashScreenGameImage.jpg (1967 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\GameInfoXML_654250_GameInfo.xml.dat (3 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\GameIcon_icon.ico.dat (5331 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\Thumbs.db (18 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\ch0_1.ix (171 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\SC-0000654250-001.ico (15 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Default\GPlrLanc\GPlrLanc.dat (6 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\ch0.ix (2104 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\ch0_3.ix (171 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\ch0.dat (1547741 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\md.dat (570 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Preload.dat (1 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\GameImage_player_boxshot.jpg.dat (5 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\ch0_2.dat (4 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\00000000.VIX (10 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Content.md (3 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\Free Ride Games\Zombie Bowl-O-Rama\Play Zombie Bowl-O-Rama.lnk (1 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\splash_screen.gif (1372 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\ch0_3.dat (4 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Default\GameInfo\SplashScreenGameImage_splash_screen.jpg.dat (1967 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\ch0_2.ix (171 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\CacheSettings.ini (231 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\Default\GPlrLanc\GPlayer.ico (17 bytes)
    C:\Remote Programs\Zombie Bowl-O-Rama\ch0_1.dat (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\layout.bin (417 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\ExentCtl.ocx (8744 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\data1.hdr (2478 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\setup.ini (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\plf4.tmp (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\data1.cab (8949 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\exs.dll (12304 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\setup.iss (169 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\FRGN.ico (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\data2.cab (170938 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\setup.inx (7746 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\ikernel.ex_ (6410 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\ext5.tmp (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\pftw1.pkg (43502 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\Setup.exe (2246 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\IEC7.tmp (2105 bytes)
    %Program Files%\Common Files\InstallShield\Engine\6\Intel 32\temp.000 (11328 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splash\loader5.jpg (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\resourceDll.dll (7532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\ExentCtlInstaller.dll (4169 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nse2.tmp\System.dll (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splash\loader1.jpg (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splash\loader3.jpg (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splasher.dll (10805 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Free Ride Games.exe (38850 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\cmhelper.exe (5571 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splash\loader2.jpg (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splash\loader4.jpg (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Splash\loader6.jpg (14 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\D41693DAFE5DEF0C36959FF1FCEF5C96 (603 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10000\SDM_DownloadAcc_10000.acc (941 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10044\98b43d77-a569-462a-ae12-61dee42f9d55 (172915 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10044\bd545434-2192-46fb-9923-badb71c13adc (172915 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\207B9FD92391B9B2A60A89B4C965D5DF (324 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10000\23f0ee32-947c-464e-962e-446b6ee3ddf2 (56983 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10044\4304aba4-1da2-4a0c-8789-287cede31fe7 (172915 bytes)
    %System%\d3d8caps.dat (1532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10044\SDM_DownloadAcc_10044.acc (970 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT (192 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10044\fc47f249-b55b-4517-b36b-886ae45a6231 (172915 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10000\bf70f11d-afeb-453b-a5b8-6d4777353ea7 (56983 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10000\410b41c5-ab34-47d7-a9ec-155b75d584dd (56983 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10044\66076066-8968-4cff-8baf-3013e33672d5 (172915 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10000\810df9da-fa6e-4327-9b11-88e738dc8833 (56983 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Exent\GI20160402080905GMT.Log (28 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\207B9FD92391B9B2A60A89B4C965D5DF (588 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\SDM_DB_143.xml (1226 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\D41693DAFE5DEF0C36959FF1FCEF5C96 (308 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\Location_extractor_654250.exe (327251 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Exent\DACC10000\ab8b2c37-22fb-4040-b117-85e02e49544e (56983 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\SDMLog.log (5592558 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SDM143\EXEtender_Default.exe (92241 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\_uninsdm.bat (175 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\dl670f.rra (7 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\MyGa7066.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\skin_events\Skin6eff.rra (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\_IsR5d7a.rra (8474 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Skin64ed.rra (30 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_66d1.rra (27 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_s6fca.rra (12 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6692.rra (15 bytes)
    %Program Files%\Free Ride Games\glut6450.rra (2712 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\bgTo6b26.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\bann6b84.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\erro6e14.rra (8 bytes)
    %Program Files%\Free Ride Games\Skins\000005\mask\play70a5.rra (144 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_e6f7d.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6654.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\repl6c7e.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\errS6838.rra (6 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\load6d49.rra (6 bytes)
    %Program Files%\Free Ride Games\X7Ex648f.rra (20620 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\load6d3a.rra (2334 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\laun6cbd.rra (6 bytes)
    %Program Files%\Free Ride Games\Game6402.rra (64414 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\skip71bf.rra (3 bytes)
    %Program Files%\Free Ride Games\exs63d3.rra (828 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\Most6932.rra (7308 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\play6cdc.rra (6 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\chan6cfb.rra (4 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\dela6de5.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\FRGL7018.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\jque6e43.rra (16 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\play6ea1.rra (729 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\genr6c5f.rra (4456 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_65c7.rra (5 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\clos6cad.rra (247 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_u6fd9.rra (7 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\erro6829.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6673.rra (10 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd679c.rra (5 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\game6d2a.rra (4 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd67cb.rra (2336 bytes)
    %Documents and Settings%\All Users\Application Data\Free Ride Games\Exen7a78.rra (10160 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\load6ccc.rra (17 bytes)
    %Program Files%\Free Ride Games\d3dx7316.rra (32512 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\mg_i6e72.rra (21 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\adGa67ea.rra (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\lice5cde.rra (2334 bytes)
    %Program Files%\Free Ride Games\Skins\000005\GameInfoDefault\Thum650c.rra (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\lice5cce.rra (9 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\key_6e62.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dial68e4.rra (1 bytes)
    %Program Files%\InstallShield Installation Information\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}\layo627c.rra (417 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\flas6e34.rra (19 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_655a.rra (15 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\bann6ba3.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\yesn6ed0.rra (3 bytes)
    %Documents and Settings%\All Users\Application Data\Free Ride Games\Setu7ac6.rra (1568 bytes)
    %Program Files%\Free Ride Games\Skins\000005\dat\GPlrLanc.dat (22 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\layo6923.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6606.rra (14 bytes)
    %Documents and Settings%\All Users\Application Data\Free Ride Games\setu7ad6.rra (2 bytes)
    %Program Files%\Free Ride Games\cmhe63b4.rra (6134 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\YUI\anim6f1e.rra (13 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6625.rra (12 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\bgRi6b17.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\fram6e43.rra (14 bytes)
    %Program Files%\Free Ride Games\EXEt64cd.rra (8 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\chk_6a0d.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\auto67fa.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\FRGL7037.rra (34 bytes)
    %Program Files%\Free Ride Games\EXEt6366.rra (4 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\chk_69fd.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\dial6819.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\more6aa9.rra (3 bytes)
    %Program Files%\Free Ride Games\exs63e3.rra (24854 bytes)
    %Program Files%\Free Ride Games\X7XS64ae.rra (2334 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\lice5ca0.rra (29 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\skip71cd.rra (6 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\post6858.rra (389 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\bott6b26.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\upda71dd.rra (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\lice5cfd.rra (23 bytes)
    %Program Files%\Free Ride Games\Skins\000005\mask\erro7095.rra (144 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\sign6eb1.rra (4 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\upda71de.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\pinb71ae.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\subm6ad8.rra (2 bytes)
    %Program Files%\Common Files\InstallShield\Engine\6\Intel 32\core5a0f.rra (28 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\smal6c7e.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\mask\logi7095.rra (96 bytes)
    %Program Files%\Free Ride Games\GUpd63c4.rra (2334 bytes)
    %Program Files%\Free Ride Games\glut648f.rra (2712 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\GATr68f4.rra (2326 bytes)
    %Program Files%\Free Ride Games\X6XS647f.rra (1568 bytes)
    %Documents and Settings%\All Users\Application Data\Free Ride Games\iker7aa7.rra (6720 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\logi6848.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\Tray64cd.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\yesn6877.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6664.rra (4 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\back70f3.rra (12 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_65a8.rra (7 bytes)
    %Program Files%\Free Ride Games\X6Ex6470.rra (9120 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6579.rra (6 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\ok_16ab9.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\clos7131.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\drop6e05.rra (6 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\bott6b36.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\load6b46.rra (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\defa5d5b.rra (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\setu5c80.rra (7384 bytes)
    %Documents and Settings%\All Users\Application Data\Free Ride Games\layo7ac6.rra (417 bytes)
    %Documents and Settings%\All Users\Start Menu\Free Ride Games.lnk (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\YUI\auto6f2e.rra (37 bytes)
    %Program Files%\Free Ride Games\X4Ex62aa.rra (16732 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\drop6d1a.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\spla6877.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\mikado_font\2DCC6886.rra (6648 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\clos7122.rra (1 bytes)
    %Program Files%\Free Ride Games\X363b4.rra (6 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\Chec7112.rra (1264 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\play6e82.rra (21802 bytes)
    %Program Files%\Free Ride Games\Clie6366.rra (395 bytes)
    %Program Files%\Free Ride Games\X5XS64ae.rra (1568 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Langs\0409\Stri7085.rra (11940 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\eror68e4.rra (8 bytes)
    %Program Files%\Free Ride Games\Skins\000005\GameInfoDefault\spla64fc.rra (27 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\gplayer\gpla66e1.rra (3404 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\comm6809.rra (92 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd67ac.rra (9 bytes)
    %Program Files%\Free Ride Games\Skins\000005\sound\Popu721c.rra (2334 bytes)
    %Program Files%\InstallShield Installation Information\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}\Setup.ini (12 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd674e.rra (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\59b2.rra (7560 bytes)
    %Program Files%\Free Ride Games\wh_P63d3.rra (4456 bytes)
    %Program Files%\Free Ride Games\glut6441.rra (4314 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\isrt5d3c.rra (11940 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\Chan6fd9.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\canc69cf.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\logo6923.rra (18 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_e6f8b.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\ok_26ac9.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\sear6d97.rra (10 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\devi6d0b.rra (1 bytes)
    %Program Files%\Free Ride Games\npEx72f6.rra (8474 bytes)
    %Program Files%\Free Ride Games\Skins\000005\mask\upda70b4.rra (1 bytes)
    %Program Files%\Free Ride Games\repo6366.rra (292 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\lice5caf.rra (9 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\MyDo7056.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\NIBmps\NetI70d3.rra (630 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\clie6dd6.rra (581 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\errS6c20.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\NIBmps\NetI70c4.rra (1890 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd675e.rra (10 bytes)
    %Program Files%\Free Ride Games\glut741f.rra (2712 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\og_i6e82.rra (625 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\Exit6fe9.rra (17 bytes)
    %Program Files%\Free Ride Games\DoDl63e3.rra (6134 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\pft6.tmp\setup.log (139 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\FRGL7008.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\pinb71a0.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\canc69de.rra (1 bytes)
    %Documents and Settings%\All Users\Application Data\Free Ride Games\Exen723b.rra (10160 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\swit6ec0.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\stil6cfb.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\YUI\data6f3d.rra (31 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\bgLe6b07.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\clos6a3c.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\main6d59.rra (25 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6589.rra (23 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\skin6867.rra (10 bytes)
    %Program Files%\Free Ride Games\npGa7335.rra (51622 bytes)
    %Program Files%\Free Ride Games\Skins\000005\GameInfoDefault\Game64fc.rra (12 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\errS6c40.rra (29 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\mikado_font\2DCC68b5.rra (6648 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_65d7.rra (7 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\dl_i6df5.rra (32 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\FRGL6fe9.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_656a.rra (15 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\tabs6dc6.rra (6 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\mikado_font\2DCC68d5.rra (2326 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\upda71ed.rra (6 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\FRGL6ffa.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\topL6b74.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd67db.rra (7 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\ap_c652b.rra (2334 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\bann6bd2.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\logi655a.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\skin_events\Skin6f0e.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\pinb718f.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\Subs6db7.rra (12 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\preR6eb1.rra (14 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\repl6c6e.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\GPlr7047.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\Thum6b65.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\FRGL7009.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\clos6c9d.rra (483 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\ad6700.rra (697 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6598.rra (13 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\FRGL6ff9.rra (34 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\conf6de5.rra (585 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd673e.rra (8 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_65f6.rra (16 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\sear6da7.rra (6 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\mikado_font\2DCC6896.rra (2334 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\clos6c11.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\invi6cbd.rra (262 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\gplayer\gpla6700.rra (16 bytes)
    %Documents and Settings%\All Users\Application Data\Free Ride Games\setu7b05.rra (90 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\pb6961.rra (8 bytes)
    %Program Files%\Free Ride Games\X8Ex6450.rra (16732 bytes)
    %Documents and Settings%\All Users\Application Data\Free Ride Games\data79bd.rra (171356 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\help6a6b.rra (3 bytes)
    %Program Files%\Free Ride Games\AX326347.rra (3404 bytes)
    %Program Files%\Free Ride Games\GPlr6385.rra (18290 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_65b8.rra (4 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\effe6c11.rra (7 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\logi6be2.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_66c1.rra (15 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_d6f5c.rra (22 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\ap_m653b.rra (24 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\clos7123.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\canc69ee.rra (2 bytes)
    %Program Files%\Free Ride Games\ProviderComponents.ini (671 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd67bb.rra (7 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\post6ea1.rra (4 bytes)
    %Program Files%\Free Ride Games\NPGa7373.rra (10 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\bgBo6b07.rra (1 bytes)
    %Documents and Settings%\All Users\Desktop\More FREE games.lnk (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_g6fab.rra (9 bytes)
    %Program Files%\InstallShield Installation Information\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}\setu628b.rra (7384 bytes)
    %Program Files%\Common Files\InstallShield\Engine\6\Intel 32\iuse5a6d.rra (6134 bytes)
    %Program Files%\Free Ride Games\exs.ini (10726 bytes)
    %Program Files%\Free Ride Games\GPla62d9.rra (154846 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\gmt\cls_66e1.rra (10 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\yesb720c.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\fram6838.rra (5 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\IAF7056.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\ap_p654a.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\pinb719f.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\skin_events\PreR6eef.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\bann6bc3.rra (1 bytes)
    %Program Files%\InstallShield Installation Information\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}\Setu628b.rra (1570 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\butt68d5.rra (7 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\GPla7047.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_i6fab.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd678c.rra (6 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6644.rra (8 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_e6f7c.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\logo6b55.rra (8 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\AC_R6dd6.rra (8 bytes)
    %Program Files%\Free Ride Games\Skins\000005\mask\logi70a5.rra (48 bytes)
    %Program Files%\Free Ride Games\report.ini (140 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\nobu7141.rra (9 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\debu654a.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\og_i6858.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\yesb71fc.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\jque6e53.rra (3404 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\subm6ae8.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\hide6a8a.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\yesb71fd.rra (6 bytes)
    %Program Files%\Free Ride Games\myGa64dd.rra (2334 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd676d.rra (7 bytes)
    %Documents and Settings%\All Users\Desktop\Play Free Games.lnk (1 bytes)
    %Program Files%\Free Ride Games\FRGN64dd.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\skin_events\Post6edf.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\errS6c4f.rra (988 bytes)
    %Program Files%\Free Ride Games\GUpd63b4.rra (3404 bytes)
    %WinDir%\GPlrLanc.dat (64 bytes)
    %Program Files%\Free Ride Games\Clie63d3.rra (262 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6615.rra (10 bytes)
    %Documents and Settings%\All Users\Application Data\Free Ride Games\setu7ae6.rra (7384 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\mg671f.rra (8 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\MyGa6942.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\Serv6fe9.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Langs\0409\EXEt7085.rra (843 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\ok_06ab9.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\myGa6952.rra (2356 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\logi6bf1.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\bann6b94.rra (4 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\Sett7076.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\Onli7066.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\mg_i6848.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\ap_a652b.rra (3404 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\retr6b65.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_g6f9b.rra (8 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\Thum69af.rra (6 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\pinb717f.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\spac6971.rra (49 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\FRGL7019.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd677d.rra (8 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\drop6d2a.rra (181 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\help6a5b.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\stil6ceb.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\play6ccc.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\skip71be.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\ap_d653b.rra (10 bytes)
    %WinDir%\Downloaded Program Files\Exen722b.rra (18290 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6683.rra (9 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\adGa67fa.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\flas6e24.rra (4 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Conn650c.rra (296 bytes)
    %Program Files%\InstallShield Installation Information\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}\data627c.rra (11728 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\Subs6da7.rra (6 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\bann6bb3.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\more6a9a.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\clos6a5b.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\chk_6a1d.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\defa670f.rra (2 bytes)
    %WinDir%\FRGN7b05.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\MyGa6932.rra (8752 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\OffL651b.rra (396 bytes)
    %Program Files%\Free Ride Games\AppL6395.rra (33818 bytes)
    %Program Files%\Free Ride Games\lice6395.rra (13 bytes)
    %Program Files%\Free Ride Games\Skins\000005\NIBmps\NetI70b4.rra (1260 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\buy_69bf.rra (1 bytes)
    %Program Files%\Free Ride Games\Repo6356.rra (22774 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_a6f4d.rra (6 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_e6f6c.rra (9 bytes)
    %WinDir%\Exen64be.rra (2334 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\genr6c4f.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\YUI\yaho6f4d.rra (2334 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_l6fba.rra (8 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\flas6b46.rra (4 bytes)
    %Program Files%\Common Files\InstallShield\IScript\iscr5abb.rra (7348 bytes)
    %Program Files%\Free Ride Games\Data\vers63d3.rra (4 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\load6b55.rra (15 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\errS6e24.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_m6fba.rra (18 bytes)
    %Program Files%\Free Ride Games\Cras63c4.rra (7348 bytes)
    %Program Files%\Free Ride Games\X4HS62ca.rra (2334 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\atta6af7.rra (4 bytes)
    %Documents and Settings%\All Users\Application Data\Free Ride Games\exs7a88.rra (12280 bytes)
    %Documents and Settings%\All Users\Application Data\Free Ride Games\setu7af5.rra (169 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\erro6e05.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\logi6e72.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pl\pl_o6fca.rra (6 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\canc7102.rra (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\lice5ccf.rra (9 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\gplayer\gpla66f0.rra (961 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_6635.rra (25 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\masks\play6c01.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Sett64ed.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\MinC6d59.rra (4 bytes)
    %Documents and Settings%\All Users\Application Data\Free Ride Games\FRGN7aa7.rra (17 bytes)
    %Program Files%\Free Ride Games\Game6376.rra (4456 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\nobu7131.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\spla6ec0.rra (2 bytes)
    %Program Files%\Free Ride Games\X5Ex649e.rra (11328 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\dott6d1a.rra (35 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\genr6c6e.rra (5 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\postroll\errS6c30.rra (996 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\layo6903.rra (3 bytes)
    %Program Files%\Common Files\InstallShield\Engine\6\Intel 32\ctor5a1f.rra (3404 bytes)
    %Program Files%\Free Ride Games\Skins\000005\dat\GPlr64ed.rra (5 bytes)
    %Program Files%\Free Ride Games\Skins\000005\icon\Help7047.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\dialogBox\topR6b74.rra (1 bytes)
    %Program Files%\Free Ride Games\ExentComponents.ini (31433 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd67ea.rra (16 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\pids671f.rra (58 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\layo6913.rra (1 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\skinUI\logo6d49.rra (17 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\preRoll\clos6c8e.rra (376 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\hide6a7a.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\GameInfoDefault\md64fc.rra (383 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\chk_6a2c.rra (2 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\mikado_font\2DCC68a6.rra (2326 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\lice5cee.rra (8 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\icon6903.rra (8 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Exent\classes\cls_66b2.rra (5 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\mikado_font\2DCC68c5.rra (2334 bytes)
    %Documents and Settings%\All Users\Application Data\Free Ride Games\data79ad.rra (10160 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\json6e53.rra (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}\valu5d2c.rra (4 bytes)
    %Program Files%\Common Files\InstallShield\Engine\6\Intel 32\obje5a4e.rra (798 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\canc70f3.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\Popups\1\canc70f4.rra (3 bytes)
    %Program Files%\Free Ride Games\X8XS6470.rra (2334 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\trac6ed0.rra (10 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\css\dl_i6819.rra (3 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\js\skin_events\spec6f1e.rra (807 bytes)
    %Program Files%\Free Ride Games\Skins\000005\NIBmps\Thum70d3.rra (5 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\prvd672f.rra (11 bytes)
    %Program Files%\Free Ride Games\Skins\000005\html\Skin\Provider\img\btn\clos6a4c.rra (1 bytes)
    

    4. 

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "DependencyCheck" = "Performed"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "Exent_SDM" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\SDM143\Free Ride Games.exe l 'Startup' u 'http://www.freeridegames.com/spdo/feeds/sdmConfig?camp=silent&serial_id=%s&serviceId=143&gameId=%d' p '143' c '654250' m playfincom"

    [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
    "Exetender" = "%Program Files%\Free Ride Games\GPlayer.exe /runonstartup"

    [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Exetender" = "%Program Files%\Free Ride Games\GPlayer.exe /runonstartup"

    [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
    "Exetender" = "%Program Files%\Free Ride Games\GPlayer.exe /runonstartup"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "Exetender" = "%Program Files%\Free Ride Games\GPlayer.exe /runonstartup"
    

    5. 

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    6. 

  6. Reboot the computer.
    7. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now