Trojan.Win32.Swrort.3_1b471d9336

by malwarelabrobot on June 13th, 2014 in Malware Descriptions.

Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 1b471d9336e2aa89bdfad0d3f7272c0d
SHA1: d2b0e8ed6307563f1aee3d1233e78fe99a9f9949
SHA256: deaee52952013375c348aa02383da25362f38a4dd211f16140886ee670855e01
SSDeep: 6144:VPlCs9GWBpXBboisJmXarqX517s2C1mx7OE1nUZIbAxxj4AIhz7:Vt/1bBbfzgo7y1mx7szEAs/
Size: 443264 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2013-11-19 22:58:43
Analyzed on: WindowsAda SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

{8D12E9E7-52C6-4306-997F-81BC3953D8CE}.exe:2428
AppIntegrator.exe:3788
AppIntegrator.exe:2988
chrome.exe:2120
chrome.exe:492
chrome.exe:3796
chrome.exe:2996
chrome.exe:4032
chrome.exe:3972
chrome.exe:3704
chrome.exe:208
chrome.exe:3268
chrome.exe:2260
chrome.exe:3896
chrome.exe:4028
TPIManagerConsole.exe:2000
%original file name%.exe:2704
7lbarsvc.exe:2964
7lbarsvc.exe:2504
7lbarsvc.exe:2932
7lsrchmn.exe:732
mscorsvw.exe:1580
00000ae4T8SETUP.EXE:1088
CursorManiaSetup.exe:2788
{0059BF96-494D-4635-B0DE-1CF697754AD6}.exe:2688
rundll32.exe:3704
rundll32.exe:2856
7lHighIn.exe:2308
msfeedssync.exe:2080
7lbrmon.exe:1916
irsetup.exe:2992
irsetup.exe:1740
UPDATER.EXE:3056

The Trojan injects its code into the following process(es):

chrome.exe:1528
chrome.exe:2756
chrome.exe:428
chrome.exe:484
firefox.exe:2692
iexplore.exe:2052

File activity

The process {8D12E9E7-52C6-4306-997F-81BC3953D8CE}.exe:2428 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (325 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7386 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (0 bytes)

The process chrome.exe:428 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\README (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\databases\Databases.db-journal (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist_new (9008 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data (30524 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\33.tmp (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_WHVktB7wAtDwyTp (136 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist_new (2888 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000019.log (551 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG (475 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000017 (369 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG (479 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_2 (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_3 (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_0 (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_1 (208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2D.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001 (41 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000002 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000028 (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000027 (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000026 (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000025 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000024 (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000023 (41 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000022 (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000021 (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000020 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gchljcfaonjffjifnjlcalnhgdmjckhg_0.localstorage (6365 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG (479 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000018.ldb (349 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon19on.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\Cookies (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_AdBp4tDOrhQ3tYd (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\QuotaManager-journal (5102 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\2E.tmp (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\gchljcfaonjffjifnjlcalnhgdmjckhg_64242.crx:Zone.Identifier (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\2B.tmp (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links (900 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000019.log (476 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\34.tmp (676 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal (15509 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons (6076 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000015.log (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History (8724 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gchljcfaonjffjifnjlcalnhgdmjckhg_0.localstorage-journal (9630 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon128.png (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2F.tmp (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000017.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000013 (127 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites-journal (11700 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000002.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\32.tmp (805 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\gchljcfaonjffjifnjlcalnhgdmjckhg_64242.crx (7726 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\31.tmp (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_fQJ7zFXlNHPzTn8 (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\QuotaManager (3911 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\WEB DATA-JOURNAL (29470 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cursormania.dl.tb.ask.com_0.localstorage (443 bytes)
%Documents and Settings%\%current user%\My Documents\Downloads\gchljcfaonjffjifnjlcalnhgdmjckhg_64242.crx:Zone.Identifier (26 bytes)
%Documents and Settings%\%current user%\My Documents\Downloads\gchljcfaonjffjifnjlcalnhgdmjckhg_64242 (1).crx (69561 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000013.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_DHQLILmbDehLCgV (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set (3804 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_g8OTJEeeI5yT1kh (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing IP Blacklist_new (296 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session (10985 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom_new (558935 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies (736 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist_new (34048 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts (2316 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal (15992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\manifest.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal (17886 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000017.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon48.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\index (736 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal (4332 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cursormania.dl.tb.ask.com_0.localstorage-journal (5106 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000017 (422 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\TOP SITES (4272 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000018.ldb (353 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\Cookies-journal (6393 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal (4533 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\35.tmp (805 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\databases\Databases.db (1017 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2A.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_huY0p4rphp9S5AD (1074 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_3 (3576 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_2 (10392 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_1 (126544 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_0 (377020 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download_new (254176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon16.png (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal (9778 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2C.tmp (723 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000003.log (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies (19042 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\gchljcfaonjffjifnjlcalnhgdmjckhg_64242.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\chrome_shutdown_ms.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT~RF144fc4.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RF147648.TMP (0 bytes)
%Documents and Settings%\%current user%\My Documents\Downloads\gchljcfaonjffjifnjlcalnhgdmjckhg_64242.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NLJ2BW4Z\macromedia.com\support\flashplayer\sys\settings.sol (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG.old~RF1460fa.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RF14aa38.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000015.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon48.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT~RF146437.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\index (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000013 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RF14dd2f.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENT~RF1459b7.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_428_18803 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RF15046e.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF1458ec.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_2 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_3 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon19on.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000015.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000013 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RF149dd5.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Session (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000012.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000020 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2A.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000010 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\CURRENT~RF146129.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RF1560f6.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.old~RF146408.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RF173c0f.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences~RF1476b5.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Local State~RF14d129.TMP (0 bytes)

The process chrome.exe:3704 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\radio\radio-widget.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\js\__utm.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\html\menuframe.html (956 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\radio\js\radio-custom.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\exePackageManager.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedscript\html\embedScriptTemplate.html (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\radio\background\RadioWidget.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\defaultSearchModalInjector.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\radio\css\toolbar-item.css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\weather\weatherButton.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\js\underscore-1.3.1.min.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\defaultSearchModal.html (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\tvf_btn_ok.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedhtml\js\embedHtmlUI.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\js\query-string.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\config.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\contentScript.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\contentScript.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\topapps\css\widget.css (610 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\api\window\widgetWindow.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\shared\unifiedLogging.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\reservespacefortoolbar.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\shared\universalConsole.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\js\newtabfork.js (841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221335932.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\api\window\hiddenWidgetWindow.html (557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\search_button.png (844 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\radio\css\radio-widget.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\common\list-interaction.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221335957.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\tvf_restart_icon.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\images\right_arrow.png (963 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\common\set.js (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\globalBlacklistManager.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\exeManager.js (789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\jquery-1.7.1.min.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\plugins\7lChromePlugIn.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\messaging.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\rss\rssWidget.html (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\adapter\widget-adapter.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\weather\css\weatherButton.css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\scriptInjector.js (819 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\weather\background\weatherButton.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\search\html\searchSuggestions.css (889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\common\jquery-1.7.1.min.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\list-interaction.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\radio\js\radio-parser.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\adapter\adapterUtil.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\flare\background\FlareWidget.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widget-context-1.0.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\flare\icons\Thumbs.db (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\radio\js\radio-widget.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\radio\radioWrapper\radioWrapper.html (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedscript\html\innerEmbedScriptTemplate.html (996 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\tvf_logo.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\PartnerId.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221336014.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\background\updateSearchPromptBg.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\searchContext.js (758 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\common\common.js (251 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\RadioPlayerSprite.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\search\html\searchSuggestions.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\toolbar.html (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\shared\utils.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\topapps\widget.html (727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\08_buttons2.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\js\jquery-1.7.1.min.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\blacklistService.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\uninstall\background\uninstallButton.js (716 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\resource.xml (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221335934.png (769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\resource.json (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon19on.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\dynamic.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\options.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221336046.png (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\rss\js\rss-widget-custom.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\html\supertab.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\buildVars.js (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\tvf_restart_alert_icon.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\07_buttons2.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\underscore-1.3.1.min.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedscript\js\embedScriptUI.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedscript\background\embedScriptWidget.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\radio\js\radio-widget-ui.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\options.js (684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\URILoaderContentScript.js (271 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\underscore-1.5.2.min.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\rss\js\rss-widget-parse.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedhtml\background\embedHtmlWidget.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\background\updateSearch.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\thirdparty\background\thirdPartyWidget.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedhtml\html\innerEmbedHtmlTemplate.html (420 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\generic\background\GenericWidget.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\newTabInfo.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\wrench.png (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\widgetWindowManager.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\DECODED_IMAGES (77 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\alert\background\alertButton.js (584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\api\background\ApiBasedWidget.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\background\menuButton.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\eventListening.js (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon128.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\README.txt (227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\navRedirector.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\weather\js\weather.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\qunit.css (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\search\html\searchSuggestions.html (811 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\IDR_WEBSTORE_ICON.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\css\supertab.css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\api\window\hiddenWidgetWindowInit.js (353 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\toolbar.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\testWidget.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\topapps\js\widget.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\js\reporting.js (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\rss\background\RssWidget.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\initWidgetWindow.js (802 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon19disabled.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\updateSearchPromptFg.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\enableDetect.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\set.js (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\search\background\searchBox.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\superFrame.js (745 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\js\unifiedLogging.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\common\underscore-1.3.1.min.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\js\srchsugg.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\testWidget.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\radio\radioWrapper\radioWrapper.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221770541.png (645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedhtml\html\embedHtmlTemplate.html (531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\api\window\widgetWindow.html (788 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\mutation_summary.js (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\toolbarUI.html (876 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\toolbarUI.css (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\chromeUtils.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\shared\rsvp-latest.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\tvf_icon_guide.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\Widget.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\moviereviews\html\movieReviews.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\extension_toolbar_api.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\rss\js\rss-widget.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\down_arrow.png (959 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\global.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221335983.png (936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\common\eventListening.js (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\link\background\linkButton.js (697 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\tb_icon_search_disappearing_ask.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\api\window\hiddenWidgetWindow.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\toolbarPreinit.js (113 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\defaultSearchModalInjector.css (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\manifest.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\abstractbutton\background\abstractButton.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\magnifying_glass.png (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\reservespaceifenabled.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\paramReplacer.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon48.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\plugins\SearchControl.dll (59304 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\tvf_btn_ok2.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\toolbarCookieParser.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\js\menuframe.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\toolbarUI.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\jquery.js (15336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\moviereviews\background\MovieReviewsWidget.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\moviereviews\js\movieReviews.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\IDR_PRODUCT_LOGO_16.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\focusManager.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\flare\icons\Icon_Flare_pink.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\search\html\searchSuggestionsInit.js (548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\messageEventListener.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\readLocalStorage.js (339 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\arrowSprite.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\topapps\js\topapps-config.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\qunit.js (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\mutation_summary-min.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\unifiedLogging.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\underscore-1.3.1.min.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\common.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\radio\foreground\button.js (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\flare\icons\Icon_Flare_blue.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\moviereviews\css\movieReviews.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon16.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\widgetFactory.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\invalid.json (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221336063.png (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\images\right_arrow_white.png (962 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\css\menuframe.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\plugins\Verify.dll (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\js\supertab.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\plugins\EXEManager.dll (31256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\api\background\widget-api-impl.js (776 bytes)

The process chrome.exe:3268 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\gch30.tmp\T8SQL.DLL (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\E9UY92VW\manifest[1].json (1187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gch30.tmp\searchupdater (1752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AAE8OMVS\manifest.json[3].sig (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gchljcfaonjffjifnjlcalnhgdmjckhg\8.27.3.62908_0\plugins\searchupdater (84 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gch30.tmp\SQLITE3.DLL (1770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gch30.tmp\UPDATER.EXE (254 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AAE8OMVS\manifest[1].json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gch30.tmp (0 bytes)

The process chrome.exe:484 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NLJ2BW4Z\macromedia.com\support\flashplayer\sys\settings.sxx (3058 bytes)

The process TPIManagerConsole.exe:2000 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\D4F348B882DF3F205ECCB6243795CB3A (200 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\{0059BF96-494D-4635-B0DE-1CF697754AD6}.exe (602400 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\{8D12E9E7-52C6-4306-997F-81BC3953D8CE}.exe (599075 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\D4F348B882DF3F205ECCB6243795CB3A (554 bytes)

The Trojan deletes the following file(s):

%Program Files%\CursorMania_7l\bar\1.bin\{8D12E9E7-52C6-4306-997F-81BC3953D8CE}.exe (0 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\{0059BF96-494D-4635-B0DE-1CF697754AD6}.exe (0 bytes)

The process %original file name%.exe:2704 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\CursorMania_7lEI\Installr\1.bin\NP7lEISb.dll (1568 bytes)
%Program Files%\CursorMania_7lEI\Installr\1.bin\7lEZSETP.dl_ (300 bytes)
%Program Files%\CursorMania_7lEI\Installr\1.bin\7lEIPlug.dl_ (45 bytes)
%Program Files%\CursorMania_7lEI\Installr\1.bin\NP7lEISb.dl_ (40 bytes)
%Program Files%\CursorMania_7lEI\Installr\1.bin\7lEZSETP.dll (14400 bytes)
%Program Files%\CursorMania_7lEI\Installr\1.bin\7lEIPlug.dll (2104 bytes)

The Trojan deletes the following file(s):

%Program Files%\CursorMania_7lEI\Installr\1.bin\7lEIPlug.dl_ (0 bytes)
%Program Files%\CursorMania_7lEI\Installr\1.bin\NP7lEISb.dl_ (0 bytes)
%Program Files%\CursorMania_7lEI\Installr\1.bin\7lEZSETP.dl_ (0 bytes)

The process 00000ae4T8SETUP.EXE:1088 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\CursorMania_7l\bar\IE9Mesg\COMMON.T8S (1727 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lbrmon.exe (61 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lieovr.dll (73 bytes)
%Program Files%\CursorMania_7l\bar\gen1\COMMON.T8S (1 bytes)
%Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\INSTALL.RDF (2 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lreghk.dll (75 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lskin.dll (202 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\DPNMNGR.DLL (289 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lSrcAs.dll (139 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\ASSISTMONITOR.DLL (303 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\CrExtP7l.exe (7972 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\T8EPMSUP.DLL (77 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lbprtct.dll (115 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lskplay.exe (55 bytes)
%Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (220 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lidle.dll (61 bytes)
%Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (220 bytes)
%System%\config\SYSTEM.LOG (9033 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (2616 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\T8EXTEX.DLL (98 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lhttpct.dll (144 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML (491 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\EXEMANAGER.DLL (1767 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\ASSISTMONITOR64.DLL (1633 bytes)
%System%\config\SOFTWARE.LOG (60644 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lauxstb64.dll (65 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lfeedmg.dll (139 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\NP7lStub.dll (48 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lbarsvc.exe (88 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lregiet.dll (83 bytes)
%Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7ldatact.dll (160 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\TPIMANAGERCONSOLE.EXE (78 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\AppIntegrator64.exe (1766 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\CHROME.MANIFEST (1 bytes)
%System%\config\system (5721 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7ldlghk64.dll (119 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\APPINTEGRATOR.EXE (1702 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lbrstub.dll (63 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\CREXT.DLL (7386 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lSrchMn.exe (55 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL (15 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lregfft.dll (81 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lscript.dll (100 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\T8TICKER.DLL (168 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lbrstub64.dll (74 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lhighin.exe (12 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\chrome\7lffxtbr.jar (1829 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\T8HTML.DLL (188 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\BOOTSTRAP.JS (20 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (13376 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\T8RES.DLL (196 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7ltpinst.dll (179 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lradio.dll (210 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7ldlghk.dll (101 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\LOGO.BMP (10 bytes)
C:\$Directory (200 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE (206 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lPlugin.dll (108 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\AppIntegratorStub64.dll (290 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lbar.dll (6313 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (3964 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\VERIFY.DLL (66 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL (17 bytes)
%System%\config\software (50252 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\installKeys.js (216 bytes)
%Program Files%\CursorMania_7l\bar\Settings\s_pid.dat (34 bytes)
%Program Files%\CursorMania_7l\bar\Message\COMMON.T8S (103 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lhkstub.dll (59 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lmlbtn.dll (96 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lsrchmr.dll (83 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT (12744 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\T8EXTPEX.DLL (104 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\FF-NativeMessagingDispatcher.dll (250 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lauxstb.dll (55 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lbrmon64.exe (71 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\APPINTEGRATORSTUB.DLL (250 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lmedint.exe (12 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\UNIFIEDLOGGING.DLL (316 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\Hpg64.dll (1719 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lhtmlmu.dll (202 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions.ini (0 bytes)

The process firefox.exe:2692 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\permissions.sqlite (25600 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-malware-shavar.sbstore (6722 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-malware-shavar-1.cache (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_7RJmlxTg9VdwBhs (540 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\D236B74794790D9923905972356B8BEC (224 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\downloads.json.tmp (602 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\install.rdf (1 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\healthreport.sqlite-wal (35472 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\sessionCheckpoints.json.tmp (143 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\permissions.sqlite-journal (28800 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-malware-simple-1.cache (80 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\plugins\EXEManager.dll (4752 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\searchplugins\ask-web-search-1.xml (341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AAE8OMVS\manifest.json[1].sig (753 bytes)
%Documents and Settings%\%current user%\My Documents\Downloads\CursorManiaSetup.exe.part (16756 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\_CACHE_001_ (46456 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\search.json.tmp (59 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\pluginreg.dat.tmp (13774 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-malware-shavar-1.sbstore (24808 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-phish-simple.pset (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X33TH0UP\manifest.json[2].sig (753 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\addons.json.tmp (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\2\BE\7B900d01 (8474 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-malware-shavar.pset (8958 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\storage\persistent\moz-safe-about home\idb\818200132aebmoouht.sqlite-journal (10155 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\prefs-1.js (1464 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-malware-simple.pset (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WJYHCPG4\manifest.json[2].sig (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-phish-simple.cache (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\3\38\2B5F5d01 (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\_CACHE_002_ (10112 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\F\95\9139Cd01 (895 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\chrome\7lffxtbr.jar (3696 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-phish-shavar.cache (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\7\4D\57E2Fd01 (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\startupCache\startupCache.4.little (70866 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\META-INF\manifest.mf (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-phish-shavar-1.cache (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\thumbnails\c9fd8f26c8cc1671f79c62083c1a164f.png.tmp (149 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\E\93\D9D5Ed02 (8099 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\F\F5\E7112d01 (28041 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\E\AA\FDAD8d01 (523 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions.json.tmp (4 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\cert8.db (4924 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\plugins\Verify.dll (1568 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\_CACHE_003_ (13963 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\A\CD\D40D7d01 (4023 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-malware-simple.sbstore (464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AAE8OMVS\manifest[1].json (1187 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-malware-shavar.cache (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\C\CC\85BDFd01 (51988 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\healthreport.sqlite (6094 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-phish-simple-1.sbstore (412 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-phish-simple-1.cache (80 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\META-INF\zigbert.rsa (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pR3lOtCs.exe.part (18485 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\install_no_bootstrap.rdf (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_vyXSGeMQOGYhd1o (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\3\83\A81A8d01 (5458 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-malware-simple-1.sbstore (412 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\localstore-1.rdf (5 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\cookies.sqlite (57888 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\B\83\D8E62d01 (1731 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\META-INF\zigbert.sf (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\E9UY92VW\manifest.json[2].sig (753 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\_CACHE_MAP_ (280 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\sessionstore.js.tmp (4 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\7lffxtbr@CursorMania_7l.com\install_old.rdf (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WJYHCPG4\manifest.json[1].sig (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-malware-simple.cache (88 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\storage\persistent\moz-safe-about home\idb\818200132aebmoouht.sqlite (5976 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp-rnc.xpi (253766 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\D236B74794790D9923905972356B8BEC (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X33TH0UP\manifest.json[3].sig (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-phish-shavar.pset (6767 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\cookies.sqlite-wal (357600 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\_CACHE_CLEAN_ (30 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\compatibility.ini (361 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\E\A3\A440Ad01 (845 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-phish-simple.sbstore (464 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-phish-shavar.sbstore (2562 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AAE8OMVS\manifest.json[2].sig (753 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\CursorMania_7l\119C6B41-CF2E-4DFF-A692-17BCF08918F4.sqlite (3241 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\places.sqlite (91458 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\F\D1\B7589d01 (242125 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\search-metadata.json.tmp (279 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\E9UY92VW\manifest.json[1].sig (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\3\05\14225d01 (595 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\CursorMania_7l\119C6B41-CF2E-4DFF-A692-17BCF08918F4.sqlite-journal (528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X33TH0UP\manifest.json[1].sig (753 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\bootstrap.js (20 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\chrome.manifest (332 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-phish-shavar-1.sbstore (19553 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\B\89\1E7A7d01 (747 bytes)
%Documents and Settings%\%current user%\My Documents\Downloads\CursorManiaSetup.exe:Zone.Identifier (26 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\webapps\webapps.json.tmp (2 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\places.sqlite-wal (130768 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\webappsstore.sqlite-wal (2668 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete (8 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\plugins\NativeMessagingDispatcher.dll (4376 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\chrome (0 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\META-INF (0 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\storage\persistent\moz-safe-about home\idb\818200132aebmoouht.sqlite-journal (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete\goog-phish-shavar.pset (0 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\CursorMania_7l\119C6B41-CF2E-4DFF-A692-17BCF08918F4.sqlite-journal (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete\test-malware-simple.cache (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete\goog-malware-shavar.sbstore (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete\test-phish-simple.pset (0 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\downloads.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\permissions.sqlite-journal (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\startupCache\startupCache.4.little (0 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\trash (0 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged (0 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\plugins (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete\test-malware-simple.sbstore (0 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete\test-malware-simple.pset (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete\goog-malware-shavar.pset (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete\goog-phish-shavar.cache (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete\test-phish-simple.sbstore (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete\test-phish-simple.cache (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete\goog-phish-shavar.sbstore (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp-rnc.xpi (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete\goog-malware-shavar.cache (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\startupCache (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pR3lOtCs.exe (0 bytes)

The process CursorManiaSetup.exe:2788 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\00000ae4T8SETUP.EXE (212337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00000ae4T8SETUP.EX_ (42363 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\00000ae4T8SETUP.EXE (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00000ae4T8SETUP.EX_ (0 bytes)

The process {0059BF96-494D-4635-B0DE-1CF697754AD6}.exe:2688 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (325 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7386 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (0 bytes)

The process rundll32.exe:3704 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (129 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
%Program Files%\CursorMania_7lEI\Installr\Cache\00137D90.exe (663471 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (220 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (208 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
%Program Files%\CursorMania_7lEI\Installr\Cache\files.ini (2149 bytes)
%Program Files%\CursorMania_7lEI\Installr\setups\CursorManiaSetup.exe (2968443 bytes)

The Trojan deletes the following file(s):

%Program Files%\CursorMania_7lEI (0 bytes)
%Program Files%\CursorMania_7lEI\Installr\setups\CursorManiaSetup.exe (0 bytes)

The process msfeedssync.exe:2080 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WJYHCPG4\ie8[1].txt (644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WJYHCPG4\rss[2].xml (6219 bytes)
%WinDir%\Tasks\User_Feed_Synchronization-{414D0F7C-B684-437B-B53E-8AB5AE32E070}.job (416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\SuggestedSites.dat (31071 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms (2168 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms (10700 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms (4452 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms (4452 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms (1080 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WJYHCPG4\rss[1].xml (6637 bytes)

The process irsetup.exe:2992 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\CursorMania\Uninstall\uni29.tmp (9189 bytes)
%Program Files%\CursorMania\Uninstall\uninstall.dat (2104 bytes)
%Program Files%\CursorMania\Uninstall\uninstall.xml (1357 bytes)
%Program Files%\CursorMania\uninstall.exe (9213 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (1137 bytes)
%Program Files%\CursorMania\CursorMania.exe (4437 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CursorMania Setup Log.txt (853 bytes)
%Program Files%\CursorMania\lua5.1.dll (2902 bytes)

The Trojan deletes the following file(s):

%Program Files%\CursorMania\Uninstall\uni29.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (0 bytes)

The process irsetup.exe:1740 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\PopularScreensavers\p5PSSavr.scr (39 bytes)
%Program Files%\PopularScreensavers\p5Plugin.dll (60 bytes)
%Program Files%\PopularScreensavers\p5svc.exe (35 bytes)
%Program Files%\PopularScreensavers\uninstall.exe (9213 bytes)
%Program Files%\PopularScreensavers\p5BkgErr.jpg (2192 bytes)
%Program Files%\PopularScreensavers\p5wphook.dll (31 bytes)
%Program Files%\PopularScreensavers\p5ScrCtr.dll (3997 bytes)
%Program Files%\PopularScreensavers\Uninstall\uninstall.xml (828 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (1137 bytes)
%Program Files%\PopularScreensavers\p5MedInt.exe (23 bytes)
%Program Files%\PopularScreensavers\lua5.1.dll (2902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Popular Screensavers Setup Log.txt (320 bytes)
%Program Files%\PopularScreensavers\p5wallpp.dat (305 bytes)
%System%\p5PSSavr.scr (39 bytes)
%Program Files%\PopularScreensavers\p5Html.dll (1137 bytes)
%Program Files%\PopularScreensavers\p5cjpeg.dll (2079 bytes)
%Program Files%\PopularScreensavers\Uninstall\uni28.tmp (9314 bytes)
%Program Files%\PopularScreensavers\p5spacer.wmv (5 bytes)
%Program Files%\PopularScreensavers\Uninstall\uninstall.dat (2104 bytes)
%Program Files%\PopularScreensavers\NPp5Stub.dll (31 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0 (0 bytes)
%Program Files%\PopularScreensavers\Uninstall\uni28.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (0 bytes)

Registry activity

The process {8D12E9E7-52C6-4306-997F-81BC3953D8CE}.exe:2428 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4B 8C C9 C8 90 0F DE 67 8F E2 47 38 36 7A 11 D9"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\_ir_sf_temp_0]
"irsetup.exe" = "Setup Application"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process AppIntegrator.exe:3788 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9D AA 2D 66 15 17 14 A6 E9 47 E1 BA BF FF 7F 03"

The process AppIntegrator.exe:2988 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA 38 69 FB 2F 9F 8E C9 5C EE C2 72 3C 93 A7 8D"

The process chrome.exe:2120 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA 76 27 DE 92 21 46 18 B1 87 29 61 8F 43 0C 9B"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "10 03 08 CD 53 95 61 26 61 3F 20 B7 88 1D D1 8C"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:1528 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0F 81 1D 05 36 20 0B 35 80 5E 78 BF F4 F9 62 0B"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:3796 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B1 1A 46 F9 19 B1 04 68 14 05 E3 BC A2 20 DC 76"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2996 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B4 31 3E 7F 27 1D 4A 38 E3 52 F7 CE CC 68 CE BD"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:2756 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2A EF 7F 24 2D 02 43 D3 99 58 8A A8 03 4E EC 2E"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:428 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 46 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"experiment_labels" = "CrVar1=3310649|Thu, 12 Jun 2015 10:17:38 GMT;CrVar2=3310626|Thu, 12 Jun 2015 10:17:38 GMT;CrVar3=3300161|Thu, 12 Jun 2015 10:17:38 GMT;CrVar4=3300144|Thu, 12 Jun 2015 10:17:38 GMT;CrVar5=3300089|Thu, 12 Jun 2015 10:17:38 GMT;CrVar6=3300124|Thu, 12 Jun 2015 10:17:38 GMT;CrVar7=3300133|Thu, 12 Jun 2015 10:17:38 GMT;CrVar8=3300110|Thu, 12 Jun 2015 10:17:38 GMT;CrVar9=3300135|Thu, 12 Jun 2015 10:17:38 GMT"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\chrome\DEBUG]
"Trace Level" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Google\Chrome\BLBeacon]
"Version" = "35.0.1916.153"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"usagestats" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"lastrun" = "13047041853028125"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "0"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 52 C0 D1 97 6A 7B CD 8B 0C AA 8C 6E A3 25 B0"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts]
"aggregate" = "sum()"
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "1"

[HKLM\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn]
"aggregate" = "sum()"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\chrome\DEBUG]
"Trace Level"

The process chrome.exe:4032 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 D0 15 E4 FA F6 50 6D 7D DC 96 31 08 F0 94 ED"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:3972 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 3A B8 CE 0B C1 0D BC 1F 14 A2 C3 BB DF D2 81"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

The process chrome.exe:3704 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 A3 66 63 3E A8 60 BE 26 BA 57 42 98 38 BD FD"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:208 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8F 23 46 ED 93 67 A6 6B 89 4E 38 F7 7B E3 2D 48"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:3268 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE B4 5C 71 23 2D 29 54 E8 08 78 96 F2 3E A2 D7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 47 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process chrome.exe:2260 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "77 BD B7 67 FA E2 4B 18 D1 84 E2 D7 C2 56 E3 FA"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:484 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0C 6C C6 9B 8B 3B D7 35 18 A9 A9 05 EC 56 C8 C8"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:3896 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "11 20 A7 48 11 84 4B 92 D1 48 2F 69 01 11 9F 13"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process chrome.exe:4028 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "38 33 88 19 80 83 45 EB 28 9C 47 AA 91 B2 9B 6E"

[HKCU\Software\Google\Chrome\BLBeacon]
"State" = "1"

[HKCU\Software\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"dr" = "1"

[HKCU\Software\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"dr" = "1"

The process TPIManagerConsole.exe:2000 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\CursorMania_7l\Dependencies\PopularScreensavers]
"uninstall" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\CursorMania_7l\Dependencies\PopularScreensavers]
"is64bit" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\CursorMania_7l\Dependencies\Cursor Mania]
"uninstall" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\CursorMania_7l\Dependencies\PopularScreensavers]
"FriendlyName" = "PopularScreensavers Helper Software"

[HKLM\SOFTWARE\CursorMania_7l\Dependencies\Cursor Mania]
"UninstallString" = "${reg[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir]}\CursorMania\uninstall.exe /U:${reg[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir]}\CursorMania\Uninstall\uninstall.xml"

"FriendlyName" = "Cursor Mania Supporting Software"

[HKLM\SOFTWARE\CursorMania_7l\Dependencies]
"dependencymanagerpath" = "%Program Files%\CursorMania_7l\bar\1.bin\DPNMNGR.DLL"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 44 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F5 35 E8 5A 00 8E A8 27 9C 46 70 9F 6B 36 DF FB"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Mozilla Firefox\plugins\NP7lStub.dll, , \??\%Program Files%\Mozilla Firefox\chrome\7lffxtbr.jar, , \??\%Program Files%\Mozilla Firefox\chrome\7lffxtbr.manifest, , \??\C:\PROGRA~1\CURSOR~1\Installr\Cache\00137D90.exe, , \??\C:\PROGRA~1\CURSOR~1\Installr\Cache\files.ini, , \??\C:\PROGRA~1\CURSOR~1\Installr\Cache, , \??\C:\PROGRA~1\CURSOR~1\Installr\1.bin\7lEIPlug.dll, , \??\C:\PROGRA~1\CURSOR~1\Installr\1.bin\7lEZSETP.dll, , \??\C:\PROGRA~1\CURSOR~1\Installr\1.bin\NP7lEISb.dll, , \??\C:\PROGRA~1\CURSOR~1\Installr\1.bin, , \??\C:\PROGRA~1\CURSOR~1\Installr\Cache\00137D90.exe, , \??\C:\PROGRA~1\CURSOR~1\Installr\Cache\files.ini, , \??\C:\PROGRA~1\CURSOR~1\Installr\Cache, , \??\C:\PROGRA~1\CURSOR~1\Installr\setups, , \??\C:\PROGRA~1\CURSOR~1\Installr, , \??\%Program Files%\CursorMania_7lEI\Installr, , \??\%Program Files%\CursorMania_7lEI, , \??\%Program Files%\CursorMania_7l\bar\1.bin\{0059BF96-494D-4635-B0DE-1CF697754AD6}.exe,"

[HKLM\SOFTWARE\CursorMania_7l\Dependencies\Cursor Mania]
"is64bit" = "0"

[HKLM\SOFTWARE\CursorMania_7l\Dependencies\PopularScreensavers]
"UninstallString" = "${reg[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir]}\PopularScreensavers\uninstall.exe /U:${reg[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir]}\PopularScreensavers\Uninstall\uninstall.xml"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:2704 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5957d8d4-6ff0-43fb-b50b-49079fe61659}]
"(Default)" = ""

[HKCR\CursorMania_7lInstaller.Start\CurVer]
"(Default)" = "CursorMania_7lInstaller.Start.1"

[HKLM\SOFTWARE\MozillaPlugins\@ei.CursorMania_7l.com/Plugin]
"Description" = "CursorMania Plugin"
"vendor" = "FULLCOMPANYNAME_DDE0BB24-8F8C-44e9-B962-8289B302DEF9"

[HKCR\CLSID\{5957d8d4-6ff0-43fb-b50b-49079fe61659}\VersionIndependentProgID]
"(Default)" = "CursorMania_7lInstaller.Start"

[HKLM\SOFTWARE\MozillaPlugins\@ei.CursorMania_7l.com/Plugin]
"Path" = "%Program Files%\CursorMania_7lEI\Installr\1.bin\NP7lEISB.dll"

[HKCR\CLSID\{5957d8d4-6ff0-43fb-b50b-49079fe61659}\Version]
"(Default)" = "1.0"

[HKCR\CLSID\{5957d8d4-6ff0-43fb-b50b-49079fe61659}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{5957d8d4-6ff0-43fb-b50b-49079fe61659}\TypeLib]
"(Default)" = "{e0870ce4-b10c-4bdc-95d5-bec89b76f0a4}"

[HKCR\TypeLib\{E0870CE4-B10C-4BDC-95D5-BEC89B76F0A4}\1.0\0\win32]
"(Default)" = "%Program Files%\CursorMania_7lEI\Installr\1.bin\7lEZSETP.dll\1"

[HKCR\Interface\{E17FA25A-B4D3-47DA-95E4-3AB1EF1AB1AA}\TypeLib]
"(Default)" = "{E0870CE4-B10C-4BDC-95D5-BEC89B76F0A4}"

[HKLM\SOFTWARE\CursorMania_7lEI\Installer]
"CurInstall" = "1"
"pl" = "9"

[HKCR\TypeLib\{E0870CE4-B10C-4BDC-95D5-BEC89B76F0A4}\1.0\HELPDIR]
"(Default)" = "%Program Files%\CursorMania_7lEI\Installr\1.bin"

[HKCR\Interface\{D5FBFFA4-83EE-425E-B031-6D06C02B6FE7}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\CursorMania_7lInstaller.Start.1\CLSID]
"(Default)" = "{5957d8d4-6ff0-43fb-b50b-49079fe61659}"

[HKCR\Interface\{D5FBFFA4-83EE-425E-B031-6D06C02B6FE7}\TypeLib]
"(Default)" = "{E0870CE4-B10C-4BDC-95D5-BEC89B76F0A4}"

[HKLM\SOFTWARE\MozillaPlugins\@ei.CursorMania_7l.com/Plugin\MimeTypes\application/x-cursormania_7lpluginei]
"Suffixes" = "7li"

[HKLM\SOFTWARE\CursorMania_7lEI\Installer]
"dir" = "%Program Files%\CursorMania_7lEI\Installr\"

[HKCR\Interface\{E17FA25A-B4D3-47DA-95E4-3AB1EF1AB1AA}]
"(Default)" = "It8InstallerStart"

[HKCR\CursorMania_7lInstaller.Start.1]
"(Default)" = ""

[HKCR\CLSID\{5957d8d4-6ff0-43fb-b50b-49079fe61659}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\CLSID\{5957d8d4-6ff0-43fb-b50b-49079fe61659}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7lEI\Installr\1.bin\7lEZSETP.dll"

[HKCR\CursorMania_7lInstaller.Start]
"(Default)" = ""

[HKCR\Interface\{D5FBFFA4-83EE-425E-B031-6D06C02B6FE7}]
"(Default)" = "_It8InstallerStartEvents"

[HKCR\TypeLib\{E0870CE4-B10C-4BDC-95D5-BEC89B76F0A4}\1.0]
"(Default)" = "Installer 1.0 Type Library"

[HKCR\TypeLib\{E0870CE4-B10C-4BDC-95D5-BEC89B76F0A4}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{5957d8d4-6ff0-43fb-b50b-49079fe61659}\MiscStatus]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5A 36 3E 00 D4 CB C0 93 13 D9 8F 4A 11 E4 8E CF"

[HKCR\Interface\{E17FA25A-B4D3-47DA-95E4-3AB1EF1AB1AA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MozillaPlugins\@ei.CursorMania_7l.com/Plugin]
"Version" = "1.1.0.0"

[HKCR\Interface\{E17FA25A-B4D3-47DA-95E4-3AB1EF1AB1AA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\CursorMania_7lEI\Installer]
"un" = "CursorMania"
"sr" = "0"

[HKCR\Interface\{D5FBFFA4-83EE-425E-B031-6D06C02B6FE7}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{E17FA25A-B4D3-47DA-95E4-3AB1EF1AB1AA}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\CursorMania_7lEI\Installer]
"PluginPath" = "%Program Files%\CursorMania_7lEI\Installr\1.bin\"

[HKCR\CLSID\{5957d8d4-6ff0-43fb-b50b-49079fe61659}\ProgID]
"(Default)" = "CursorMania_7lInstaller.Start.1"

[HKCR\CLSID\{5957d8d4-6ff0-43fb-b50b-49079fe61659}]
"(Default)" = ""

[HKCR\Interface\{D5FBFFA4-83EE-425E-B031-6D06C02B6FE7}\TypeLib]
"Version" = "1.0"

[HKCR\CursorMania_7lInstaller.Start\CLSID]
"(Default)" = "{5957d8d4-6ff0-43fb-b50b-49079fe61659}"

[HKLM\SOFTWARE\MozillaPlugins\@ei.CursorMania_7l.com/Plugin\MimeTypes\application/x-cursormania_7lpluginei]
"Description" = "CursorMania Plugin"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\CursorMania_7lEI\Installer]
"ConfigDateStamp"

The process 7lbarsvc.exe:2964 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED 26 09 59 61 DB 8E E2 8C CE 20 C9 06 D6 34 FB"

The process 7lbarsvc.exe:2504 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 0B 44 91 F7 D6 3D 7F AF 31 9E 4B 46 E9 86 B5"

The process 7lbarsvc.exe:2932 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 7F 4F 35 53 7F 44 35 16 50 97 B9 D7 01 D4 39"

The process 7lsrchmn.exe:732 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 9C D7 6D EB 9E EF A9 D2 68 AF B4 95 29 40 13"

[HKCU\Software\CursorMania_7l\bar]
"sspd" = "1"

The process mscorsvw.exe:1580 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "1200000"

The process 00000ae4T8SETUP.EXE:1088 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\TypeLib\{8D7292B9-BA90-4077-A2DB-7F2ECBAE6F7D}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CursorMania_7l.ScriptButton\CurVer]
"(Default)" = "CursorMania_7l.ScriptButton.1"

[HKCR\Interface\{AC564260-86FC-4BC9-9BDC-6884C0091CE4}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{2769F095-8435-4032-8EDD-17D5C773C878}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{70113B58-5B6A-4235-BBD1-0D1E990EE94E}\1.0\0\win32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\t8res.dll\1104"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"PluginPath" = "%Program Files%\CursorMania_7l\bar\1.bin\"

[HKCR\Interface\{AC564260-86FC-4BC9-9BDC-6884C0091CE4}\TypeLib]
"(Default)" = "{82B4E11D-BEF0-4B3B-A5BF-96D01A7EC013}"

[HKCR\CursorMania_7l.ThirdPartyInstaller.1]
"(Default)" = "CursorMania Third Party Installer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{8228E500-5094-4EE1-93FA-317831EBC5AA}]
"(Default)" = "SEARCHSCOPE_INTERFACE"

[HKCR\CursorMania_7l.ThirdPartyInstaller\CurVer]
"(Default)" = "CursorMania_7l.ThirdPartyInstaller.1"

[HKCR\CLSID\{6fe99938-c415-4439-872e-13bcc723c15a}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7ldatact.dll"

[HKCR\Interface\{E92B8943-D67E-4CE9-AEAC-42EFC40E4C56}]
"(Default)" = "_IThirdPartyInstallerEvents"

[HKCR\CursorMania_7l.PseudoTransparentPlugin]
"(Default)" = "Pseudo Transparent Plugin"

[HKCR\Interface\{5605F06E-EA58-4779-8BE3-0F39DF56F5ED}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{74486aa9-6773-4390-8af7-fd14e2847ba1}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Interface\{214D64BF-1BCB-49C6-AE7E-58BB6408D1E3}]
"(Default)" = "IHttpControl"

[HKCR\TypeLib\{F14BF0D2-CE92-41CD-9992-CA729DA7E821}\1.0\0\win32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\t8res.dll\405"

[HKCR\CLSID\{feb44bca-9c70-45a0-a962-a5e534f8dc9b}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{17548802-C898-4222-98A8-F02FC10FB639}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CursorMania_7l.ToolbarProtector.1\CLSID]
"(Default)" = "{78a0bec3-df7b-462b-96d3-97f343c142ee}"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\PROGRA~1\CURSOR~2\bar\1.bin]
"7lbrmon.exe" = "VER_DESCRIPTION"

[HKCR\TypeLib\{4D5E4066-1A09-4802-8044-8160194DFF85}\1.0\FLAGS]
"(Default)" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\TypeLib\{F14BF0D2-CE92-41CD-9992-CA729DA7E821}\1.0]
"(Default)" = "Skin 1.0 Type Library"

[HKCR\Interface\{E8A78AAB-4782-4E25-9000-013164D4E337}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{920F6630-D481-47EA-8BFD-A4F447A09CAC}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Classes\CLSID\{5b9e2a0b-c94b-46a5-b53c-5892834c0d3e}]
"(Default)" = ""

[HKCR\CLSID\{048bf3eb-871e-42e4-81f6-9be537287180}\Version]
"(Default)" = "1.0"

[HKCR\Interface\{8228E500-5094-4EE1-93FA-317831EBC5AA}\TypeLib]
"(Default)" = "{CD209326-F710-4899-B1C5-A259D67B8329}"

[HKCR\CLSID\{feb44bca-9c70-45a0-a962-a5e534f8dc9b}\VersionIndependentProgID]
"(Default)" = "CursorMania_7l.ScriptButton"

[HKCR\Interface\{18E45318-1D6C-436C-BCCF-596E7D9B50E5}\TypeLib]
"Version" = "1.0"

[HKCR\CursorMania_7l.ScriptButton]
"(Default)" = ""

[HKCR\CursorMania_7l.MultipleButton.1]
"(Default)" = ""

[HKCR\Interface\{9DC2A8C6-CAA9-4091-A981-43F8046871E7}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\CLSID\{78a0bec3-df7b-462b-96d3-97f343c142ee}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lbprtct.dll"

[HKCR\CLSID\{3e913929-da93-4e86-b222-1666108b11cd}\TypeLib]
"(Default)" = "{6994d519-ff43-4d58-b683-e7e8412417bb}"

[HKCR\CLSID\{06b27350-0480-4310-8dad-a4f2f92c292b}]
"(Default)" = "Popup Menu Plugin"

[HKCR\Interface\{18E45318-1D6C-436C-BCCF-596E7D9B50E5}\TypeLib]
"(Default)" = "{4D5E4066-1A09-4802-8044-8160194DFF85}"

[HKCR\CursorMania_7l.ScriptButton.1\CLSID]
"(Default)" = "{feb44bca-9c70-45a0-a962-a5e534f8dc9b}"

[HKCR\CursorMania_7l.FeedManager\CLSID]
"(Default)" = "{13e0384e-b6f2-46ee-a142-b20a1478d3aa}"

[HKCR\Interface\{EECD4E3A-13FB-4D95-BB66-4DC195E757FA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{17548802-C898-4222-98A8-F02FC10FB639}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"UninstallString" = "%Program Files%\CursorMania_7l\bar\1.bin\7lhighin.exe 7lbar.dll,O uninstalltype=IE"

[HKCR\CLSID\{78a0bec3-df7b-462b-96d3-97f343c142ee}\TypeLib]
"(Default)" = "{82b4e11d-bef0-4b3b-a5bf-96d01a7ec013}"

[HKCR\Interface\{EECD4E3A-13FB-4D95-BB66-4DC195E757FA}]
"(Default)" = "ITemplatePopupMenu"

[HKCR\Interface\{18E45318-1D6C-436C-BCCF-596E7D9B50E5}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b743d69e-5bcb-480c-82db-43b7e1f58b5a}]
"AppPath" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\CLSID\{2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{58A108D9-F693-45AB-9898-4964D4B4454C}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\CLSID\{378854e0-558f-4984-ad03-9bb965674788}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\CursorMania_7l\bar\Switches]
"od" = "1"

[HKCR\CLSID\{0fc4a2bf-2d28-4cc7-9fde-a773870cd0a0}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lradio.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b743d69e-5bcb-480c-82db-43b7e1f58b5a}]
"AppName" = "7lSlSrch.exe"

[HKCR\CLSID\{048bf3eb-871e-42e4-81f6-9be537287180}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lbar.dll"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"tiec" = "208976"

[HKCR\CLSID\{048bf3eb-871e-42e4-81f6-9be537287180}\TypeLib]
"(Default)" = "{cd209326-f710-4899-b1c5-a259d67b8329}"

[HKCR\Interface\{3C24AF8A-31E2-421C-AD96-665A3E5B67C5}\TypeLib]
"(Default)" = "{70113B58-5B6A-4235-BBD1-0D1E990EE94E}"

[HKCR\Interface\{33CA4386-5C7E-4BB6-94E6-D151042908ED}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{33CA4386-5C7E-4BB6-94E6-D151042908ED}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{046656b7-81db-4683-8f33-c5f9d68c53d2}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\CursorMania_7l.ToolbarProtector\CLSID]
"(Default)" = "{78a0bec3-df7b-462b-96d3-97f343c142ee}"

[HKCR\CursorMania_7l.ToolbarProtector\CurVer]
"(Default)" = "CursorMania_7l.ToolbarProtector.1"

[HKCR\TypeLib\{4D5E4066-1A09-4802-8044-8160194DFF85}\1.0\HELPDIR]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\CursorMania_7l.RadioSettings]
"(Default)" = ""

[HKCR\CLSID\{13e0384e-b6f2-46ee-a142-b20a1478d3aa}]
"(Default)" = ""

[HKCR\Interface\{E8A78AAB-4782-4E25-9000-013164D4E337}\TypeLib]
"(Default)" = "{F14BF0D2-CE92-41CD-9992-CA729DA7E821}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{920f6630-d481-47ea-8bfd-a4f447a09cac}]
"AppName" = "AppIntegrator.exe"

[HKCR\CLSID\{95ae571f-5d01-4906-81d0-a68fe90c6fbc}\ProgID]
"(Default)" = "CursorMania_7l.Radio.1"

[HKCR\TypeLib\{82B4E11D-BEF0-4B3B-A5BF-96D01A7EC013}\1.0\HELPDIR]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\Interface\{B1B04DC3-F2B9-4B49-AD22-9DFBBC934DA3}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CursorMania_7l.FeedManager]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{046656b7-81db-4683-8f33-c5f9d68c53d2}]
"(Default)" = ""

[HKCR\CursorMania_7l.HTMLPanel\CurVer]
"(Default)" = "CursorMania_7l.HTMLPanel.1"

[HKCR\TypeLib\{98238511-860F-4667-844C-7C917485EE20}\1.0]
"(Default)" = "DialogHook 1.0 Type Library"

[HKCR\Interface\{5DBA49F3-E176-45D1-8DDF-5F2EB355218D}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{ED7391B3-3EA2-42DD-884D-8E37C9C2B360}]
"(Default)" = "SKINSETTINGS_INTERFACE"

[HKCR\Interface\{6FD9788D-A2B1-4F60-82C0-821C7592B5AA}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{6C033763-C7ED-49BA-AD83-E19A97FE164B}\TypeLib]
"(Default)" = "{4D5E4066-1A09-4802-8044-8160194DFF85}"

[HKCR\CLSID\{95ae571f-5d01-4906-81d0-a68fe90c6fbc}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lradio.dll"

[HKCR\CursorMania_7l.Radio.1\CLSID]
"(Default)" = "{95ae571f-5d01-4906-81d0-a68fe90c6fbc}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{499FB94E-B038-4A1A-943D-8DF1B9B2921D}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{feb44bca-9c70-45a0-a962-a5e534f8dc9b}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lscript.dll"

[HKCR\CLSID\{aa93fd8d-d03a-405e-84e9-93a125624fe1}\TypeLib]
"(Default)" = "{8d7292b9-ba90-4077-a2db-7f2ecbae6f7d}"

[HKCR\Interface\{C4E9898B-0E4E-47C4-917F-0C57E767E6CC}]
"(Default)" = "ITemplateBarButtonRect"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\CursorMania_7l\bar\Switches]
"7lSrcAs.dll" = "0"

[HKCR\CursorMania_7l.RadioSettings\CurVer]
"(Default)" = "CursorMania_7l.RadioSettings.1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74486aa9-6773-4390-8af7-fd14e2847ba1}]
"Policy" = "3"

[HKCR\CLSID\{76cab667-1cd5-410f-8047-b08ab01a92a2}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{6FD9788D-A2B1-4F60-82C0-821C7592B5AA}]
"(Default)" = "HTMLPANELEVENTS_INTERFACE"

[HKCR\Interface\{ED7391B3-3EA2-42DD-884D-8E37C9C2B360}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{272414F2-44B4-48A3-8FCD-0C9A12FE588F}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{A7D5C1A6-9070-44E1-B82F-E82A2E3D9818}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{DF9E213E-67FC-46CC-B07C-CB00C5800266}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"RegisteredWithFirefox" = "1"

[HKCR\Interface\{272414F2-44B4-48A3-8FCD-0C9A12FE588F}]
"(Default)" = "IDisableAddonRebuttal"

[HKCR\CLSID\{378854e0-558f-4984-ad03-9bb965674788}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\CLSID\{3e913929-da93-4e86-b222-1666108b11cd}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{E92B8943-D67E-4CE9-AEAC-42EFC40E4C56}\TypeLib]
"(Default)" = "{A7D5C1A6-9070-44E1-B82F-E82A2E3D9818}"

[HKCR\TypeLib\{A7D5C1A6-9070-44E1-B82F-E82A2E3D9818}\1.0\0\win32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\t8res.dll\100"

[HKCR\Interface\{214D64BF-1BCB-49C6-AE7E-58BB6408D1E3}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{C4E9898B-0E4E-47C4-917F-0C57E767E6CC}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{B1B04DC3-F2B9-4B49-AD22-9DFBBC934DA3}]
"(Default)" = "IRadioSettings"

[HKCR\Interface\{8228E500-5094-4EE1-93FA-317831EBC5AA}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{2769F095-8435-4032-8EDD-17D5C773C878}]
"(Default)" = "BARFEED_INTERFACE"

[HKCR\CursorMania_7l.SettingsPlugin.1]
"(Default)" = ""

[HKCR\CursorMania_7l.ToolbarProtector]
"(Default)" = "ProtectorControl Class"

[HKCR\CLSID\{36d95f1d-129f-495e-99bd-df1ba6320e51}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7ldlghk.dll"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"RegHookPath" = "C:\PROGRA~1\CURSOR~2\bar\1.bin\7lreghk"

[HKCR\CLSID\{13e0384e-b6f2-46ee-a142-b20a1478d3aa}\ProgID]
"(Default)" = "CursorMania_7l.FeedManager.1"

[HKCR\CLSID\{2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7}]
"(Default)" = "CursorMania"

[HKCR\Interface\{B1B04DC3-F2B9-4B49-AD22-9DFBBC934DA3}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{048bf3eb-871e-42e4-81f6-9be537287180}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Interface\{C4E9898B-0E4E-47C4-917F-0C57E767E6CC}\TypeLib]
"(Default)" = "{CD209326-F710-4899-B1C5-A259D67B8329}"

[HKCR\Interface\{E8A78AAB-4782-4E25-9000-013164D4E337}]
"(Default)" = "SKINWINDOW_INTERFACE"

[HKCR\CLSID\{06b27350-0480-4310-8dad-a4f2f92c292b}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lskin.dll"

[HKCR\Interface\{8A71549B-FFC9-4D75-9A61-473CFB7815A9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{52d3d8ae-26cc-4bb4-895f-4c3076293867}\VersionIndependentProgID]
"(Default)" = "CursorMania_7l.MultipleButton"

[HKCR\CLSID\{06b27350-0480-4310-8dad-a4f2f92c292b}\MiscStatus]
"(Default)" = "0"

[HKCR\Interface\{2769F095-8435-4032-8EDD-17D5C773C878}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{E8A78AAB-4782-4E25-9000-013164D4E337}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8228E500-5094-4EE1-93FA-317831EBC5AA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{33CA4386-5C7E-4BB6-94E6-D151042908ED}]
"(Default)" = "POPUPMENU_INTERFACE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CursorMania_7lbar Uninstall Internet Explorer]
"URLInfoAbout" = "http://support.mindspark.com/"

[HKLM\SOFTWARE\MozillaPlugins\@CursorMania_7l.com/Plugin]
"Path" = "%Program Files%\CursorMania_7l\bar\1.bin\NP7lStub.dll"

[HKCR\TypeLib\{6994D519-FF43-4D58-B683-E7E8412417BB}\1.0]
"(Default)" = "HttpControl 1.0 Type Library"

[HKCR\CLSID\{74486aa9-6773-4390-8af7-fd14e2847ba1}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\CursorMania_7l\SkinTools]
"PlayerPath" = "%Program Files%\CursorMania_7l\bar\1.bin\7lSkPlay.exe"

[HKCR\CursorMania_7l.PseudoTransparentPlugin.1]
"(Default)" = "Pseudo Transparent Plugin"

[HKCR\TypeLib\{CD209326-F710-4899-B1C5-A259D67B8329}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{06b27350-0480-4310-8dad-a4f2f92c292b}\TypeLib]
"(Default)" = "{f14bf0d2-ce92-41cd-9992-ca729da7e821}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b399346f-86d2-4f12-a62f-b2a2f1edffe6}]
"AppName" = "7lSrchMn.exe"

[HKCR\CLSID\{06b27350-0480-4310-8dad-a4f2f92c292b}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\CLSID\{378854e0-558f-4984-ad03-9bb965674788}]
"(Default)" = "CursorMania Third Party Installer"

[HKCR\Interface\{ED7391B3-3EA2-42DD-884D-8E37C9C2B360}\TypeLib]
"(Default)" = "{F14BF0D2-CE92-41CD-9992-CA729DA7E821}"

[HKCR\CLSID\{6fe99938-c415-4439-872e-13bcc723c15a}\TypeLib]
"(Default)" = "{4d5e4066-1a09-4802-8044-8160194dff85}"

[HKCR\Interface\{272414F2-44B4-48A3-8FCD-0C9A12FE588F}\TypeLib]
"(Default)" = "{98238511-860F-4667-844C-7C917485EE20}"

[HKCR\Interface\{9DC2A8C6-CAA9-4091-A981-43F8046871E7}\TypeLib]
"(Default)" = "{CD209326-F710-4899-B1C5-A259D67B8329}"

[HKCR\Interface\{920F6630-D481-47EA-8BFD-A4F447A09CAC}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{8D7292B9-BA90-4077-A2DB-7F2ECBAE6F7D}\1.0\0\win32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\t8res.dll\1506"

[HKCR\CLSID\{048bf3eb-871e-42e4-81f6-9be537287180}\MiscStatus]
"(Default)" = "0"

[HKCR\Interface\{499FB94E-B038-4A1A-943D-8DF1B9B2921D}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{6C033763-C7ED-49BA-AD83-E19A97FE164B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{6994D519-FF43-4D58-B683-E7E8412417BB}\1.0\0\win32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\t8res.dll\905"

[HKCR\Interface\{214D64BF-1BCB-49C6-AE7E-58BB6408D1E3}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{1DEDADDF-2ECD-461D-8A9C-BA28DC415C67}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{70113B58-5B6A-4235-BBD1-0D1E990EE94E}\1.0]
"(Default)" = "BARFEEDTYPELIB_NAME"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74486aa9-6773-4390-8af7-fd14e2847ba1}]
"AppName" = "7lSkPlay.exe"

[HKCR\CLSID\{936d1cc6-4508-4607-9638-8c714e9dc809}\InprocServer32]
"(Default)" = "C:\PROGRA~1\CURSOR~2\bar\1.bin\7lbar.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{920f6630-d481-47ea-8bfd-a4f447a09cac}]
"AppPath" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\CursorMania_7l.SettingsPlugin\CurVer]
"(Default)" = "CursorMania_7l.SettingsPlugin.1"

[HKCR\TypeLib\{A7D5C1A6-9070-44E1-B82F-E82A2E3D9818}\1.0]
"(Default)" = "TYPELIB_NAME"

[HKCR\CLSID\{aa93fd8d-d03a-405e-84e9-93a125624fe1}]
"(Default)" = "CursorMania_7l HTML"

[HKCR\Interface\{6C033763-C7ED-49BA-AD83-E19A97FE164B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{70113B58-5B6A-4235-BBD1-0D1E990EE94E}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{6C033763-C7ED-49BA-AD83-E19A97FE164B}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{046656b7-81db-4683-8f33-c5f9d68c53d2}\MiscStatus]
"(Default)" = "0"

[HKCR\CLSID\{0fc4a2bf-2d28-4cc7-9fde-a773870cd0a0}]
"(Default)" = ""

[HKCR\Interface\{2A83DE02-497E-4177-AA10-3E7D7F42976D}]
"(Default)" = "PSEUDOTRANSPARENT_INTERFACE"

[HKCR\Interface\{2A83DE02-497E-4177-AA10-3E7D7F42976D}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{feb44bca-9c70-45a0-a962-a5e534f8dc9b}]
"(Default)" = ""

[HKCR\Interface\{499FB94E-B038-4A1A-943D-8DF1B9B2921D}]
"(Default)" = "IIEInstalledToolbar"

[HKCR\Interface\{18E45318-1D6C-436C-BCCF-596E7D9B50E5}]
"(Default)" = "_IDataCtrlEvents"

[HKCR\TypeLib\{FB68A826-4C76-44BD-BF1F-470518348036}\1.0\HELPDIR]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\CursorMania_7l.PseudoTransparentPlugin.1\CLSID]
"(Default)" = "{046656b7-81db-4683-8f33-c5f9d68c53d2}"

[HKCR\CLSID\{378854e0-558f-4984-ad03-9bb965674788}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7ltpinst.dll"

[HKCR\Interface\{DF9E213E-67FC-46CC-B07C-CB00C5800266}]
"(Default)" = "IThirdPartyInstaller"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CursorMania_7lbar Uninstall Internet Explorer]
"DisplayName" = "CursorMania Internet Explorer Toolbar"

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = ""

[HKLM\SOFTWARE\CursorMania_7l\bar]
"CurInstall" = "1"

[HKCR\TypeLib\{673FBE0B-33F4-46F1-8736-8E7916238097}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CursorMania_7l.SettingsPlugin]
"(Default)" = ""

[HKCR\TypeLib\{FB68A826-4C76-44BD-BF1F-470518348036}\1.0]
"(Default)" = "TEMPLATEHTMLMenuLib"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{627dabb4-b168-491e-937d-905352ce56b0}]
"AppPath" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\CLSID\{13e0384e-b6f2-46ee-a142-b20a1478d3aa}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lfeedmg.dll"

[HKCR\CLSID\{76cab667-1cd5-410f-8047-b08ab01a92a2}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lSrcAs.dll"

[HKCR\CLSID\{74486aa9-6773-4390-8af7-fd14e2847ba1}\MiscStatus]
"(Default)" = "0"

[HKCR\CLSID\{046656b7-81db-4683-8f33-c5f9d68c53d2}\ProgID]
"(Default)" = "CursorMania_7l.PseudoTransparentPlugin.1"

[HKCR\CLSID\{aa93fd8d-d03a-405e-84e9-93a125624fe1}\VersionIndependentProgID]
"(Default)" = "CursorMania_7l.HTMLPanel"

[HKCR\CLSID\{046656b7-81db-4683-8f33-c5f9d68c53d2}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CursorMania_7l.Radio\CLSID]
"(Default)" = "{95ae571f-5d01-4906-81d0-a68fe90c6fbc}"

[HKLM\SOFTWARE\CursorMania_7l\bar\Integrators]
"AssistMonitor.dll" = "%Program Files%\CursorMania_7l\bar\1.bin\ASSISTMONITOR.DLL"

[HKCR\CLSID\{048bf3eb-871e-42e4-81f6-9be537287180}\ProgID]
"(Default)" = "CursorMania_7l.SettingsPlugin.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3150B5D-EB9F-48A4-877E-EFBDF4BBCFE7}]
"(Default)" = ""

[HKCR\Interface\{272414F2-44B4-48A3-8FCD-0C9A12FE588F}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a0b52a13-af5d-476e-a023-e5db76e923d3}]
"AppPath" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\CLSID\{78a0bec3-df7b-462b-96d3-97f343c142ee}\ProgID]
"(Default)" = "CursorMania_7l.ToolbarProtector.1"

[HKCR\Interface\{6FD9788D-A2B1-4F60-82C0-821C7592B5AA}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\CLSID\{74486aa9-6773-4390-8af7-fd14e2847ba1}]
"(Default)" = "Skin Settings"

[HKCR\CursorMania_7l.FeedManager.1\CLSID]
"(Default)" = "{13e0384e-b6f2-46ee-a142-b20a1478d3aa}"

[HKCR\CLSID\{0fc4a2bf-2d28-4cc7-9fde-a773870cd0a0}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\TypeLib\{8D7292B9-BA90-4077-A2DB-7F2ECBAE6F7D}\1.0]
"(Default)" = "HTML 1.0 Type Library"

[HKCR\Interface\{33CA4386-5C7E-4BB6-94E6-D151042908ED}\TypeLib]
"(Default)" = "{F14BF0D2-CE92-41CD-9992-CA729DA7E821}"

[HKCR\CLSID\{76cab667-1cd5-410f-8047-b08ab01a92a2}]
"(Default)" = "Search Assistant BHO"

[HKCR\CLSID\{aa93fd8d-d03a-405e-84e9-93a125624fe1}\ProgID]
"(Default)" = "CursorMania_7l.HTMLPanel.1"

[HKCR\CursorMania_7l.HTMLMenu]
"(Default)" = "CursorMania_7l HTML Menu"

[HKCR\CLSID\{048bf3eb-871e-42e4-81f6-9be537287180}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{F14BF0D2-CE92-41CD-9992-CA729DA7E821}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{920F6630-D481-47EA-8BFD-A4F447A09CAC}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"lidate" = "2014-06-12T10:17:01Z"

[HKCR\Interface\{58A108D9-F693-45AB-9898-4964D4B4454C}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{378854e0-558f-4984-ad03-9bb965674788}]
"(Default)" = ""

[HKCR\Interface\{EECD4E3A-13FB-4D95-BB66-4DC195E757FA}\TypeLib]
"Version" = "1.0"

[HKCR\CursorMania_7l.HTMLPanel.1\CLSID]
"(Default)" = "{aa93fd8d-d03a-405e-84e9-93a125624fe1}"

[HKCR\CLSID\{36d95f1d-129f-495e-99bd-df1ba6320e51}\TypeLib]
"(Default)" = "{98238511-860f-4667-844c-7c917485ee20}"

[HKCR\Interface\{E92B8943-D67E-4CE9-AEAC-42EFC40E4C56}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\Interface\{B1B04DC3-F2B9-4B49-AD22-9DFBBC934DA3}\TypeLib]
"(Default)" = "{673FBE0B-33F4-46F1-8736-8E7916238097}"

[HKCR\TypeLib\{98238511-860F-4667-844C-7C917485EE20}\1.0\HELPDIR]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\TypeLib\{CD209326-F710-4899-B1C5-A259D67B8329}\1.0\HELPDIR]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\CLSID\{378854e0-558f-4984-ad03-9bb965674788}\ProgID]
"(Default)" = "CursorMania_7l.ThirdPartyInstaller.1"

[HKCR\CLSID\{52d3d8ae-26cc-4bb4-895f-4c3076293867}]
"(Default)" = ""

[HKCR\CLSID\{36d95f1d-129f-495e-99bd-df1ba6320e51}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{3C24AF8A-31E2-421C-AD96-665A3E5B67C5}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"pl" = "9"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CursorMania_7lbar Uninstall Internet Explorer]
"HelpLink" = "http://support.mindspark.com/"

[HKCR\CLSID\{3e913929-da93-4e86-b222-1666108b11cd}]
"(Default)" = "HttpControl Class"

[HKCR\Interface\{AC564260-86FC-4BC9-9BDC-6884C0091CE4}]
"(Default)" = "IIEInstalledToolbars"

[HKCR\Interface\{9DC2A8C6-CAA9-4091-A981-43F8046871E7}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{8228E500-5094-4EE1-93FA-317831EBC5AA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CursorMania_7l.ToolbarProtector.1]
"(Default)" = "ProtectorControl Class"

[HKCR\CursorMania_7l.Radio]
"(Default)" = ""

[HKCR\TypeLib\{4D5E4066-1A09-4802-8044-8160194DFF85}\1.0\0\win32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\t8res.dll\1406"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CursorMania_7lbar Uninstall Firefox]
"UninstallString" = "rundll32 %Program Files%\CursorMania_7l\bar\1.bin\7lBar.dll,O mindsparktoolbarkey=CursorMania_7l uninstalltype=FF"

[HKCR\Interface\{ED7391B3-3EA2-42DD-884D-8E37C9C2B360}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lbar.dll"

[HKCR\Interface\{8A71549B-FFC9-4D75-9A61-473CFB7815A9}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Classes\CLSID\{5b9e2a0b-c94b-46a5-b53c-5892834c0d3e}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lSrcAs.dll"

[HKCR\CLSID\{0fc4a2bf-2d28-4cc7-9fde-a773870cd0a0}\MiscStatus]
"(Default)" = "0"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"SettingsDir" = "%Program Files%\CursorMania_7l\bar\Settings\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCR\Interface\{2A83DE02-497E-4177-AA10-3E7D7F42976D}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{78a0bec3-df7b-462b-96d3-97f343c142ee}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{499FB94E-B038-4A1A-943D-8DF1B9B2921D}\TypeLib]
"(Default)" = "{82B4E11D-BEF0-4B3B-A5BF-96D01A7EC013}"

[HKCR\CursorMania_7l.MultipleButton.1\CLSID]
"(Default)" = "{52d3d8ae-26cc-4bb4-895f-4c3076293867}"

[HKCR\Interface\{58A108D9-F693-45AB-9898-4964D4B4454C}\TypeLib]
"(Default)" = "{6994D519-FF43-4D58-B683-E7E8412417BB}"

[HKCR\CLSID\{aa93fd8d-d03a-405e-84e9-93a125624fe1}\MiscStatus]
"(Default)" = "0"

[HKCR\Interface\{920F6630-D481-47EA-8BFD-A4F447A09CAC}\TypeLib]
"(Default)" = "{CD209326-F710-4899-B1C5-A259D67B8329}"

[HKCR\CursorMania_7l.HTMLPanel.1]
"(Default)" = "CursorMania_7l HTML Panel"

[HKCR\CursorMania_7l.Radio\CurVer]
"(Default)" = "CursorMania_7l.Radio.1"

[HKCR\Interface\{9DC2A8C6-CAA9-4091-A981-43F8046871E7}]
"(Default)" = "ITemplateBarMenu"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"CrExtP7l.exe" = "0"

[HKCR\Interface\{5DBA49F3-E176-45D1-8DDF-5F2EB355218D}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b399346f-86d2-4f12-a62f-b2a2f1edffe6}]
"AppPath" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"Maximized" = "1"

[HKCR\CLSID\{C3150B5D-EB9F-48A4-877E-EFBDF4BBCFE7}\VersionIndependentProgID]
"(Default)" = "CursorMania_7l.HTMLMenu"

[HKCR\CLSID\{95ae571f-5d01-4906-81d0-a68fe90c6fbc}\VersionIndependentProgID]
"(Default)" = "CursorMania_7l.Radio"

[HKCR\CLSID\{936d1cc6-4508-4607-9638-8c714e9dc809}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\Interface\{1DEDADDF-2ECD-461D-8A9C-BA28DC415C67}]
"(Default)" = "HTMLPANEL_INTERFACE"

[HKCR\Interface\{214D64BF-1BCB-49C6-AE7E-58BB6408D1E3}\TypeLib]
"(Default)" = "{6994D519-FF43-4D58-B683-E7E8412417BB}"

[HKCR\TypeLib\{6994D519-FF43-4D58-B683-E7E8412417BB}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{13e0384e-b6f2-46ee-a142-b20a1478d3aa}\Version]
"(Default)" = "1.0"

[HKCR\CursorMania_7l.SettingsPlugin.1\CLSID]
"(Default)" = "{048bf3eb-871e-42e4-81f6-9be537287180}"

[HKCR\CLSID\{046656b7-81db-4683-8f33-c5f9d68c53d2}\TypeLib]
"(Default)" = "{f14bf0d2-ce92-41cd-9992-ca729da7e821}"

[HKCR\TypeLib\{70113B58-5B6A-4235-BBD1-0D1E990EE94E}\1.0\HELPDIR]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\CursorMania_7l.ScriptButton\CLSID]
"(Default)" = "{feb44bca-9c70-45a0-a962-a5e534f8dc9b}"

[HKCR\Interface\{9DC2A8C6-CAA9-4091-A981-43F8046871E7}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{17548802-C898-4222-98A8-F02FC10FB639}\TypeLib]
"(Default)" = "{82B4E11D-BEF0-4B3B-A5BF-96D01A7EC013}"

[HKCR\CLSID\{C3150B5D-EB9F-48A4-877E-EFBDF4BBCFE7}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{aa93fd8d-d03a-405e-84e9-93a125624fe1}\Version]
"(Default)" = "1.0"

[HKCR\Interface\{ED7391B3-3EA2-42DD-884D-8E37C9C2B360}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{82B4E11D-BEF0-4B3B-A5BF-96D01A7EC013}\1.0\0\win32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\t8res.dll\1807"

[HKCR\CLSID\{048bf3eb-871e-42e4-81f6-9be537287180}\VersionIndependentProgID]
"(Default)" = "CursorMania_7l.SettingsPlugin"

[HKCR\Interface\{5605F06E-EA58-4779-8BE3-0F39DF56F5ED}\TypeLib]
"(Default)" = "{4D5E4066-1A09-4802-8044-8160194DFF85}"

[HKCR\Interface\{33CA4386-5C7E-4BB6-94E6-D151042908ED}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{3e913929-da93-4e86-b222-1666108b11cd}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lhttpct.dll"

[HKCR\CursorMania_7l.MultipleButton]
"(Default)" = ""

[HKCR\Interface\{B743D69E-5BCB-480C-82DB-43B7E1F58B5A}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{13e0384e-b6f2-46ee-a142-b20a1478d3aa}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\CLSID\{52d3d8ae-26cc-4bb4-895f-4c3076293867}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lmlbtn.dll"

[HKCR\TypeLib\{F14BF0D2-CE92-41CD-9992-CA729DA7E821}\1.0\HELPDIR]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\Interface\{6FD9788D-A2B1-4F60-82C0-821C7592B5AA}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\CursorMania_7l\bar\Switches]
"ua" = "0"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"hpwl" = ".mywebsearch.com,.google.com,.yahoo.com,.bing.com,.msn.com"

[HKCR\CLSID\{06b27350-0480-4310-8dad-a4f2f92c292b}\Version]
"(Default)" = "1.0"

[HKCR\Interface\{DF9E213E-67FC-46CC-B07C-CB00C5800266}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{98238511-860F-4667-844C-7C917485EE20}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{C4E9898B-0E4E-47C4-917F-0C57E767E6CC}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{6fe99938-c415-4439-872e-13bcc723c15a}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{378854e0-558f-4984-ad03-9bb965674788}\TypeLib]
"(Default)" = "{a7d5c1a6-9070-44e1-b82f-e82a2e3d9818}"

[HKCR\CursorMania_7l.PseudoTransparentPlugin\CurVer]
"(Default)" = "CursorMania_7l.PseudoTransparentPlugin.1"

[HKCR\CLSID\{378854e0-558f-4984-ad03-9bb965674788}\VersionIndependentProgID]
"(Default)" = "CursorMania_7l.ThirdPartyInstaller"

[HKCR\CLSID\{0fc4a2bf-2d28-4cc7-9fde-a773870cd0a0}\VersionIndependentProgID]
"(Default)" = "CursorMania_7l.RadioSettings"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74486aa9-6773-4390-8af7-fd14e2847ba1}]
"AppPath" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\CLSID\{C3150B5D-EB9F-48A4-877E-EFBDF4BBCFE7}\ProgID]
"(Default)" = "CursorMania_7l.HTMLMenu.1"

[HKLM\SOFTWARE\MozillaPlugins\@CursorMania_7l.com/Plugin]
"Version" = "1.1.1.1"

[HKCR\Interface\{EECD4E3A-13FB-4D95-BB66-4DC195E757FA}\TypeLib]
"(Default)" = "{FB68A826-4C76-44BD-BF1F-470518348036}"

[HKCR\Interface\{8A71549B-FFC9-4D75-9A61-473CFB7815A9}]
"(Default)" = "ITemplateHTMLMenu"

[HKCR\CLSID\{046656b7-81db-4683-8f33-c5f9d68c53d2}\Version]
"(Default)" = "1.0"

[HKCR\CursorMania_7l.ThirdPartyInstaller]
"(Default)" = "CursorMania Third Party Installer"

[HKCR\Interface\{3C24AF8A-31E2-421C-AD96-665A3E5B67C5}]
"(Default)" = "BARFEEDMANAGER_INTERFACE"

[HKCR\Interface\{6C033763-C7ED-49BA-AD83-E19A97FE164B}]
"(Default)" = "ISessionData"

[HKCR\CursorMania_7l.FeedManager\CurVer]
"(Default)" = "CursorMania_7l.FeedManager.1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCR\TypeLib\{673FBE0B-33F4-46F1-8736-8E7916238097}\1.0\0\win32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\t8res.dll\1003"

[HKCR\CLSID\{74486aa9-6773-4390-8af7-fd14e2847ba1}\Version]
"(Default)" = "1.0"

[HKCR\Interface\{58A108D9-F693-45AB-9898-4964D4B4454C}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCR\CLSID\{78a0bec3-df7b-462b-96d3-97f343c142ee}\VersionIndependentProgID]
"(Default)" = "CursorMania_7l.ToolbarProtector"

[HKCR\CursorMania_7l.ThirdPartyInstaller.1\CLSID]
"(Default)" = "{378854e0-558f-4984-ad03-9bb965674788}"

[HKCR\CLSID\{0fc4a2bf-2d28-4cc7-9fde-a773870cd0a0}\Version]
"(Default)" = "1.0"

[HKCR\CursorMania_7l.FeedManager.1]
"(Default)" = ""

[HKCR\TypeLib\{FB68A826-4C76-44BD-BF1F-470518348036}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CursorMania_7l.HTMLMenu\CLSID]
"(Default)" = "{C3150B5D-EB9F-48A4-877E-EFBDF4BBCFE7}"

[HKCR\Interface\{B1B04DC3-F2B9-4B49-AD22-9DFBBC934DA3}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{378854e0-558f-4984-ad03-9bb965674788}\Version]
"(Default)" = "1.0"

[HKCR\Interface\{DF9E213E-67FC-46CC-B07C-CB00C5800266}\TypeLib]
"(Default)" = "{A7D5C1A6-9070-44E1-B82F-E82A2E3D9818}"

[HKCR\TypeLib\{673FBE0B-33F4-46F1-8736-8E7916238097}\1.0\HELPDIR]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\TypeLib\{CD209326-F710-4899-B1C5-A259D67B8329}\1.0]
"(Default)" = "Toolbar 1.0 Type Library"

[HKCR\Interface\{1DEDADDF-2ECD-461D-8A9C-BA28DC415C67}\TypeLib]
"(Default)" = "{8D7292B9-BA90-4077-A2DB-7F2ECBAE6F7D}"

[HKCR\TypeLib\{6994D519-FF43-4D58-B683-E7E8412417BB}\1.0\HELPDIR]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{627dabb4-b168-491e-937d-905352ce56b0}]
"AppName" = "7lmedint.exe"

[HKCR\Interface\{2A83DE02-497E-4177-AA10-3E7D7F42976D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"Visible" = "1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{920f6630-d481-47ea-8bfd-a4f447a09cac}]
"Policy" = "3"

[HKCR\Interface\{214D64BF-1BCB-49C6-AE7E-58BB6408D1E3}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{1DEDADDF-2ECD-461D-8A9C-BA28DC415C67}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"dir" = "%Program Files%\CursorMania_7l\bar\"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b399346f-86d2-4f12-a62f-b2a2f1edffe6}]
"Policy" = "3"

[HKCR\CursorMania_7l.HTMLPanel\CLSID]
"(Default)" = "{aa93fd8d-d03a-405e-84e9-93a125624fe1}"

[HKCR\CLSID\{aa93fd8d-d03a-405e-84e9-93a125624fe1}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\CursorMania_7l.ThirdPartyInstaller\CLSID]
"(Default)" = "{378854e0-558f-4984-ad03-9bb965674788}"

[HKCR\Interface\{8A71549B-FFC9-4D75-9A61-473CFB7815A9}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{B743D69E-5BCB-480C-82DB-43B7E1F58B5A}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{048bf3eb-871e-42e4-81f6-9be537287180}]
"(Default)" = ""

[HKCR\CursorMania_7l.Radio.1]
"(Default)" = ""

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5b9e2a0b-c94b-46a5-b53c-5892834c0d3e}" = ""

[HKCR\Interface\{18E45318-1D6C-436C-BCCF-596E7D9B50E5}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\CLSID\{6fe99938-c415-4439-872e-13bcc723c15a}]
"(Default)" = "DataCtrl Class"

[HKCR\Interface\{EECD4E3A-13FB-4D95-BB66-4DC195E757FA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CursorMania_7l.PseudoTransparentPlugin\CLSID]
"(Default)" = "{046656b7-81db-4683-8f33-c5f9d68c53d2}"

[HKCR\CLSID\{06b27350-0480-4310-8dad-a4f2f92c292b}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{C3150B5D-EB9F-48A4-877E-EFBDF4BBCFE7}]
"(Default)" = "CursorMania_7l HTML Menu"

[HKCR\Interface\{2A83DE02-497E-4177-AA10-3E7D7F42976D}\TypeLib]
"(Default)" = "{F14BF0D2-CE92-41CD-9992-CA729DA7E821}"

[HKCR\CLSID\{95ae571f-5d01-4906-81d0-a68fe90c6fbc}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{13e0384e-b6f2-46ee-a142-b20a1478d3aa}\VersionIndependentProgID]
"(Default)" = "CursorMania_7l.FeedManager"

[HKCR\CLSID\{0fc4a2bf-2d28-4cc7-9fde-a773870cd0a0}\TypeLib]
"(Default)" = "{673fbe0b-33f4-46f1-8736-8e7916238097}"

[HKLM\SOFTWARE\CursorMania_7l\bar\Integrators]
"AssistMonitor.dll" = ""

[HKLM\SOFTWARE\CursorMania_7l\bar\Integrators64]
"AssistMonitor64.dll" = ""

[HKCR\CursorMania_7l.HTMLPanel]
"(Default)" = "CursorMania_7l HTML Panel"

[HKLM\SOFTWARE\CursorMania_7l\Settings\SmileyCentralBtn]
"HTMLMenuPosDeleted" = "1"

[HKCR\CursorMania_7l.SettingsPlugin\CLSID]
"(Default)" = "{048bf3eb-871e-42e4-81f6-9be537287180}"

[HKCR\Interface\{B743D69E-5BCB-480C-82DB-43B7E1F58B5A}\TypeLib]
"(Default)" = "{CD209326-F710-4899-B1C5-A259D67B8329}"

[HKCR\Interface\{C4E9898B-0E4E-47C4-917F-0C57E767E6CC}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{2769F095-8435-4032-8EDD-17D5C773C878}\TypeLib]
"(Default)" = "{70113B58-5B6A-4235-BBD1-0D1E990EE94E}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{627dabb4-b168-491e-937d-905352ce56b0}]
"Policy" = "3"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"DeletedCustomizations" = "1"

[HKCR\CLSID\{74486aa9-6773-4390-8af7-fd14e2847ba1}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lskin.dll"

[HKCR\Interface\{B743D69E-5BCB-480C-82DB-43B7E1F58B5A}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{499FB94E-B038-4A1A-943D-8DF1B9B2921D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CursorMania_7l.MultipleButton\CLSID]
"(Default)" = "{52d3d8ae-26cc-4bb4-895f-4c3076293867}"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Mozilla Firefox\plugins\NP7lStub.dll,"

[HKCR\CLSID\{046656b7-81db-4683-8f33-c5f9d68c53d2}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lskin.dll"

[HKCR\CursorMania_7l.ScriptButton.1]
"(Default)" = ""

[HKCR\CLSID\{046656b7-81db-4683-8f33-c5f9d68c53d2}\VersionIndependentProgID]
"(Default)" = "CursorMania_7l.PseudoTransparentPlugin"

[HKCR\CursorMania_7l.RadioSettings.1\CLSID]
"(Default)" = "{0fc4a2bf-2d28-4cc7-9fde-a773870cd0a0}"

[HKCR\Interface\{5DBA49F3-E176-45D1-8DDF-5F2EB355218D}\TypeLib]
"(Default)" = "{CD209326-F710-4899-B1C5-A259D67B8329}"

[HKLM\SOFTWARE\CursorMania_7l\bar\Switches]
"ok" = "1"

[HKCR\TypeLib\{82B4E11D-BEF0-4B3B-A5BF-96D01A7EC013}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Interface\{8A71549B-FFC9-4D75-9A61-473CFB7815A9}\TypeLib]
"(Default)" = "{FB68A826-4C76-44BD-BF1F-470518348036}"

[HKCR\CLSID\{52d3d8ae-26cc-4bb4-895f-4c3076293867}\ProgID]
"(Default)" = "CursorMania_7l.MultipleButton.1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\CLSID\{13e0384e-b6f2-46ee-a142-b20a1478d3aa}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\CursorMania_7l\bar\Switches]
"au" = "1"

[HKCR\TypeLib\{8D7292B9-BA90-4077-A2DB-7F2ECBAE6F7D}\1.0\HELPDIR]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\TypeLib\{4D5E4066-1A09-4802-8044-8160194DFF85}\1.0]
"(Default)" = "DataCtrl 1.0 Type Library"

[HKCR\CursorMania_7l.MultipleButton\CurVer]
"(Default)" = "CursorMania_7l.MultipleButton.1"

[HKCR\CLSID\{74486aa9-6773-4390-8af7-fd14e2847ba1}\TypeLib]
"(Default)" = "{f14bf0d2-ce92-41cd-9992-ca729da7e821}"

[HKCU\Software\Classes\CLSID\{5b9e2a0b-c94b-46a5-b53c-5892834c0d3e}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{5605F06E-EA58-4779-8BE3-0F39DF56F5ED}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{aa93fd8d-d03a-405e-84e9-93a125624fe1}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\T8HTML.DLL"

[HKCR\Interface\{E8A78AAB-4782-4E25-9000-013164D4E337}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{E92B8943-D67E-4CE9-AEAC-42EFC40E4C56}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{aa93fd8d-d03a-405e-84e9-93a125624fe1}]
"(Default)" = ""

[HKCR\Interface\{17548802-C898-4222-98A8-F02FC10FB639}]
"(Default)" = "IProtectorControl"

[HKCR\CLSID\{378854e0-558f-4984-ad03-9bb965674788}\MiscStatus]
"(Default)" = "0"

[HKCR\TypeLib\{673FBE0B-33F4-46F1-8736-8E7916238097}\1.0]
"(Default)" = "RADIOLib"

[HKCR\CLSID\{0fc4a2bf-2d28-4cc7-9fde-a773870cd0a0}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{936d1cc6-4508-4607-9638-8c714e9dc809}]
"(Default)" = "Toolbar BHO"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A 3D CA 5C 83 89 16 1A DD 5D E4 80 FF D6 FD 45"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"UninstallFFString" = "%Program Files%\CursorMania_7l\bar\1.bin\7lhighin.exe 7lbar.dll,O uninstalltype=FF"

[HKCR\Interface\{1DEDADDF-2ECD-461D-8A9C-BA28DC415C67}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{B743D69E-5BCB-480C-82DB-43B7E1F58B5A}]
"(Default)" = "ITemplateBarSettings"

[HKCR\CLSID\{aa93fd8d-d03a-405e-84e9-93a125624fe1}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"sr" = "0"

[HKCR\TypeLib\{82B4E11D-BEF0-4B3B-A5BF-96D01A7EC013}\1.0]
"(Default)" = "ToolbarProtector 1.0 Type Library"

[HKCR\CLSID\{36d95f1d-129f-495e-99bd-df1ba6320e51}]
"(Default)" = "Disable Addon Rebuttal Control"

[HKCR\CLSID\{13e0384e-b6f2-46ee-a142-b20a1478d3aa}\TypeLib]
"(Default)" = "{70113b58-5b6a-4235-bbd1-0d1e990ee94e}"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"PID" = "^ZC^yyyyyy^YYA^ua"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\MozillaPlugins\@CursorMania_7l.com/Plugin\MimeTypes\application/x-cursormania_7lplugin]
"Description" = "CursorMania Plugin"

[HKCR\Interface\{5605F06E-EA58-4779-8BE3-0F39DF56F5ED}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CursorMania_7l.RadioSettings.1]
"(Default)" = ""

[HKCR\Interface\{6FD9788D-A2B1-4F60-82C0-821C7592B5AA}\TypeLib]
"(Default)" = "{8D7292B9-BA90-4077-A2DB-7F2ECBAE6F7D}"

[HKLM\SOFTWARE\MozillaPlugins\@CursorMania_7l.com/Plugin]
"Description" = "CursorMania Plugin"

[HKCR\CLSID\{78a0bec3-df7b-462b-96d3-97f343c142ee}]
"(Default)" = "ProtectorControl Class"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a0b52a13-af5d-476e-a023-e5db76e923d3}]
"Policy" = "3"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"un" = "CursorMania"

[HKCR\Interface\{3C24AF8A-31E2-421C-AD96-665A3E5B67C5}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{2769F095-8435-4032-8EDD-17D5C773C878}\TypeLib]
"Version" = "1.0"

[HKCR\CursorMania_7l.HTMLMenu.1]
"(Default)" = "CursorMania_7l HTML Menu"

[HKCR\Interface\{5DBA49F3-E176-45D1-8DDF-5F2EB355218D}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MozillaPlugins\@CursorMania_7l.com/Plugin\MimeTypes\application/x-cursormania_7lplugin]
"Suffixes" = "7l"

[HKLM\SOFTWARE\CursorMania_7l\bar\Switches]
"nd" = "0"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7}" = ""

[HKCR\Interface\{AC564260-86FC-4BC9-9BDC-6884C0091CE4}\TypeLib]
"Version" = "1.0"

[HKCR\CursorMania_7l.RadioSettings\CLSID]
"(Default)" = "{0fc4a2bf-2d28-4cc7-9fde-a773870cd0a0}"

[HKLM\SOFTWARE\CursorMania_7l\bar\Switches]
"nk" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CursorMania_7lbar Uninstall Internet Explorer]
"UninstallString" = "rundll32 %Program Files%\CursorMania_7l\bar\1.bin\7lBar.dll,O mindsparktoolbarkey=CursorMania_7l uninstalltype=IE"

[HKCR\CursorMania_7l.HTMLMenu.1\CLSID]
"(Default)" = "{C3150B5D-EB9F-48A4-877E-EFBDF4BBCFE7}"

[HKCR\TypeLib\{98238511-860F-4667-844C-7C917485EE20}\1.0\0\win32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\t8res.dll\625"

[HKCR\CLSID\{95ae571f-5d01-4906-81d0-a68fe90c6fbc}]
"(Default)" = ""

[HKCR\Interface\{17548802-C898-4222-98A8-F02FC10FB639}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{5605F06E-EA58-4779-8BE3-0F39DF56F5ED}]
"(Default)" = "IDataCtrl"

[HKCR\CLSID\{feb44bca-9c70-45a0-a962-a5e534f8dc9b}\ProgID]
"(Default)" = "CursorMania_7l.ScriptButton.1"

[HKCR\Interface\{AC564260-86FC-4BC9-9BDC-6884C0091CE4}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{E92B8943-D67E-4CE9-AEAC-42EFC40E4C56}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{CD209326-F710-4899-B1C5-A259D67B8329}\1.0\0\win32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\t8res.dll\626"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CursorMania_7lbar Uninstall Internet Explorer]
"Publisher" = "Mindspark Interactive Network"

[HKCR\TypeLib\{FB68A826-4C76-44BD-BF1F-470518348036}\1.0\0\win32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\t8res.dll\1604"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"Build" = "115.59444"

[HKLM\SOFTWARE\CursorMania_7l\bar\Integrators64]
"HPG64.DLL" = ""

[HKCR\CLSID\{046656b7-81db-4683-8f33-c5f9d68c53d2}]
"(Default)" = "Pseudo Transparent Plugin"

[HKCR\TypeLib\{A7D5C1A6-9070-44E1-B82F-E82A2E3D9818}\1.0\HELPDIR]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin"

[HKCR\Interface\{58A108D9-F693-45AB-9898-4964D4B4454C}]
"(Default)" = "IHttpControlEvents"

[HKCR\CLSID\{C3150B5D-EB9F-48A4-877E-EFBDF4BBCFE7}\InprocServer32]
"(Default)" = "%Program Files%\CursorMania_7l\bar\1.bin\7lhtmlmu.dll"

[HKCR\Interface\{920F6630-D481-47EA-8BFD-A4F447A09CAC}]
"(Default)" = "_ITemplateBarSettingsEvents"

[HKCR\CursorMania_7l.HTMLMenu\CurVer]
"(Default)" = "CursorMania_7l.HTMLMenu.1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b743d69e-5bcb-480c-82db-43b7e1f58b5a}]
"Policy" = "3"

[HKCR\Interface\{5DBA49F3-E176-45D1-8DDF-5F2EB355218D}]
"(Default)" = "ITemplateBarControl"

[HKCR\Interface\{DF9E213E-67FC-46CC-B07C-CB00C5800266}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{048bf3eb-871e-42e4-81f6-9be537287180}]
"(Default)" = ""

[HKLM\SOFTWARE\MozillaPlugins\@CursorMania_7l.com/Plugin]
"vendor" = "CursorMania_7l"

[HKCR\Interface\{272414F2-44B4-48A3-8FCD-0C9A12FE588F}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"PartnerPixelNotSet" = ""

[HKCR\CLSID\{52d3d8ae-26cc-4bb4-895f-4c3076293867}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{3C24AF8A-31E2-421C-AD96-665A3E5B67C5}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{0fc4a2bf-2d28-4cc7-9fde-a773870cd0a0}\ProgID]
"(Default)" = "CursorMania_7l.RadioSettings.1"

[HKCR\CLSID\{13e0384e-b6f2-46ee-a142-b20a1478d3aa}\MiscStatus]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a0b52a13-af5d-476e-a023-e5db76e923d3}]
"AppName" = "CrExtP7l.exe"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"ID" = "3D4D7956-DFB1-4C00-9DBA-6608C186B6A4"

[HKLM\SOFTWARE\MozillaPlugins\@CursorMania_7l.com/Plugin]
"Path" = "%Program Files%\CursorMania_7l\bar\1.bin\NP7lStub.dll"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{936d1cc6-4508-4607-9638-8c714e9dc809}]
"(Default)" = ""

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorMania Search Scope Monitor" = "C:\PROGRA~1\CURSOR~2\bar\1.bin\7lsrchmn.exe /m=2 /w /h"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorMania Home Page Guard 32 bit" = "C:\PROGRA~1\CURSOR~2\bar\1.bin\AppIntegrator.exe"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76cab667-1cd5-410f-8047-b08ab01a92a2}]
"(Default)" = ""

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorMania_7l Browser Plugin Loader" = "C:\PROGRA~1\CURSOR~2\bar\1.bin\7lbrmon.exe"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\CursorMania_7l\bar\Integrators]
[HKLM\SOFTWARE\MozillaPlugins\@CursorMania_7l.com/Plugin\MimeTypes\application/x-cursormania_7lplugin]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76cab667-1cd5-410f-8047-b08ab01a92a2}]
[HKLM\SOFTWARE\MozillaPlugins\@CursorMania_7l.com/Plugin\MimeTypes]
[HKLM\SOFTWARE\MozillaPlugins\@CursorMania_7l.com/Plugin]

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\CursorMania_7l\bar]
"un"

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"

[HKLM\SOFTWARE\CursorMania_7l\bar]
"ConfigDateStamp"
"pid2"

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorMania Home Page Guard 32 bit"

"CursorMania Search Scope Monitor"

"CursorMania Plugin"

The process firefox.exe:2692 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
"TypesSupported" = "7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\SystemCertificates\CA\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 49 58 47 A9"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\firefox\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 42 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "16 F2 93 98 6A 52 2A 8D 19 7D AE 55 CA 3D A7 77"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\firefox\DEBUG]
"Trace Level"

[HKCU\Software\Microsoft\SystemCertificates\CA\Certificates]
"495847A93187CFB8C71F840CB7B41497AD95C64F"

The process CursorManiaSetup.exe:2788 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 8F 27 B3 3C 7F 6B D8 AB 09 6A 74 A4 9E 72 1E"

[HKLM\SOFTWARE\CursorMania_7l\bar\Switches]
"ua" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page" = "http://home.tb.ask.com/index.jhtml?n=77FD35DB&p2=^ZC^yyyyyy^YYA^ua&ptb=3D4D7956-DFB1-4C00-9DBA-6608C186B6A4"

[HKCU\Software\CursorMania_7l\Events\EventData]
"00000001_5" = "01 00 00 00 22 7E 99 53 00 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\CursorMania_7l\bar\Switches]
"ffTabs" = "1"
"ps" = "1"
"ie9disable" = "1"

[HKCU\Software\CursorMania_7l\bar]
"HomePage" = "http://home.tb.ask.com/index.jhtml?n=77FD35DB&p2=^ZC^yyyyyy^YYA^ua&ptb=3D4D7956-DFB1-4C00-9DBA-6608C186B6A4"

[HKLM\SOFTWARE\CursorMania_7l\bar\Switches]
"hpp" = "1"
"7lSrcAs.dll" = "1"
"nodns" = "0"

[HKCU\Software\CursorMania_7l\Events\EventData]
"00000000_7" = "01 00 00 00 22 7E 99 53 00 00 00 00 00 00 00 00"
"00000001_6" = "01 00 00 00 22 7E 99 53 00 00 00 00 00 00 00 00"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\CursorMania_7l\bar]
"spd"
"tiesd"

The process {0059BF96-494D-4635-B0DE-1CF697754AD6}.exe:2688 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B9 C1 86 C1 F2 AD 70 D4 D8 5E 41 E4 95 4A 3A 99"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process rundll32.exe:3704 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AF D9 B9 0E 37 6E 0F 82 E8 83 59 A1 7C 29 59 DF"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\CursorMania_7lEI\Installer]
"CheckForConnection" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\CursorMania_7lEI\Installer]
"CacheDir" = "%Program Files%\CursorMania_7lEI\Installr\Cache\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 40 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\Mozilla Firefox\plugins\NP7lStub.dll, , \??\%Program Files%\Mozilla Firefox\chrome\7lffxtbr.jar, , \??\%Program Files%\Mozilla Firefox\chrome\7lffxtbr.manifest, , \??\C:\PROGRA~1\CURSOR~1\Installr\Cache\00137D90.exe,"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\CursorMania_7lEI\Installer]
[HKLM\SOFTWARE\CursorMania_7lEI]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process rundll32.exe:2856 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "92 15 3A 27 41 CE BD CD A8 38 95 24 CE 7C D8 7C"

The process 7lHighIn.exe:2308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4F DD 08 95 F2 50 AF 43 CD B1 C7 4A D2 AB E1 E4"

The process msfeedssync.exe:2080 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9C 7A 17 1F A3 57 75 C7 42 3C 53 FF 1C BE CF 18"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Internet Explorer\Suggested Sites]
"DeletePending" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Internet Explorer\Main\WindowsSearch]
"Version" = "WS not installed"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 49 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Internet Explorer\Suggested Sites]
"MigrationTime" = "30 79 C9 C7 27 86 CF 01"
"UploadDiagInfo" = "1C 5C 00 00 71 17 00 08 80 00 00 00 08 00 0C 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process 7lbrmon.exe:1916 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 63 D9 97 94 53 C8 C1 13 E6 46 E9 11 4E 52 D0"

The process irsetup.exe:2992 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""
"Fonts" = "%WinDir%\Fonts"
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 87 B3 42 84 02 D9 92 5D A5 90 B4 4B 37 C5 6D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

The process irsetup.exe:1740 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\PSS.ScreenSaverControl.1]
"(Default)" = "ScreenSaverControl Class"

[HKLM\SOFTWARE\MozillaPlugins\@popularscreensavers.com/Plugin\MimeTypes\application/x-pss-popularscreensaversplugin]
"Description" = "Popular Screensavers Plugin"

[HKCR\CLSID\{C39937A0-C59D-4506-A9FC-0A0138192287}\InprocServer32]
"ThreadingModel" = "Both"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCR\TypeLib\{B2E5F9A4-0587-4525-8602-E08E32510243}\1.0\0\win32]
"(Default)" = "%Program Files%\PopularScreensavers\p5Html.dll"

[HKCR\Interface\{C39937A7-C59D-4506-A9FC-0A0138192287}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{A73204A3-4E2A-4924-95DA-D5DF58717368}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8798BBE7-DDF6-448B-AE0E-83C9E28A5598}]
"AppName" = "p5PSSavr.scr"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKCR\TypeLib\{C39937A5-C59D-4506-A9FC-0A0138192287}\1.0\0\win32]
"(Default)" = "%Program Files%\PopularScreensavers\p5ScrCtr.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\MozillaPlugins\@popularscreensavers.com/Plugin]
"Version" = "1.1.1.1"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8798BBE7-DDF6-448B-AE0E-83C9E28A5598}]
"Policy" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C39937A9-C59D-4506-A9FC-0A0138192287}]
"(Default)" = ""

[HKCR\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}]
"(Default)" = "ScreenSaverControl Class"

[HKCR\PSS.ScreenSaverControl]
"(Default)" = "ScreenSaverControl Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}]
"(Default)" = ""

[HKCR\PSS.HTMLPanel\CLSID]
"(Default)" = "{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCR\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}\MiscStatus]
"(Default)" = "0"

[HKCR\Interface\{B5DB5A94-1E55-4E2E-AA50-49C8C8215D56}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{A73204A3-4E2A-4924-95DA-D5DF58717368}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}\ProgID]
"(Default)" = "PSS.HTMLPanel.1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Music" = "%Documents and Settings%\%current user%\My Documents\My Music"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCR\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}\Version]
"(Default)" = "1.0"

[HKCR\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}\MiscStatus\1]
"(Default)" = "131473"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F37BCE7B-6055-418C-A301-E715F36F1E79}]
"Policy" = "3"

[HKCR\Interface\{C39937AB-C59D-4506-A9FC-0A0138192287}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}\TypeLib]
"(Default)" = "{C39937A5-C59D-4506-A9FC-0A0138192287}"

[HKCR\Interface\{C39937AB-C59D-4506-A9FC-0A0138192287}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\Interface\{C39937A7-C59D-4506-A9FC-0A0138192287}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}\TypeLib]
"(Default)" = "{B2E5F9A4-0587-4525-8602-E08E32510243}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCR\CLSID\{6FB5B50A-863D-4C0D-8E84-92A59565D087}\InprocServer32]
"(Default)" = "%Program Files%\PopularScreensavers\p5cjpeg.dll"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8798BBE7-DDF6-448B-AE0E-83C9E28A5598}]
"AppPath" = "%System%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCR\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}\MiscStatus]
"(Default)" = "0"

[HKCR\Interface\{C39937A7-C59D-4506-A9FC-0A0138192287}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{B2E5F9A4-0587-4525-8602-E08E32510243}\1.0\HELPDIR]
"(Default)" = "%Program Files%\PopularScreensavers\"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AD F7 9B 15 7E 0D E3 51 1F 67 4C 25 6C F3 3E 41"

[HKCR\Interface\{C39937AB-C59D-4506-A9FC-0A0138192287}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{C39937A5-C59D-4506-A9FC-0A0138192287}\1.0\HELPDIR]
"(Default)" = "%Program Files%\PopularScreensavers\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\PopularScreensavers\ScreenSaver]
"ImagesDir" = "%Program Files%\PopularScreensavers\ScreenSaver\Images\"

[HKCR\CLSID\{6FB5B50A-863D-4C0D-8E84-92A59565D087}\InprocServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}\MiscStatus\1]
"(Default)" = "131473"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F37BCE7B-6055-418C-A301-E715F36F1E79}]
"AppPath" = "%Program Files%\PopularScreensavers"

[HKCR\PSS.ScreenSaverControl.1\CLSID]
"(Default)" = "{C39937A9-C59D-4506-A9FC-0A0138192287}"

[HKCR\TypeLib\{C39937A5-C59D-4506-A9FC-0A0138192287}\1.0]
"(Default)" = "ScreenSaverControl 1.0 Type Library"

[HKCR\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}\Version]
"(Default)" = "1.0"

[HKCR\CLSID\{C39937A0-C59D-4506-A9FC-0A0138192287}]
"(Default)" = "ExplorerStub Class"

[HKCR\Interface\{A73204A3-4E2A-4924-95DA-D5DF58717368}]
"(Default)" = "_IPSSHTMLPanelEvents"

[HKCR\CLSID\{C39937A0-C59D-4506-A9FC-0A0138192287}\InprocServer32]
"(Default)" = "%Program Files%\PopularScreensavers\p5ScrCtr.dll"

[HKCR\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}\VersionIndependentProgID]
"(Default)" = "PSS.ScreenSaverControl"

[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\p5pss]
"runtime" = "1"

[HKCR\Interface\{C39937A7-C59D-4506-A9FC-0A0138192287}\TypeLib]
"(Default)" = "{C39937A5-C59D-4506-A9FC-0A0138192287}"

[HKCR\Interface\{C39937A7-C59D-4506-A9FC-0A0138192287}]
"(Default)" = "IScreenSaverInstaller"

[HKCR\Interface\{B5DB5A94-1E55-4E2E-AA50-49C8C8215D56}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{C39937AB-C59D-4506-A9FC-0A0138192287}]
"(Default)" = "IMonitorEvents"

[HKCR\PSS.HTMLPanel]
"(Default)" = "PSS HTML Panel"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCR\PSS.ScreenSaverControl\CLSID]
"(Default)" = "{C39937A9-C59D-4506-A9FC-0A0138192287}"

[HKLM\SOFTWARE\MozillaPlugins\@popularscreensavers.com/Plugin]
"Description" = "Popular Screensavers Plugin"

[HKCR\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}\InprocServer32]
"(Default)" = "%Program Files%\PopularScreensavers\p5ScrCtr.dll"

[HKCR\PSS.ScreenSaverControl\CurVer]
"(Default)" = "PSS.ScreenSaverControl.1"

[HKLM\SOFTWARE\PopularScreensavers]
"JpegConversionLib" = "%Program Files%\PopularScreensavers\p5cjpeg.dll"

[HKCR\PSS.HTMLPanel.1]
"(Default)" = "PSS HTML Panel"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\p5ScrCtr.dll]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\TypeLib\{B2E5F9A4-0587-4525-8602-E08E32510243}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\MozillaPlugins\@popularscreensavers.com/Plugin]
"Path" = "%Program Files%\PopularScreensavers\NPp5Stub.dll"

[HKCR\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}]
"(Default)" = "PSS HTML"

[HKCR\Interface\{B5DB5A94-1E55-4E2E-AA50-49C8C8215D56}\TypeLib]
"(Default)" = "{B2E5F9A4-0587-4525-8602-E08E32510243}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Video" = ""

[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dat]
"runtime" = "6"
"Permissions" = "33"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F37BCE7B-6055-418C-A301-E715F36F1E79}]
"AppName" = "p5medint.exe"

[HKCR\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}\VersionIndependentProgID]
"(Default)" = "PSS.HTMLPanel"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}\ProgID]
"(Default)" = "PSS.ScreenSaverControl.1"

[HKCR\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}\InprocServer32]
"(Default)" = "%Program Files%\PopularScreensavers\p5Html.dll"

[HKCR\Interface\{C39937AB-C59D-4506-A9FC-0A0138192287}\TypeLib]
"(Default)" = "{C39937A5-C59D-4506-A9FC-0A0138192287}"

[HKCR\Interface\{B5DB5A94-1E55-4E2E-AA50-49C8C8215D56}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\sources]
"p5PopularScreensavers" = "%Program Files%\PopularScreensavers\p5ScrCtr.dll"

[HKCR\TypeLib\{B2E5F9A4-0587-4525-8602-E08E32510243}\1.0]
"(Default)" = "HTML 1.0 Type Library"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\TypeLib\{C39937A5-C59D-4506-A9FC-0A0138192287}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\MozillaPlugins\@popularscreensavers.com/Plugin\MimeTypes\application/x-pss-popularscreensaversplugin]
"Suffixes" = "pss"

[HKCR\Interface\{A73204A3-4E2A-4924-95DA-D5DF58717368}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCR\PSS.HTMLPanel\CurVer]
"(Default)" = "PSS.HTMLPanel.1"

[HKCR\Interface\{B5DB5A94-1E55-4E2E-AA50-49C8C8215D56}]
"(Default)" = "IPSSHTMLPanel"

[HKCR\PSS.HTMLPanel.1\CLSID]
"(Default)" = "{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}"

[HKCR\Interface\{A73204A3-4E2A-4924-95DA-D5DF58717368}\TypeLib]
"(Default)" = "{B2E5F9A4-0587-4525-8602-E08E32510243}"

[HKLM\SOFTWARE\PopularScreensavers\ScreenSaver]
"PluginPath" = "%Program Files%\PopularScreensavers\"

[HKLM\SOFTWARE\MozillaPlugins\@popularscreensavers.com/Plugin]
"vendor" = "Popular Screensavers"

The Trojan deletes the following registry key(s):

[HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.dat]

The process UPDATER.EXE:3056 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"gchljcfaonjffjifnjlcalnhgdmjckhg Upgrader" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\gch30.tmp\UPDATER.EXE"

Dropped PE files

MD5	File path
d9765a7a93a3e0829425b2669eaa629b	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\7lffxtbr@CursorMania_7l.com\plugins\EXEManager.dll
9accb2b96456018977c65073f0b30942	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\7lffxtbr@CursorMania_7l.com\plugins\NativeMessagingDispatcher.dll
77290fbcc403079b1a587be11ccfb99a	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\7lffxtbr@CursorMania_7l.com\plugins\Verify.dll
749521c1a3ea9aa6a7f86ab00695bf87	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gchljcfaonjffjifnjlcalnhgdmjckhg\8.27.3.62908_0\plugins\7lChromePlugIn.dll
cdd478f81fe68d5780fa4bbc63d29cd0	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gchljcfaonjffjifnjlcalnhgdmjckhg\8.27.3.62908_0\plugins\EXEManager.dll
5068bafcda666e016a2048cf202d74e1	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gchljcfaonjffjifnjlcalnhgdmjckhg\8.27.3.62908_0\plugins\SearchControl.dll
dbc97493c06dc8230ada6f65106ec0db	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gchljcfaonjffjifnjlcalnhgdmjckhg\8.27.3.62908_0\plugins\Verify.dll
bfae724ff37f854aa097389c06cd553c	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\gch30.tmp\SQLITE3.DLL
ce751102e6326febd3fe4f69c5f6bb2d	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\gch30.tmp\T8SQL.DLL
bcbbe02560edb272d2f937751b1ee4a2	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\gch30.tmp\UPDATER.EXE
bfddff2c1b9ba4717ff680799bac568d	c:\Documents and Settings\"%CurrentUserName%"\My Documents\Downloads\CursorManiaSetup.exe
6646ab00512e61614979bfaeb5d46866	c:\Program Files\CursorMania\CursorMania.exe
b5fc476c1bf08d5161346cc7dd4cb0ba	c:\Program Files\CursorMania\lua5.1.dll
825775e1b421bc5b442d7c477325e01e	c:\Program Files\CursorMania\uninstall.exe
d25bd6e8d84c2f7403ef94fa0081d8b5	c:\Program Files\CursorMania_7lEI\Installr\1.bin\7lEIPlug.dll
394062db10031c60e6c6f17f3fc55745	c:\Program Files\CursorMania_7lEI\Installr\1.bin\7lEZSETP.dll
2ca0ed6ecc9d3a18bea4b957ab617773	c:\Program Files\CursorMania_7lEI\Installr\1.bin\NP7lEISb.dll
cb668b1abc31788b8d5406b21f01c986	c:\Program Files\CursorMania_7lEI\Installr\Cache\00137D90.exe
bf28f98daf8826b65923273d3e406930	c:\Program Files\CursorMania_7l\bar\1.bin\7lPlugin.dll
31f0fd888f41c6e4b05a8a26a6257bbb	c:\Program Files\CursorMania_7l\bar\1.bin\7lSrcAs.dll
466af3fbfdd028b3d90238425c367b7e	c:\Program Files\CursorMania_7l\bar\1.bin\7lSrchMn.exe
bef81913920b66f99cce1b8b94d2335d	c:\Program Files\CursorMania_7l\bar\1.bin\7lauxstb.dll
a842b26aee3d1312bda37096c8490b39	c:\Program Files\CursorMania_7l\bar\1.bin\7lauxstb64.dll
96a060cf33a2c42617cf13224a47db07	c:\Program Files\CursorMania_7l\bar\1.bin\7lbar.dll
54d6bc524f1fb026d6eb569581e38885	c:\Program Files\CursorMania_7l\bar\1.bin\7lbarsvc.exe
eb8ced3dac43ca1bf66d78481df2a8f1	c:\Program Files\CursorMania_7l\bar\1.bin\7lbprtct.dll
2c0a45683112082493b1fb3c09c60184	c:\Program Files\CursorMania_7l\bar\1.bin\7lbrmon.exe
4ba7d9e73d47039bd34396ceb679318f	c:\Program Files\CursorMania_7l\bar\1.bin\7lbrmon64.exe
e46963ec2bc3d0ed27a61f0697544196	c:\Program Files\CursorMania_7l\bar\1.bin\7lbrstub.dll
f04c0efeafa8302e5b52d13cb0916ed3	c:\Program Files\CursorMania_7l\bar\1.bin\7lbrstub64.dll
5fea0081f2bf39ac0bef44e86b52c4dc	c:\Program Files\CursorMania_7l\bar\1.bin\7ldatact.dll
9c59c1140075060c08e93b39c0ed94b4	c:\Program Files\CursorMania_7l\bar\1.bin\7ldlghk.dll
b8efb8d32dc96ed0d473dcd3a5e58ed8	c:\Program Files\CursorMania_7l\bar\1.bin\7ldlghk64.dll
a738286620be77bec9ca13b389864d96	c:\Program Files\CursorMania_7l\bar\1.bin\7lfeedmg.dll
aa82a2d20c3525f0b850ec67dab2a448	c:\Program Files\CursorMania_7l\bar\1.bin\7lhighin.exe
e0d399dfb42ca6a24c40b4d38d0db3a3	c:\Program Files\CursorMania_7l\bar\1.bin\7lhkstub.dll
4c7b28b8ae8013d8359f2d0a316e5d3e	c:\Program Files\CursorMania_7l\bar\1.bin\7lhtmlmu.dll
ebbf5d6394bed262727f72dc321789c2	c:\Program Files\CursorMania_7l\bar\1.bin\7lhttpct.dll
97190b606220d99b1f2c1dc8be34ad90	c:\Program Files\CursorMania_7l\bar\1.bin\7lidle.dll
aedf3f97b88562ce2d5128c9422718c1	c:\Program Files\CursorMania_7l\bar\1.bin\7lieovr.dll
bb601f008cda03b0cdc8188d084d9960	c:\Program Files\CursorMania_7l\bar\1.bin\7lmedint.exe
212f000542b3526744f6444cddf66c33	c:\Program Files\CursorMania_7l\bar\1.bin\7lmlbtn.dll
99314afe1aa7f154766c7b10b1b7e90d	c:\Program Files\CursorMania_7l\bar\1.bin\7lradio.dll
05e7f2c19ae83dd990a6960a19755752	c:\Program Files\CursorMania_7l\bar\1.bin\7lregfft.dll
b92c71d0ba7098f565520266e6b987d9	c:\Program Files\CursorMania_7l\bar\1.bin\7lreghk.dll
b927852e2e860edbc4d2ec2b436cfaba	c:\Program Files\CursorMania_7l\bar\1.bin\7lregiet.dll
74376b99e024766343eb5c18dd06040a	c:\Program Files\CursorMania_7l\bar\1.bin\7lscript.dll
2fd72a0a4fc75b4371f22252e443b245	c:\Program Files\CursorMania_7l\bar\1.bin\7lskin.dll
f59ea63eaa060998c359fcbfdbc8c7d7	c:\Program Files\CursorMania_7l\bar\1.bin\7lskplay.exe
9f1f27aaedca28c35f7ec1484c53b6e5	c:\Program Files\CursorMania_7l\bar\1.bin\7lsrchmr.dll
cf0646bb879911192c833e314e0afc57	c:\Program Files\CursorMania_7l\bar\1.bin\7ltpinst.dll
660d435be4a48b8d941e5dcf30ac1974	c:\Program Files\CursorMania_7l\bar\1.bin\APPINTEGRATOR.EXE
d5d454ca320d6f9128c1e8231d8118c1	c:\Program Files\CursorMania_7l\bar\1.bin\APPINTEGRATORSTUB.DLL
e5d70d21eb26491111de57256319e340	c:\Program Files\CursorMania_7l\bar\1.bin\ASSISTMONITOR.DLL
8584203f010ab90bfde264a7c0879413	c:\Program Files\CursorMania_7l\bar\1.bin\ASSISTMONITOR64.DLL
f68778b356218f4cbfd5c2c19419c0a0	c:\Program Files\CursorMania_7l\bar\1.bin\AppIntegrator64.exe
755ef214e8e5c2b5736c2e0fac4fe561	c:\Program Files\CursorMania_7l\bar\1.bin\AppIntegratorStub64.dll
adc32dbe2fa1caae9c213bbfb6b02a9b	c:\Program Files\CursorMania_7l\bar\1.bin\CREXT.DLL
c9fecbc3ec683b4b60cf45ebae9abfcd	c:\Program Files\CursorMania_7l\bar\1.bin\CrExtP7l.exe
5fe1c74f008496c30bbaf7689cd2fb74	c:\Program Files\CursorMania_7l\bar\1.bin\DPNMNGR.DLL
eb09437e0e2ddd52045904fa59e2b545	c:\Program Files\CursorMania_7l\bar\1.bin\EXEMANAGER.DLL
196a5d0149f1fb1aa393d4850d46f0c5	c:\Program Files\CursorMania_7l\bar\1.bin\FF-NativeMessagingDispatcher.dll
629badd33fbba164acff36bc5a932460	c:\Program Files\CursorMania_7l\bar\1.bin\Hpg64.dll
530b08bba6afbfdc3f6987d49dfda5cd	c:\Program Files\CursorMania_7l\bar\1.bin\NP7lStub.dll
fd7ee723718078825bc79e360e4f04d3	c:\Program Files\CursorMania_7l\bar\1.bin\T8EPMSUP.DLL
5db285aa198bf18c4974c36308cac1d4	c:\Program Files\CursorMania_7l\bar\1.bin\T8EXTEX.DLL
929d9ac6f8685c3d4a7124d8ec1aa485	c:\Program Files\CursorMania_7l\bar\1.bin\T8EXTPEX.DLL
edf1686c822889284c49fceaf35f55ec	c:\Program Files\CursorMania_7l\bar\1.bin\T8HTML.DLL
a732cbcecd9816ffb6ed95301a264658	c:\Program Files\CursorMania_7l\bar\1.bin\T8RES.DLL
888774ec0b5329e16b1d525c2a855801	c:\Program Files\CursorMania_7l\bar\1.bin\T8TICKER.DLL
383501cf66739c8e70b282ab5b2ab261	c:\Program Files\CursorMania_7l\bar\1.bin\TPIMANAGERCONSOLE.EXE
738237d7f25abb8874ab383e04cc8d61	c:\Program Files\CursorMania_7l\bar\1.bin\UNIFIEDLOGGING.DLL
2cd291d761752e1abf80f05e0199a907	c:\Program Files\CursorMania_7l\bar\1.bin\VERIFY.DLL
0e57218f3c13b9cc91a0869a064176e8	c:\Program Files\CursorMania_7l\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL
c895957b79fbd05f9c580666c4def142	c:\Program Files\CursorMania_7l\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL
fe0e9832decb6f345555837972eb244b	c:\Program Files\CursorMania_7l\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE
7036df82608fdb7271ac94c3bf34a8d8	c:\Program Files\CursorMania_7l\bar\1.bin\{0059BF96-494D-4635-B0DE-1CF697754AD6}.exe
0b1934dff4f21ee9e64977c2fec6d0de	c:\Program Files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
0b1934dff4f21ee9e64977c2fec6d0de	c:\Program Files\Google\Chrome\Application\35.0.1916.153\Installer\setup.exe
5e549173e80829d2b6e2c74bc63420cd	c:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
2db442f2a4c58c1157b7452c183ead80	c:\Program Files\Google\Chrome\Application\35.0.1916.153\chrome.dll
85218926133bdf518ae9766f7b871689	c:\Program Files\Google\Chrome\Application\35.0.1916.153\chrome_child.dll
0ab40899395f14d74e83410068359d38	c:\Program Files\Google\Chrome\Application\35.0.1916.153\chrome_elf.dll
1c9b45e87528b8bb8cfa884ea0099a85	c:\Program Files\Google\Chrome\Application\35.0.1916.153\d3dcompiler_43.dll
5bf8e37fa1e25227480f9cd2aca21fb6	c:\Program Files\Google\Chrome\Application\35.0.1916.153\d3dcompiler_46.dll
4c5cc8327b4bcd462093c894ae1f0a13	c:\Program Files\Google\Chrome\Application\35.0.1916.153\delegate_execute.exe
172715c84e0b754333a3215e494f2b20	c:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
60a105742bd5eac6e8a62a40a388fc8c	c:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
8781d409b30108f6aba35b7f69a9498d	c:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
efef0d30e8766b7acaefe0c63d9fc381	c:\Program Files\Google\Chrome\Application\35.0.1916.153\libpeerconnection.dll
9533237c618704b872c5858748b55584	c:\Program Files\Google\Chrome\Application\35.0.1916.153\metro_driver.dll
658568f65908bf1fe9a8688f748a7690	c:\Program Files\Google\Chrome\Application\35.0.1916.153\nacl64.exe
ba096befc1da5ef9175cd2fdcad77b6f	c:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
f79f1ba00213cb93eabdad4e80d4d456	c:\Program Files\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
4c309397eb8c1420ef297ac5a798d90c	c:\Program Files\Google\Chrome\Application\35.0.1916.153\widevinecdmadapter.dll
77f595dee5ffacea72b135b1fce1312e	c:\Program Files\Google\Chrome\Application\35.0.1916.153\xinput1_3.dll
df2b8cf613b10039bc2a8557642ca041	c:\Program Files\PopularScreensavers\NPp5Stub.dll
b5fc476c1bf08d5161346cc7dd4cb0ba	c:\Program Files\PopularScreensavers\lua5.1.dll
ab6a0cfcefbde3da7de476b09c622243	c:\Program Files\PopularScreensavers\p5Html.dll
0b0dac1c129523b486e5b9fc33648ffe	c:\Program Files\PopularScreensavers\p5MedInt.exe
5a5c9c76caf3bf3954f5eb21f2da2ee9	c:\Program Files\PopularScreensavers\p5PSSavr.scr
a3e58418c20d479a1a2a1911bc3763d7	c:\Program Files\PopularScreensavers\p5Plugin.dll
da4d621f7913a241945e046d3ae35326	c:\Program Files\PopularScreensavers\p5ScrCtr.dll
91fce1e43fec4729b2f55c94d97e04ec	c:\Program Files\PopularScreensavers\p5cjpeg.dll
32dfcd93d3d468d2e75fd330812480de	c:\Program Files\PopularScreensavers\p5svc.exe
2056c7fedf8a50ae6abdc6ebda17654c	c:\Program Files\PopularScreensavers\p5wphook.dll
cee64b573b69a9b1b43d2065eb0d3320	c:\Program Files\PopularScreensavers\uninstall.exe
5a5c9c76caf3bf3954f5eb21f2da2ee9	c:\WINDOWS\system32\p5PSSavr.scr

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	25813	26112	4.49702	e6d856215317c260ad87de5c699fc4bb
.rdata	32768	12728	12800	3.46537	2e908cbcfd89684bce5395716f6c4b61
.data	49152	6688	3072	1.78876	165998d6b08a4452ed870e47acf9a583
.rsrc	57344	387576	387584	4.6543	f1d71a8c5bbffa774f4e3b890fb707aa
.reloc	446464	5872	6144	2.21367	c9236bd7e5ddd900e9763ce053c78f68

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://www145.cursormania.com/dl/
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/lisa.delmar/background999/1355163506143.gif
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/lisa.delmar/background/1355162773241.gif
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/lisa.delmar/asset2/1355163041583.gif
hxxp://a1255.g.akamai.net/images/download/ask/pba_0927.png
hxxp://a1255.g.akamai.net/images/download/ask/browsers_0927.png
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/john.bonarrigo/asset3/1394811841643.png
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/lisa.delmar/asset1/1355162934289.swf
hxxp://www-google-analytics.l.google.com/ga.js
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/john.bonarrigo/asset11/1394822508896.png
hxxp://a1255.g.akamai.net/images/anx/anemone-1.2.7.js
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/john.bonarrigo/background1/1371061585053.png
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/john.bonarrigo/background2/1372351649480.png
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/john.bonarrigo/asset10/1394822524983.png
hxxp://a1255.g.akamai.net/images/download/runrun/test/rebuttal/Alert.png
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/john.bonarrigo/asset13/1394822548604.png
hxxp://a1255.g.akamai.net/images/download/runrun/test/rebuttal/WPanel_P2_01.png
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568192637&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=A4BB6989-C227-45E6-B2F9-B8B4843A364F&anxe=backFill&anxr=159317892
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568192653&anxsq=3&present=false&anxe=ToolbarDetect&anxr=1873814278
hxxp://www145.cursormania.com/dl/splashPixels.jhtml
hxxp://www180.myway.com/favicon.ico
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568192871&anxsq=4&cookiesEnabled=1&anxe=SplashLanding&anxr=610652734
hxxp://dart.l.doubleclick.net/activity;src=3335366;type=retar633;cat=curso442;ord=3216017166045.257?
hxxp://www-google-analytics.l.google.com/pixel?pixelID=101809&pixelID=101807&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segment
hxxp://ads-bid.l.doubleclick.net/xbbe/invitepixel/pixel?pixelID=101809&pixelID=101807&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segment
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/john.bonarrigo/button1/1384360058230.png
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568196511&anxsq=5&anxe=SplashLandingClicked&anxr=1886700093
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568195450&anxsq=6&anxe=InstallerInvoked&anxr=680459682
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/john.bonarrigo/asset4/1371062270841.png
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/john.bonarrigo/button5/1380295452574.png
hxxp://a1255.g.akamai.net/images/nocache/vicinio/installers/210720343.YYA.3/267246-140605124901-YYA.3/CursorManiaSetup.exe
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568195512&anxsq=7&optIn=true&searchAssistantOptionIE=true&searchAssistantOptInIE=true&homePageOptionIE=true&homePageOptInIE=true&anxe=InstallerHostAccepted&anxr=1931561132
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568196668&anxsq=8&optIn=true&searchAssistantOptionFF=true&searchAssistantOptInFF=true&homePageOptionFF=true&homePageOptInFF=true&anxe=InstallerSecondaryAccepted&anxr=85568398
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568199418&anxsq=9&optIn=true&searchAssistantOptionIE=true&searchAssistantOptInIE=true&homePageOptionIE=true&homePageOptInIE=true&searchAssistantOptionFF=true&searchAssistantOptInFF=true&homePageOptionFF=true&homePageOptInFF=true&browserInstallOptionIE=false&browserInstallOptInIE=false&browserInstallOptionFF=true&browserInstallOptInFF=true&anxe=InstallerAccepted&anxr=1156188726
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/lisa.delmar/asset1Backup/1355163627935.gif
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/john.bonarrigo/asset5/1371061369351.png
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/john.bonarrigo/asset14/1394822534112.png
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568210034&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=026D63ED-0A45-4DD4-A6FA-7C6A7991CB70&anxe=backFill&anxr=1051579203
hxxp://www180.myway.com/mirrorCookies.jhtml
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568210038&anxsq=3&present=false&anxe=ToolbarDetect&anxr=1139351036
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568210058&anxsq=4&cookiesEnabled=1&anxe=SplashLanding&anxr=770635978
hxxp://dart.l.doubleclick.net/activity;src=3335366;type=retar633;cat=curso442;ord=2218100834713.154?
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568214788&anxsq=5&anxe=SplashLandingClicked&anxr=869872791
hxxp://a1255.g.akamai.net/images/download/firefox/InstallOnFirefox.png
hxxp://a1255.g.akamai.net/images/download/wb/fftest_arrow_lrg_up.png
hxxp://a1255.g.akamai.net/images/download/wb/allow_xpi_box_white.png
hxxp://a1255.g.akamai.net/images/nocache/vicinio/installers/210720343.YYA.3/267246-140605124901-YYA.3/7lffxtbr-rsl@CursorMania_7l.com.xpi
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568213689&anxsq=6&optIn=true&anxe=InstallerAccepted&anxr=2030124105
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568215062&anxsq=7&searchAssistantOption=true&searchAssistantOptIn=true&homePageOption=true&homePageOptIn=true&tbUID=119C6B41-CF2E-4DFF-A692-17BCF08918F4&paidInstall=true&restartUrl=http://www.cursormania.com/dl/loading.jhtml&anxe=InstallerInvoked&anxr=352827213
hxxp://www180.myway.com/localStorage.jhtml?toolbarData={"toolbarId":"119C6B41-CF2E-4DFF-A692-17BCF08918F4","partnerId":"^ZC^foxyyy^YYA^ua","partnerSubId":"","installDate":"2014061201","homePageOption":"true","homePage":"true","defaultSearchOption":"true","defaultSearch":"true","installType":"XPI","pixelUrl":"http://cursormania.dl.tb.ask.com/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=","successUrl":"http://www.cursormania.com/dl/installComplete.jhtml","dlput":"YYA"}
hxxp://e6845.ce.akamaiedge.net/pca3-g5.crl
hxxp://e6845.ce.akamaiedge.net/CSC3-2010.crl
hxxp://e6845.ce.akamaiedge.net/ThawteTimestampingCA.crl
hxxp://e6845.ce.akamaiedge.net/tss-ca-g2.crl
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568215069&anxsq=8&searchAssistantOptIn=true&homePageOptIn=true&tbUID=119C6B41-CF2E-4DFF-A692-17BCF08918F4&tbVer=6.52.4.5102&anxe=InstallerFinished&anxr=1953297045
hxxp://www145.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=
hxxp://a1255.g.akamai.net/images/nocache/native/cDNS.json
hxxp://www187.mywebsearch.com/anx.gif?anxa=CAPToolbarButtons&anxe=ButtonStructure&anxr=514326365&anxt=119C6B41-CF2E-4DFF-A692-17BCF08918F4&anxtv=6.52.4.5102&anxp=^ZC^foxyyy^YYA^ua&anxsi=
hxxp://www156a.mywebsearch.com/tr.gif?anxa=CAPNative&anxv=6.52.4.5102&anxe=ToolbarActive&anxt=119C6B41-CF2E-4DFF-A692-17BCF08918F4&anxtv=6.52.4.5102&anxp=^ZC^foxyyy^YYA^ua&anxsi=&anxr=613136939&anxd=2014-06-05T16:49:01.411Z&f=00500000&homePageEnabled=true&tabEnabled=true&keywordEnabled=true&defaultSearch=true&buttonIds=[221336046,221336047,221336049,221336053,221336056,221336059,221335917,221335932,221335934,221335935,221335942,221335948,221335956,221335957,221335958,221335959,221335960,221335961,221335962,221335963,221335964,221335965,221335966,221335967,221335968,221335969,221335970,221335971,221335972,221335973,221335974,221335975,221335976,221335977,221335978,221335979,221335980,221335981,221335982,221335983,221335984,221335985,221335986,221335987,221335988,221335989,221335990,221335991,221335992,221335993,221335994,221335995,221335996,221335997,221335998,221335999,221336000,221336001,221336002,221336003,221336004,221336005,221336006,221336007,221336008,221336009,221336010,221336011,221336012,221336013,221336014,221336015,221336016,221336017,221336018,221336019,221336020,221336021,221336022,221336023,221336024,221336025,221336026,221336027,221336028,221336029,221336030,221336031,221336032,221770541,221336063,221336068,221336069,221336087]
hxxp://dart.l.doubleclick.net/activity;src=3962930;type=invmedia;cat=roprkm09;ord=7593944982399.839?
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe9.df.jabodo.com&anxu=http://www.cursormania.com/dl/install_pixels.jhtml&anxl=en-US&anxlv=1402568224384&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&tbUID=F6724F5F-8A2A-4A32-ACE9-C88178256EA8&tbVer=8.27.3.62908&anxe=PixelFrameTB&anxr=1431431657
hxxp://g.brothersoft.com/?act=statistics&i=7e737kewZYa8pDw+Duoh4MEjmLz/noHd3vtbIbDST8nV	184.172.2.121
hxxp://a.triggit.com/px?u=Cy&rtv=convertor&ct=ffd59f4f6ea2c23b&ctval1=[CONVERSION TYPE]	217.72.242.211
hxxp://dart.l.doubleclick.net/activity;src=3335366;type=retar633;cat=conve083;ord=1;num=7177325508191.56?
hxxp://ads.ad4game.com/www/delivery/ti.php?trackerid=317	108.168.160.67
hxxp://e6845.ce.akamaiedge.net/CSC3-2010.cer
hxxp://pixel.fetchback.com/serve/fb/pdj?cat=&name=success&sid=4242&crv=CLIENT_REVENUE&oid=ORDER_ID	174.128.15.11
hxxp://www180.myway.com/ffInstruct.jhtml
hxxp://ads-bid.l.doubleclick.net/pixel?google_nid=triggit1&cb=rs2946&google_hm=UXNqcTdydkVSRzYxVDdEdGJSaUpGQQ==
hxxp://a1284.g2.akamai.net/images/nocache/vicinio/executable-packages/CursorMania/1386165543761/CursorManiaSetup.exe
hxxp://pixel.fetchback.com/serve/fb/pdc?cat=&name=success&sid=4242&crv=CLIENT_REVENUE&oid=ORDER_ID&xr=8419881041540792783&referer=http://www.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=	174.128.15.11
hxxp://a.triggit.com/pxgcm?id=&cb=rs2946	217.72.242.211
hxxp://star.c10r.facebook.com/fr/u.php?p=185501061579159&m=Qsjq7rvERG61T7DtbRiJFA&t=2592000&cb=ewvc6u
hxxp://pixel.fetchback.com/serve/fb/blank	174.128.15.11
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/210720343/asset6/1395093189079.png
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/210720343/background3/1395093117121.png
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/210720343/background4/1395093174747.png
hxxp://a.triggit.com/pxfbcm?s=miss	217.72.242.211
hxxp://pixel.fetchback.com/serve/fb/ver?uatFilter=false&fb_key=cat=&name=success&sid=4242&crv=client_revenue&oid=order_id&xr=8419881041540792783&referer=http://www.cursormania.com/dl/install_pixels.jhtml?partner=^zc^foxyyy^yya^ua&coid=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=http://pixel.fetchback.com/serve/fb/pdj?cat=&name=success&sid=4242&crv=client_revenue&oid=order_id /serve/fb/pdc http://www.cursormania.com/dl/install_pixels.jhtml?partner=^zc^foxyyy^yya^ua&coid=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=&cat=&sid=4242&name=success&uid=1402568225317:5468785824816444&crv=0.0&oid=ORDER_ID	174.128.15.11
hxxp://www180.myway.com/anemone.jhtml?anxuu=E73A33CD-849F-4BFA-AF87-F8E2F1531E44&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=&anxu=http://cursormania.dl.tb.ask.com/ffInstruct.jhtml&anxl=en-US&anxlv=1402568225278&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&anxe=ffInstructLanding&anxr=1835031359
hxxp://a1255.g.akamai.net/images/nocache/vicinio/executable-packages/PopularScreensavers/1355930226649/PopularScreensaversSetup.exe
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568199512&anxsq=10&searchAssistantOptIn=true&homePageOptIn=true&tbUID=3D4D7956-DFB1-4C00-9DBA-6608C186B6A4&tbVer=2.5.14.85&anxe=InstallerFinished&anxr=1036977062
hxxp://e6845.ce.akamaiedge.net/crls/gtglobal.crl
hxxp://a1255.g.akamai.net/images/nocache/vicinio/executable-packages/CursorMania/1355864360804/CursorManiaSetup.exe
hxxp://www145.cursormania.com/dl/installComplete.jhtml
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/210720343/asset1/1395071993944.png
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/210720343/background999/1395072025411.jpg
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/211634648/background999/1372437932631.png
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/100000459/background/1365611127529.jpg
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe19.df.jabodo.com&anxu=http://www.cursormania.com/dl/installComplete.jhtml&anxl=en-US&anxlv=1402568242162&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&anxe=installCompleteLanding&anxr=208761035
hxxp://www145.cursormania.com/favicon.ico
hxxp://www145.cursormania.com/dl/index.jhtml
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/lisa.delmar/background999/1355164315495.gif
hxxp://a1255.g.akamai.net/images/vicinio/dsp-images/john.bonarrigo/asset3/1394811916691.png
hxxp://www180.myway.com/localStorage.jhtml?toolbarData={"toolbarId":"4C8D7C7E-AB7A-4460-92CC-11D4915F6277","partnerId":"^ZC^chryyy^YYA^ua","partnerSubId":"","installDate":"2014061201","homePageOption":"true","homePage":"true","defaultSearchOption":"true","defaultSearch":"true","installType":"CRX_WEBSTORE","pixelUrl":"http://cursormania.dl.tb.ask.com/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=","successUrl":"http://www.cursormania.com/dl/installComplete.jhtml","dlput":"YYA"}
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568257969&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=E04CF954-69DE-4E5C-B4F1-A4FC96E1A07E&anxe=backFill&anxr=520444235
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568257998&anxsq=3&present=false&anxe=ToolbarDetect&anxr=136610202
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568258073&anxsq=4&cookiesEnabled=1&anxe=SplashLanding&anxr=1980426285
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568258078&anxsq=5&anxe=SplashLandingClicked&anxr=921284325
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568258913&anxsq=6&searchAssistantOption=true&searchAssistantOptIn=true&homePageOption=true&homePageOptIn=true&tbUID=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&paidInstall=true&restartUrl=http://www.cursormania.com/dl/loading.jhtml&anxe=InstallerInvoked&anxr=411811716
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe30.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568262088&anxrd=www.cursormania.com&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&present=false&anxe=ToolbarDetect&anxr=737466854
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe30.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568262162&anxrd=www.cursormania.com&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=3&cookiesEnabled=1&anxe=SplashLanding&anxr=722817688
hxxp://dart.l.doubleclick.net/activity;src=3335366;type=retar633;cat=curso442;ord=6431204935070.127?
hxxp://a1255.g.akamai.net/images/nocache/native/globalBlacklist-1.1.json
hxxp://www145.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=
hxxp://www156a.mywebsearch.com/tr.gif?anxa=CAPNative&anxv=8.27.3.62908&anxe=PluginInvoked&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi=&anxd=2014-05-12T15:14:33.544Z&f=00400000&anxr=1565560448&controlName=SearchControl&methodName=UpdateSearch&resultCode=5&errorMessage=
hxxp://www156a.mywebsearch.com/tr.gif?anxa=CAPNative&anxv=8.27.3.62908&anxe=ToolbarActive&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi=&anxd=2014-05-12T15:14:33.544Z&f=00400000&anxr=1121207913&defaultSearchState=overridePending&isStore=true&tabEnabled=true
hxxp://www187.mywebsearch.com/anx.gif?anxa=CAPToolbarButtons&anxe=ButtonStructure&anxr=945344988&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi=
hxxp://dart.l.doubleclick.net/activity;src=3962930;type=invmedia;cat=roprkm09;ord=1961144136730.5815?
hxxp://dart.l.doubleclick.net/activity;src=3335366;type=retar633;cat=conve083;ord=1;num=6423664209432.9?
hxxp://www145.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe32.df.jabodo.com&anxu=http://www.cursormania.com/dl/install_pixels.jhtml&anxl=en-US&anxlv=1402568281454&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&tbUID=E221CE93-06C1-4427-A7C3-09BB86A39F65&tbVer=8.27.3.62908&anxe=PixelFrameTB&anxr=803194671
hxxp://ads-bid.l.doubleclick.net/pixel?google_nid=triggit1&cb=514gly&google_hm=dU9PT1JvVEFSMDZfU2IyWTdnNEJ0UQ==
hxxp://a.triggit.com/pxgcm?id=&cb=514gly	217.72.242.211
hxxp://pixel.fetchback.com/serve/fb/pdc?cat=&name=success&sid=4242&crv=CLIENT_REVENUE&oid=ORDER_ID&xr=8123386075797401174&referer=http://www.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=	174.128.15.11
hxxp://star.c10r.facebook.com/fr/u.php?p=185501061579159&m=uOOORoTAR06_Sb2Y7g4BtQ&t=2592000&cb=eadof3
hxxp://www187.mywebsearch.com/anx.gif?anxa=CAPNative&anxe=CompanionSoftware&anxr=2007665500&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi=&anxd=2014-05-12T15:14:33.544Z&source=Install&softwareDetected=true&packageName=CursorMania&downloaded=false
hxxp://www156a.mywebsearch.com/tr.gif?anxa=CAPNative&anxv=8.27.3.62908&anxe=DialogView&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi=&anxd=2014-05-12T15:14:33.544Z&f=00400000&anxr=818966407&dialogType=MODAL&anxs=RestartPromptAfterInstall
hxxp://pixel.fetchback.com/serve/fb/ver?uatFilter=false&fb_key=cat=&name=success&sid=4242&crv=client_revenue&oid=order_id&xr=8123386075797401174&referer=http://www.cursormania.com/dl/install_pixels.jhtml?partner=^zc^chryyy^yya^ua&coid=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=http://pixel.fetchback.com/serve/fb/pdj?cat=&name=success&sid=4242&crv=client_revenue&oid=order_id /serve/fb/pdc http://www.cursormania.com/dl/install_pixels.jhtml?partner=^zc^chryyy^yya^ua&coid=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=&cat=&sid=4242&name=success&uid=1402568282630:9288289561310825&crv=0.0&oid=ORDER_ID	174.128.15.11
hxxp://www.go.microsoft.akadns.net/fwlink/?LinkId=121315
hxxp://iegallery.com/en/ie8slice/default.aspx	157.55.184.162
hxxp://www.go.microsoft.akadns.net/fwlink/?LinkId=68929
hxxp://az307127.vo.msecnd.net/webslices/ie8?culture=en-us&r=asdf9488	68.232.34.200
hxxp://lb1.www.ms.akadns.net/atwork/community/rss.xml
hxxp://www.go.microsoft.akadns.net/fwlink/?LinkId=68928
hxxp://lb1.www.ms.akadns.net/athome/community/rss.xml
hxxp://ak.imgfarm.com/images/nocache/vicinio/installers/210720343.YYA.3/267246-140605124901-YYA.3/CursorManiaSetup.exe	23.0.174.19
hxxp://anx.tb.ask.com/anx.gif?anxa=CAPNative&anxe=CompanionSoftware&anxr=2007665500&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi=&anxd=2014-05-12T15:14:33.544Z&source=Install&softwareDetected=true&packageName=CursorMania&downloaded=false	74.113.233.187
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568210038&anxsq=3&present=false&anxe=ToolbarDetect&anxr=1139351036	74.113.233.52
hxxp://ak.imgfarm.com/images/download/ask/browsers_0927.png	23.0.174.19
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568258073&anxsq=4&cookiesEnabled=1&anxe=SplashLanding&anxr=1980426285	74.113.233.52
hxxp://live.tb.ask.com/tr.gif?anxa=CAPNative&anxv=8.27.3.62908&anxe=PluginInvoked&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi=&anxd=2014-05-12T15:14:33.544Z&f=00400000&anxr=1565560448&controlName=SearchControl&methodName=UpdateSearch&resultCode=5&errorMessage=	74.113.233.156
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/john.bonarrigo/asset4/1371062270841.png	23.0.174.19
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/lisa.delmar/background999/1355163506143.gif	23.0.174.19
hxxp://ad.doubleclick.net/activity;src=3335366;type=retar633;cat=curso442;ord=3216017166045.257?	173.194.39.187
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/210720343/background999/1395072025411.jpg	23.0.174.19
hxxp://ak.imgfarm.com/images/nocache/vicinio/installers/210720343.YYA.3/267246-140605124901-YYA.3/7lffxtbr-rsl@CursorMania_7l.com.xpi	23.0.174.19
hxxp://www.microsoft.com/atwork/community/rss.xml	1.103.192.54
hxxp://ocsp.verisign.com/	23.42.27.27
hxxp://www.microsoft.com/athome/community/rss.xml	1.103.192.54
hxxp://gtssl-ocsp.geotrust.com/	23.42.27.27
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/john.bonarrigo/button5/1380295452574.png	23.0.174.19
hxxp://cursormania.dl.tb.ask.com/localStorage.jhtml?toolbarData={"toolbarId":"4C8D7C7E-AB7A-4460-92CC-11D4915F6277","partnerId":"^ZC^chryyy^YYA^ua","partnerSubId":"","installDate":"2014061201","homePageOption":"true","homePage":"true","defaultSearchOption":"true","defaultSearch":"true","installType":"CRX_WEBSTORE","pixelUrl":"http://cursormania.dl.tb.ask.com/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=","successUrl":"http://www.cursormania.com/dl/installComplete.jhtml","dlput":"YYA"}	74.113.233.180
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568199512&anxsq=10&searchAssistantOptIn=true&homePageOptIn=true&tbUID=3D4D7956-DFB1-4C00-9DBA-6608C186B6A4&tbVer=2.5.14.85&anxe=InstallerFinished&anxr=1036977062	74.113.233.52
hxxp://crl.thawte.com/ThawteTimestampingCA.crl	23.42.21.163
hxxp://ad.doubleclick.net/activity;src=3962930;type=invmedia;cat=roprkm09;ord=7593944982399.839?	173.194.39.187
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/lisa.delmar/asset2/1355163041583.gif	23.0.174.19
hxxp://cm.g.doubleclick.net/pixel?google_nid=triggit1&cb=514gly&google_hm=dU9PT1JvVEFSMDZfU2IyWTdnNEJ0UQ==	173.194.39.185
hxxp://ad.doubleclick.net/activity;src=3962930;type=invmedia;cat=roprkm09;ord=1961144136730.5815?	173.194.39.187
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/100000459/background/1365611127529.jpg	23.0.174.19
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe30.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568262088&anxrd=www.cursormania.com&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&present=false&anxe=ToolbarDetect&anxr=737466854	74.113.233.52
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe19.df.jabodo.com&anxu=http://www.cursormania.com/dl/installComplete.jhtml&anxl=en-US&anxlv=1402568242162&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&anxe=installCompleteLanding&anxr=208761035	74.113.233.52
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568195512&anxsq=7&optIn=true&searchAssistantOptionIE=true&searchAssistantOptInIE=true&homePageOptionIE=true&homePageOptInIE=true&anxe=InstallerHostAccepted&anxr=1931561132	74.113.233.52
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/john.bonarrigo/asset5/1371061369351.png	23.0.174.19
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/john.bonarrigo/asset10/1394822524983.png	23.0.174.19
hxxp://crl.verisign.com/pca3-g5.crl	23.42.21.163
hxxp://live.tb.ask.com/tr.gif?anxa=CAPNative&anxv=8.27.3.62908&anxe=ToolbarActive&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi=&anxd=2014-05-12T15:14:33.544Z&f=00400000&anxr=1121207913&defaultSearchState=overridePending&isStore=true&tabEnabled=true	74.113.233.156
hxxp://live.tb.ask.com/tr.gif?anxa=CAPNative&anxv=6.52.4.5102&anxe=ToolbarActive&anxt=119C6B41-CF2E-4DFF-A692-17BCF08918F4&anxtv=6.52.4.5102&anxp=^ZC^foxyyy^YYA^ua&anxsi=&anxr=613136939&anxd=2014-06-05T16:49:01.411Z&f=00500000&homePageEnabled=true&tabEnabled=true&keywordEnabled=true&defaultSearch=true&buttonIds=[221336046,221336047,221336049,221336053,221336056,221336059,221335917,221335932,221335934,221335935,221335942,221335948,221335956,221335957,221335958,221335959,221335960,221335961,221335962,221335963,221335964,221335965,221335966,221335967,221335968,221335969,221335970,221335971,221335972,221335973,221335974,221335975,221335976,221335977,221335978,221335979,221335980,221335981,221335982,221335983,221335984,221335985,221335986,221335987,221335988,221335989,221335990,221335991,221335992,221335993,221335994,221335995,221335996,221335997,221335998,221335999,221336000,221336001,221336002,221336003,221336004,221336005,221336006,221336007,221336008,221336009,221336010,221336011,221336012,221336013,221336014,221336015,221336016,221336017,221336018,221336019,221336020,221336021,221336022,221336023,221336024,221336025,221336026,221336027,221336028,221336029,221336030,221336031,221336032,221770541,221336063,221336068,221336069,221336087]	74.113.233.156
hxxp://cm.g.doubleclick.net/pixel?google_nid=triggit1&cb=rs2946&google_hm=UXNqcTdydkVSRzYxVDdEdGJSaUpGQQ==	173.194.39.185
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/john.bonarrigo/button1/1384360058230.png	23.0.174.19
hxxp://www.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=	74.113.233.52
hxxp://www.cursormania.com/dl/	74.113.233.52
hxxp://www.cursormania.com/dl/splashPixels.jhtml	74.113.233.52
hxxp://go.microsoft.com/fwlink/?LinkId=121315	134.170.184.137
hxxp://ak.imgfarm.com/images/anx/anemone-1.2.7.js	23.0.174.19
hxxp://ak.imgfarm.com/images/nocache/native/cDNS.json	23.0.174.19
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568210034&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=026D63ED-0A45-4DD4-A6FA-7C6A7991CB70&anxe=backFill&anxr=1051579203	74.113.233.52
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568192637&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=A4BB6989-C227-45E6-B2F9-B8B4843A364F&anxe=backFill&anxr=159317892	74.113.233.52
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe30.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568262162&anxrd=www.cursormania.com&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=3&cookiesEnabled=1&anxe=SplashLanding&anxr=722817688	74.113.233.52
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/210720343/background3/1395093117121.png	23.0.174.19
hxxp://www.google-analytics.com/ga.js	173.194.39.160
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/john.bonarrigo/asset14/1394822534112.png	23.0.174.19
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568214788&anxsq=5&anxe=SplashLandingClicked&anxr=869872791	74.113.233.52
hxxp://ad.doubleclick.net/activity;src=3335366;type=retar633;cat=conve083;ord=1;num=7177325508191.56?	173.194.39.187
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568196668&anxsq=8&optIn=true&searchAssistantOptionFF=true&searchAssistantOptInFF=true&homePageOptionFF=true&homePageOptInFF=true&anxe=InstallerSecondaryAccepted&anxr=85568398	74.113.233.52
hxxp://anx.tb.ask.com/anx.gif?anxa=CAPToolbarButtons&anxe=ButtonStructure&anxr=514326365&anxt=119C6B41-CF2E-4DFF-A692-17BCF08918F4&anxtv=6.52.4.5102&anxp=^ZC^foxyyy^YYA^ua&anxsi=	74.113.233.187
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/john.bonarrigo/asset3/1394811841643.png	23.0.174.19
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/210720343/background4/1395093174747.png	23.0.174.19
hxxp://ak.imgfarm.com/images/download/wb/allow_xpi_box_white.png	23.0.174.19
hxxp://clients1.google.com/ocsp	173.194.39.160
hxxp://cursormania.dl.tb.ask.com/favicon.ico	74.113.233.180
hxxp://crl.geotrust.com/crls/gtglobal.crl	23.42.21.163
hxxp://www.cursormania.com/dl/index.jhtml	74.113.233.52
hxxp://www.cursormania.com/dl/installComplete.jhtml	74.113.233.52
hxxp://www.cursormania.com/favicon.ico	74.113.233.52
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568210058&anxsq=4&cookiesEnabled=1&anxe=SplashLanding&anxr=770635978	74.113.233.52
hxxp://cursormania.dl.tb.ask.com/anemone.jhtml?anxuu=E73A33CD-849F-4BFA-AF87-F8E2F1531E44&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=&anxu=http://cursormania.dl.tb.ask.com/ffInstruct.jhtml&anxl=en-US&anxlv=1402568225278&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&anxe=ffInstructLanding&anxr=1835031359	74.113.233.180
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/211634648/background999/1372437932631.png	23.0.174.19
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568195450&anxsq=6&anxe=InstallerInvoked&anxr=680459682	74.113.233.52
hxxp://cursormania.dl.tb.ask.com/mirrorCookies.jhtml	74.113.233.180
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568215069&anxsq=8&searchAssistantOptIn=true&homePageOptIn=true&tbUID=119C6B41-CF2E-4DFF-A692-17BCF08918F4&tbVer=6.52.4.5102&anxe=InstallerFinished&anxr=1953297045	74.113.233.52
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568196511&anxsq=5&anxe=SplashLandingClicked&anxr=1886700093	74.113.233.52
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568199418&anxsq=9&optIn=true&searchAssistantOptionIE=true&searchAssistantOptInIE=true&homePageOptionIE=true&homePageOptInIE=true&searchAssistantOptionFF=true&searchAssistantOptInFF=true&homePageOptionFF=true&homePageOptInFF=true&browserInstallOptionIE=false&browserInstallOptInIE=false&browserInstallOptionFF=true&browserInstallOptInFF=true&anxe=InstallerAccepted&anxr=1156188726	74.113.233.52
hxxp://csc3-2010-crl.verisign.com/CSC3-2010.crl	23.42.21.163
hxxp://www.facebook.com/fr/u.php?p=185501061579159&m=Qsjq7rvERG61T7DtbRiJFA&t=2592000&cb=ewvc6u	31.13.80.49
hxxp://www.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=	74.113.233.52
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568192653&anxsq=3&present=false&anxe=ToolbarDetect&anxr=1873814278	74.113.233.52
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568258913&anxsq=6&searchAssistantOption=true&searchAssistantOptIn=true&homePageOption=true&homePageOptIn=true&tbUID=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&paidInstall=true&restartUrl=http://www.cursormania.com/dl/loading.jhtml&anxe=InstallerInvoked&anxr=411811716	74.113.233.52
hxxp://ak.dl.cursormania.com/images/nocache/vicinio/executable-packages/CursorMania/1386165543761/CursorManiaSetup.exe	77.67.48.138
hxxp://anx.tb.ask.com/anx.gif?anxa=CAPToolbarButtons&anxe=ButtonStructure&anxr=945344988&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi=	74.113.233.187
hxxp://ak.imgfarm.com/images/download/firefox/InstallOnFirefox.png	23.0.174.19
hxxp://ak.imgfarm.com/images/download/wb/fftest_arrow_lrg_up.png	23.0.174.19
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe9.df.jabodo.com&anxu=http://www.cursormania.com/dl/install_pixels.jhtml&anxl=en-US&anxlv=1402568224384&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&tbUID=F6724F5F-8A2A-4A32-ACE9-C88178256EA8&tbVer=8.27.3.62908&anxe=PixelFrameTB&anxr=1431431657	74.113.233.52
hxxp://go.microsoft.com/fwlink/?LinkId=68928	134.170.184.137
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/lisa.delmar/asset1Backup/1355163627935.gif	23.0.174.19
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568213689&anxsq=6&optIn=true&anxe=InstallerAccepted&anxr=2030124105	74.113.233.52
hxxp://live.tb.ask.com/tr.gif?anxa=CAPNative&anxv=8.27.3.62908&anxe=DialogView&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi=&anxd=2014-05-12T15:14:33.544Z&f=00400000&anxr=818966407&dialogType=MODAL&anxs=RestartPromptAfterInstall	74.113.233.156
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe32.df.jabodo.com&anxu=http://www.cursormania.com/dl/install_pixels.jhtml&anxl=en-US&anxlv=1402568281454&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&tbUID=E221CE93-06C1-4427-A7C3-09BB86A39F65&tbVer=8.27.3.62908&anxe=PixelFrameTB&anxr=803194671	74.113.233.52
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568257998&anxsq=3&present=false&anxe=ToolbarDetect&anxr=136610202	74.113.233.52
hxxp://ak.imgfarm.com/images/nocache/vicinio/executable-packages/PopularScreensavers/1355930226649/PopularScreensaversSetup.exe	23.0.174.19
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/210720343/asset1/1395071993944.png	23.0.174.19
hxxp://ak.imgfarm.com/images/nocache/native/globalBlacklist-1.1.json	23.0.174.19
hxxp://csc3-2010-aia.verisign.com/CSC3-2010.cer	23.42.21.163
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568215062&anxsq=7&searchAssistantOption=true&searchAssistantOptIn=true&homePageOption=true&homePageOptIn=true&tbUID=119C6B41-CF2E-4DFF-A692-17BCF08918F4&paidInstall=true&restartUrl=http://www.cursormania.com/dl/loading.jhtml&anxe=InstallerInvoked&anxr=352827213	74.113.233.52
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/lisa.delmar/asset1/1355162934289.swf	23.0.174.19
hxxp://ak.imgfarm.com/images/download/runrun/test/rebuttal/Alert.png	23.0.174.19
hxxp://www.facebook.com/fr/u.php?p=185501061579159&m=uOOORoTAR06_Sb2Y7g4BtQ&t=2592000&cb=eadof3	31.13.80.49
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-us&anxlv=1402568192871&anxsq=4&cookiesEnabled=1&anxe=SplashLanding&anxr=610652734	74.113.233.52
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/john.bonarrigo/background1/1371061585053.png	23.0.174.19
hxxp://ad.doubleclick.net/activity;src=3335366;type=retar633;cat=curso442;ord=2218100834713.154?	173.194.39.187
hxxp://cursormania.dl.tb.ask.com/ffInstruct.jhtml	74.113.233.180
hxxp://ak.imgfarm.com/images/download/runrun/test/rebuttal/WPanel_P2_01.png	23.0.174.19
hxxp://ak.imgfarm.com/images/download/ask/pba_0927.png	23.0.174.19
hxxp://ts-crl.ws.symantec.com/tss-ca-g2.crl	23.42.21.163
hxxp://cursormania.dl.tb.ask.com/localStorage.jhtml?toolbarData={"toolbarId":"119C6B41-CF2E-4DFF-A692-17BCF08918F4","partnerId":"^ZC^foxyyy^YYA^ua","partnerSubId":"","installDate":"2014061201","homePageOption":"true","homePage":"true","defaultSearchOption":"true","defaultSearch":"true","installType":"XPI","pixelUrl":"http://cursormania.dl.tb.ask.com/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=","successUrl":"http://www.cursormania.com/dl/installComplete.jhtml","dlput":"YYA"}	74.113.233.180
hxxp://ad.doubleclick.net/activity;src=3335366;type=retar633;cat=conve083;ord=1;num=6423664209432.9?	173.194.39.187
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/lisa.delmar/background999/1355164315495.gif	23.0.174.19
hxxp://segment-pixel.invitemedia.com/pixel?pixelID=101809&pixelID=101807&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segment	173.194.39.169
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/john.bonarrigo/asset3/1394811916691.png	23.0.174.19
hxxp://ak.imgfarm.com/images/nocache/vicinio/executable-packages/CursorMania/1355864360804/CursorManiaSetup.exe	23.0.174.19
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/john.bonarrigo/asset13/1394822548604.png	23.0.174.19
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/lisa.delmar/background/1355162773241.gif	23.0.174.19
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568257969&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=E04CF954-69DE-4E5C-B4F1-A4FC96E1A07E&anxe=backFill&anxr=520444235	74.113.233.52
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/john.bonarrigo/asset11/1394822508896.png	23.0.174.19
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/210720343/asset6/1395093189079.png	23.0.174.19
hxxp://ak.imgfarm.com/images/vicinio/dsp-images/john.bonarrigo/background2/1372351649480.png	23.0.174.19
hxxp://www.cursormania.com/dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://www.cursormania.com/dl/&anxl=en-US&anxlv=1402568258078&anxsq=5&anxe=SplashLandingClicked&anxr=921284325	74.113.233.52
hxxp://go.microsoft.com/fwlink/?LinkId=68929	134.170.184.137
hxxp://bid.g.doubleclick.net/xbbe/invitepixel/pixel?pixelID=101809&pixelID=101807&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segment	173.194.39.186
hxxp://ad.doubleclick.net/activity;src=3335366;type=retar633;cat=curso442;ord=6431204935070.127?	173.194.39.187
clients3.google.com	173.194.39.160
eula.mindspark.com	74.113.233.64
translate.googleapis.com	173.194.70.95
safebrowsing-cache.google.com	173.194.39.160
themes.googleusercontent.com	173.194.39.170
webwewant.mozilla.org	63.245.217.19
www.surveygizmo.com	216.46.168.241
ak.ssl.imgfarm.com	2.21.110.3
support.mindspark.com	63.236.97.91
chrome.google.com	173.194.39.169
www.googleapis.com	173.194.70.95
clients2.google.com	173.194.39.161
extended-validation-ssl.verisign.com	69.58.181.71
sb-ssl.google.com	173.194.39.161
seal.verisign.com	199.7.59.231
clients4.google.com	173.194.39.165
geo.mozilla.org	63.245.215.82
accounts.youtube.com	173.194.39.167
www.gstatic.com	173.194.39.183
ssl.gstatic.com	173.194.39.183
www.mindspark.com	74.113.233.83
safebrowsing.google.com	173.194.39.163
www.google.com	173.194.39.178
clients2.googleusercontent.com	173.194.39.170
lh3.googleusercontent.com	173.194.39.171
www.mozilla.org	63.245.215.20
snippets.mozilla.com	63.245.217.48
services.addons.mozilla.org	63.245.216.134
accounts.google.com	173.194.70.84

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Outdated Windows Flash Version IE
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile

Traffic

GET /px?u=Cy&rtv=convertor&ct=ffd59f4f6ea2c23b&ctval1=[CONVERSION TYPE] HTTP/1.1

Host: a.triggit.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Cache-Control: private, no-cache, no-store, must-revalidate

Expires: Sat, 01 Jan 2000 00:00:00 GMT

Pragma: no-cache

P3P: CP="DEVo PSDo OUR BUS DSP ALL COR"

X-From: uk-bidder-01

Set-Cookie: trgu=uOOORoTAR06_Sb2Y7g4BtQ; domain=.triggit.com; path=/; expires=Sun, 12-Jun-2016 00:00:00 GMT

Set-Cookie: trgs=1842748030; domain=.triggit.com; path=/;

Set-Cookie: trgp=; domain=.triggit.com; path=/; expires=Thu, 17-Jul-2014 00:00:00 GMT

Location: hXXp://cm.g.doubleclick.net/pixel?google_nid=triggit1&cb=514gly&google_hm=dU9PT1JvVEFSMDZfU2IyWTdnNEJ0UQ==

Date: Thu, 12 Jun 2014 10:18:02 GMT

Content-Length: 11

Content-Type: text/html; charset=ISO-8859-1
RedirectingHTTP/1.1 302 Found..Cache-Control: private, no-cache, no-st
ore, must-revalidate..Expires: Sat, 01 Jan 2000 00:00:00 GMT..Pragma: 
no-cache..P3P: CP="DEVo PSDo OUR BUS DSP ALL COR"..X-From: uk-bidder-0
1..Set-Cookie: trgu=uOOORoTAR06_Sb2Y7g4BtQ; domain=.triggit.com; path=
/; expires=Sun, 12-Jun-2016 00:00:00 GMT..Set-Cookie: trgs=1842748030;
 domain=.triggit.com; path=/;..Set-Cookie: trgp=; domain=.triggit.com;
 path=/; expires=Thu, 17-Jul-2014 00:00:00 GMT..Location: hXXp://cm.g.
doubleclick.net/pixel?google_nid=triggit1&cb=514gly&google_hm=dU9PT1Jv
VEFSMDZfU2IyWTdnNEJ0UQ==..Date: Thu, 12 Jun 2014 10:18:02 GMT..Con
tent-Length: 11..Content-Type: text/html; charset=ISO-8859-1..Redirect
ing....


GET /pxgcm?id=&cb=514gly HTTP/1.1

Host: a.triggit.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: trgu=uOOORoTAR06_Sb2Y7g4BtQ; trgs=1842748030; trgp=


HTTP/1.1 302 Found

Cache-Control: private, no-cache, no-store, must-revalidate

Expires: Sat, 01 Jan 2000 00:00:00 GMT

Pragma: no-cache

P3P: CP="DEVo PSDo OUR BUS DSP ALL COR"

X-From: uk-bidder-01

Set-Cookie: trgp=GNr85ZwF; domain=.triggit.com; path=/; expires=Thu, 17-Jul-2014 00:00:00 GMT

Location: hXXp://VVV.facebook.com/fr/u.php?p=185501061579159&m=uOOORoTAR06_Sb2Y7g4BtQ&t=2592000&cb=eadof3

Date: Thu, 12 Jun 2014 10:18:02 GMT

Content-Length: 11

Content-Type: text/html; charset=ISO-8859-1
RedirectingHTTP/1.1 302 Found..Cache-Control: private, no-cache, no-st
ore, must-revalidate..Expires: Sat, 01 Jan 2000 00:00:00 GMT..Pragma: 
no-cache..P3P: CP="DEVo PSDo OUR BUS DSP ALL COR"..X-From: uk-bidder-0
1..Set-Cookie: trgp=GNr85ZwF; domain=.triggit.com; path=/; expires=Thu
, 17-Jul-2014 00:00:00 GMT..Location: hXXp://VVV.facebook.com/fr/u.php
?p=185501061579159&m=uOOORoTAR06_Sb2Y7g4BtQ&t=2592000&cb=eadof3..Date:
 Thu, 12 Jun 2014 10:18:02 GMT..Content-Length: 11..Content-Type: text
/html; charset=ISO-8859-1..Redirecting....


GET /pxfbcm?s=miss HTTP/1.1

Host: a.triggit.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: trgu=uOOORoTAR06_Sb2Y7g4BtQ; trgs=1842748030; trgp=GNr85ZwF


HTTP/1.1 200 OK

Cache-Control: private, no-cache, no-store, must-revalidate

Expires: Sat, 01 Jan 2000 00:00:00 GMT

Pragma: no-cache

P3P: CP="DEVo PSDo OUR BUS DSP ALL COR"

X-From: uk-bidder-01

Set-Cookie: trgp=GNr85ZwFSNr85ZwFUAA=; domain=.triggit.com; path=/; expires=Thu, 17-Jul-2014 00:00:00 GMT

Content-Type: image/gif

Date: Thu, 12 Jun 2014 10:18:02 GMT

Content-Length: 43

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, no-cache, no-store, must-revalidate..Expires: Sat, 01 Ja
n 2000 00:00:00 GMT..Pragma: no-cache..P3P: CP="DEVo PSDo OUR BUS DSP 
ALL COR"..X-From: uk-bidder-01..Set-Cookie: trgp=GNr85ZwFSNr85ZwFUAA=;
 domain=.triggit.com; path=/; expires=Thu, 17-Jul-2014 00:00:00 GMT..C
ontent-Type: image/gif..Date: Thu, 12 Jun 2014 10:18:02 GMT..Content-L
ength: 43..GIF89a.............!.......,...........L..;....

GET /dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-us&anxlv=1402568195512&anxsq=7&optIn=true&searchAssistantOptionIE=true&searchAssistantOptInIE=true&homePageOptionIE=true&homePageOptInIE=true&anxe=InstallerHostAccepted&anxr=1931561132 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: VVV.cursormania.com

Connection: Keep-Alive

Cookie: sessionData="/UhhXZj JXP8vWlpsd2Hefe4Btdi3wD1t4uMbRKMNjXcUdck9EAhY4CILC4uwrSzaBOjRqt2qybk0VJpc7ji7k7EoAYVt9Mx3gPYa0G0Cny3SiG3e2lVftdFKDemtcMFsaMrbJZjGRACWMKdVQevupyBKdDwMxzj0NxFRnxBmxcB9y8ttHrU7XNVlI6hzCbuj6fV3egGMJJ/suHllaouPeu b98O/YNgkLlx hYzTHl6K/TqWhf0 wikLiWI08bB73zY1UHaeFQR/oaYEifjC1vdxg4KbyrtLb3pvHCaIUlXG7Wm26b7NALPQMkLOnmFtKb2aBAg6bvw 9XHmBtUYCDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ8PUKkucquRa7cCLEB2knJwbJfnj73wN1rDKa/JhYB1UuzRGwenttTKCWvvDdVBj3ZrvLK7Su7THP1rKY7aS1XfMhDr09QEfWObUIULksUVEKpTtqwBknhrh5dgpkzupsZNebsDC2yru4b3W2b5PsdXBL/Dif6mpoWVZdy9k9m3uLjgrUpelvAn8ttx/YBhg64n08jI1FkBdNjHhKhbGJ1w=="; anx="u=A81F63A5-8FF1-437F-8109-400CE53AA80A&fv=1402568192637&lv=1402568196668&nv=8&t=-&v=-&p=-&si=-&sn=dfprdsndlfe31.df.jabodo.com&od=none&op=-&
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:16:40 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /activity;src=3335366;type=retar633;cat=curso442;ord=2218100834713.154? HTTP/1.1

Host: ad.doubleclick.net

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/splashPixels.jhtml

Connection: keep-alive


HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Date: Thu, 12 Jun 2014 10:16:55 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Content-Type: image/gif

Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 12-Jun-2014 10:31:55 GMT; path=/; domain=.doubleclick.net

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 42

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..P3P: policy
ref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa
 ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC 
NOI DSP COR"..Date: Thu, 12 Jun 2014 10:16:55 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-r
evalidate..Content-Type: image/gif..Set-Cookie: test_cookie=CheckForPe
rmission; expires=Thu, 12-Jun-2014 10:31:55 GMT; path=/; domain=.doubl
eclick.net..X-Content-Type-Options: nosniff..Server: cafe..Content-Len
gth: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic.
.GIF89a.............!.......,...........D.;....


GET /activity;src=3962930;type=invmedia;cat=roprkm09;ord=7593944982399.839? HTTP/1.1

Host: ad.doubleclick.net

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=

Cookie: test_cookie=CheckForPermission

Connection: keep-alive


HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Date: Thu, 12 Jun 2014 10:17:04 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Content-Type: image/gif

Set-Cookie: id=224d86a2db0100c6||t=1402568224|et=730|cs=002213fd489111ba02a40b3a42; expires=Sat, 11-Jun-2016 10:17:04 GMT; path=/; domain=.doubleclick.net

Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21 Jul 2008 23:59:00 GMT

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 42

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..P3P: policy
ref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa
 ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC 
NOI DSP COR"..Date: Thu, 12 Jun 2014 10:17:04 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-r
evalidate..Content-Type: image/gif..Set-Cookie: id=224d86a2db0100c6||t
=1402568224|et=730|cs=002213fd489111ba02a40b3a42; expires=Sat, 11-Jun-
2016 10:17:04 GMT; path=/; domain=.doubleclick.net..Set-Cookie: test_c
ookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21 Ju
l 2008 23:59:00 GMT..X-Content-Type-Options: nosniff..Server: cafe..Co
ntent-Length: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol:
 80:quic..GIF89a.............!.......,...........D.;..<<< skipped >>>

GET /ga.js HTTP/1.1

Host: VVV.google-analytics.com

Connection: keep-alive

Accept: */*

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Date: Wed, 11 Jun 2014 23:42:41 GMT

Expires: Thu, 12 Jun 2014 11:42:41 GMT

Last-Modified: Thu, 29 May 2014 22:33:33 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 15836

Cache-Control: public, max-age=43200

Age: 38099

Alternate-Protocol: 80:quic
...........}kW.:..w~....c...pk..f.....ZhiI..dY.iB.b.KI.o.gF.-'..9....n
byF..h4...../....z..|..y .b../......A_.S.....w......$2=.\..8e..:.G..].
.<.b....M_7.,.I...{..t<./s....x...,...(r4...8W|&N._K...M...p.\9.
..'.I.._.Jz.!.6.....8........P...F.......]H...-..!.M.t...?..6..5O..1..
p0..7.n$y*.z..Z...".W .8XE.....z.a....`.n....t....v.u..6.....A:H...=..
z.....!...5.u [email protected](;. ... W#.M..4
.0.u|.8..{..5...v.T.....5.@)..M..wr.....A>.v..%w..C.B..,Wjj8......j
.r./.Y..RI.6.(........T....Dq......Al...b...:.r.........}1.C...ZYv..y.
r.=d^.....T....L.U(.2 ...`..5......8.tD=..........c.#u.h...-..yu.....r
..?D....j.JQa.T.....f...G.q?r....7_llo>..@....].n;[email protected]_.@...
....#[email protected]...~.UL&...,X.a.Gl...C..c....W........i..2....w.V.{S
...T(w..KF........1.".......V..N.J V.y...K.....4....  .W...Y.......k$.
..r...P..H.J.^.......|... [email protected]..,|\AH`..._..k. x...A...d$.X.~.H
|.3..w>.@M"...s....1..Yi.#..G.........tO....v...1...{k.......np...8
y...Aa....V1.UvB...UJ.q.YC.=.W....1..Yns....s.8.....}..}.0h:......[.Q.
[email protected].}.(..Z.%..q....=Q.$HD....|.[Yq5A..rR.|.r...A....,....^.3
.w...4.:..3.=...>.Z_.A?2X.W..vl...Y.Q].....`VUv......9.R%<.k)..P
OLv..rm..Gc._j.cr/...yBjJ....:7....'....uQ.7.W..0s/K...|..*bY...&...pe
E.50.......&...T)-.-.)......A.."....aK...M.#.Y..... Js......ns.......V
....F;Q....0.P..S.L..l...B..&...nfX3d.....Z....5...6... :.[.{.".!.7*.0
...ylO..N...n ....r.M [email protected]..]W.u..D...m..J.5k..nT...t!.
..._..=..G.Y..^Y..f..]...d.N^....9....m1-0..`K.uB..R.MB.......%.!.<<< skipped >>>

GET /dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe32.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/install_pixels.jhtml&anxl=en-US&anxlv=1402568281454&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&tbUID=E221CE93-06C1-4427-A7C3-09BB86A39F65&tbVer=8.27.3.62908&anxe=PixelFrameTB&anxr=803194671 HTTP/1.1

Host: VVV.cursormania.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: partnerId=^ZC^chryyy^YYA^ua; installDate=2014061201; toolbarId=4C8D7C7E-AB7A-4460-92CC-11D4915F6277; partnerSubId=; dlput=YYA; installType=CRX_WEBSTORE; pixelUrl=hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=; successUrl=hXXp://VVV.cursormania.com/dl/installComplete.jhtml; defaultSearchOption=true; defaultSearch=true; homePageOption=true; homePage=true; cookieEnabled=true; chromeToolbarInstalled=true; sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:18:02 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /favicon.ico HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Cookie: sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMPbBRxwZwkK87qCZecb462PccKM8fGn8T179UMBuW3DaOhhEgxJog/eQnkWp1QdQPPp3AcMBkns7IKsyiDDgHZUmNyrtBgqTRr73ZzfcQkbHi20qfZ5OgT5c60gbHaBgIj4FQZWc0Ra4VH6 1lS38d yDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ/tnV0cvha2DxDvsgdl2VpzEx/gDDzXe5Cze/D5dJk MBKzA/Uzkl/YQhqmeHU33BkTbDYFJALeqEtu3HPPe7kq0vwuq4tAFgH2wNRjNxZSfV1m0i1fnm meHodLzRRcQ61S/t3ulsipGnXzZ1Qqj0ZjeR5Sxf30IpmoXxNd3efn yE9uyEm17nSNdgv48Et/e/z/H6gB5/ajLJtaw/foSzBvgZ5OAfVxicKkw6tlQOMBw8tkxC/rv6PmJGbb24GE"; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568242167&nv=13&t=-&v=-&p=-&si=-&sn=dfprdsndlfe19.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3&xx=install"; anxs="s=576842202&sv=1402568210036&sd=none&sp=-&sk=-&sm=-&sb=-&sc=-&ss=-"; cookieEnabled=true; partnerId=^ZC^foxyyy^YYA^ua; installDate=2014061201; toolbarId=119C6B41-CF2E-4DFF-A692-17BCF08918F4; partnerSubId=; 
HTTP/1.1 301 Moved Permanently

Date: Thu, 12 Jun 2014 10:17:24 GMT

Server: Apache

Location: hXXp://VVV.cursormania.com/dl/index.jhtml

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html; charset=iso-8859-1
f5 ..<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<HTML
><HEAD>.<TITLE>301 Moved Permanently</TITLE>.<
/HEAD><BODY>.<H1>Moved Permanently</H1>.The docum
ent has moved <A HREF="hXXp://VVV.cursormania.com/dl/index.jhtml"&g
t;here</A>.<P>.</BODY></HTML>...0..

GET /xbbe/invitepixel/pixel?pixelID=101809&pixelID=101807&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segment HTTP/1.1

Host: bid.g.doubleclick.net

Connection: keep-alive

Cache-Control: max-age=0

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/splashPixels.jhtml

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: id=22ea7401d9010055||t=1399971138|et=730|cs=002213fd4871337c59c7a2218a


HTTP/1.1 200 OK

Content-Type: image/gif

Cache-Control: no-cache

Pragma: no-cache

X-Content-Type-Options: nosniff

Date: Thu, 12 Jun 2014 10:17:44 GMT

Server: xbfe

Content-Length: 43

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Alternate-Protocol: 80:quic

GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Content-Ty
pe: image/gif..Cache-Control: no-cache..Pragma: no-cache..X-Content-Ty
pe-Options: nosniff..Date: Thu, 12 Jun 2014 10:17:44 GMT..Server: xbfe
..Content-Length: 43..X-XSS-Protection: 1; mode=block..X-Frame-Options
: SAMEORIGIN..Alternate-Protocol: 80:quic..GIF89a.............!.......
,...........D..;....

GET /pixel?google_nid=triggit1&cb=rs2946&google_hm=UXNqcTdydkVSRzYxVDdEdGJSaUpGQQ== HTTP/1.1

Host: cm.g.doubleclick.net

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=

Cookie: id=22fd66b7db0100a2||t=1402568224|et=730|cs=002213fd4861ada3e96b724908

Connection: keep-alive


HTTP/1.1 302 Found

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Location: hXXp://a.triggit.com/pxgcm?id=&cb=rs2946

Date: Thu, 12 Jun 2014 10:17:05 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Content-Type: text/html; charset=UTF-8

Server: HTTP server (unknown)

Content-Length: 241

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://a.triggit.com/pxgcm?id=&cb=rs2946">here&l
t;/A>...</BODY></HTML>..HTTP/1.1 302 Found..P3P: policy
ref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa
 ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC 
NOI DSP COR"..Location: hXXp://a.triggit.com/pxgcm?id=&cb=rs2946..Date
: Thu, 12 Jun 2014 10:17:05 GMT..Pragma: no-cache..Expires: Fri, 01 Ja
n 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Content
-Type: text/html; charset=UTF-8..Server: HTTP server (unknown)..Conten
t-Length: 241..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80
:quic..<HTML><HEAD><meta http-equiv="content-type" cont
ent="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE>
</HEAD><BODY>.<H1>302 Moved</H1>.The document 
has moved.<A HREF="hXXp://a.triggit.com/pxgcm?id=&cb=rs2946">
;here</A>...</BODY></HTML>....<<< skipped >>>

GET /atwork/community/rss.xml HTTP/1.1

Accept: */*

If-None-Match: "807869b6f075cf1:0"

A-IM: feed

Accept-Language: en-us

User-Agent: Windows-RSS-Platform/2.0 (MSIE 8.0; Windows NT 5.1)

Accept-Encoding: gzip, deflate

Host: VVV.microsoft.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Cache-Control: max-age=900

Content-Length: 6170

Content-Type: text/xml

Content-Encoding: gzip

Last-Modified: Fri, 06 Jun 2014 23:10:26 GMT

Accept-Ranges: bytes

ETag: "01d2980dc81cf1:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/8.5

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

VTag: 438220527300000000

X-Powered-By: ASP.NET

X-Powered-By: ARR/2.5

X-Powered-By: ASP.NET

Date: Thu, 12 Jun 2014 10:19:23 GMT
...........].r.G.>..~.........? ..&D..5#Y\..yN.....F..... |.a.`.2..
.....a#.Q.....eVu.AR@...;1a.D.....Y._~.U.....g.....Ze&...'.V..PI..(.?.
R........_|..6M....(..|...{....oL.'&..=..4."Sy.h..|..y.#..8.1..u.<|
(..8J."S..'2.U..\=..x".4.....}..-..WQ.....@.>??.Wo...?.R,?......o..
Ld...... >.!^...L.=...\|.......]E....y.t..>[email protected]>.-...."
.[..7....w{.L.E)...t!L1....^.k.O..T2..b...X.."..........R..ez.W;!..j..
.D .1..J$j.&J.x.2B&..Y...3..u..F.*.0../Jp...9........35...Z...r.3!.q!.
..J...k....../:..mL ~..s....r5s......A./...!...E".........J..A.R!.r...
<R"...K1..T. .k./._....gr.ZU.-=..;.".!..Q.&o....QnZ...X.....0.F\.2.
.N4..a...g!~....._...(S.*......AS..U0i..........M..0"..{g...F.........
.<............I....x..B...........5..!..s.j..N.........P..P...2Z...
...lQ.......D.eJ...%..... .$.O..ZF..Fq./....L'3..b...!.\..4...<...I
....`..l...V...t........L.x..E....0Xr.&...".....^..i.......:S.n6.Z..F.
(P....TC.G...po.|^..Z...?.a..p......`'.E.a..F^..=........!LN^.,!.?A...
.V..{..$....$..<...!...w.p.{..7r9.U.......".q.)..n...;.x..Cf.W.;Q.w
.S....D...HA............0..CBQp...w....;..\.m...u.~....<;...` .uRUV
$....../r.~s9.*.k....B...EN~.B..#|`....]....8..o..a.......(`..[/[email protected]
....s... .....-..Gd......V.b.?...........l..{..n...D.WbD..2..P1.V.c.I.
"/....4.......!..e.I....D..a..A(N...._..o..&...n....5c.r6.Y.N..>.H.
.O.a.....l>..u...j.'.N...n>)..l..V.Q....f....8....=........5O
.U.._.2*hg`...y..0z,.\...u....M.G%.l....-....V.a0vJ.l...:.COU=hf...O-.
........I...]...B.".I...L....._.%3..[.7.?..#.:p..qD.]t......u.....<<< skipped >>>

GET /athome/community/rss.xml HTTP/1.1

Accept: */*

If-None-Match: "06697bdcc74cf1:0"

A-IM: feed

Accept-Language: en-us

User-Agent: Windows-RSS-Platform/2.0 (MSIE 8.0; Windows NT 5.1)

Accept-Encoding: gzip, deflate

Host: VVV.microsoft.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Cache-Control: max-age=900

Content-Length: 5655

Content-Type: text/xml

Content-Encoding: gzip

Last-Modified: Fri, 06 Jun 2014 23:09:25 GMT

Accept-Ranges: bytes

ETag: "8040cd5bdc81cf1:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/8.5

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

VTag: 279258927800000000

X-Powered-By: ASP.NET

X-Powered-By: ARR/2.5

X-Powered-By: ASP.NET

Date: Thu, 12 Jun 2014 10:19:24 GMT
...........].r..r.v...cE..e..@. .I.I....b.t.s.......;{...|...Ar..T....
..E..(~..B.....Ia...s.....;3..=._..3......_._..J..6..{.N..P.g|......i.
........?.N.u...R.H..zt......$8..XM..\$.y..t....A...z>.~.$)..c<|
)..@......=..*.e...1..(..'S.8D.. .~.i....c....3q..........?^..'....\..
......<~...$f..'...,..C..{..z<O.....j..,..;.Y..t.&....,H;2..?<
;.&..../......Z$....`rEjD:W.B. X..^F...u..W._.-..S.|1....vB....k..O.b.
....J...1.J..}!.T{.3...V.D.*..y..C<A.`...bab!g.X.dj.......L.p...z..
v..5....L.......Li...:UK.......4....[b$..B.........'......\.u9..V"...s
1..HL!...A....o.8......i.%.8...i>..c.f..LO..#.1Di.cL...'..Y....`v[.
Y.}.....%......*E....\.,....Ty.v`.H...c.._|X@"B..u.....t...O...`......
.h0:9...\F.....E.O.G.[.. .}..V.PW......jn..~..I.o.S.)6sL.j.,....={0...
..~J........._.8.x..p..K*.y.[7.X.t..qtr..IJ..:.....T.?..FB...t....^.a|
.KK...Z,.....J*'.J;...q..._..A.j.G.....%.e....V..U>......k..R,9.D..
........ ....../.b.%*..$.j..,...&.......[...%...1O...... ....$.j...?j.
.;.L.5K.v...3XE.[..o........I.,.J..yl..vUU...#.;.?..?S.S.z...@/.hD.../
..^dp..... .K.I..uKL%.&.Q......;....#.2......Z.#.h.......C.........#..
.g..<}.*....&...........aC3...=..WloP...&..x....p......_.oU}.z..Y.l
...c.w.(.R.._M.....B0..4.E.W2..jX..}......8.:\[email protected]
.......h....YE2.;...`I_../../.=.%....&.E.......u...B.OOOz.-.V!w....b..
.i..\.`[email protected]... .....7K.c.4.[-...Mc..ZJ...v..t.......B..0f6!
).:bG.....MyQ.Y"..A;5.*...........b.2...J...."&.....bF..........-.d.&g
t;9.t..P.E".k ..M...;...G..Y...>>#.....pxzt..&...=......A^..<<< skipped >>>

GET /www/delivery/ti.php?trackerid=317 HTTP/1.1

Host: ads.ad4game.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 12 Jun 2014 10:18:02 GMT

Content-Type: image/gif

Content-Length: 43

Connection: close

X-Powered-By: PHP/5.3.3

Pragma: no-cache

Cache-Control: private, max-age=0, no-cache

Expires: Mon, 26 Jul 1997 05:00:00 GMT

P3P: CP="CUR ADM OUR NOR STA NID"

Set-Cookie: OA4GUA=mozilla/5.0 (windows nt 5.1) applewebkit/537.36 (khtml, like gecko) chrome/35.0.1916.153  /537.36; expires=Sat, 12-Jul-2014 10:18:02 GMT; path=/; domain=ads.ad4game.com

Set-Cookie: OA4GBR=ch#35.0.1916.153#35#.0.1916.153##win#xp#193.138.244.231#en-us,en#chrome; expires=Sat, 12-Jul-2014 10:18:02 GMT; path=/; domain=ads.ad4game.com

X-host: ads.ad4game.com

X-serveraddr: 10.57.60.94

X-servername: ads.ad4game.com\ 80\ 81

GIF89a.............!.......,...........D..;..

GET /images/vicinio/dsp-images/lisa.delmar/asset2/1355163041583.gif HTTP/1.1

Host: ak.imgfarm.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 10 Dec 2012 18:10:41 GMT

ETag: "809745-1716-4d0837bb7196e"

Accept-Ranges: bytes

Content-Length: 5910

Cache-Control: max-age=269046906

Expires: Thu, 08 Dec 2022 18:10:41 GMT

Content-Type: image/gif

Date: Thu, 12 Jun 2014 10:17:38 GMT

Connection: keep-alive
GIF89a..Q.................~....................{.......#..#...........
...............@..............@[email protected].....#..................
..0........0................. [email protected]..*........P.
.`.. ........`.................0..#...........#..#..@..@..`..P.. .....
F..;.....@..@..@.....#..$..%..... .. .................@[email protected]......
.....}.."..P.....`........`..P..u........f...........`........p.....@.
.`.....0..0.................Y.....p........ ..Q.. ...........P........
.........0..^..`..... q................0...........p..%.........V.Dm..
.....0.....p..p..0........P..0.. ..p.. ..............P.. ..`..`..0..`.
........}.....?h......................................................
......................................................................
...........!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSz
NTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe X
MP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> <rdf:R
DF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf
:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xml
ns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adob
e.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5
 Windows" xmpMM:InstanceID="xmp.iid:36D4FBD6246011E2A1559DDB93728CCF" 
xmpMM:DocumentID="xmp.did:36D4FBD7246011E2A1559DDB93728CCF"> <xm
pMM:DerivedFrom stRef:instanceID="xmp.iid:36D4FBD4246011E2A1559DDB9372
8CCF" stRef:documentID="xmp.did:36D4FBD5246011E2A1559DDB93728CCF"/<<< skipped >>>

GET /dl/installComplete.jhtml HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Cookie: sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMPbBRxwZwkK87qCZecb462PccKM8fGn8T179UMBuW3DaOhhEgxJog/eQnkWp1QdQPPp3AcMBkns7IKsyiDDgHZUmNyrtBgqTRr73ZzfcQkbHi20qfZ5OgT5c60gbHaBgIj4FQZWc0Ra4VH6 1lS38d yDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ/tnV0cvha2DxDvsgdl2VpzEx/gDDzXe5Cze/D5dJk MBKzA/Uzkl/YQhqmeHU33BkTbDYFJALeqEtu3HPPe7kq0vwuq4tAFgH2wNRjNxZSfV1m0i1fnm meHodLzRRcQ61S/t3ulsipGnXzZ1Qqj0dT973/jTMm58mg7F01tnYr yE9uyEm17nSNdgv48Et/e/z/H6gB5/ajLJtaw/foSzBvgZ5OAfVxicKkw6tlQOMBw8tkxC/rv6PmJGbb24GE"; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568224395&nv=11&t=-&v=-&p=-&si=-&sn=dfprdsndlfe9.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3&xx=install"; anxs="s=576842202&sv=1402568210036&sd=none&sp=-&sk=-&sm=-&sb=-&sc=-&ss=-"; cookieEnabled=true; partnerId=^ZC^foxyyy^YYA^ua; installDate=2014061201; toolbarId=119C6B41-CF
HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:22 GMT

Server: Apache

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMPbBRxwZwkK87qCZecb462PccKM8fGn8T179UMBuW3DaOhhEgxJog/eQnkWp1QdQPPp3AcMBkns7IKsyiDDgHZUmNyrtBgqTRr73ZzfcQkbHi20qfZ5OgT5c60gbHaBgIj4FQZWc0Ra4VH6 1lS38d yDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ/tnV0cvha2DxDvsgdl2VpzEx/gDDzXe5Cze/D5dJk MBKzA/Uzkl/YQhqmeHU33BkTbDYFJALeqEtu3HPPe7kq0vwuq4tAFgH2wNRjNxZSfV1m0i1fnm meHodLzRRcQ61S/t3ulsipGnXzZ1Qqj0ZjeR5Sxf30IpmoXxNd3efn yE9uyEm17nSNdgv48Et/e/z/H6gB5/ajLJtaw/foSzBvgZ5OAfVxicKkw6tlQOMBw8tkxC/rv6PmJGbb24GE"; Version=1; Domain=.cursormania.com; Path=/

Set-Cookie: anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568242162&nv=12&t=-&v=-&p=-&si=-&sn=dfprdsndlfe19.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3&xx=install&xnt=&xn=&xrm=&xct=&xu=&xrs=&xkw=&xit=&xg=&xbkw=&xft=&xad="; Version=1; Domain=.cursormania.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:17:22 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html;charset=UTF-8
2002.............}.v.F..o...C...d..E.(..Y.'...k-9...G...$b.`.P.x......
[email protected].......... .z.....==|{p..N..4.y........Xk4~..4..g....
...f.z...........h..Pd.i.......U..S..I..]..q....Y...u'v./.4Q..y~4.....
.....4.,.2,r....K...$.Q....._.. ....{.......l....>C^j...{9,..~...vv
3.Ef..a1..q.y.e...#...O....{;.V..8.....s..~. .....y&.....l.Y1?>..Yc
-..3...Um;..o...... ...~......q.y.U1U.........m.(.k.W#?.o<.b`J.bG.)
.|....r.....m`[....}.@3 ....5..."en9..O..1.:`........U......k[U...."..
c..E... ..}...!.).........K... ....~O.)HF..Y.8P..c/...|. .)a.<HJ..s
'.,T.i.....*.z.0h..n....\..M..e..&.A..,....mhO.........v=`S.q..qzFm$.n
3.e.............l....Y..v.Z$.Te..\..Z.......!....rxz..<>..DR].IU
E..\P.t.2.Q...w..FS.......N......$f.. .I....V......0*..%5.C>O.H.5..
(..E........:.].}.......$4?:=zs.....F$Z..\.HW.`..V,Ad..<....@...$..
..5z).....4Nj...jg[..`ho.\...[..i.Q.h...ua..\KH.S4.N....L%... ..z..o.L
......9.5d"`.u..C.S........sO7kb.M!OA....."..m0.m...L...N..........Aml
6.Sw6.......-..K.e..C..yN.3=H;.Z.Cp=..o.......8..)..w....O/).&c...d.x.
..7k...ex....r.4S,.{....ep.~."..]I.......f......\..=..#..8..h...=.{s .
I;[email protected]...\.#.p=P2`..O.r0.l7.aC.fEIR..X.'S.7.6..]..v
.FH}.1T....)...a.o$.. q.....V5}d1.\.s...l.rg`....~)u...I."j..&omx.."A.
[email protected]^:.0.N.w..-.mjY|.h\.h.....5....|..._b._..j..{iE.-.h.PG..@
3%..O..B2..D#...83.........6.tph.......1Z.G._..)...|..aS2FoCa.vnf.....
Q(...{^.......y..Ub.....#%.t........C...Q........A....X......Q....n...
........A_.k..y..q7......ar...B.LT.xSWc.R......M."...$.t.K.J:..~.0<<< skipped >>>

GET /serve/fb/pdj?cat=&name=success&sid=4242&crv=CLIENT_REVENUE&oid=ORDER_ID HTTP/1.1

Host: pixel.fetchback.com

Connection: keep-alive

Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:18:02 GMT

Set-Cookie: fbid=CBh8SnOO8HScSv0NwMU8QS; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Cache-Control: max-age=0, no-store, must-revalidate, no-cache

Expires: Thu, 12 Jun 2014 10:18:02 GMT

Pragma: no-cache

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Content-Type: text/html; charset=UTF-8

Vary: Accept-Encoding

Content-Encoding: gzip

Connection: close

Transfer-Encoding: chunked
8f5.............X.S.......?...k..v.n..'.#m..u!.no`;.$?.cgm%.B..{$..!t.
...;..|t|....<........Y..ip|.8..wt..06l....m.....m.i.v..h......onn.
.- .C{pnGb.l...c*,&..}...n'..u;"...~..F{.^7..[.4.2.x.....].....v......
w......{Df........K.I......wO].G...px.xR....O8s.............c...q1....
./\....S..]k....z]......2....k$.j.k..X2.AN..e.S.<._.<w...]sxyqY\
.....][email protected]....(.@..$.....?ba..v....~..:.;W.
-<.^Zj..9........qL....a.v|.i083. ..y6...H........lIt........5...3n
...'$..]......4e...R`..S..r......C.X.^0M....D."...h...b......L.,...rk.
.vC.....<.l...z........?l]!,.,..1pZ0P..Ho..b..{.~......1.S..2)...FM
..8e.......o...S.{bi..4O.).ihv.P..s....... .y.%[email protected]
 ...M..........Xz.B!....E5=#.EI.h~..9...M....c.....B...u_-.r>.f|..4
.N...TH.B...h.Q[...g.Z5V9HL..*..!.......]."8x..&\..).......L4"i..&..IK
.5S... ..Ym.0..)|.....J9.<......c=.*i.80.BKE...l"m6...o......U.s>
;...p..k..9.\.%..T...^.).b.9#..Y...2..#.r*../aU.....\...a...Ch.r......
......'\..........i..f..s%..V.i..........Q..v..&..6..V..PDm...R.......
...oO...:.!$Yd`Mu`.#B2........JMC.S..E...z..g..,P. ... .e0......<u.
..).e5|..3 *m.O ..r....,H.`.I. R....a&.5x......8..,.8x...GU*..<.~.d
.'..*[email protected][...[......2.67h.i.!_"[email protected]........~..9....Lx
....E.^..d[.c.4.?KHVK1.....cH.LDn.G<.#..?..#s..N......J../jr.J...WY
..i..if..@.../..............LOk0E.......!..7 <^U8.....<.|..k...|
...N.B....6.2K..~..G....Q....%.9BZo\.A...' .y..UF^i..!.J...#..Tj......
.tPU..<[email protected].....'..I .c.q...d...f.*P...j K...........B<<< skipped >>>

GET /dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-us&anxlv=1402568196668&anxsq=8&optIn=true&searchAssistantOptionFF=true&searchAssistantOptInFF=true&homePageOptionFF=true&homePageOptInFF=true&anxe=InstallerSecondaryAccepted&anxr=85568398 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: VVV.cursormania.com

Connection: Keep-Alive

Cookie: sessionData="/UhhXZj JXP8vWlpsd2Hefe4Btdi3wD1t4uMbRKMNjXcUdck9EAhY4CILC4uwrSzaBOjRqt2qybk0VJpc7ji7k7EoAYVt9Mx3gPYa0G0Cny3SiG3e2lVftdFKDemtcMFsaMrbJZjGRACWMKdVQevupyBKdDwMxzj0NxFRnxBmxcB9y8ttHrU7XNVlI6hzCbuj6fV3egGMJJ/suHllaouPeu b98O/YNgkLlx hYzTHl6K/TqWhf0 wikLiWI08bB73zY1UHaeFQR/oaYEifjC1vdxg4KbyrtLb3pvHCaIUlXG7Wm26b7NALPQMkLOnmFtKb2aBAg6bvw 9XHmBtUYCDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ8PUKkucquRa7cCLEB2knJwbJfnj73wN1rDKa/JhYB1UuzRGwenttTKCWvvDdVBj3ZrvLK7Su7THP1rKY7aS1XfMhDr09QEfWObUIULksUVEKpTtqwBknhrh5dgpkzupsZNebsDC2yru4b3W2b5PsdXBL/Dif6mpoWVZdy9k9m3uLjgrUpelvAn8ttx/YBhg64n08jI1FkBdNjHhKhbGJ1w=="; anx="u=A81F63A5-8FF1-437F-8109-400CE53AA80A&fv=1402568192637&lv=1402568199418&nv=9&t=-&v=-&p=-&si=-&sn=dfprdsndlfe31.df.jabodo.com&od=none&op
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:16:43 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /dl/index.jhtml HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Cookie: sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMPbBRxwZwkK87qCZecb462PccKM8fGn8T179UMBuW3DaOhhEgxJog/eQnkWp1QdQPPp3AcMBkns7IKsyiDDgHZUmNyrtBgqTRr73ZzfcQkbHi20qfZ5OgT5c60gbHaBgIj4FQZWc0Ra4VH6 1lS38d yDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ/tnV0cvha2DxDvsgdl2VpzEx/gDDzXe5Cze/D5dJk MBKzA/Uzkl/YQhqmeHU33BkTbDYFJALeqEtu3HPPe7kq0vwuq4tAFgH2wNRjNxZSfV1m0i1fnm meHodLzRRcQ61S/t3ulsipGnXzZ1Qqj0ZjeR5Sxf30IpmoXxNd3efn yE9uyEm17nSNdgv48Et/e/z/H6gB5/ajLJtaw/foSzBvgZ5OAfVxicKkw6tlQOMBw8tkxC/rv6PmJGbb24GE"; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568242167&nv=13&t=-&v=-&p=-&si=-&sn=dfprdsndlfe19.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3&xx=install"; anxs="s=576842202&sv=1402568210036&sd=none&sp=-&sk=-&sm=-&sb=-&sc=-&ss=-"; cookieEnabled=true; partnerId=^ZC^foxyyy^YYA^ua; installDate=2014061201; toolbarId=119C6B41-CF2E-4DFF-A
HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:24 GMT

Server: Apache

Set-Cookie: userSegment=""; Domain=.cursormania.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMPbBRxwZwkK87qCZecb462PccKM8fGn8T179UMBuW3DaOhhEgxJog/eQnkWp1QdQPPp3AcMBkns7IKsyiDDgHZUmNyrtBgqTRr73ZzfcQkbHi20qfZ5OgT5c60gbHaBgIj4FQZWc0Ra4VH6 1lS38d yDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ/tnV0cvha2DxDvsgdl2VpzEx/gDDzXe5Cze/D5dJk MBKzA/Uzkl/YQhqmeHU33BkTbDYFJALeqEtu3HPPe7kq0vwuq4tAFgH2wNRjNxZSfV1m0i1fnm meHodLzRRcQ61S/t3ulsipGnXzZ1Qqj0fAOfqTq3GiR6gG yP2i/wX yE9uyEm17nSNdgv48Et/e/z/H6gB5/ajLJtaw/foSzBvgZ5OAfVxicKkw6tlQOMBw8tkxC/rv6PmJGbb24GE"; Version=1; Domain=.cursormania.com; Path=/

Set-Cookie: anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568244395&nv=14&t=-&v=-&p=-&si=-&sn=dfprdsndlfe13.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3&xx=install&xnt=&xn=&xrm=&xct=&xu=&xrs=&xkw=&xit=&xg=&xbkw=&xft=&xad="; Version=1; Domain=.cursormania.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:17:24 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html;charset=UTF-8
1ff8..............{{.6.8.....;0l7.bZ....&..N.n...Nk.q.P"%1.D..|.....s.
@...N....D..%`0..f.......N...;....G{[. ...../.loX..../.7..7.6....;o.Vs
.:..q..a4....[om....dmy....y~......w.........T ..S.~....OF..HYP.2.Z...
..3".b4.'n.1..O.2.X..A....T......e..). .,D...6..\{#...8]:......_.....2
"l[...'A..?x.........4.F.k{.t..Zi.`t.?H.q8A.....\.G......r.X).)..&.e-.
.~..A...{...N._ZW.........2.hs....p...zP...Z.\X.q....u0<....9V.]...
q...k..}7....]h4..0.....`...Y.........?.j..!...vE.W.7...M.K%...f.!..z.
..y....Xw.x....kV'J.m..8...H.#e....2. ...a...v.;.XdDgA.......A...X..j.
.(....4.......h......<^.t..~..b..n4&.N.{.G....`.zJ...H.....5.F..D..
.B.P......SK.T.E.......l.....D.).... 9..k.;I..3...1.......z.....A.Fr..
.:I4....4.....#[email protected]..][email protected]:....o.>
V....5y.e....*'u..7......P.28....`;L...hW5........D'w.J....H&s.^..y...
.!..%...J.4W....m-.C.R.VV..k(.....L%W..\..&.?TE...4.!w.3.|.9.._a.....p
...(.  ..p4.....yV{....e...a8.J...AV....B8.z..u..&`3...9.q9...t.5.0T..
.\..N4...k.j.'R.VrfG....A...o..<.#.{.q\4%9.Wb.......-.....|.5..u?..
..aI.......Y?6.Q.;.......@Cd...$..n.k6....... [email protected].
..?L.O...F.....>.Bm.....-%...Xa......|).......u0.?PYw..#...E.}&d...
I."i..f.V..kp../.....".&....y._...ct..-.......r......BP.h......P>'.
{.w.P.4P.K%&l[......&E.....N.a]x...f8...x..F.e.H...n8..e?.,..a.xM?.BC.
3.........>~|..A...{(Y...U....\E....p....3_...U....n........s..A..;
.....k}2.#. k{......1.\..Wa....S..D*.9.S.....,..E.U.1..Q..... w.....-.
7.#d....E.~.....z..b....D1D..%:...0xZ.3..^x..L....J.E5...._(..gH..<<< skipped >>>

GET /images/download/ask/pba_0927.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 23 Sep 2013 16:06:07 GMT

ETag: "113790-dd6-4e70f32b009c4"

Accept-Ranges: bytes

Content-Length: 3542

Cache-Control: max-age=315354163

Expires: Thu, 21 Sep 2023 16:06:07 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:33 GMT

Connection: keep-alive
.PNG........IHDR....... .......P.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...xIDATx..\.TT....A.......b..k.#..hb..R..... -...k..t.Y....L..KrUv
...k.%|.c.^..@ h..G.<..a........a..0..v..~..{......_..T. .B..(.@!"W
.....|.8.;$m...!W.vV)..?.....S.......A..U/.F... ...5...Cw....)r.....$.
"..7......A.....g.....h..FA.:nF.F..9..q]&...jkka...PYi9.......NE..]R0(
@[email protected]. .........Bbb".....BCC..7...#F..e..i.
.3......;GN.\[email protected].....
..e\*......`.....c~.f.W....=..............k..{][email protected]
..>y.d.../.... ^C..>[email protected]..[.o.....~.4....n.._......)Y..
|$.H..^.Z.#8].....ju..... p....w.3.u.%.k3.W...?a..BLL.dee..Y.f..M.`..-
.~...HJJ.U.1..............o|.....n....s.]...#"....Z..t...wO....j......
..\f'..7.....K.,......N.E.@Q.]Q.!..p.R...}....A..>..O........;.....
7h.z.s#.@.`...H4xO....../5;;....=8p..I.Q. ..X..a;...J.A.?.*WWP{...D...
...b........&.jJObu.......}..%.... ./....c..0..R.6m..w..r....Z.....$..
\..e... t........)...3....Ik.zw....h#.I.P......l.vr.;^!. ...6.n9 p....
.i...O...;.v..<-@(6I.R5n.Y...044:.. .....*@.C...s1V....|..Mg..YL.t.
.u.~`..Ahm...(.Z0...U.3..j....l;T<..#....mx.R..$B............,.~.vT
.z...|:.|.H..A........l.<....}..P....oA...._.B..c....Dp...1*Th....O
."...d...lk,.............xy......X....n[....Z-...U9..W..$B...c....p.A.
2X.....N|..3.@=..}...".t?.C....s.(..v=.....{.I......}ee..m..J........"
4...-.....h:...|.}.....7...W..&X.. .....Q.R..6d.EX.m.........1........
...VB..S...Q.4P....Hl....`u.$R.,...g$..V...p.M....j.5....6.g..BqO.<<< skipped >>>

GET /images/vicinio/dsp-images/lisa.delmar/asset1/1355162934289.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.cursormania.com/dl/

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 10 Dec 2012 18:08:54 GMT

ETag: "5ff791-f77c-4d0837552dee7"

Accept-Ranges: bytes

Content-Length: 63356

Cache-Control: max-age=275457745

Expires: Thu, 08 Dec 2022 18:08:54 GMT

Content-Type: application/x-shockwave-flash

Date: Thu, 12 Jun 2014 10:16:33 GMT

Connection: keep-alive
CWS.v/..x...eT\[..Y...Kp.....H ........... ........Ca.)...%..........;
.Y.F.....g..|....k;..q...@.)..%..q...`0)....S...P...UFN.-.. .*........
.........s..b.e."...y}... ..N..S.S..."...R...h....#.?.....a.....<@.
........ ...y<.....*.."".:..2*&:&&.:...6>..6.6...1...!...&..)1!)
>!...7.Cx..................h..C..k......x@.(.h....4..............~.
.......x.......;..}L.Ee..."..<e.7s.BC'&!%#gbfa}.& .\HXDT.........[-
m.]=}s.K k..{W7w.O/o.O.!.a....I.).i..3......KJ..........v........OM...
..\X..onm........_\^][email protected]......:...}D
%.I...Bc..8%2s.D'f..`............*.........z.....J..?a...."=}........p
..x<8.<.'...$...D.{..!.....0....%.I....2...vg8._".,...c....Z..E.
./....Yn{......&.wx.......x.......dN.....w..k.D\)o..b-...;...qT.WD....
...c........^&sT4.D...a.m...Fq.TH......*OS}.. .b,.!.....b...!....=....
..D...........5.J.....#[email protected][...QP....0...r?..F...6j...j
R...~._..@).1.....wZ`.....4...dN....j....!....:..=9.......n.g........W
si.H.2.....x...-..yc_T7I..X.|...:.......*.........k^i...1Q.}.yZ...*a..
........D.,.l~)uM,;....M...fh...%h.....7)...E}..$`...KR{.H.U.0..._...E
....Q.......5.R..6g4..Ka#..}...=......................NU....G.r?O .[.5
.....J.b..[.."R.|...<(..~.........ew...`FFEB........^...f...[.W*.E.
..X/.d-.%..,..0........}..?....@......<..bmp....T....B../..z.kd..9.
x.v.63.<...I.e..v...........'..;...O..l...'.o...5^.p{.MjsNjZTH..)..
[.o.....j..a....c.7...7!.......A.s..Y*r4X.Y.'.@N...[b.. ..,] =z.3..V..
....fV.Y.F;~A...=...0.......3.,.h.=.r.-....P.-............Z_..l..}<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/background2/1372351649480.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 27 Jun 2013 16:47:31 GMT

ETag: "6a41ed-3dc8-4e02584ad32c8"

Accept-Ranges: bytes

Content-Length: 15816

Cache-Control: max-age=285209300

Expires: Sun, 25 Jun 2023 16:47:31 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:35 GMT

Connection: keep-alive
.PNG........IHDR...8...........n.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...!iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC (Windows)" xmpMM:InstanceID="xmp.iid:325ACE73DF2411E2A133F2D69
25A6B45" xmpMM:DocumentID="xmp.did:325ACE74DF2411E2A133F2D6925A6B45"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:325ACE71DF2411E2A13
3F2D6925A6B45" stRef:documentID="xmp.did:325ACE72DF2411E2A133F2D6925A6
B45"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>..C...:=IDATx...i...}.........b........(..$J
.E..d.N|...v..rU...*vU.*.\...RI.7V%.-.N.[.%Y.I.4A."E.$.. .....,.......
~zzz.=......-j0;..3.......O.?.....b.iw4...^..X.z=..z.... ..Rv....?....
..V...v.G)./G./...WW..4{.o.q.....K.7T....y.YbUfK...;.q.. |.....|.....G
.ni..)e~....#..K...n./v....0k..f..$.*...djX[{....\...e^7._1....g.A....
E.G.'..(>..........e^...rL[o.V........P...Z*.%.....9............s..
.m..v...^..P....(.H$..jV..l.......-....F..d...X.......?.y.insoOZ9.B..R
....6......n..../.n.KN..8........SJgU.._..d....7..!..*......*.l.O..Ov.
.......... ...".*...E..`.j.R..Z...F.... .../.l..R.... ?vTWY..h.Svc<<< skipped >>>

GET /images/download/runrun/test/rebuttal/WPanel_P2_01.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 24 May 2012 14:45:10 GMT

ETag: "154cb6-f50-4c0c94c750bb4"

Accept-Ranges: bytes

Content-Length: 3920

Cache-Control: max-age=274128941

Expires: Sun, 22 May 2022 14:45:10 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:35 GMT

Connection: keep-alive
.PNG........IHDR.............F|.a....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/button1/1384360058230.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 13 Nov 2013 16:27:38 GMT

ETag: "b27b16-bd5-4eb117183e6f0"

Accept-Ranges: bytes

Content-Length: 3029

Cache-Control: max-age=297217704

Expires: Sat, 11 Nov 2023 16:27:38 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:38 GMT

Connection: keep-alive
.PNG........IHDR.......$......S......tEXtSoftware.Adobe ImageReadyq.e&
lt;...!iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC (Windows)" xmpMM:InstanceID="xmp.iid:2A37056610E911E3AC809FB54
AEE8879" xmpMM:DocumentID="xmp.did:2A37056710E911E3AC809FB54AEE8879"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2A37056410E911E3AC8
09FB54AEE8879" stRef:documentID="xmp.did:2A37056510E911E3AC809FB54AEE8
879"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>.Z.L...JIDATx..\{PT.....eawY. .<\B$..E!Fk
..Nh..A....S....kkR.f.v........?j'.I..q....dL...I.5I......ty?va.w.....
.]!Eh..c~....{.;.~...;...J...Y".p-..0..............v.U./.F.7..&|.p=.Z.
.%.A.j.?}...9..lj.Z.:j$.!4 s.5...-.....A..l..'....$..2wQ. ....i...KQ.=
..z....%.:V..DM"..Xh....><~7.>.&....HB.).G..:.p.R...o.7....8.
....0i.)..D..;q...AO..j.pcS^w;k,..........L.$#/....F..hH.<Vt:..^.s.
o\...2^xX.B. ~.x...qyP.?...LF....n8.....7....J..B...'<..M..>.&..
.e.....z.zG."j=....A_....2i.".n.K..(D...[.>.h.]..8.J.E.w.'".2i..D$A
;.%...Y<..=(dW.~.....(LY. .Q...[....q...[.6.....o..u.l.F..&G...<<< skipped >>>

GET /fr/u.php?p=185501061579159&m=uOOORoTAR06_Sb2Y7g4BtQ&t=2592000&cb=eadof3 HTTP/1.1

Host: VVV.facebook.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 forced.302

Location: hXXp://a.triggit.com/pxfbcm?s=miss

Date: Thu, 12 Jun 2014 03:18:02 PDT

X-Content-Type-Options: nosniff

Pragma: public

Content-Security-Policy: default-src *;script-src hXXps://*.facebook.com hXXp://*.facebook.com hXXps://*.fbcdn.net hXXp://*.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' hXXps://*.akamaihd.net hXXp://*.akamaihd.net *.atlassolutions.com chrome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl;style-src * 'unsafe-inline';connect-src hXXps://*.facebook.com hXXp://*.facebook.com hXXps://*.fbcdn.net hXXp://*.fbcdn.net *.facebook.net *.spotilocal.com:* hXXps://*.akamaihd.net ws://*.facebook.com:* hXXp://*.akamaihd.net hXXps://fb.scanandcleanlocal.com:* *.atlassolutions.com hXXp://attachment.fbsbx.com hXXps://attachment.fbsbx.com;

X-XSS-Protection: 0

Cache-Control: public, max-age=0

Expires: Thu, 12 Jun 2014 03:18:02 PDT

Content-Type: text/html; charset=utf-8

X-FB-Debug: cQO314U/ctkwC171MeqfcK/SvzFODTldqZSOnYnOY0B4V1bjm8BZgLUbHrpZxXIyyjrex72EePRBeAwLUYZxnA==

Connection: keep-alive

Content-Length: 0

HTTP/1.1 302 forced.302..Location: hXXp://a.triggit.com/pxfbcm?s=miss.
.Date: Thu, 12 Jun 2014 03:18:02 PDT..X-Content-Type-Options: nosniff.
.Pragma: public..Content-Security-Policy: default-src *;script-src htt
ps://*.facebook.com hXXp://*.facebook.com hXXps://*.fbcdn.net hXXp://*
.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.
google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval
' hXXps://*.akamaihd.net hXXp://*.akamaihd.net *.atlassolutions.com ch
rome-extension://lifbcibllhkdhoafpjfnlhfpfgnpldfl;style-src * 'unsafe-
inline';connect-src hXXps://*.facebook.com hXXp://*.facebook.com https
://*.fbcdn.net hXXp://*.fbcdn.net *.facebook.net *.spotilocal.com:* ht
tps://*.akamaihd.net ws://*.facebook.com:* hXXp://*.akamaihd.net https
://fb.scanandcleanlocal.com:* *.atlassolutions.com hXXp://attachment.f
bsbx.com hXXps://attachment.fbsbx.com;..X-XSS-Protection: 0..Cache-Con
trol: public, max-age=0..Expires: Thu, 12 Jun 2014 03:18:02 PDT..Conte
nt-Type: text/html; charset=utf-8..X-FB-Debug: cQO314U/ctkwC171MeqfcK/
SvzFODTldqZSOnYnOY0B4V1bjm8BZgLUbHrpZxXIyyjrex72EePRBeAwLUYZxnA==..Con
nection: keep-alive..Content-Length: 0......

<<< skipped >>>

GET /serve/fb/blank HTTP/1.1

Host: pixel.fetchback.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://pixel.fetchback.com/serve/fb/pdj?cat=&name=success&sid=4242&crv=CLIENT_REVENUE&oid=ORDER_ID

Cookie: fbid=mdDELxxoWVxHRLM9z3mM3S; uid=2_1402568225_1402568225317-5468785824816444; kwd=2_1402568225; uat=2_1402568225; bpd=2_1402568225; cmp=2_1402568225; clk=2_1402568225; afl=2_1402568225; sit=2_1402568225_4242-0-0; cre=2_1402568225; scg=2_1402568225; apd=2_1402568225; eng=2_1402568225; ppd=2_1402568225; act=2_1402568225

Connection: keep-alive


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:05 GMT

Cache-Control: public, max-age=31536000

Expires: Friday, 12 June 2015 06:17:05 o'clock EDT

Content-Type: text/html;charset=UTF-8

Vary: Accept-Encoding

Content-Encoding: gzip

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Content-Length: 139

Connection: close
...........Qt.w...pU....Q..u..tVP....7v.w.q.........))(e...X..........
......g........e&.....(.q.....l2R.S.lJ2KrR.l.a4D4)?....R`.\...........
.

GET /images/download/runrun/test/rebuttal/Alert.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 24 May 2012 14:59:50 GMT

ETag: "154cb8-bff-4c0c980e38966"

Accept-Ranges: bytes

Content-Length: 3071

Cache-Control: max-age=274129925

Expires: Sun, 22 May 2022 14:59:50 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:50 GMT

Connection: keep-alive
.PNG........IHDR...2...,.....'..Z....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:494CC4B8A5A511E19155B5BA
1D593A6F" xmpMM:DocumentID="xmp.did:494CC4B9A5A511E19155B5BA1D593A6F"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:494CC4B6A5A511E191
55B5BA1D593A6F" stRef:documentID="xmp.did:494CC4B7A5A511E19155B5BA1D59
3A6F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>V......sIDATx..Z{l[......I.4....$7~.o'N..4}
@C..X M.4.M.16&.i [email protected]{.P.".?L.g.&M.....=...0:Q....&l.e@K...}...s..
.qZ..F?]..{.=.......r....F..q...A.9.8.x..W.!{...\.F$&...v......km-,...
f.....7....>.HW...5 .F...{O.:......~..l......#.......P.......w5v.T0
..QDW.0...p.B_..>.....3.....".y.cQ~....g0N.>.......?........d.L.
....j7Jl...?.....=...do..^.`..s..)..%....>O"....0.....x..N....`j...
~......T}c-x'nn.~?]/D..s..].0....&.....?.F&G..q%F.......|=..Jwhp...H..
D3x.....y8..Gp..UA...{.t.zc,.g.w....[.?......(..\q...x...~.^;.q....f8.
x.F..H..d.n..>......7)$..YY....-.-.V))a......}.*"A.}...G8uz./1}<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/asset14/1394822534112.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 14 Mar 2014 18:42:14 GMT

ETag: "bb9b17-a7c8-4f4956daeac24"

Accept-Ranges: bytes

Content-Length: 42952

Cache-Control: max-age=308741605

Expires: Mon, 11 Mar 2024 18:42:14 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:51 GMT

Connection: keep-alive
.PNG........IHDR...8...........n.....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/background2/1372351649480.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 27 Jun 2013 16:47:31 GMT

ETag: "6a41ed-3dc8-4e02584ad32c8"

Accept-Ranges: bytes

Content-Length: 15816

Cache-Control: max-age=285209300

Expires: Sun, 25 Jun 2023 16:47:31 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:55 GMT

Connection: keep-alive
.PNG........IHDR...8...........n.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...!iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC (Windows)" xmpMM:InstanceID="xmp.iid:325ACE73DF2411E2A133F2D69
25A6B45" xmpMM:DocumentID="xmp.did:325ACE74DF2411E2A133F2D6925A6B45"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:325ACE71DF2411E2A13
3F2D6925A6B45" stRef:documentID="xmp.did:325ACE72DF2411E2A133F2D6925A6
B45"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>..C...:=IDATx...i...}.........b........(..$J
.E..d.N|...v..rU...*vU.*.\...RI.7V%.-.N.[.%Y.I.4A."E.$.. .....,.......
~zzz.=......-j0;..3.......O.?.....b.iw4...^..X.z=..z.... ..Rv....?....
..V...v.G)./G./...WW..4{.o.q.....K.7T....y.YbUfK...;.q.. |.....|.....G
.ni..)e~....#..K...n./v....0k..f..$.*...djX[{....\...e^7._1....g.A....
E.G.'..(>..........e^...rL[o.V........P...Z*.%.....9............s..
.m..v...^..P....(.H$..jV..l.......-....F..d...X.......?.y.insoOZ9.B..R
....6......n..../.n.KN..8........SJgU.._..d....7..!..*......*.l.O..Ov.
.......... ...".*...E..`.j.R..Z...F.... .../.l..R.... ?vTWY..h.Svc<<< skipped >>>

GET /images/download/wb/allow_xpi_box_white.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 13 Mar 2014 18:19:46 GMT

ETag: "9d8930-3eb-4f480ff851308"

Accept-Ranges: bytes

Content-Length: 1003

Cache-Control: max-age=310166230

Expires: Sun, 10 Mar 2024 18:19:46 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:57 GMT

Connection: keep-alive
.PNG........IHDR...z...r......f|H....sBIT....|.d.....pHYs...........~.
....tEXtSoftware.Adobe Fireworks CS6.......eIDATx...1n.....gWYb:F...[}
......U(..c..EF..............%{#.f....Y<}.......p8$I...wI>$.:.W.
....)..$....G....C.....|..b..l6....qg...".....&wwwy||.4...o....}....WW
W....L&......M&......."....j..k......L..c.....M..,..$.0Nr9...<.....
.v..$o}...z<...........z......@)...PJ.....z......@)...PJ.....z.....
.@)...PJ.....z......@)...PJ.....z......@)...PJ.....z......@)...PJ.....
z......@)...PJ.....z......@)...PJ.....z......@)...PJ.....z......@)...P
J.....z......@)...PJ.....z......@)...PJ.....z......@)...PJ.....z......
@)...PJ.....z......@)...PJ.....z......@)...PJ.....z......@)...PJ.....z
......@)...PJ.....z......@)...PJ.....z......@)...PJ.....z......@)...PJ
.....z......@)...PJ.....z......@)...PJ.....z......@)...PJ.....z......@
)[email protected].......>..\...l..#O...Km
.....$.~s{{..Z.N.....h........{#../...s......<<<|......pH.,..
......$.c......I.g..a.~O.....hE..vF....IEND.B`.HTTP/1.1 200 OK..Server
: Apache..Last-Modified: Thu, 13 Mar 2014 18:19:46 GMT..ETag: "9d8930-
3eb-4f480ff851308"..Accept-Ranges: bytes..Content-Length: 1003..Cache-
Control: max-age=310166230..Expires: Sun, 10 Mar 2024 18:19:46 GMT..Co
ntent-Type: image/png..Date: Thu, 12 Jun 2014 10:16:57 GMT..Connection
: keep-alive...PNG........IHDR...z...r......f|H....sBIT....|.d.....pHY
s...........~.....tEXtSoftware.Adobe Fireworks CS6.......eIDATx...1n..
...gWYb:F...[}......U(..c..EF..............%{#.f....Y<}.......p<<< skipped >>>

GET /images/vicinio/dsp-images/210720343/background3/1395093117121.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://cursormania.dl.tb.ask.com/ffInstruct.jhtml

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 17 Mar 2014 21:51:56 GMT

ETag: "e2479-4f45-4f4d46da4dc8a"

Accept-Ranges: bytes

Content-Length: 20293

Cache-Control: max-age=307884890

Expires: Thu, 14 Mar 2024 21:51:56 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:17:05 GMT

Connection: keep-alive
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e&
lt;... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5 Windows" xmpMM:InstanceID="xmp.iid:4C1892DF56D311E38501E0D0D7
36D2A4" xmpMM:DocumentID="xmp.did:4C1892E056D311E38501E0D0D736D2A4">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4C1892DD56D311E38501
E0D0D736D2A4" stRef:documentID="xmp.did:4C1892DE56D311E38501E0D0D736D2
A4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>.4....K.IDATx.....$W}..........}...H.......,Y
. D.el...8..c.._..`..'..c?oy...x#.....Y.....ML0.M..64...z..........N..
.;sG.3.}RMUw.......W.Z.......7......................B............ t...
..@............................:..... [email protected]..................
...:...................B............ t.....@..........................
..:..... [email protected].....................:...........8......p"...,L
\..op.g.=n.{v_....l....M5...~.vX......1T.....}..[...V...<v9o;N.s.w-
.y^[email protected]..... .$......O.AR..........6n.P.
.......Y.[...w.q......1.x9<H:.|.k.....fq...63.m^o2...F...mf....<<< skipped >>>

GET /images/vicinio/dsp-images/210720343/background999/1395072025411.jpg HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/installComplete.jhtml

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 17 Mar 2014 16:00:25 GMT

ETag: "b8c2f-2c10b-4f4cf84882be5"

Accept-Ranges: bytes

Content-Length: 180491

Cache-Control: max-age=307863782

Expires: Thu, 14 Mar 2024 16:00:25 GMT

Content-Type: image/jpeg

Date: Thu, 12 Jun 2014 10:17:23 GMT

Connection: keep-alive
......Exif..MM.*...........................&..........................
.................................................(...........1..... ..
...2...........i............. ............'.......'.Adobe Photoshop CS
6 (Macintosh).2014:01:31 16:47:09...........0221......................
.............&...............................n...........v.(..........
...........~...........4.......H.......H..........Adobe_CM......Adobe.
d.....................................................................
......................................................................
......{...."................?.........................................
.................................3......!.1.AQa."q.2.....B#$.R.b34r..C
.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw
........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%..
....&5..D.T..dEU6te......u..F...............Vfv........'7GWgw.........
........?...4V.,.........o...a.#.... 9O....XO..0......u.{..F.w......}.
.{....u...mf.<....k.v..o.6....\..]s....a..m.!...n......O...^,..q]..
m...p='...Q.o..F..^)..c..1..~...7P...'<r...g.=]q....s......K.....i.
...:.......'.t.....Kvm~......wo.?1..O.n/uR.d...$l...n...=(:}3.I..2H{..
{Z./._.......8.z.'}}q...l?.t.X..x.c...].l......7......../.uV.....t.w..
..9...O.j..](.58.&v.L..../.](.5:.H.;......DG%.U.?.....H..s(...x[......
.^..$....s?...#.0..M.....I.......b..g...G.....'u....Q2d.`...........=.
z...ikk..s...L..(....=O.T...^...T.Z."b.$A..BC... Rc....p....p.=G......
.{L..C^v.-......t4..w.cv...o.../.#=...},..[.p.....rG....N:..c..K..<<< skipped >>>

GET /en/ie8slice/default.aspx HTTP/1.1

Accept: */*

A-IM: feed

Accept-Language: en-us

User-Agent: Windows-RSS-Platform/2.0 (MSIE 8.0; Windows NT 5.1)

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

Cache-Control: no-cache

Host: iegallery.com


HTTP/1.1 302 Found

Location: hXXp://az307127.vo.msecnd.net/webslices/ie8?culture=en-us&r=asdf9488

Server: Microsoft-IIS/7.0

X-Powered-By: ASP.NET

Date: Thu, 12 Jun 2014 10:19:24 GMT

Content-Length: 189
<html><head><title>Object moved</title></he
ad><body>..<h2>Object moved to <a href="hXXp://az307
127.vo.msecnd.net/webslices/ie8?culture=en-us&r=asdf9488">here&
lt;/a>.</h2>..</body></html>....

GET /localStorage.jhtml?toolbarData={"toolbarId":"119C6B41-CF2E-4DFF-A692-17BCF08918F4","partnerId":"^ZC^foxyyy^YYA^ua","partnerSubId":"","installDate":"2014061201","homePageOption":"true","homePage":"true","defaultSearchOption":"true","defaultSearch":"true","installType":"XPI","pixelUrl":"http://cursormania.dl.tb.ask.com/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=","successUrl":"http://VVV.cursormania.com/dl/installComplete.jhtml","dlput":"YYA"} HTTP/1.1

Host: cursormania.dl.tb.ask.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Cookie: sessionData="7JRNV6bd9p3sD6hd1243kxFdEMojLcZ72bfIbGsNKv819Kfp7BJgb W/2hwJsia2xuQWljAedxSdh SiFsGi4FXox6Sw2rYh1bcmTuBafRH5J8v4vQNQAIBJnfgkI3VAX4nw3AtIAxe0FD0Jvpw/Fv2T6b6uTtPF2D987NjsSVgS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAw
HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:16:57 GMT

Server: Apache

Set-Cookie: anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568214380&xn=&xrm=&xtp=&xct=&xs=&lv=1402568217610&xp=&xrt=&xt=&nv=2&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe9.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="; Version=1; Domain=.tb.ask.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:16:57 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Content-Length: 464

Connection: close

Content-Type: text/html;charset=UTF-8
..........eR.n.0.}...C...J....tdS...=....u.T7.MI...}S...{.`.n~.u.=...g
..R~..~.B.n....H.)(1aFg.,..V....t..n.....R.Y..-7EE.5...n(x.g.....{....
2.s..}...f{`..9..I:...^:.\.....w1..za|....I8.E..*0.p'Y.J...4M....X.p..
u.-qH.,...Vt...F.Q.6G.t....7..Z9.L.G....C-i.`....7..._.....?o...b.....
X.U.A.kc.)A....S..}......~...c.U_..K.{{...H....0..a<.0.,.!..x.<.
.....Ox_.....M{r.l.9Z...z........c*.e%.p.....jrjg...|r?.5.. m. }.4',O.
Q.X......[2.z(....<;s=...Am..}B......{.f..w!4#......

GET /tr.gif?anxa=CAPNative&anxv=8.27.3.62908&anxe=PluginInvoked&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi=&anxd=2014-05-12T15:14:33.544Z&f=00400000&anxr=1565560448&controlName=SearchControl&methodName=UpdateSearch&resultCode=5&errorMessage= HTTP/1.1

Host: live.tb.ask.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Accept: */*

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568260714&xn=&xrm=&xtp=&xct=&xs=&lv=1402568263154&xp=&xrt=&xt=&nv=3&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe11.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="


HTTP/1.1 204 No Content

Server: nginx/1.0.1

Date: Thu, 12 Jun 2014 10:18:01 GMT

Connection: close

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Cache-Control: max-age=0

GET /serve/fb/pdc?cat=&name=success&sid=4242&crv=CLIENT_REVENUE&oid=ORDER_ID&xr=8419881041540792783&referer=http://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id= HTTP/1.1

Host: pixel.fetchback.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://pixel.fetchback.com/serve/fb/pdj?cat=&name=success&sid=4242&crv=CLIENT_REVENUE&oid=ORDER_ID

Cookie: fbid=mdDELxxoWVxHRLM9z3mM3S

Connection: keep-alive


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:05 GMT

Set-Cookie: fbid=mdDELxxoWVxHRLM9z3mM3S; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: uid=2_1402568225_1402568225317-5468785824816444; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: kwd=2_1402568225; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: uat=2_1402568225; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: bpd=2_1402568225; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: cmp=2_1402568225; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: clk=2_1402568225; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: afl=2_1402568225; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: sit=2_1402568225_4242-0-0; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: cre=2_1402568225; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: scg=2_1402568225; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: apd=2_1402568225; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: fbid=mdDELxxoWVxHRLM9z3mM3S; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: eng=2_1402568225; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: ppd=2_1402568225; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Set-Cookie: act=2_1402568225; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Cache-Control: max-age=0, no-store, must-revalidate, no-cache

Expires: Thu, 12 Jun 2014 10:17:05 GMT

Pragma: no-cache

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Content-Type: text/html; charset=UTF-8

Vary: Accept-Encoding

Content-Encoding: gzip

Connection: close

Transfer-Encoding: chunked
23b.............T]k.0.}7.?(..M.. .G.8c...4({.%[email protected].}.N..6......
=W.:.`i5...gU...&.A..)....;.K ...Z.jG....7.}.y.8.tK0|.3.....4..xe..@}.
...i@e%...2..A.qf...i.....t.9h.....4.!&\[email protected]....)..i.
.4...,.$]`[email protected].`.qD.....aRnGm.}..JN...)S.....W.C...
.............Gy..8J..... .0M..i.F.1..`;.....Y./4../...8....xEv.......w
w..}6:..(:.$.......C4.~..i.]...D4N.4JC..1..F.2..md.}z~x|.>=8$.....!
GQ.}.........2..C..ue.&_DI&O.$~.;....!..... s^...A...E...x?.k..jnDS.#*
h:s3.&.............e.;.....[...K.K..............P..|9.....x.....\/.e8.
..ucn.Cz..U..~.......a.......Z<.....0..<<< skipped >>>

GET /images/vicinio/dsp-images/lisa.delmar/background/1355162773241.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 10 Dec 2012 18:06:13 GMT

ETag: "2e6a5c-6da3-4d0836bb85903"

Accept-Ranges: bytes

Content-Length: 28067

Cache-Control: max-age=275457585

Expires: Thu, 08 Dec 2022 18:06:13 GMT

Content-Type: image/gif

Date: Thu, 12 Jun 2014 10:16:33 GMT

Connection: keep-alive
GIF89a.......888777........................111............!!!.........
......$$$///............"""222   &&&---(((......***000............)))#
##,,,%%%'''...   ......555444666......333........................!....
...,.............e!9.<...... .. V{.66..`(.(5..V`....g......j0..:.Fb
..<.....-I...61..(.1....1c..6..a85&.7.. ..c8%/-# ..%D.()...#.......
 ........&1...!.5_6.Mb1.(..1....56....-/.../.*%"'( .!.423.#.d....6D..P
.....6..q....Z.... C..$.D.!.A...^..!....%6..ao...`.a.([email protected].......
`.c..../.m.. [email protected]....$0..%...8.@ f..8..].pcA.....([c......\.....
.j4h..*.Z..\.*C...3H.x.....d6>[email protected]...(.. .....DT.C...g.P..,#@..)..8
0.%m.S...t*... dH(H....8F(`1..)....X..v..((.X..%...jL.h....(P8....%..X
. ~....8...y.....'|.....@B... CI......@G...`..A..\.........D..........
 ..*[email protected].....@.[.D..t5$..........0...T....a.C.0.pC..H ....7.....B`!T
G%..lpRA%<...*....b....34(...4..~.(...w....^Lp...p4...l...Y. .. ...
...i.......%.P...p`..-.0..0. .......C...... .G#4.....0,.60 ..,..#.1...
. .A...`..... A..X.f..\....%l.BZ..).jT..."*D0......g#....".....%....8.
.....By.h.RA.Lx.).f0........,._..>p.9k.!."s.Y..*[email protected]..*p......E
......P0.. $w..[=`t.Jf...N....-.cC........@@.%T.../.*.)[email protected]`@..tu..
...'..t.B.B.................wW..@.. .3....0....)q.-.P.N~.....,...".`..
........`[email protected]"..| ..M.p...Zp._..0....0y.!(....X.@.'DV...T.B..8..
.... ....!..<...Wc....T..[...,...40...0.....jh...S..V0...*@*...H0,p
./............(...dC..,._o. [email protected][email protected].,.H.....X..2
...D [email protected]!D.C...DP......X.l"`.]T...h.AXVd.....<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/background1/1371061585053.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 12 Jun 2013 18:26:28 GMT

ETag: "86adcb-1ae0-4def926ebd010"

Accept-Ranges: bytes

Content-Length: 6880

Cache-Control: max-age=283919237

Expires: Sat, 10 Jun 2023 18:26:28 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:35 GMT

Connection: keep-alive
[email protected] ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:7A86773D6BD411E2BFD9E432
700E40AC" xmpMM:DocumentID="xmp.did:7A86773E6BD411E2BFD9E432700E40AC"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7A86773B6BD411E2BF
D9E432700E40AC" stRef:documentID="xmp.did:7A86773C6BD411E2BFD9E432700E
40AC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>.$.....TIDATx.....$.]...S.=3;k.qbG.'.......
../J..C.p..)....p! .@H"..p..n.A..H..$ ..y1...{./3..PU..]=......n=....=
3=.....o?.T=....gq..}.....=q..Q.Y.h....HUD..R............X_.......w.f.
u.W.>..............?.~...R.?/.8.....^.B.9..3.L....].....j.....<.
..A..[7....x.>n.....?...}v.6..8^......s..E...fQ....S....8h.........
z..q.}.._..{......x....3....M/..Kr{.i..v{y.;..xZ?`..W...O.....i....]0u
W..?.z....z.vC..q ..../.5.F.1{[email protected]...~..;w..8..u..B._U.{
.}..-...2..y...c.,.(..Q........rq....o.SO]....?Mw..7....W?...........4
..q;.|......ut...]R........o.\^......?......./<.s.A.d#.<....<<< skipped >>>

GET /fwlink/?LinkId=121315 HTTP/1.1

Accept: */*

If-Modified-Since: Fri, 23 May 2014 08:16:08 GMT

A-IM: feed

Accept-Language: en-us

User-Agent: Windows-RSS-Platform/2.0 (MSIE 8.0; Windows NT 5.1)

Accept-Encoding: gzip, deflate

Host: go.microsoft.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 302 Found

Cache-Control: private

Content-Type: text/html; charset=utf-8

Expires: Thu, 12 Jun 2014 10:18:23 GMT

Location: hXXp://iegallery.com/en/ie8slice/default.aspx

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 12 Jun 2014 10:19:23 GMT

Content-Length: 162
<html><head><title>Object moved</title></he
ad><body>..<h2>Object moved to <a href="hXXp://iegal
lery.com/en/ie8slice/default.aspx">here</a>.</h2>..<
/body></html>..HTTP/1.1 302 Found..Cache-Control: private..Co
ntent-Type: text/html; charset=utf-8..Expires: Thu, 12 Jun 2014 10:18:
23 GMT..Location: hXXp://iegallery.com/en/ie8slice/default.aspx..Serve
r: Microsoft-IIS/7.5..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.N
ET..Date: Thu, 12 Jun 2014 10:19:23 GMT..Content-Length: 162..<html
><head><title>Object moved</title></head>&l
t;body>..<h2>Object moved to <a href="hXXp://iegallery.com
/en/ie8slice/default.aspx">here</a>.</h2>..</body>
;</html>......


GET /fwlink/?LinkId=68929 HTTP/1.1

Accept: */*

If-Modified-Since: Thu, 22 May 2014 19:04:53 GMT

If-None-Match: "807869b6f075cf1:0"

A-IM: feed

Accept-Language: en-us

User-Agent: Windows-RSS-Platform/2.0 (MSIE 8.0; Windows NT 5.1)

Accept-Encoding: gzip, deflate

Host: go.microsoft.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 302 Found

Cache-Control: private

Content-Type: text/html; charset=utf-8

Expires: Thu, 12 Jun 2014 10:18:24 GMT

Location: hXXp://VVV.microsoft.com/atwork/community/rss.xml

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 12 Jun 2014 10:19:23 GMT

Content-Length: 166
<html><head><title>Object moved</title></he
ad><body>..<h2>Object moved to <a href="hXXp://VVV.m
icrosoft.com/atwork/community/rss.xml">here</a>.</h2>..
</body></html>..HTTP/1.1 302 Found..Cache-Control: private
..Content-Type: text/html; charset=utf-8..Expires: Thu, 12 Jun 2014 10
:18:24 GMT..Location: hXXp://VVV.microsoft.com/atwork/community/rss.xm
l..Server: Microsoft-IIS/7.5..X-AspNet-Version: 4.0.30319..X-Powered-B
y: ASP.NET..Date: Thu, 12 Jun 2014 10:19:23 GMT..Content-Length: 166..
<html><head><title>Object moved</title></he
ad><body>..<h2>Object moved to <a href="hXXp://VVV.m
icrosoft.com/atwork/community/rss.xml">here</a>.</h2>..
</body></html>......


GET /fwlink/?LinkId=68928 HTTP/1.1

Accept: */*

If-Modified-Since: Wed, 21 May 2014 08:14:52 GMT

If-None-Match: "06697bdcc74cf1:0"

A-IM: feed

Accept-Language: en-us

User-Agent: Windows-RSS-Platform/2.0 (MSIE 8.0; Windows NT 5.1)

Accept-Encoding: gzip, deflate

Host: go.microsoft.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 302 Found

Cache-Control: private

Content-Type: text/html; charset=utf-8

Expires: Thu, 12 Jun 2014 10:18:25 GMT

Location: hXXp://VVV.microsoft.com/athome/community/rss.xml

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 12 Jun 2014 10:19:24 GMT

Content-Length: 166
<html><head><title>Object moved</title></he
ad><body>..<h2>Object moved to <a href="hXXp://VVV.m
icrosoft.com/athome/community/rss.xml">here</a>.</h2>..
</body></html>..HTTP/1.1 302 Found..Cache-Control: private
..Content-Type: text/html; charset=utf-8..Expires: Thu, 12 Jun 2014 10
:18:25 GMT..Location: hXXp://VVV.microsoft.com/athome/community/rss.xm
l..Server: Microsoft-IIS/7.5..X-AspNet-Version: 4.0.30319..X-Powered-B
y: ASP.NET..Date: Thu, 12 Jun 2014 10:19:24 GMT..Content-Length: 166..
<html><head><title>Object moved</title></he
ad><body>..<h2>Object moved to <a href="hXXp://VVV.m
icrosoft.com/athome/community/rss.xml">here</a>.</h2>..
</body></html>....

GET /dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-US&anxlv=1402568258913&anxsq=6&searchAssistantOption=true&searchAssistantOptIn=true&homePageOption=true&homePageOptIn=true&tbUID=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&paidInstall=true&restartUrl=http://VVV.cursormania.com/dl/loading.jhtml&anxe=InstallerInvoked&anxr=411811716 HTTP/1.1

Host: VVV.cursormania.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: sessionData="60GyHS2fzacvA5oAkpN Rm0f2HsHZDTWAZ1jQoCc00lTAXlvYTENuIG6AIiOsNw9xuQWljAedxSdh SiFsGi4E5D80Jwp/Dq6FcR1IvRx7r5J8v4vQNQAIBJnfgkI3VAEnPS2VbnPTX/TzS15LJ5HtR6a2S59Z7lTkPqpn2fHRUS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; cookieEnabled=true; partnerId=^ZC^chryyy^YYA^ua; installDate=2014061201; toolbarId=4C8D7C7E-
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:17:42 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /favicon.ico HTTP/1.1

Host: cursormania.dl.tb.ask.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:16:51 GMT

Server: Apache

Accept-Ranges: bytes

ETag: W/"894-1401391120000"

Last-Modified: Thu, 29 May 2014 19:18:40 GMT

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Length: 241

Connection: close

Content-Type: image/x-icon
..........c``.B... )..... ......@!....8..sC0........DX........~.......
([email protected][email protected]...... ..b.....|[email protected].[..0. ..:
.b2.z.-@)..H8...T..._....."...&'.........l.........z..,........10.930.
[email protected]?..7O...4.~.....

GET /images/vicinio/dsp-images/lisa.delmar/asset2/1355163041583.gif HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 10 Dec 2012 18:10:41 GMT

ETag: "809745-1716-4d0837bb7196e"

Accept-Ranges: bytes

Content-Length: 5910

Cache-Control: max-age=275457921

Expires: Thu, 08 Dec 2022 18:10:41 GMT

Content-Type: image/gif

Date: Thu, 12 Jun 2014 10:16:50 GMT

Connection: keep-alive

GIF89a..Q.................~....................{.......#..#...........
...............@..............@[email protected].....#..................
..0........0................. [email protected]..*........P.
.`.. ........`.................0..#...........#..#..@..@..`..P.. .....
F..;.....@..@..@.....#..$..%..... .. .................@[email protected]......
.....}.."..P.....`........`..P..u........f...........`........p.....@.
.`.....0..0.................Y.....p........ ..Q.. ...........P........
.........0..^..`..... q................0...........p..%.........V.Dm..
.....0.....p..p..0........P..0.. ..p.. ..............P.. ..`..`..0..`.
........}.....?h......................................................
......................................................................
...........!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSz
NTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe X
MP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> <rdf:R
DF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf
:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xml
ns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/HTTP/1.1 200 OK..Server: Apac
he..Last-Modified: Mon, 10 Dec 2012 18:10:41 GMT..ETag: "809745-1716-4
d0837bb7196e"..Accept-Ranges: bytes..Content-Length: 5910..Cache-Contr
ol: max-age=275457921..Expires: Thu, 08 Dec 2022 18:10:41 GMT..Content
-Type: image/gif..Date: Thu, 12 Jun 2014 10:16:50 GMT..Connection: kee
p-alive..GIF89a..Q.................~....................{.......#.

<<< skipped >>>

GET /images/vicinio/dsp-images/100000459/background/1365611127529.jpg HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/installComplete.jhtml

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 10 Apr 2013 16:25:29 GMT

ETag: "3b2b2f-684-4da041e436d4e"

Accept-Ranges: bytes

Content-Length: 1668

Cache-Control: max-age=300010419

Expires: Sat, 08 Apr 2023 16:25:29 GMT

Content-Type: image/jpeg

Date: Thu, 12 Jun 2014 10:17:22 GMT

Connection: keep-alive
......Exif..II*.................Ducky.......P.....)hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM
:InstanceID="xmp.iid:69BA292EA1F111E2BB31930120E20251" xmpMM:DocumentI
D="xmp.did:69BA292FA1F111E2BB31930120E20251"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:69BA292CA1F111E2BB31930120E20251" stRef:doc
umentID="xmp.did:69BA292DA1F111E2BB31930120E20251"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;...&Adobe.d....................9....................................
......................................................................
......................................................................
................................................`.................`...
..............`....................A!q. 1..P0@`Q.................}."..
K..Q...Tj..T..........nZ..........j)vZ.]..We...e.@.....@..............
.....3..........3..........3........?.3........?.3........?.3........?
!..,.2Ye.Ye..2Ye.Y.#%.Y.,.2Y.,...dd..../..,../..........?!.g........?!
.g.............."..`./.....g<n6...H...I$..................?.}..<<< skipped >>>

GET /dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-US&anxlv=1402568210058&anxsq=4&cookiesEnabled=1&anxe=SplashLanding&anxr=770635978 HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Cookie: sessionData="7JRNV6bd9p3sD6hd1243kxFdEMojLcZ72bfIbGsNKv819Kfp7BJgb W/2hwJsia2xuQWljAedxSdh SiFsGi4FXox6Sw2rYh1bcmTuBafRH5J8v4vQNQAIBJnfgkI3VAX4nw3AtIAxe0FD0Jvpw/Fv2T6b6uTtPF2D987NjsSVgS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568210059&nv=4&t=-&v=-&p=-&si=-&sn=dfprdsndlfe31.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=y
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:16:52 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /ffInstruct.jhtml HTTP/1.1

Host: cursormania.dl.tb.ask.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Cookie: sessionData="7JRNV6bd9p3sD6hd1243kxFdEMojLcZ72bfIbGsNKv819Kfp7BJgb W/2hwJsia2xuQWljAedxSdh SiFsGi4FXox6Sw2rYh1bcmTuBafRH5J8v4vQNQAIBJnfgkI3VAX4nw3AtIAxe0FD0Jvpw/Fv2T6b6uTtPF2D987NjsSVgS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; dlput=YYA; anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568214380&xn=&xrm=&xtp=&xct=&xs=&lv=1402568217610&xp=&xrt=&xt=&nv=2&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe9.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="

Connection: keep-alive


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:05 GMT

Server: Apache

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData="/UhhXZj JXP8vWlpsd2Hefe4Btdi3wD1t4uMbRKMNjXcUdck9EAhY4CILC4uwrSzaBOjRqt2qybk0VJpc7ji7k7EoAYVt9Mx3gPYa0G0Cny3SiG3e2lVftdFKDemtcMFsaMrbJZjGRACWMKdVQevupyBKdDwMxzj0NxFRnxBmxcB9y8ttHrU7XNVlI6hzCbuj6fV3egGMJJ/suHllaouPeu b98O/YNgkLlx hYzTHl6K/TqWhf0 wikLiWI08bB73zY1UHaeFQR/oaYEifjCwuK7N U8KVGhwuoexcS90pq041TeuVr9aW6lWsAUD2Br7WJd1BFu9CC /Z5XrKrAiDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ8PUKkucquRa7cCLEB2knJzqCJHi6W0BIGxfyCWskwi8Zdm/a t1EDGPUlO03thJujpu2kiZYdYxY648eK6i2YPMhDr09QEfWObUIULksUVFUXMSVM5WxKSeMXaXXYXFJZNebsDC2yru4b3W2b5PsdXBL/Dif6mpoWVZdy9k9m3uLjgrUpelvAn8ttx/YBhg64n08jI1FkBdNjHhKhbGJ1w=="; Version=1; Domain=.tb.ask.com; Path=/

Set-Cookie: anx="xrp=&xnt=&xh=&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&fv=1402568214380&xn=&xrm=&xtp=vhigh&xct=&xs=&lv=1402568225278&xp=vicinio&xrt=&xt=&nv=3&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe17.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3"; Version=1; Domain=.tb.ask.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:17:05 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html;charset=UTF-8
2002.............}is....g.*.a...d...(Qbrd-...E......b...D....j.......3
 @J.s...sb.3.===.== .......?;z{x.?g.d..|r.....Cb..._............W..h..
..b/.......7...I2.7......n#.&..w....Fd...h..7q...hV.....A......G......
d`......KD{........_.....Q../...~T.d.....A^....w5... .AR...S.8.m`%.&i"
o{...QL.........n.m..g4............N....==..........E. ......'..<r.
=.. .Ga.k$...\zS#[email protected]....$..`..c]8.4. ..
..l........-...fv4..>i.o.x..v]/..Ic`.O....9.<..........5....c.yc
..C...0........S..\3....{W. K...L..-^LI0.o.^$..........Dr.....$...7.f.
"LS`.O.HB..>.....8A.P...D9.......^.}o.2t.qi$2. .....M.L=.....k..$7[
.$M.G`...?.C..y....F:.K.0...........h=...}...f..)G.g...3.J,....[....E2
..h......Q5.R.F.l.wT.R<..%)1M^%.H............."...&...)..k..=.C..H.
.p. ;..|.b_$I..e.R.........M...".i...aV....R,^.h..4Y.K....b....Y....".
..q..-..vw8..........%.az.:'..D..}.s- ....T..?.g2....0..]..[..........
&..c.5...O.n..O..\.[.YS.lqy...1....(p.Dc.r.0S.g...z.sF.?...Aml..3o6...
....m..K.e.....4.....c....<...[rAgs..3.f8.6...f./..a.....3.......:F
w"...q;J.......o..Y.g...Q..J2./...w5K.O..[.%...Uad;.'Q..P..g....h...i.
.......3..P....Yx.8.Y..Jh......#.|[email protected].<.O.["..bh.[..1....
[email protected]........ .>..v..9...9.....P...J.B..........u..%..
.MJ}....x1...[...hN....}KW.Z.... .m......G.^D<.M._.X..6.D....=...R.
.f9D3e...<..d&.....B.D{.S.oYL........s.D.|..x5..~.&$.W..y.GM.......
s.;..6HD...C.y.zn.....1.WA5&^@N........!<:...9..(.}.6.......7.(?...
[.[./.u....x`]/N.;.=..lw....=.S.....s......(#....J.R.y.m-..(..aI"&<<< skipped >>>

GET /dl/ HTTP/1.1

Host: VVV.cursormania.com

Connection: keep-alive

Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: sessionData="60GyHS2fzacvA5oAkpN Rm0f2HsHZDTWAZ1jQoCc00lTAXlvYTENuIG6AIiOsNw9xuQWljAedxSdh SiFsGi4E5D80Jwp/Dq6FcR1IvRx7r5J8v4vQNQAIBJnfgkI3VAEnPS2VbnPTX/TzS15LJ5HtR6a2S59Z7lTkPqpn2fHRUS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; partnerId=^ZC^chryyy^YYA^ua; installDate=2014061201; toolbarId=4C8D7C7E-AB7A-4460-92CC-11D4915F6277; partnerSubId=; dlput=YYA; installType=CRX_WEBSTORE; pixelUrl=hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=; successUrl=hXXp://VVV.cursormania.com/dl/installComplete.jhtml; defaultSearchOption=true; defaultSearch=true; homePageOption=true; homePage=true; cookieEnabled=true; anx="u=B938F72F-35CF-4A29-8572-09BD4B809217&fv=1402568257969&lv=14025
HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:42 GMT

Server: Apache

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData="b9HzKn44fQ916lYP0279s20CXp3Rsg/8xJ9cRob2SskrlqFVgWLktLXejfDjgTlTxGNOIxeyb2U0YYZ6dhDCHvrogh9jWDG5KpRa/dvKl65SNT9 QBEu4zB0FdHqzG3HW7UETwxFhzl8v2vYulSm8etBsh0tn82nLwOaAJKTfkZtH9h7B2Q01gGdY0KAnNNJUwF5b2ExDbiBugCIjrDcPX7d9LddRB6WdJds9bOFaLxx18j2KUQf60LmWyrlwTw1UjaI2JBHG3bbHTgunCNQTE6c2XTdrAJSveTixxtWnOlxkdf2jXoCiW0tdgVnHB79ctYT7lou9sqJb48czRBCpKMOZKY8wy888IdNKUSfpATMTXsjg/7FcWGJHNfOHqqu2GIVzl5O P1GTtNGMdwLLD1LPzECeDXRKo7BN3O1GuxuNGqL/4HWHE1nTGXMqbwbLuatcmnGeFLqKRgNPNncClirIEGWUFWTohwcX47E/lzMavGpY/ffp4VPnwqgBE/Tl AALAlhjxFkaH/tsN cLzQwQrOeG7Z4pSI0yOQGNQYtq60arbsWhfgUaCbyUVeynY6XZsoXUK YKHaaI2Wu8HfybHVmCcb24 n4tc9IsGw="; Version=1; Domain=.cursormania.com; Path=/

Set-Cookie: anx="u=B938F72F-35CF-4A29-8572-09BD4B809217&fv=1402568257969&lv=1402568262088&nv=5&t=-&v=-&p=-&si=-&sn=dfprdsndlfe30.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=14.0 r0&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^chryyy^YYA^ua&xi=CRX_WEBSTORE&xtp=vhigh&xs=15348&xp=vicinio&xrt=YYA&xt=crxdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=dac75bfa09b5429b8f2aa42f1998f5e1&xuer=3&xx=install&xnt=&xn=&xrm=&xct=&xu=&xrs=&xkw=&xit=&xg=&xbkw=&xft=&xad="; Version=1; Domain=.cursormania.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:17:42 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html;charset=UTF-8
1ff8..............{[.G.8.7.y.....%.AB...<.b.1Yc8..0&<#.H.{.QfF\.
y?.[U}...Nv...k7F.........U..?.i.{~osw..xo..f...{.....e/.Z.<.h.6.7.
.7.;o.vs.:L.q.fa<..Vk..m..,...Z.......8....[........L ..3.~!...G...
S.d.H.... ...H..E..-!....3V?..|.x..,..Y..x.b.1e.d.........ko..,.gK.W..
.z..kg.e.B...7..4........V..,pLco...7..q....F.......d.L....E..i.(.....
.LN]/M)....1....Y.Z..n._Y...#/...5kyr.a)[email protected]{eri.'..9.. :....9
V.....I......}/....=h4..0.Y..%A.e.y...........j.8!...v..W...^.6.g.bJX.
"H2....0..`...E......fu.l.1...q .$:RF....b.rz.........$<#>[email protected]
.f.C....g....|.\.......K..(..._^~....e...'.1.hL:.H.@.........*&.....=k
 .F......\.P......SK.T.EO......l.....T.I.... 8..k.u..#..l.F..)..5...Z.
..@..\K..n.G.L....]..w.o..i..cUg)&&.....!.h...U.Vu......M..`.J..(....,
P} ..B0E... V.0.l.rR....>|..40.7.g.:......K....BY8......d.&...Y<
...x?.......J*d.....%..x.`....!n......5..yUv.R.e.OV..&.?TE...4.!w.3%|.
9...0....R8..K...e.^8..I...<.=....2..I....F.F.......F..\Y..h.6#...3
.....H....C.I./.1....)X..c8....3;.................%I...l_.. .j..O.....
...5...>....a...\........8..l.fx.G..!2.DU..}..3.Ql..P......M.^=.x.0
..\hfCp...Y.U...)........$..'q..."u... ... l....../.Vt}.Y8..'..*.E^8.M
@Y...\....d/.6H.......C.....U8..0.]?c.g....1F....P.Z...*W..h....:Gs...
l.C..<[email protected].. <O..kR....h.4...{.>7....%.f/... m...p..
-?.,..(L...D.....j?\]m?^y.....vs..Q...G.:.&....W.2.......G`7...[...^.x
U...Y..a.G]......}".#.kk{.f....12.....$...g....&s..D..}1X.?.8.vc....?R
 .A..A...[.o....Sn9....7Lr%.ju....#.d..w.w|..a..H...~x...N18=...j.<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/asset3/1394811916691.png HTTP/1.1

Host: ak.imgfarm.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 14 Mar 2014 15:45:16 GMT

ETag: "d6f2e-2c2b-4f492f4d4e420"

Accept-Ranges: bytes

Content-Length: 11307

Cache-Control: max-age=307729575

Expires: Mon, 11 Mar 2024 15:45:16 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:17:38 GMT

Connection: keep-alive
.PNG........IHDR... ...F.....45......tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:C5D771D6764611E3AD6DE9
2B10AFB3D2" xmpMM:DocumentID="xmp.did:C5D771D7764611E3AD6DE92B10AFB3D2
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C531C22B764611E3
AD6DE92B10AFB3D2" stRef:documentID="xmp.did:C531C22C764611E3AD6DE92B10
AFB3D2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.C....(.IDATx....`T....w........H....m.VE
.........~.U......}...h.ZQ.Z...(..O.Z..".. ..../....<..L&.m.L.|~z.w
.=...s.......,]..a...F.f.. ....0..0..0...i.H.E..H;BW.B.M"-...I.&......
...^.U.0..0..0LDx.^sSSSaYYY........,..".C..................u5.P}^.E.a.
.a..a"B..a.$`..Q..B......c..|h.V...YD.c...p:..X..k.a..a..a.nC....V&.".
.PU..;w..h..u...".B ...Y|0..0..0..'.s.4.i..|..$@n.<y......z.%.a..a.
.a.....5Hs......YYY..G.I..O....-\...0..0L.BZ.4.i.. y......d.....CG"...
z.....Gl..wrWD........3`.U...0..0..E(. 95.f.H..u:]TG.....#.|......:.!.
...... i.P...N.....x..1..s...:.q*...a..a.hAZ.4.i.C......=...."$...<<< skipped >>>

GET /images/anx/anemone-1.2.7.js HTTP/1.1

Host: ak.imgfarm.com

Connection: keep-alive

Accept: */*

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 08 Jul 2013 20:02:48 GMT

ETag: "774114-a236-4e105875b5290"

Accept-Ranges: bytes

Content-Length: 41526

Cache-Control: max-age=309305985

Expires: Thu, 06 Jul 2023 20:02:48 GMT

Content-Type: application/javascript

Date: Thu, 12 Jun 2014 10:17:39 GMT

Connection: keep-alive
// You can define an _AnemoneParams global var with the following memb
ers (all are optional):..// uniqueUser: unique user ID (${eventRecord.
uniqueUserId}) -- if missing, will generate a value..// appId: applica
tion ID (${eventRecord.application}) -- if missing, will use current h
ostname..// appVersion: application build version (${eventRecord.appBu
ildVersion})..// appDate: application build date (${eventRecord.appBui
ldDate}) -- if missing, will attempt to use document.lastModified..// 
logPageView: if true, each page view will be logged (only do this if y
ou are not using server-side logging -- otherwise each page view will 
be logged twice)..// updateSession: if true, the session and referrer 
info in the cookie will be updated (only do this if you are not using 
server-side logging at all, or not using the Java servlet filter -- ot
herwise events may be double-counted and sessions may expire unexpecte
dly)..// domain: cookie domain (if not present, will use the last two 
components of the current hostname)..// url: base URL for callback (if
 not present, will use the current URL with "anemone.jhtml" instead of
 the page)..// getAppParams: function which returns an object whose pr
operty names/values will be logged for page views and events (values w
ill be URL-encoded)..// getAppCookieChips: function which returns an o
bject whose property names/values will be added to the Anemone cookie 
(names should begin with "x")..// getUserSegments: function which acce
pts an array of segment IDs and returns the array, possibly adding<<< skipped >>>

GET /ga.js HTTP/1.1

Host: VVV.google-analytics.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: */*

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Date: Wed, 11 Jun 2014 23:42:41 GMT

Expires: Thu, 12 Jun 2014 11:42:41 GMT

Last-Modified: Thu, 29 May 2014 22:33:33 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 15836

Cache-Control: public, max-age=43200

Age: 38049

Alternate-Protocol: 80:quic
...........}kW.:..w~....c...pk..f.....ZhiI..dY.iB.b.KI.o.gF.-'..9....n
byF..h4...../....z..|..y .b../......A_.S.....w......$2=.\..8e..:.G..].
.<.b....M_7.,.I...{..t<./s....x...,...(r4...8W|&N._K...M...p.\9.
..'.I.._.Jz.!.6.....8........P...F.......]H...-..!.M.t...?..6..5O..1..
p0..7.n$y*.z..Z...".W .8XE.....z.a....`.n....t....v.u..6.....A:H...=..
z.....!...5.u [email protected](;. ... W#.M..4
.0.u|.8..{..5...v.T.....5.@)..M..wr.....A>.v..%w..C.B..,Wjj8......j
.r./.Y..RI.6.(........T....Dq......Al...b...:.r.........}1.C...ZYv..y.
r.=d^.....T....L.U(.2 ...`..5......8.tD=..........c.#u.h...-..yu.....r
..?D....j.JQa.T.....f...G.q?r....7_llo>..@....].n;[email protected]_.@...
....#[email protected]...~.UL&...,X.a.Gl...C..c....W........i..2....w.V.{S
...T(w..KF........1.".......V..N.J V.y...K.....4....  .W...Y.......k$.
..r...P..H.J.^.......|... [email protected]..,|\AH`..._..k. x...A...d$.X.~.H
|.3..w>.@M"...s....1..Yi.#..G.........tO....v...1...{k.......np...8
y...Aa....V1.UvB...UJ.q.YC.=.W....1..Yns....s.8.....}..}.0h:......[.Q.
[email protected].}.(..Z.%..q....=Q.$HD....|.[Yq5A..rR.|.r...A....,....^.3
.w...4.:..3.=...>.Z_.A?2X.W..vl...Y.Q].....`VUv......9.R%<.k)..P
OLv..rm..Gc._j.cr/...yBjJ....:7....'....uQ.7.W..0s/K...|..*bY...&...pe
E.50.......&...T)-.-.)......A.."....aK...M.#.Y..... Js......ns.......V
....F;Q....0.P..S.L..l...B..&...nfX3d.....Z....5...6... :.[.{.".!.7*.0
...ylO..N...n ....r.M [email protected]..]W.u..D...m..J.5k..nT...t!.
..._..=..G.Y..^Y..f..]...d.N^....9....m1-0..`K.uB..R.MB.......%.!.<<< skipped >>>

GET /anemone.jhtml?anxuu=E73A33CD-849F-4BFA-AF87-F8E2F1531E44&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=&anxu=http://cursormania.dl.tb.ask.com/ffInstruct.jhtml&anxl=en-US&anxlv=1402568225278&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&anxe=ffInstructLanding&anxr=1835031359 HTTP/1.1

Host: cursormania.dl.tb.ask.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://cursormania.dl.tb.ask.com/ffInstruct.jhtml

Cookie: sessionData="7JRNV6bd9p3sD6hd1243kxFdEMojLcZ72bfIbGsNKv819Kfp7BJgb W/2hwJsia2xuQWljAedxSdh SiFsGi4FXox6Sw2rYh1bcmTuBafRH5J8v4vQNQAIBJnfgkI3VAX4nw3AtIAxe0FD0Jvpw/Fv2T6b6uTtPF2D987NjsSVgS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; dlput=YYA; anx="xrp=&xnt=&xh=&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&fv=1402568214380&xn=&xrm=&xtp=vhigh&xct=&xs=&lv=1402568225278&xp=vicinio&xrt=&xt=&nv=3&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe17.df.jabodo.com&xgc=&op=-&xbkw=
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:17:06 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /pixel?pixelID=101809&pixelID=101807&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segment HTTP/1.1

Host: segment-pixel.invitemedia.com

Connection: keep-alive

Cache-Control: max-age=0

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/splashPixels.jhtml

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 302 Found

Location: hXXp://bid.g.doubleclick.net/xbbe/invitepixel/pixel?pixelID=101809&pixelID=101807&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segment

Cache-Control: private

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Date: Thu, 12 Jun 2014 10:17:44 GMT

Server: sffe

Content-Length: 373

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://bid.g.doubleclick.net/xbbe/invitepixel/pixel?pix
elID=101809&pixelID=101807&pixelID=101808&pixelID=101806&a
mp;pixelID=101810&partnerID=269&key=segment">here</A>
...</BODY></HTML>..HTTP/1.1 302 Found..Location: hXXp://bi
d.g.doubleclick.net/xbbe/invitepixel/pixel?pixelID=101809&pixelID=1018
07&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segm
ent..Cache-Control: private..Content-Type: text/html; charset=UTF-8..X
-Content-Type-Options: nosniff..Date: Thu, 12 Jun 2014 10:17:44 GMT..S
erver: sffe..Content-Length: 373..X-XSS-Protection: 1; mode=block..Alt
ernate-Protocol: 80:quic..<HTML><HEAD><meta http-equiv=
"content-type" content="text/html;charset=utf-8">.<TITLE>302 
Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H
1>.The document has moved.<A HREF="hXXp://bid.g.doubleclick.net/
xbbe/invitepixel/pixel?pixelID=101809&pixelID=101807&pixelID=1
01808&pixelID=101806&pixelID=101810&partnerID=269&key=
segment">here</A>...</BODY></HTML>......
<<< skipped >>>

GET /?act=statistics&i=7e737kewZYa8pDw+Duoh4MEjmLz/noHd3vtbIbDST8nV HTTP/1.1

Host: g.brothersoft.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=

Connection: keep-alive


HTTP/1.1 200 OK

Server: BSWS/2.3

Date: Thu, 12 Jun 2014 10:17:04 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.3.10

Set-Cookie: ad_out_statistics=5868; expires=Thu, 12-Jun-2014 10:22:04 GMT

Set-Cookie: bs_ad_ck_c=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=g.brothersoft.com

Content-Encoding: gzip

14........................0..HTTP/1.1 200 OK..Server: BSWS/2.3..Date: 
Thu, 12 Jun 2014 10:17:04 GMT..Content-Type: text/html; charset=UTF-8.
.Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP
/5.3.10..Set-Cookie: ad_out_statistics=5868; expires=Thu, 12-Jun-2014 
10:22:04 GMT..Set-Cookie: bs_ad_ck_c=deleted; expires=Thu, 01-Jan-1970
 00:00:01 GMT; path=/; domain=g.brothersoft.com..Content-Encoding: gzi
p..14........................0..

GET /images/vicinio/dsp-images/lisa.delmar/asset2/1355163041583.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 10 Dec 2012 18:10:41 GMT

ETag: "809745-1716-4d0837bb7196e"

Accept-Ranges: bytes

Content-Length: 5910

Cache-Control: max-age=275457921

Expires: Thu, 08 Dec 2022 18:10:41 GMT

Content-Type: image/gif

Date: Thu, 12 Jun 2014 10:16:33 GMT

Connection: keep-alive
GIF89a..Q.................~....................{.......#..#...........
...............@..............@[email protected].....#..................
..0........0................. [email protected]..*........P.
.`.. ........`.................0..#...........#..#..@..@..`..P.. .....
F..;.....@..@..@.....#..$..%..... .. .................@[email protected]......
.....}.."..P.....`........`..P..u........f...........`........p.....@.
.`.....0..0.................Y.....p........ ..Q.. ...........P........
.........0..^..`..... q................0...........p..%.........V.Dm..
.....0.....p..p..0........P..0.. ..p.. ..............P.. ..`..`..0..`.
........}.....?h......................................................
......................................................................
...........!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSz
NTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe X
MP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> <rdf:R
DF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf
:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xml
ns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adob
e.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5
 Windows" xmpMM:InstanceID="xmp.iid:36D4FBD6246011E2A1559DDB93728CCF" 
xmpMM:DocumentID="xmp.did:36D4FBD7246011E2A1559DDB93728CCF"> <xm
pMM:DerivedFrom stRef:instanceID="xmp.iid:36D4FBD4246011E2A1559DDB9372
8CCF" stRef:documentID="xmp.did:36D4FBD5246011E2A1559DDB93728CCF"/<<< skipped >>>

GET /images/download/runrun/test/rebuttal/Alert.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 24 May 2012 14:59:50 GMT

ETag: "154cb8-bff-4c0c980e38966"

Accept-Ranges: bytes

Content-Length: 3071

Cache-Control: max-age=274129925

Expires: Sun, 22 May 2022 14:59:50 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:35 GMT

Connection: keep-alive
.PNG........IHDR...2...,.....'..Z....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:494CC4B8A5A511E19155B5BA
1D593A6F" xmpMM:DocumentID="xmp.did:494CC4B9A5A511E19155B5BA1D593A6F"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:494CC4B6A5A511E191
55B5BA1D593A6F" stRef:documentID="xmp.did:494CC4B7A5A511E19155B5BA1D59
3A6F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>V......sIDATx..Z{l[......I.4....$7~.o'N..4}
@C..X M.4.M.16&.i [email protected]{.P.".?L.g.&M.....=...0:Q....&l.e@K...}...s..
.qZ..F?]..{.=.......r....F..q...A.9.8.x..W.!{...\.F$&...v......km-,...
f.....7....>.HW...5 .F...{O.:......~..l......#.......P.......w5v.T0
..QDW.0...p.B_..>.....3.....".y.cQ~....g0N.>.......?........d.L.
....j7Jl...?.....=...do..^.`..s..)..%....>O"....0.....x..N....`j...
~......T}c-x'nn.~?]/D..s..].0....&.....?.F&G..q%F.......|=..Jwhp...H..
D3x.....y8..Gp..UA...{.t.zc,.g.w....[.?......(..\q...x...~.^;.q....f8.
x.F..H..d.n..>......7)$..YY....-.-.V))a......}.*"A.}...G8uz./1}<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/asset13/1394822548604.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 14 Mar 2014 18:42:28 GMT

ETag: "240c0e-7cad-4f4956e8bd4dd"

Accept-Ranges: bytes

Content-Length: 31917

Cache-Control: max-age=307680193

Expires: Mon, 11 Mar 2024 18:42:28 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:35 GMT

Connection: keep-alive
.PNG........IHDR...8...........n.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:66C430F47FB411E3869488
C434A73F85" xmpMM:DocumentID="xmp.did:66C430F57FB411E3869488C434A73F85
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EA345EAF7FB311E3
869488C434A73F85" stRef:documentID="xmp.did:EA345EB07FB311E3869488C434
A73F85"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>...n..y.IDATx..]...E...49m....Y.` .......
....w.w.w&.|z*z.S.,[email protected]@....u.......~..^.z..--...
....G ..........(((((((QQPPPPP........DEAAAAAA...............%*.....JT
........(((((((QQPPPPP........DEAAAAA................%*.....JT........
((((((QQPPPPPP........DEAAAAA...............%*......JT........((((((QQ
PPPPPP........DEAAAAA...............%*......JT........((((((QQPPPPPP..
.....DEAAAAAA...............%*......JT.......(((((((QQPPPPPP.......DEA
AAAAA...............%*......JT.........:........UT........((((((QQPPPP
P..D..mP.........%*.........D.y..U'.h..r.....8..!<...3..B0f....<<< skipped >>>

GET /www/delivery/ti.php?trackerid=317 HTTP/1.1

Host: ads.ad4game.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=

Connection: keep-alive


HTTP/1.1 200 OK

Server: nginx

Date: Thu, 12 Jun 2014 10:17:04 GMT

Content-Type: image/gif

Content-Length: 43

Connection: close

X-Powered-By: PHP/5.3.3

Pragma: no-cache

Cache-Control: private, max-age=0, no-cache

Expires: Mon, 26 Jul 1997 05:00:00 GMT

P3P: CP="CUR ADM OUR NOR STA NID"

Set-Cookie: OA4GUA=mozilla/5.0 (windows nt 5.1; rv:29.0) gecko/20100101 firefox/29.0; expires=Sat, 12-Jul-2014 10:17:04 GMT; path=/; domain=ads.ad4game.com

Set-Cookie: OA4GBR=fx#29.0#29#.0##win#xp#193.138.244.231#en-us,en#firefox; expires=Sat, 12-Jul-2014 10:17:04 GMT; path=/; domain=ads.ad4game.com

X-host: ads.ad4game.com

X-serveraddr: 10.57.60.90

X-servername: ads.ad4game.com\ 80\ 81

GIF89a.............!.......,...........D..;..

GET /?act=statistics&i=7e737kewZYa8pDw+Duoh4MEjmLz/noHd3vtbIbDST8nV HTTP/1.1

Host: g.brothersoft.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: BSWS/2.3

Date: Thu, 12 Jun 2014 10:18:02 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.3.10

Set-Cookie: ad_out_statistics=5868; expires=Thu, 12-Jun-2014 10:23:02 GMT

Set-Cookie: bs_ad_ck_c=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=g.brothersoft.com

Content-Encoding: gzip

14........................0..HTTP/1.1 200 OK..Server: BSWS/2.3..Date: 
Thu, 12 Jun 2014 10:18:02 GMT..Content-Type: text/html; charset=UTF-8.
.Transfer-Encoding: chunked..Connection: keep-alive..X-Powered-By: PHP
/5.3.10..Set-Cookie: ad_out_statistics=5868; expires=Thu, 12-Jun-2014 
10:23:02 GMT..Set-Cookie: bs_ad_ck_c=deleted; expires=Thu, 01-Jan-1970
 00:00:01 GMT; path=/; domain=g.brothersoft.com..Content-Encoding: gzi
p..14........................0..

GET /dl/splashPixels.jhtml HTTP/1.1

Host: VVV.cursormania.com

Connection: keep-alive

Cache-Control: max-age=0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: partnerId=^ZC^chryyy^YYA^ua; installDate=2014061201; toolbarId=4C8D7C7E-AB7A-4460-92CC-11D4915F6277; partnerSubId=; dlput=YYA; installType=CRX_WEBSTORE; pixelUrl=hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=; successUrl=hXXp://VVV.cursormania.com/dl/installComplete.jhtml; defaultSearchOption=true; defaultSearch=true; homePageOption=true; homePage=true; sessionData="b9HzKn44fQ916lYP0279s20CXp3Rsg/8xJ9cRob2SskrlqFVgWLktLXejfDjgTlTxGNOIxeyb2U0YYZ6dhDCHvrogh9jWDG5KpRa/dvKl65SNT9 QBEu4zB0FdHqzG3HW7UETwxFhzl8v2vYulSm8etBsh0tn82nLwOaAJKTfkZtH9h7B2Q01gGdY0KAnNNJUwF5b2ExDbiBugCIjrDcPX7d9LddRB6WdJds9bOFaLxx18j2KUQf60LmWyrlwTw1UjaI2JBHG3bbHTgunCNQTE6c2XTdrAJSveTixxtWnOlxkdf2jXoCiW0tdgVnHB79ctYT7lou9sqJb48czRBCpKMOZKY8wy888IdNKUSfpATMTXsjg/7FcWGJHNfOHqqu2GIVzl5O P1GTtNGMdwLLD1LPzECeDXRKo7BN3O1GuxuNGqL/4HWHE1nTGXMqbwbLuatcmnGeFLqKRgNPNncClirIEGWUFWTohwcX47E/lzMavGpY/ffp4VPnwqgBE/Tl AALAlhjxFkaH/tsN cLzQwQrOeG7Z4pSI0yOQGNQYtq60arbsWhfgUaCbyUVeynY6XZsoXUK YKHaaI2Wu8HfybHVmCcb24 n4tc9IsGw="; cookieEnabled=true; anx="
HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:44 GMT

Server: Apache

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData="sxZ4ZF5IibvfSKqfgLj09s70rbs D4NwaC0sCk MwrVACmawW C1qOFPBiCfSYz6xqqtu0Ltanh3KmA9xap9cKHwdZ2p/K/wXKcDdcN0MYD3hQBX1PgRiZLmCP3vNjE n606Qz3czD9GKP4QbL6xaHAvxpNoNVDla48djPKz6nZaZ/Tm5jCv CiHSRXL/8Kcp912PRAE3cJKar c6OKbe7Nu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMP9PmOmnaONVhtVbDuL557fWZsITgCzMNqWd9heHcqL54PjBXcrw4DdDtVpm8Ybijq2GIVzl5O P1GTtNGMdwLLD1LPzECeDXRKo7BN3O1GuxuNGqL/4HWHE1nTGXMqbwbLuatcmnGeFLqKRgNPNncClirIEGWUFWTohwcX47E/lzMavGpY/ffp4VPnwqgBE/Tl AALAlhjxFkaH/tsN cL958fEAMb9hsqmq0DrG/7UQtq60arbsWhfgUaCbyUVeynY6XZsoXUK YKHaaI2Wu8HfybHVmCcb24 n4tc9IsGw="; Version=1; Domain=.cursormania.com; Path=/

Set-Cookie: anx="u=B938F72F-35CF-4A29-8572-09BD4B809217&fv=1402568257969&lv=1402568264395&nv=8&t=-&v=-&p=-&si=-&sn=dfprdsndlfe31.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=14.0 r0&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^chryyy^YYA^ua&xi=CRX_WEBSTORE&xtp=vhigh&xs=15348&xp=vicinio&xrt=YYA&xt=crxdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=dac75bfa09b5429b8f2aa42f1998f5e1&xuer=3&xx=install&xnt=&xn=&xrm=&xct=&xu=&xrs=&xkw=&xit=&xg=&xbkw=&xft=&xad="; Version=1; Domain=.cursormania.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:17:44 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Content-Length: 602

Connection: close

Content-Type: text/html;charset=UTF-8
...........Tmo.0.....p......f..i:..$$..1~........k..{.i...> a)...;?
w...5...E..QH....E..E.Eh.....4.PS.j....9h.h...a....~.6r...T[P..]..W...
6.......i...%0.pk6..o.U>.......&x.......A....bk... Im.........y...u
..g...{..VHJW0.....:.#...D.s....v...w........C(Q..&..q..}.r&\'.ST.6x./
.v....K.#...!; ..e|.....pP6.#d.3.)...........QpcQ.2.n....,N.x...`:].KW
Z........(.&........ 8.Ppj..,#1.....0...|6...4y>[email protected]...*...R..8[.
...!#9...E.4R,...^/..7.|......<..RPQ.z]\.rce1a8...u...T.a.B....(...
w....w...........G....@0..=.....C5...a..?.<.#..>.(...........H..
2.:9Z.=^^./.G.49aj.F.......................0v.n...|...W.m.....<<< skipped >>>

GET /serve/fb/blank HTTP/1.1

Host: pixel.fetchback.com

Connection: keep-alive

Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://pixel.fetchback.com/serve/fb/pdj?cat=&name=success&sid=4242&crv=CLIENT_REVENUE&oid=ORDER_ID

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: uid=2_1402568282_1402568282630-9288289561310825; kwd=2_1402568282; uat=2_1402568282; bpd=2_1402568282; cmp=2_1402568282; clk=2_1402568282; afl=2_1402568282; sit=2_1402568282_4242-0-0; cre=2_1402568282; scg=2_1402568282; apd=2_1402568282; fbid=CBh8SnOO8HScSv0NwMU8QS; eng=2_1402568282; ppd=2_1402568282; act=2_1402568282


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:18:02 GMT

Cache-Control: public, max-age=31536000

Expires: Friday, 12 June 2015 06:18:02 o'clock EDT

Content-Type: text/html;charset=UTF-8

Vary: Accept-Encoding

Content-Encoding: gzip

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Content-Length: 139

Connection: close
...........Qt.w...pU....Q..u..tVP....7v.w.q.........))(e...X..........
......g........e&.....(.q.....l2R.S.lJ2KrR.l.a4D4)?....R`.\...........
.

GET /tss-ca-g2.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: ts-crl.ws.symantec.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Server: Apache

ETag: "b3174edbbe2f87cff4855314c0cf43d7:1402564298"

Last-Modified: Thu, 12 Jun 2014 09:11:38 GMT

Accept-Ranges: bytes

Content-Length: 477

Date: Thu, 12 Jun 2014 10:17:01 GMT

Connection: keep-alive

Content-Type: application/pkix-crl
0...0.....0...*.H........0^1.0...U....US1.0...U....Symantec Corporatio
n100...U...'Symantec Time Stamping Services CA - G2..140612090105Z..14
0622090105Z.00.0...U.#..0..._..n\..t...}.?..L...0...U........0...*.H..
...........r..........*.......CJ`.7N.....VUzG. ...3.!..y ....n.<..t
.2.{{.'.G....G....(.2..)Z.7....?!.n^.....b..c..Zuk..lG..A..l%..zc.?...
.<#...q/[email protected].....<......0y..#..k:q..J..>...D.....w &
lt;..jik..n.c..7.gc....p)...f..Q......;...17....Z..#. '....(....Z.9...
..HTTP/1.1 200 OK..Server: Apache..ETag: "b3174edbbe2f87cff4855314c0cf
43d7:1402564298"..Last-Modified: Thu, 12 Jun 2014 09:11:38 GMT..Accept
-Ranges: bytes..Content-Length: 477..Date: Thu, 12 Jun 2014 10:17:01 G
MT..Connection: keep-alive..Content-Type: application/pkix-crl..0...0.
....0...*.H........0^1.0...U....US1.0...U....Symantec Corporation100..
.U...'Symantec Time Stamping Services CA - G2..140612090105Z..14062209
0105Z.00.0...U.#..0..._..n\..t...}.?..L...0...U........0...*.H........
.....r..........*.......CJ`.7N.....VUzG. ...3.!..y ....n.<..t.2.{{.
'.G....G....(.2..)Z.7....?!.n^.....b..c..Zuk..lG..A..l%..zc.?....<#
...q/[email protected].....<......0y..#..k:q..J..>...D.....w <..j
ik..n.c..7.gc....p)...f..Q......;...17....Z..#. '....(....Z.9.......

GET /serve/fb/ver?uatFilter=false&fb_key=cat=&name=success&sid=4242&crv=client_revenue&oid=order_id&xr=8123386075797401174&referer=http://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^zc^chryyy^yya^ua&coid=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=http://pixel.fetchback.com/serve/fb/pdj?cat=&name=success&sid=4242&crv=client_revenue&oid=order_id /serve/fb/pdc  http://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^zc^chryyy^yya^ua&coid=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=&cat=&sid=4242&name=success&uid=1402568282630:9288289561310825&crv=0.0&oid=ORDER_ID HTTP/1.1

Host: pixel.fetchback.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://pixel.fetchback.com/serve/fb/blank

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: uid=2_1402568282_1402568282630-9288289561310825; kwd=2_1402568282; uat=2_1402568282; bpd=2_1402568282; cmp=2_1402568282; clk=2_1402568282; afl=2_1402568282; sit=2_1402568282_4242-0-0; cre=2_1402568282; scg=2_1402568282; apd=2_1402568282; fbid=CBh8SnOO8HScSv0NwMU8QS; eng=2_1402568282; ppd=2_1402568282; act=2_1402568282


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:18:03 GMT

Cache-Control: max-age=0, no-store, must-revalidate, no-cache

Expires: Thu, 12 Jun 2014 10:18:03 GMT

Pragma: no-cache

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Content-Type: image/gif

Vary: Accept-Encoding

Content-Encoding: gzip

Connection: close

Transfer-Encoding: chunked

36............r.t..Ldd`dh``...?....O.F ..."@2.LL............a........ 
.....0..

GET /dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-us&anxlv=1402568195450&anxsq=6&anxe=InstallerInvoked&anxr=680459682 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: VVV.cursormania.com

Connection: Keep-Alive

Cookie: sessionData="/UhhXZj JXP8vWlpsd2Hefe4Btdi3wD1t4uMbRKMNjXcUdck9EAhY4CILC4uwrSzaBOjRqt2qybk0VJpc7ji7k7EoAYVt9Mx3gPYa0G0Cny3SiG3e2lVftdFKDemtcMFsaMrbJZjGRACWMKdVQevupyBKdDwMxzj0NxFRnxBmxcB9y8ttHrU7XNVlI6hzCbuj6fV3egGMJJ/suHllaouPeu b98O/YNgkLlx hYzTHl6K/TqWhf0 wikLiWI08bB73zY1UHaeFQR/oaYEifjC1vdxg4KbyrtLb3pvHCaIUlXG7Wm26b7NALPQMkLOnmFtKb2aBAg6bvw 9XHmBtUYCDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ8PUKkucquRa7cCLEB2knJwbJfnj73wN1rDKa/JhYB1UuzRGwenttTKCWvvDdVBj3ZrvLK7Su7THP1rKY7aS1XfMhDr09QEfWObUIULksUVEKpTtqwBknhrh5dgpkzupsZNebsDC2yru4b3W2b5PsdXBL/Dif6mpoWVZdy9k9m3uLjgrUpelvAn8ttx/YBhg64n08jI1FkBdNjHhKhbGJ1w=="; anx="u=A81F63A5-8FF1-437F-8109-400CE53AA80A&fv=1402568192637&lv=1402568195512&nv=7&t=-&v=-&p=-&si=-&sn=dfprdsndlfe31.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=32&f=10.0&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^yyyyyy^YYA
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:16:39 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

POST /ocsp HTTP/1.1

Host: clients1.google.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Length: 107

Content-Type: application/ocsp-request

Connection: keep-alive

0i0g0E0C0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..?ihI.'....0.0... .....0...
0... .....0..
HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Thu, 12 Jun 2014 10:20:09 GMT

Expires: Mon, 16 Jun 2014 10:20:09 GMT

Cache-Control: public, max-age=345600

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Alternate-Protocol: 80:quic
0..........0..... .....0......0...0......J......h.v....b..Z./..2014061
2010127Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.?ihI.'......20140612010127Z....20140619010127Z0...*.H..............o&
gt;h.}...E;.h.....J.._;<.3l`...._E.F......7....=..n.m...4.;..L....T
...}>.7.B../l.va........Y|x..tp.6.....U...A..AY...F..;E5l?......?.K
.0...]W'%..P..y...w..8..LZ{@|.:..i'.P.A..o.\..N1y_...../....]...el.f..
%XKwf...d.vU.....}H...01..[m....o.....N(.....U..V...HTTP/1.1 200 OK..C
ontent-Type: application/ocsp-response..Date: Thu, 12 Jun 2014 10:20:0
9 GMT..Expires: Mon, 16 Jun 2014 10:20:09 GMT..Cache-Control: public, 
max-age=345600..Server: ocsp_responder..Content-Length: 463..X-XSS-Pro
tection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Alternate-Protoco
l: 80:quic..0..........0..... .....0......0...0......J......h.v....b..
Z./..20140612010127Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.
v....b..Z./..?ihI.'......20140612010127Z....20140619010127Z0...*.H....
..........o>h.}...E;.h.....J.._;<.3l`...._E.F......7....=..n.m..
.4.;..L....T...}>.7.B../l.va........Y|x..tp.6.....U...A..AY...F..;E
5l?......?.K.0...]W'%..P..y...w..8..LZ{@|.:..i'.P.A..o.\..N1y_...../..
..]...el.f..%XKwf...d.vU.....}H...01..[m....o.....N(.....U..V.....<<< skipped >>>

GET /serve/fb/pdj?cat=&name=success&sid=4242&crv=CLIENT_REVENUE&oid=ORDER_ID HTTP/1.1

Host: pixel.fetchback.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=

Connection: keep-alive


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:05 GMT

Set-Cookie: fbid=mdDELxxoWVxHRLM9z3mM3S; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:17:05 GMT; Path=/

Cache-Control: max-age=0, no-store, must-revalidate, no-cache

Expires: Thu, 12 Jun 2014 10:17:05 GMT

Pragma: no-cache

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Content-Type: text/html; charset=UTF-8

Vary: Accept-Encoding

Content-Encoding: gzip

Connection: close

Transfer-Encoding: chunked
8f3.............X[S...~.j.Cp.9....m.'N.Kf.]n......J.e......`!......a.9
U..U8..vw...Ej....t..wj..'......G.5c...l...a.PMlZ..mwN....|......u.aey
dw/.>.&.v...r ...Zj.Z..g$h5y.....8...z[;..YR;.H....f........,h..x.?
..gpv.....E5Z........3oy.G.#u.........I.G..?a....`..5....'....q...H...
.....m<v.oZ{.[..].S.g....}..wH..D....`.......g.y...y..U.Zf.....~.F.
 [M..(..._E.<...|..O ..s ..wU.S.........f.Q.8../.......'.G...sVw...
..we.......[.q..'1..".......n...K<..l.]#....5...5...2`......k...'..
}.OHz...Y..,.q...... .....8..\6mD....p.R.g...y..(..{..X.X..Q3%.8"<.
.1...X.Q._.H.nFV..H^.....~o..aA.2:......k..w. 6j.......xW....X.I..T.5.
..4...=.l..8......Ks..yZK.]M...B.^.?...-......I...Z..-..2u ..T.X. ....
.....C.K....s.c..K.........$.%I...........n&A....8.8KY^...)g.l...L....
 K..I..X...5...~&.Ua...Ds.2..2<...A..KN8./<..qB.R.id.d*....4bZ..
..9..).kC.........I|.....R9.{.M]......WJk....Y2...`.i.. M.......\.....
8.._aU.....Q|.N).........3.i}.`....9.kN...9.....p.....v.<=E.S._.C.1
.h.V.x'a....C.D...MC.7...k...JOk.F...0..~.....f.I=.A....4...}..I.N..{.
...a.g..R....,"..:...!.......8.JMC.S.....).....wQ.. ... .e0.......t...
)..*..k.....:.....z.@. ....Y....(..3.X.G*.m.P.SH.|..7...~...0...0.....
....d"[email protected].~..A..e...=..Y,-....kqZ../....q....!.z.5...~....g...X...V
E.^..dC.c_......RL.z....Rj......8.s..Y....Lu:..}.%.Bd.Q...r.....$N#.H3
......|y...Z..mt}'[email protected]$j.,]......X....a.P...1g.._.d..{>@w...$..
.a.,.o..,.#E.......s........z../@0.<...<e..!........dj.".....tXV
..<[email protected].....'..I..c.q...`...z.*...P9...UY.....|,..X..%<<< skipped >>>

GET /favicon.ico HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Host: cursormania.dl.tb.ask.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:16:36 GMT

Server: Apache

Accept-Ranges: bytes

ETag: W/"894-1401391120000"

Last-Modified: Thu, 29 May 2014 19:18:40 GMT

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Length: 241

Connection: close

Content-Type: image/x-icon
..........c``.B... )..... ......@!....8..sC0........DX........~.......
([email protected][email protected]...... ..b.....|[email protected].[..0. ..:
.b2.z.-@)..H8...T..._....."...&'.........l.........z..,........10.930.
[email protected]?..7O...4.~.....

GET /dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-us&anxlv=1402568192871&anxsq=4&cookiesEnabled=1&anxe=SplashLanding&anxr=610652734 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: VVV.cursormania.com

Connection: Keep-Alive

Cookie: sessionData="MG38RZOZYxIZQAx/8yOk0ZtFMk M1 OsgOVQPfkbKAfR/FtWYJA2jadAGi7yhXswxuQWljAedxSdh SiFsGi4GUG9ryLhTRe z/DQ2ZT31v5J8v4vQNQAIBJnfgkI3VAivJW6oOxfnNuQnVFta5odcdk3CElqS0VZ8KDSAaaQ gS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; anx="u=A81F63A5-8FF1-437F-8109-400CE53AA80A&fv=1402568192637&lv=1402568192871&nv=4&t=-&v=-&p=-&si=-&sn=dfprdsndlfe3.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=32&f=10.0&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC%5
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:16:36 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-US&anxlv=1402568214788&anxsq=5&anxe=SplashLandingClicked&anxr=869872791 HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Cookie: sessionData="/UhhXZj JXP8vWlpsd2Hefe4Btdi3wD1t4uMbRKMNjXcUdck9EAhY4CILC4uwrSzaBOjRqt2qybk0VJpc7ji7k7EoAYVt9Mx3gPYa0G0Cny3SiG3e2lVftdFKDemtcMFsaMrbJZjGRACWMKdVQevupyBKdDwMxzj0NxFRnxBmxcB9y8ttHrU7XNVlI6hzCbuj6fV3egGMJJ/suHllaouPeu b98O/YNgkLlx hYzTHl6K/TqWhf0 wikLiWI08bB73zY1UHaeFQR/oaYEifjCwuK7N U8KVGhwuoexcS90pq041TeuVr9aW6lWsAUD2Br7WJd1BFu9CC /Z5XrKrAiDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ8PUKkucquRa7cCLEB2knJzqCJHi6W0BIGxfyCWskwi8Zdm/a t1EDGPUlO03thJujpu2kiZYdYxY648eK6i2YPMhDr09QEfWObUIULksUVH7d u6E0GDYW6nGokIcX7qZNebsDC2yru4b3W2b5PsdXBL/Dif6mpoWVZdy9k9m3uLjgrUpelvAn8ttx/YBhg64n08jI1FkBdNjHhKhbGJ1w=="; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568213689&nv=6&t=-&v=-&p=-&si=-&sn=dfprdsndlfe26.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:16:56 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe30.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-US&anxlv=1402568262162&anxrd=VVV.cursormania.com&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=3&cookiesEnabled=1&anxe=SplashLanding&anxr=722817688 HTTP/1.1

Host: VVV.cursormania.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: partnerId=^ZC^chryyy^YYA^ua; installDate=2014061201; toolbarId=4C8D7C7E-AB7A-4460-92CC-11D4915F6277; partnerSubId=; dlput=YYA; installType=CRX_WEBSTORE; pixelUrl=hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=; successUrl=hXXp://VVV.cursormania.com/dl/installComplete.jhtml; defaultSearchOption=true; defaultSearch=true; homePageOption=true; homePage=true; sessionData="b9HzKn44fQ916lYP0279s20CXp3Rsg/8xJ9cRob2SskrlqFVgWLktLXejfDjgTlTxGNOIxeyb2U0YYZ6dhDCHvrogh9jWDG5KpRa/dvKl65SNT9 QBEu4zB0FdHqzG3HW7UETwxFhzl8v2vYulSm8etBsh0tn82nLwOaAJKTfkZtH9h7B2Q01gGdY0KAnNNJUwF5b2ExDbiBugCIjrDcPX7d9LddRB6WdJds9bOFaLxx18j2KUQf60LmWyrlwTw1UjaI2JBHG3bbHTgunCNQTE6c2XTdrAJSveTixxtWnOlxkdf2jXoCiW0tdgVnHB79ctYT7lou9sqJb48czRBCpKMOZKY8wy888IdNKUSfpATMTXsjg/7FcWGJHNfOHqqu2GIVz
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:17:43 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

POST /mirrorCookies.jhtml HTTP/1.1

Host: cursormania.dl.tb.ask.com

Connection: keep-alive

Content-Length: 724

Cache-Control: max-age=0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Origin: hXXp://VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: sessionData="60GyHS2fzacvA5oAkpN Rm0f2HsHZDTWAZ1jQoCc00lTAXlvYTENuIG6AIiOsNw9xuQWljAedxSdh SiFsGi4E5D80Jwp/Dq6FcR1IvRx7r5J8v4vQNQAIBJnfgkI3VAEnPS2VbnPTX/TzS15LJ5HtR6a2S59Z7lTkPqpn2fHRUS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; dlput=YYA; anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568260714&xn=&xrm=&xtp=&xct=&xs=&lv=1402568261133&xp=&xrt=&xt=&nv=2&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe24.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="

sessionData=,,-1,false,1,"b9HzKn44fQ916lYP0279s20CXp3Rsg/8xJ9cRob2SskrlqFVgW
HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:43 GMT

Server: Apache

Set-Cookie: sessionData="b9HzKn44fQ916lYP0279s20CXp3Rsg/8xJ9cRob2SskrlqFVgWLktLXejfDjgTlTxGNOIxeyb2U0YYZ6dhDCHvrogh9jWDG5KpRa/dvKl65SNT9 QBEu4zB0FdHqzG3HW7UETwxFhzl8v2vYulSm8etBsh0tn82nLwOaAJKTfkZtH9h7B2Q01gGdY0KAnNNJUwF5b2ExDbiBugCIjrDcPX7d9LddRB6WdJds9bOFaLxx18j2KUQf60LmWyrlwTw1UjaI2JBHG3bbHTgunCNQTE6c2XTdrAJSveTixxtWnOlxkdf2jXoCiW0tdgVnHB79ctYT7lou9sqJb48czRBCpKMOZKY8wy888IdNKUSfpATMTXsjg/7FcWGJHNfOHqqu2GIVzl5O P1GTtNGMdwLLD1LPzECeDXRKo7BN3O1GuxuNGqL/4HWHE1nTGXMqbwbLuatcmnGeFLqKRgNPNncClirIEGWUFWTohwcX47E/lzMavGpY/ffp4VPnwqgBE/Tl AALAlhjxFkaH/tsN cLzQwQrOeG7Z4pSI0yOQGNQYtq60arbsWhfgUaCbyUVeynY6XZsoXUK YKHaaI2Wu8HfybHVmCcb24 n4tc9IsGw="; Version=1; Domain=cursormania.dl.tb.ask.com; Max-Age=2592000; Expires=Sat, 12-Jul-2014 10:17:43 GMT; Path=""

Set-Cookie: dlput=YYA; Version=1; Domain=cursormania.dl.tb.ask.com; Max-Age=2592000; Expires=Sat, 12-Jul-2014 10:17:43 GMT; Path=""

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568260714&xn=&xrm=&xtp=&xct=&xs=&lv=1402568263154&xp=&xrt=&xt=&nv=3&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe11.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="; Version=1; Domain=.tb.ask.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:17:43 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Length: 93

Connection: close

Content-Type: text/html
..........-.A..0...Rr.....im.B.....W..0...>4s..2.....I...w.3..<.
a.&....TqP.....]..x.7...KX.....<<< skipped >>>

POST / HTTP/1.1

Host: gtssl-ocsp.geotrust.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Length: 102

Content-Type: application/ocsp-request

Connection: keep-alive

0d0b0@0>0<0... ........?.~..`D..AatN.l...)...ByT.a.U >c.<HW...E.J.......0.0... .....0...
0... .....0..
HTTP/1.1 200 OK

Last-Modified: Wed, 11 Jun 2014 19:10:28 GMT

Expires: Wed, 18 Jun 2014 19:10:28 GMT

Content-Type: application/ocsp-response

content-transfer-encoding: binary

Content-Length: 1364

Cache-Control: max-age=550527, public, no-transform, must-revalidate

Date: Thu, 12 Jun 2014 10:16:48 GMT

Connection: keep-alive
0..P......I0..E.. .....0.....60..20........,0*1(0&..U....GeoTrust SSL 
TGV OCSP Responder..20140611191028Z0f0d0<0... ........?.~..`D..AatN
.l...)...ByT.a.U >c.<HW...E.J.........20140611191028Z....2014061
8191028Z0...*.H...............Z.....}......u.....i...Y...7S.,W..;.....
.....2..Sh.........'.z..9..y..r.....l.F..NO}.BQN...l.b[.%..T<O1l..'
.O.......[.....H..d..A.JRm.....O. f3.......-0.... "...C..mJ....@2A....
o....J.I.l.t2.y..g1NT.?2..a..vj#..g.;y.}..N...>..t......._x.s....'.
91.......]...k0..g0..c0..K..........0...*[email protected].
..U....GeoTrust, Inc.1.0...U....GeoTrust SSL CA0...140502165328Z..1505
22165328Z0*1(0&..U....GeoTrust SSL TGV OCSP Responder0.."0...*.H......
.......0...........S.O.].&...4.......PU.HE..L....P.AH(l...o.V...b*....
c.r.5^...'.79.e<N]^n......<p....\H..0.#[".....B.A....K%?"...Q...
z.\X.~.b....X{.R..d.e..3.p.1...]!xX?.N.X.O...`v!39..V..VK9U....|.fV.7v
.....F.3..^.E'....C..M..4Ur......B ...>..d... ...w.....p..9$....y{.
.......|0z0...U.#..0...ByT.a.U >c.<HW...E.J0... .....0......0...
U.%..0... .......0...U...........0!..U....0...0.1.0...U....TGV-B-1210.
..*.H.............]E...n...a..b.M.(B....S......H~...h.2....{pK..#...0.
........A...L).....).f|d:[email protected];r....B.$..1.LH...`....S.<.y..$..N./!
.....e?z2T.'.....0..h.,b.D..... ....d.G..*[R`2J...g....6.!.........#..
.....T.LF:q,...2..S.9....5..u!.y.RP..;H`.....S..}.F..$3Se...N.....5ont>....<<< skipped >>>

POST / HTTP/1.1

Host: gtssl-ocsp.geotrust.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Length: 102

Content-Type: application/ocsp-request

Connection: keep-alive

0d0b0@0>0<0... ........?.~..`D..AatN.l...)...ByT.a.U >c.<HW...E.J....T..0.0... .....0...
0... .....0..
HTTP/1.1 200 OK

Last-Modified: Wed, 11 Jun 2014 19:30:07 GMT

Expires: Wed, 18 Jun 2014 19:30:07 GMT

Content-Type: application/ocsp-response

content-transfer-encoding: binary

Content-Length: 1364

Cache-Control: max-age=551660, public, no-transform, must-revalidate

Date: Thu, 12 Jun 2014 10:16:49 GMT

Connection: keep-alive
0..P......I0..E.. .....0.....60..20........,0*1(0&..U....GeoTrust SSL 
TGV OCSP Responder..20140611193007Z0f0d0<0... ........?.~..`D..AatN
.l...)...ByT.a.U >c.<HW...E.J....T....20140611193007Z....2014061
8193007Z0...*.H..............8O!s.0.....p.. ..@l.<.L^....9.#.1z..g.
^j.{.fs..............V. ..[P.z..%Q?...(O.fC......n..L-............3..n
8.].(..$..8.1`2..........O.w.O..>.J1.......G..,E..Y.g.\l.*M..P#.R..
..7r.,.D..u'.R.5.TO...`...ly.., .(5.uZ.Az..6ttk.7.J.O_up.^... ..x..m.k
.x6G...7.....k0..g0..c0..K..........0...*[email protected].
..U....GeoTrust, Inc.1.0...U....GeoTrust SSL CA0...140502165328Z..1505
22165328Z0*1(0&..U....GeoTrust SSL TGV OCSP Responder0.."0...*.H......
.......0...........S.O.].&...4.......PU.HE..L....P.AH(l...o.V...b*....
c.r.5^...'.79.e<N]^n......<p....\H..0.#[".....B.A....K%?"...Q...
z.\X.~.b....X{.R..d.e..3.p.1...]!xX?.N.X.O...`v!39..V..VK9U....|.fV.7v
.....F.3..^.E'....C..M..4Ur......B ...>..d... ...w.....p..9$....y{.
.......|0z0...U.#..0...ByT.a.U >c.<HW...E.J0... .....0......0...
U.%..0... .......0...U...........0!..U....0...0.1.0...U....TGV-B-1210.
..*.H.............]E...n...a..b.M.(B....S......H~...h.2....{pK..#...0.
........A...L).....).f|d:[email protected];r....B.$..1.LH...`....S.<.y..$..N./!
.....e?z2T.'.....0..h.,b.D..... ....d.G..*[R`2J...g....6.!.........#..
.....T.LF:q,...2..S.9....5..u!.y.RP..;H`.....S..}.F..$3Se...N.....5ont>....<<< skipped >>>

POST / HTTP/1.1

Host: gtssl-ocsp.geotrust.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Length: 102

Content-Type: application/ocsp-request

Connection: keep-alive

0d0b0@0>0<0... ........?.~..`D..AatN.l...)...ByT.a.U >c.<HW...E.J....t..0.0... .....0...
0... .....0..
HTTP/1.1 200 OK

Last-Modified: Tue, 10 Jun 2014 21:23:34 GMT

Expires: Tue, 17 Jun 2014 21:23:34 GMT

Content-Type: application/ocsp-response

content-transfer-encoding: binary

Content-Length: 1364

Cache-Control: max-age=472102, public, no-transform, must-revalidate

Date: Thu, 12 Jun 2014 10:17:04 GMT

Connection: keep-alive
0..P......I0..E.. .....0.....60..20........,0*1(0&..U....GeoTrust SSL 
TGV OCSP Responder..20140610212334Z0f0d0<0... ........?.~..`D..AatN
.l...)...ByT.a.U >c.<HW...E.J....t....20140610212334Z....2014061
7212334Z0...*.H................d%i(....<...........p..S.....7*TR...
~.........(..w...!.........`...{.Di........"[email protected].
e.A.....8a|r.9...;..]V...;..[.4..>.......I."T...w.7.....<&][&%..
_...~d.........&.}....Q.u.d...."h..9Y."1.N..3......@...;..;.m!a.......
[email protected]...*[email protected]
.0...U....GeoTrust, Inc.1.0...U....GeoTrust SSL CA0...140502165328Z..1
50522165328Z0*1(0&..U....GeoTrust SSL TGV OCSP Responder0.."0...*.H...
..........0...........S.O.].&...4.......PU.HE..L....P.AH(l...o.V...b*.
...c.r.5^...'.79.e<N]^n......<p....\H..0.#[".....B.A....K%?"...Q
...z.\X.~.b....X{.R..d.e..3.p.1...]!xX?.N.X.O...`v!39..V..VK9U....|.fV
.7v.....F.3..^.E'....C..M..4Ur......B ...>..d... ...w.....p..9$....
y{........|0z0...U.#..0...ByT.a.U >c.<HW...E.J0... .....0......0
...U.%..0... .......0...U...........0!..U....0...0.1.0...U....TGV-B-12
10...*.H.............]E...n...a..b.M.(B....S......H~...h.2....{pK..#..
.0.........A...L).....).f|d:[email protected];r....B.$..1.LH...`....S.<.y..$..N
./!.....e?z2T.'.....0..h.,b.D..... ....d.G..*[R`2J...g....6.!.........
#.......T.LF:q,...2..S.9....5..u!.y.RP..;H`.....S..}.F..$3Se...N.....5
..<<< skipped >>>

GET /images/vicinio/dsp-images/lisa.delmar/background999/1355164315495.gif HTTP/1.1

Host: ak.imgfarm.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 10 Dec 2012 18:31:55 GMT

ETag: "47c762-63f0-4d083c7a434d0"

Accept-Ranges: bytes

Content-Length: 25584

Cache-Control: max-age=268081974

Expires: Thu, 08 Dec 2022 18:31:55 GMT

Content-Type: image/gif

Date: Thu, 12 Jun 2014 10:17:38 GMT

Connection: keep-alive
GIF89a .X........OyG..'>.Q.S.........<y.!!!.X.....W....".&0q.\[[
.........$h.6t.dt....TTT...N.....KKK.T..........,,,,.0.Z..........8r..
..6.9.].v../o........UUI.Lz.}...EEE....`....*[email protected]....^.R.
U..................K.N......?z.......z.....)l.&.*.............[.j.....
...H~....;P....-n.h.k^.aU.W/.3..................'f....................
.....3.6B.D...;;;...fff(k.F..d..E.H!f....9v....>[email protected]...:.=...3s...
......2_.b9.<S..f......b.U......."C}..........&&&...M.O2r.&i.......
._....).-U.XB}........[.987...*..=y.***...l.o...v.x\............c.VVV.
..O.R...p..............r.t.........I.L%i. m.2r.?z...........Y....Z.\..
.8u.P.R...}..b.d...nnn...m...[.^..-n....i...........Y...^......m...E.H
.b.*l.w..4s.7u....!f.8u........_.f.h..."g.....zO...Z.]|..5s......^....
........:w.333.........!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket b
egin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="a
dobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-
17:32:00        "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02
/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="
hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/
1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM
:OriginalDocumentID="xmp.did:06801174072068119109E36B2E3A2A2D" xmpMM:D
ocumentID="xmp.did:138B36D13B1C11E296BADC67452E41EC" xmpMM:InstanceID=
"xmp.iid:138B36D03B1C11E296BADC67452E41EC" xmp:CreatorTool="Adobe Phot
oshop CS5 Macintosh"> <xmpMM:DerivedFrom stRef:instanceID="x<<< skipped >>>

GET /images/vicinio/dsp-images/lisa.delmar/asset1/1355162934289.swf HTTP/1.1

Host: ak.imgfarm.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 10 Dec 2012 18:08:54 GMT

ETag: "5ff791-f77c-4d0837552dee7"

Accept-Ranges: bytes

Content-Length: 63356

Cache-Control: max-age=268741737

Expires: Thu, 08 Dec 2022 18:08:54 GMT

Content-Type: application/x-shockwave-flash

Date: Thu, 12 Jun 2014 10:17:39 GMT

Connection: keep-alive
CWS.v/..x...eT\[..Y...Kp.....H ........... ........Ca.)...%..........;
.Y.F.....g..|....k;..q...@.)..%..q...`0)....S...P...UFN.-.. .*........
.........s..b.e."...y}... ..N..S.S..."...R...h....#.?.....a.....<@.
........ ...y<.....*.."".:..2*&:&&.:...6>..6.6...1...!...&..)1!)
>!...7.Cx..................h..C..k......x@.(.h....4..............~.
.......x.......;..}L.Ee..."..<e.7s.BC'&!%#gbfa}.& .\HXDT.........[-
m.]=}s.K k..{W7w.O/o.O.!.a....I.).i..3......KJ..........v........OM...
..\X..onm........_\^][email protected]......:...}D
%.I...Bc..8%2s.D'f..`............*.........z.....J..?a...."=}........p
..x<8.<.'...$...D.{..!.....0....%.I....2...vg8._".,...c....Z..E.
./....Yn{......&.wx.......x.......dN.....w..k.D\)o..b-...;...qT.WD....
...c........^&sT4.D...a.m...Fq.TH......*OS}.. .b,.!.....b...!....=....
..D...........5.J.....#[email protected][...QP....0...r?..F...6j...j
R...~._..@).1.....wZ`.....4...dN....j....!....:..=9.......n.g........W
si.H.2.....x...-..yc_T7I..X.|...:.......*.........k^i...1Q.}.yZ...*a..
........D.,.l~)uM,;....M...fh...%h.....7)...E}..$`...KR{.H.U.0..._...E
....Q.......5.R..6g4..Ka#..}...=......................NU....G.r?O .[.5
.....J.b..[.."R.|...<(..~.........ew...`FFEB........^...f...[.W*.E.
..X/.d-.%..,..0........}..?....@......<..bmp....T....B../..z.kd..9.
x.v.63.<...I.e..v...........'..;...O..l...'.o...5^.p{.MjsNjZTH..)..
[.o.....j..a....c.7...7!.......A.s..Y*r4X.Y.'.@N...[b.. ..,] =z.3..V..
....fV.Y.F;~A...=...0.......3.,.h.=.r.-....P.-............Z_..l..}<<< skipped >>>

GET /images/nocache/native/globalBlacklist-1.1.json HTTP/1.1

Host: ak.imgfarm.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Accept: */*

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 18 Feb 2014 20:47:06 GMT

ETag: "7d65a3-11c-4f2b4600e697c"

Accept-Ranges: bytes

Content-Length: 284

Cache-Control: max-age=315245000

Expires: Sat 02 Apr 1977 17:15:00 GMT

Pragma: no-cache

Content-Type: application/json

Date: Thu, 12 Jun 2014 10:18:00 GMT

Connection: keep-alive
[{"p":"^https?:\/\/www\\.google\\.com\/_\/chrome\/newtab"},{"p":"^http
s?:\/\/mail\\.google\\.com\/"},{"p":"^https?:\/\/plus\\.google\\.com\/
"},{"p":"^https?:\/\/docs\\.google\\.com\/"},{"p":"^https?:\/\/[A-Za-z
]*\\.vicinio\\.com\/"},{"p":"^https?:\/\/confluence\\.[A-Za-z]*\\.com\
/"}]HTTP/1.1 200 OK..Server: Apache..Last-Modified: Tue, 18 Feb 2014 2
0:47:06 GMT..ETag: "7d65a3-11c-4f2b4600e697c"..Accept-Ranges: bytes..C
ontent-Length: 284..Cache-Control: max-age=315245000..Expires: Sat 02 
Apr 1977 17:15:00 GMT..Pragma: no-cache..Content-Type: application/jso
n..Date: Thu, 12 Jun 2014 10:18:00 GMT..Connection: keep-alive..[{"p":
"^https?:\/\/www\\.google\\.com\/_\/chrome\/newtab"},{"p":"^https?:\/\
/mail\\.google\\.com\/"},{"p":"^https?:\/\/plus\\.google\\.com\/"},{"p
":"^https?:\/\/docs\\.google\\.com\/"},{"p":"^https?:\/\/[A-Za-z]*\\.v
icinio\\.com\/"},{"p":"^https?:\/\/confluence\\.[A-Za-z]*\\.com\/"}]font>....

GET /dl/index.jhtml HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Cookie: sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMPbBRxwZwkK87qCZecb462PccKM8fGn8T179UMBuW3DaOhhEgxJog/eQnkWp1QdQPPp3AcMBkns7IKsyiDDgHZUmNyrtBgqTRr73ZzfcQkbHi20qfZ5OgT5c60gbHaBgIj4FQZWc0Ra4VH6 1lS38d yDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ/tnV0cvha2DxDvsgdl2VpzEx/gDDzXe5Cze/D5dJk MBKzA/Uzkl/YQhqmeHU33BkTbDYFJALeqEtu3HPPe7kq0vwuq4tAFgH2wNRjNxZSfV1m0i1fnm meHodLzRRcQ61S/t3ulsipGnXzZ1Qqj0ZjeR5Sxf30IpmoXxNd3efn yE9uyEm17nSNdgv48Et/e/z/H6gB5/ajLJtaw/foSzBvgZ5OAfVxicKkw6tlQOMBw8tkxC/rv6PmJGbb24GE"; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568242167&nv=13&t=-&v=-&p=-&si=-&sn=dfprdsndlfe19.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3&xx=install"; anxs="s=576842202&sv=1402568210036&sd=none&sp=-&sk=-&sm=-&sb=-&sc=-&ss=-"; cookieEnabled=true; partnerId=^ZC^foxyyy^YYA^ua; installDate=2014061201; toolbarId=119C6B41-CF2E-4DFF-A
HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:25 GMT

Server: Apache

Set-Cookie: userSegment=""; Domain=.cursormania.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMPbBRxwZwkK87qCZecb462PccKM8fGn8T179UMBuW3DaOhhEgxJog/eQnkWp1QdQPPp3AcMBkns7IKsyiDDgHZUmNyrtBgqTRr73ZzfcQkbHi20qfZ5OgT5c60gbHaBgIj4FQZWc0Ra4VH6 1lS38d yDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ/tnV0cvha2DxDvsgdl2VpzEx/gDDzXe5Cze/D5dJk MBKzA/Uzkl/YQhqmeHU33BkTbDYFJALeqEtu3HPPe7kq0vwuq4tAFgH2wNRjNxZSfV1m0i1fnm meHodLzRRcQ61S/t3ulsipGnXzZ1Qqj0S59jrhMJFkWk8blKJcLCJj yE9uyEm17nSNdgv48Et/e/z/H6gB5/ajLJtaw/foSzBvgZ5OAfVxicKkw6tlQOMBw8tkxC/rv6PmJGbb24GE"; Version=1; Domain=.cursormania.com; Path=/

Set-Cookie: anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568245331&nv=14&t=-&v=-&p=-&si=-&sn=dfprdsndlfe17.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3&xx=install&xnt=&xn=&xrm=&xct=&xu=&xrs=&xkw=&xit=&xg=&xbkw=&xft=&xad="; Version=1; Domain=.cursormania.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:17:25 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html;charset=UTF-8
1ff8..............{[[email protected]].
{.."........#uWWWWWUW........=....yx..m...........e/-/..psyy.p.:z}...j
5W....'a.Fco.......A.N.../......Q._>|.|..ZXX|]J..M?.....K.dd-.... S
......=#./G.q............. ...X*..a...2...Q.z."X.~........`...^M..../.
N..t........ u...Zzj[..gA`.{....i:.b..M0:..$.8. kf.}[email protected]
.....X?.. ....e.V'...kf.....x.Z.\.9e..~8..I=.j.j.N...8....:...i... ..]
J.8......[7..7.]h4..0.....`...y..........q5....e.."....F^.&...bJX...d.
....<T.i..;..XB..u.....Qf...U$..2...G.k..K.0......A,2.. ...K... ..`
.p......V.Q..w@}|E.4......<Y.t..~..b..n4&.N.{.G....`...*&.....}k{..
.).....ICM.B.$.O-.S..=.aU.h.`3.....*M......1._..I.........$D....Z..&..
...."..$.p.J..h..;...-.>M.h..Y..%?9..=..M.Z.*ZY...a6vA..%X\Ig:....Z
.....X!."...%.9.&.........O.N.C}...Z....0-...][email protected]*...F#...{Q
......5R!K....(i....1.Zb...j...=.Pf....L%W..\.&&.?TE...4.!w.3.|.9...0.
...R8..K.....^8.Dq...<.=....2...0..%... ..i..!.....:.F...A........E
:..~.*L.~!.I'....5[5...x 9....p. ....._......8..... 1a.CM....sm.`9..&t
...~.A?,...[5.. ... J.........h..8Q.$......(6Bs(.!...2...z4..aze.....$
..[.5............8..'Q...2u...$... l....../.Vv}.Y8..&..*...p........,4
Q9.^$-....*.z....%.>[email protected].<.3T....Z. .u..x.?.L
..s..gx...N...Tb..uAz...kR...>h.4.....}n..~..G.n4Z&.d.<...0Z....
H......!4d9...z...z......G.f?..d-..Vu.L.r....d.e....|=..QM...a{.u.W...
.g..F.........'C8...v.I.O.i.#.5.|..A/.<[email protected]..>%.....".Q.Q...8..
..Z..rw.z....|.>B....Y.....8WR.VW...>.(..~.D.W...?......^.&g<<< skipped >>>

POST /anx.gif?anxa=CAPToolbarButtons&anxe=ButtonStructure&anxr=514326365&anxt=119C6B41-CF2E-4DFF-A692-17BCF08918F4&anxtv=6.52.4.5102&anxp=^ZC^foxyyy^YYA^ua&anxsi= HTTP/1.1

Host: anx.tb.ask.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Content-Length: 8964

Cookie: anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568214380&xn=&xrm=&xtp=&xct=&xs=&lv=1402568217610&xp=&xrt=&xt=&nv=2&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe9.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="

Connection: keep-alive

Pragma: no-cache

Cache-Control: no-cache

buttons=[{"b":221336046,"c":"mindspark.magnify","p":"L.0"},{"b":221336047,"c":"mindspark.entersearchterms","p":"L.0.0"},{"b":221336049,"c":"mindspark.full","p":"L.0.1"},{"b":221336053,"c":"mindspark.image","p":"L.0.2"},{"b":221336056,"c":"mindspark.advanced","p":"L.0.3"},{"b":221336059,"c":"mindspark.directorysearch","p":"L.0.4"},{"b":221335932,"c":"mindspark.search","p":"L.1"},{"b":221335934,"c":"mindspa
HTTP/1.1 204 No Content

Server: nginx/1.0.10

Date: Thu, 12 Jun 2014 10:17:04 GMT

Connection: close

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Cache-Control: max-age=0

GET /dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe30.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-US&anxlv=1402568262088&anxrd=VVV.cursormania.com&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&present=false&anxe=ToolbarDetect&anxr=737466854 HTTP/1.1

Host: VVV.cursormania.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: partnerId=^ZC^chryyy^YYA^ua; installDate=2014061201; toolbarId=4C8D7C7E-AB7A-4460-92CC-11D4915F6277; partnerSubId=; dlput=YYA; installType=CRX_WEBSTORE; pixelUrl=hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=; successUrl=hXXp://VVV.cursormania.com/dl/installComplete.jhtml; defaultSearchOption=true; defaultSearch=true; homePageOption=true; homePage=true; sessionData="b9HzKn44fQ916lYP0279s20CXp3Rsg/8xJ9cRob2SskrlqFVgWLktLXejfDjgTlTxGNOIxeyb2U0YYZ6dhDCHvrogh9jWDG5KpRa/dvKl65SNT9 QBEu4zB0FdHqzG3HW7UETwxFhzl8v2vYulSm8etBsh0tn82nLwOaAJKTfkZtH9h7B2Q01gGdY0KAnNNJUwF5b2ExDbiBugCIjrDcPX7d9LddRB6WdJds9bOFaLxx18j2KUQf60LmWyrlwTw1UjaI2JBHG3bbHTgunCNQTE6c2XTdrAJSveTixxtWnOlxkdf2jXoCiW0tdgVnHB79ctYT7lou9sqJb48czRBCpKMOZKY8wy888IdNKUSfpATMTXsjg/7FcWGJHNfOHqqu2GIVzl5O
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:17:43 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /dl/splashPixels.jhtml HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Cookie: sessionData="7JRNV6bd9p3sD6hd1243kxFdEMojLcZ72bfIbGsNKv819Kfp7BJgb W/2hwJsia2xuQWljAedxSdh SiFsGi4FXox6Sw2rYh1bcmTuBafRH5J8v4vQNQAIBJnfgkI3VAX4nw3AtIAxe0FD0Jvpw/Fv2T6b6uTtPF2D987NjsSVgS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568210059&nv=4&t=-&v=-&p=-&si=-&sn=dfprdsndlfe31.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3&xx=install"; anxs="s=576842202&sv=1402568210036&sd=none&sp=-&sk=-&sm=-&sb=-&sc=-&ss=-"; cookieEnabled=true

Connection: keep-alive


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:16:54 GMT

Server: Apache

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData="/UhhXZj JXP8vWlpsd2Hefe4Btdi3wD1t4uMbRKMNjXcUdck9EAhY4CILC4uwrSzaBOjRqt2qybk0VJpc7ji7k7EoAYVt9Mx3gPYa0G0Cny3SiG3e2lVftdFKDemtcMFsaMrbJZjGRACWMKdVQevupyBKdDwMxzj0NxFRnxBmxcB9y8ttHrU7XNVlI6hzCbuj6fV3egGMJJ/suHllaouPeu b98O/YNgkLlx hYzTHl6K/TqWhf0 wikLiWI08bB73zY1UHaeFQR/oaYEifjCwuK7N U8KVGhwuoexcS90pq041TeuVr9aW6lWsAUD2Br7WJd1BFu9CC /Z5XrKrAiDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ8PUKkucquRa7cCLEB2knJzqCJHi6W0BIGxfyCWskwi8Zdm/a t1EDGPUlO03thJujpu2kiZYdYxY648eK6i2YPMhDr09QEfWObUIULksUVH7d u6E0GDYW6nGokIcX7qZNebsDC2yru4b3W2b5PsdXBL/Dif6mpoWVZdy9k9m3uLjgrUpelvAn8ttx/YBhg64n08jI1FkBdNjHhKhbGJ1w=="; Version=1; Domain=.cursormania.com; Path=/

Set-Cookie: anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568214788&nv=5&t=-&v=-&p=-&si=-&sn=dfprdsndlfe26.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3&xx=install&xnt=&xn=&xrm=&xct=&xu=&xrs=&xkw=&xit=&xg=&xbkw=&xft=&xad="; Version=1; Domain=.cursormania.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:16:54 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Content-Length: 602

Connection: close

Content-Type: text/html;charset=UTF-8
...........Tmo.0.....p......f..i:..$$..1~........k..{.i...> a)...;?
w...5...E..QH....E..E.Eh.....4.PS.j....9h.h...a....~.6r...T[P..]..W...
6.......i...%0.pk6..o.U>.......&x.......A....bk... Im.........y...u
..g...{..VHJW0.....:.#...D.s....v...w........C(Q..&..q..}.r&\'.ST.6x./
.v....K.#...!; ..e|.....pP6.#d.3.)...........QpcQ.2.n....,N.x...`:].KW
Z........(.&........ 8.Ppj..,#1.....0...|6...4y>[email protected]...*...R..8[.
...!#9...E.4R,...^/..7.|......<..RPQ.z]\.rce1a8...u...T.a.B....(...
w....w...........G....@0..=.....C5...a..?.<.#..>.(...........H..
2.:9Z.=^^./.G.49aj.F.......................0v.n...|...W.m.....<<< skipped >>>

GET /pca3-g5.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Server: Apache

ETag: "895f8ccd92dfec674c94f0d04d1b63bc:1396128308"

Last-Modified: Sat, 29 Mar 2014 21:25:08 GMT

Accept-Ranges: bytes

Content-Length: 533

Date: Thu, 12 Jun 2014 10:17:00 GMT

Connection: keep-alive

Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U
....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For aut
horized use only1E0C..U...<VeriSign Class 3 Public Primary Certific
ation Authority - G5..140320000000Z..140630235959Z0...*.H.............
}...a.D[..8..i.....g8..S..tt..a.e.B]..v.l9.m.....~.G(l...G..#z{...Za..
F.q....2^X..w.i'.&..n...4v8. &|/Y.B..%..J..g0."k.0....A..7.)h...=5....
'Z........y.Ye.......M.._5.9..B.*.. [email protected]#...... UL.F......iDg..6...'
z$.E.E..*..g...2.@D.....&v...o..>..k1N...P...iHTTP/1.1 200 OK..Serv
er: Apache..ETag: "895f8ccd92dfec674c94f0d04d1b63bc:1396128308"..Last-
Modified: Sat, 29 Mar 2014 21:25:08 GMT..Accept-Ranges: bytes..Content
-Length: 533..Date: Thu, 12 Jun 2014 10:17:00 GMT..Connection: keep-al
ive..Content-Type: application/pkix-crl..0...0..0...*.H........0..1.0.
..U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:0
8..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<
;VeriSign Class 3 Public Primary Certification Authority - G5..1403200
00000Z..140630235959Z0...*.H.............}...a.D[..8..i.....g8..S..tt.
.a.e.B]..v.l9.m.....~.G(l...G..#z{...Za..F.q....2^X..w.i'.&..n...4v8. 
&|/Y.B..%..J..g0."k.0....A..7.)h...=5....'Z........y.Ye.......M.._5.9.
.B.*.. [email protected]#...... UL.F......iDg..6...'z$.E.E..*..g...2.@D.....&v...
o..>..k1N...P...i..<<< skipped >>>

GET /dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id= HTTP/1.1

Host: VVV.cursormania.com

Connection: keep-alive

Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: partnerId=^ZC^chryyy^YYA^ua; installDate=2014061201; toolbarId=4C8D7C7E-AB7A-4460-92CC-11D4915F6277; partnerSubId=; dlput=YYA; installType=CRX_WEBSTORE; pixelUrl=hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=; successUrl=hXXp://VVV.cursormania.com/dl/installComplete.jhtml; defaultSearchOption=true; defaultSearch=true; homePageOption=true; homePage=true; cookieEnabled=true; anxs="s=353291533&sv=1402568257970&sd=none&sp=-&sk=-&sm=-&sb=-&sc=-&ss=-"; sessionData="sxZ4ZF5IibvfSKqfgLj09s70rbs D4NwaC0sCk MwrVACmawW C1qOFPBiCfSYz6xqqtu0Ltanh3KmA9xap9cKHwdZ2p/K/wXKcDdcN0MYD3hQBX1PgRiZLmCP3vNjE n606Qz3czD9GKP4QbL6xaHAvxpNoNVDla48djPKz6nZaZ/Tm5jCv CiHSRXL/8Kcp912PRAE3cJKar c6OKbe7Nu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMP9PmOmnaONVhtVbDuL557fWZsITgCzMNqWd9heHcqL54PjBXcrw4DdDtVpm8Ybijq2GIVzl5O P1GTtNGMdwLLD1LPzECeDXRKo7BN3O1GuxuNGqL/4HWHE1nTGXMqbwbLuatcmnGeFLqKRgNPNncClirIEGWUFWTohwcX47E/lzMavGpY/ffp4VPnwqgBE/Tl AALAlhjxFkaH/tsN cL95
HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:18:01 GMT

Server: Apache

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMP9PmOmnaONVhtVbDuL557fWZsITgCzMNqWd9heHcqL57PDlC/GhJyklpE4VcBbaegUjaI2JBHG3bbHTgunCNQTE6c2XTdrAJSveTixxtWnOlxkdf2jXoCiW0tdgVnHB79ctYT7lou9sqJb48czRBCpKMOZKY8wy888IdNKUSfpATMTXsjg/7FcWGJHNfOHqqu2GIVzl5O P1GTtNGMdwLLD1LPzECeDXRKo7BN3O1GuxAih31hlLAb/HsPQ2bqJ58pogVbhRvjQ3wCoIkktPXuXrl/CxpNXduqLidL1COVnZZFPdGX4MusvAkXTPypZeBtHm9EGym9mj64DrhhGuAK4pOACuJReemQluiJKx0vvcSAqYwli9SBfJn2InGRAONNm3XyHmwOxUqd3JtorefLWp2yMRWB5CYstb8qRT31K/5NEw2WV2Eb7s1pVCZzzjHAMcSqrGX/AkDcao6OCyd7w=="; Version=1; Domain=.cursormania.com; Path=/

Set-Cookie: anx="u=B938F72F-35CF-4A29-8572-09BD4B809217&fv=1402568257969&lv=1402568281454&nv=9&t=-&v=-&p=-&si=-&sn=dfprdsndlfe32.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=14.0 r0&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^chryyy^YYA^ua&xi=CRXEXE&xtp=vhigh&xs=15348&xp=vicinio&xrt=YYA&xt=crxdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=dac75bfa09b5429b8f2aa42f1998f5e1&xuer=3&xx=install&xnt=&xn=&xrm=&xct=&xu=&xrs=&xkw=&xit=&xg=&xbkw=&xft=&xad="; Version=1; Domain=.cursormania.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:18:01 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html;charset=UTF-8
2002.............}iw.8..g......LKj......v.t|....NO.....DJbB.....i..[UX
.. %;I.g.h.c.,.........l........c...w.=.3.E...:I....a.8..(.:Q.D...fQ&l
t;..0.rV... .....h4sG...{.....G..WV.'.YZj.g. .....l..t...t........d.|.
.......I.n..q,.g.G.fq.. [email protected].{..a.....
u.~.....8....X..uY... .J.(...4t..OX6.#Y ....X......Y.f...@....'.. c.S.
G.hd...Q.$,[...u'.7.......>1.k.%(_...XzKu....\Z.N{.`6........_...=.
..j.........2u...=.mt.R.C.O.K...7..|..&.~{......1B;...."...?...,s.c.:'
.....t....f.Q.1(.....qz%T...t.]g.O....N.i.97<.N.E>..(.`.6.F..y..
4v.C.(.......^.$M.....Ry}..m..z..........%a... ..1.9<h....x....?!..
..j F.o.%z..V...o...;0.M.m...X..T....N.g;Y...Y.....%....lU3.yW..I..e..
..-V,M.P....t>.._.....;....;.B.)...h6A...3.o.r.@.).1.X.#k....`...l.
.....e..N.........h...?0..xHf...$...h....yp.. 5.o.Y.9. ?....1y....2...
%Zi.R.i....G^*m..7n...?A..g.....q.#...nM....p........i.b....... ..6;s.
n.(O...q._1.Cm.......h... `..Y...N...Sp..W.%7../.`.k:o..I.Am;??qt7..=.
.Y.7<F.....A...0..aV.9......y.g.$.:.ZN.9aw1.Z.Z........>B....jfi
......U..q.E....?..F."6.?s... .55.....K.G........Am.%3.NP?...)84..D.q.
G.,.o4u. ..&......" \.n........].^...Z...d....A.1c....#....>;~.;.{g
.I.QS..Vk.l.LP..}L..4gi...0.i4Jd....@...^X.f.'z.....Ut..w....... .X..`
..m,S....r....E..d.5.h:...r....3`.(... N...'F.I....w.7%SZ..W..].....q.
.......9_..P.ha.C...E.%.....OO..,[email protected].&9.....0..|.D".}.........
4..!t..L..t..F*.-..g.'j.).W.....&.....o.=..I...A.x..u..0/.\tudN......~
7t..#.V.a.n.....u.@.......'...:)Nv...d..7.......w.Z........$..N...<<< skipped >>>

GET /activity;src=3335366;type=retar633;cat=curso442;ord=6431204935070.127? HTTP/1.1

Host: ad.doubleclick.net

Connection: keep-alive

Cache-Control: max-age=0

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

X-Client-Data: CPm1yQEIjrbJAQiltskBCKm2yQEIwbbJAQiehsoBCKKIygEIuYjKAQ==

Referer: hXXp://VVV.cursormania.com/dl/splashPixels.jhtml

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: id=22ea7401d9010055||t=1399971138|et=730|cs=002213fd4871337c59c7a2218a


HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Date: Thu, 12 Jun 2014 10:17:44 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Content-Type: image/gif

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 42

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..P3P: policy
ref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa
 ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC 
NOI DSP COR"..Date: Thu, 12 Jun 2014 10:17:44 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-r
evalidate..Content-Type: image/gif..X-Content-Type-Options: nosniff..S
erver: cafe..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alte
rnate-Protocol: 80:quic..GIF89a.............!.......,...........D.;ont>....

GET /activity;src=3962930;type=invmedia;cat=roprkm09;ord=1961144136730.5815? HTTP/1.1

Host: ad.doubleclick.net

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

X-Client-Data: CPm1yQEIjrbJAQiltskBCKm2yQEIwbbJAQiehsoBCKKIygEIuYjKAQ==

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: id=22ea7401d9010055||t=1399971138|et=730|cs=002213fd4871337c59c7a2218a


HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Date: Thu, 12 Jun 2014 10:18:02 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Content-Type: image/gif

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 42

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..P3P: policy
ref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa
 ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC 
NOI DSP COR"..Date: Thu, 12 Jun 2014 10:18:02 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-r
evalidate..Content-Type: image/gif..X-Content-Type-Options: nosniff..S
erver: cafe..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alte
rnate-Protocol: 80:quic..GIF89a.............!.......,...........D.;ont>....

GET /favicon.ico HTTP/1.1

Host: cursormania.dl.tb.ask.com

Connection: keep-alive

Accept: */*

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: sessionData="60GyHS2fzacvA5oAkpN Rm0f2HsHZDTWAZ1jQoCc00lTAXlvYTENuIG6AIiOsNw9xuQWljAedxSdh SiFsGi4E5D80Jwp/Dq6FcR1IvRx7r5J8v4vQNQAIBJnfgkI3VAEnPS2VbnPTX/TzS15LJ5HtR6a2S59Z7lTkPqpn2fHRUS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; dlput=YYA; anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568260714&xn=&xrm=&xtp=&xct=&xs=&lv=1402568261133&xp=&xrt=&xt=&nv=2&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe24.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:41 GMT

Server: Apache

Accept-Ranges: bytes

ETag: W/"894-1401391120000"

Last-Modified: Thu, 29 May 2014 19:18:40 GMT

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Length: 241

Connection: close

Content-Type: image/x-icon
..........c``.B... )..... ......@!....8..sC0........DX........~.......
([email protected][email protected]...... ..b.....|[email protected].[..0. ..:
.b2.z.-@)..H8...T..._....."...&'.........l.........z..,........10.930.
[email protected]?..7O...4.~.....

GET /dl/splashPixels.jhtml HTTP/1.1

Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: VVV.cursormania.com

Connection: Keep-Alive

Cookie: sessionData="MG38RZOZYxIZQAx/8yOk0ZtFMk M1 OsgOVQPfkbKAfR/FtWYJA2jadAGi7yhXswxuQWljAedxSdh SiFsGi4GUG9ryLhTRe z/DQ2ZT31v5J8v4vQNQAIBJnfgkI3VAivJW6oOxfnNuQnVFta5odcdk3CElqS0VZ8KDSAaaQ gS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; anx="u=A81F63A5-8FF1-437F-8109-400CE53AA80A&fv=1402568192637&lv=1402568192871&nv=4&t=-&v=-&p=-&si=-&sn=dfprdsndlfe3.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=32&f=10.0&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^yyyyyy^YYA^ua&xi=RUN_RUN&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrc
HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:16:36 GMT

Server: Apache

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData="/UhhXZj JXP8vWlpsd2Hefe4Btdi3wD1t4uMbRKMNjXcUdck9EAhY4CILC4uwrSzaBOjRqt2qybk0VJpc7ji7k7EoAYVt9Mx3gPYa0G0Cny3SiG3e2lVftdFKDemtcMFsaMrbJZjGRACWMKdVQevupyBKdDwMxzj0NxFRnxBmxcB9y8ttHrU7XNVlI6hzCbuj6fV3egGMJJ/suHllaouPeu b98O/YNgkLlx hYzTHl6K/TqWhf0 wikLiWI08bB73zY1UHaeFQR/oaYEifjC1vdxg4KbyrtLb3pvHCaIUlXG7Wm26b7NALPQMkLOnmFtKb2aBAg6bvw 9XHmBtUYCDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ8PUKkucquRa7cCLEB2knJwbJfnj73wN1rDKa/JhYB1UuzRGwenttTKCWvvDdVBj3ZrvLK7Su7THP1rKY7aS1XfMhDr09QEfWObUIULksUVEKpTtqwBknhrh5dgpkzupsZNebsDC2yru4b3W2b5PsdXBL/Dif6mpoWVZdy9k9m3uLjgrUpelvAn8ttx/YBhg64n08jI1FkBdNjHhKhbGJ1w=="; Version=1; Domain=.cursormania.com; Path=/

Set-Cookie: anx="u=A81F63A5-8FF1-437F-8109-400CE53AA80A&fv=1402568192637&lv=1402568196511&nv=5&t=-&v=-&p=-&si=-&sn=dfprdsndlfe31.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=32&f=10.0&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^yyyyyy^YYA^ua&xi=RUN_RUN&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=28d7591a7c4e47b4a7b26eadf5174547&xuer=3&xx=install&xnt=&xn=&xrm=&xct=&xu=&xrs=&xkw=&xit=&xg=&xbkw=&xft=&xad="; Version=1; Domain=.cursormania.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:16:36 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Content-Length: 602

Connection: close

Content-Type: text/html;charset=UTF-8
...........Tmo.0.....p......f..i:..$$..1~........k..{.i...> a)...;?
w...5...E..QH....E..E.Eh.....4.PS.j....9h.h...a....~.6r...T[P..]..W...
6.......i...%0.pk6..o.U>.......&x.......A....bk... Im.........y...u
..g...{..VHJW0.....:.#...D.s....v...w........C(Q..&..q..}.r&\'.ST.6x./
.v....K.#...!; ..e|.....pP6.#d.3.)...........QpcQ.2.n....,N.x...`:].KW
Z........(.&........ 8.Ppj..,#1.....0...|6...4y>[email protected]...*...R..8[.
...!#9...E.4R,...^/..7.|......<..RPQ.z]\.rce1a8...u...T.a.B....(...
w....w...........G....@0..=.....C5...a..?.<.#..>.(...........H..
2.:9Z.=^^./.G.49aj.F.......................0v.n...|...W.m.....<<< skipped >>>

GET /activity;src=3335366;type=retar633;cat=conve083;ord=1;num=7177325508191.56? HTTP/1.1

Host: ad.doubleclick.net

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=

Cookie: test_cookie=CheckForPermission

Connection: keep-alive


HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Date: Thu, 12 Jun 2014 10:17:04 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Content-Type: image/gif

Set-Cookie: id=22fd66b7db0100a2||t=1402568224|et=730|cs=002213fd4861ada3e96b724908; expires=Sat, 11-Jun-2016 10:17:04 GMT; path=/; domain=.doubleclick.net

Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21 Jul 2008 23:59:00 GMT

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 42

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..P3P: policy
ref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa
 ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC 
NOI DSP COR"..Date: Thu, 12 Jun 2014 10:17:04 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-r
evalidate..Content-Type: image/gif..Set-Cookie: id=22fd66b7db0100a2||t
=1402568224|et=730|cs=002213fd4861ada3e96b724908; expires=Sat, 11-Jun-
2016 10:17:04 GMT; path=/; domain=.doubleclick.net..Set-Cookie: test_c
ookie=; domain=.doubleclick.net; path=/; Max-Age=0; expires=Mon, 21 Ju
l 2008 23:59:00 GMT..X-Content-Type-Options: nosniff..Server: cafe..Co
ntent-Length: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol:
 80:quic..GIF89a.............!.......,...........D.;..<<< skipped >>>

GET /dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-us&anxlv=1402568199418&anxsq=9&optIn=true&searchAssistantOptionIE=true&searchAssistantOptInIE=true&homePageOptionIE=true&homePageOptInIE=true&searchAssistantOptionFF=true&searchAssistantOptInFF=true&homePageOptionFF=true&homePageOptInFF=true&browserInstallOptionIE=false&browserInstallOptInIE=false&browserInstallOptionFF=true&browserInstallOptInFF=true&anxe=InstallerAccepted&anxr=1156188726 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: VVV.cursormania.com

Connection: Keep-Alive

Cookie: sessionData="/UhhXZj JXP8vWlpsd2Hefe4Btdi3wD1t4uMbRKMNjXcUdck9EAhY4CILC4uwrSzaBOjRqt2qybk0VJpc7ji7k7EoAYVt9Mx3gPYa0G0Cny3SiG3e2lVftdFKDemtcMFsaMrbJZjGRACWMKdVQevupyBKdDwMxzj0NxFRnxBmxcB9y8ttHrU7XNVlI6hzCbuj6fV3egGMJJ/suHllaouPeu b98O/YNgkLlx hYzTHl6K/TqWhf0 wikLiWI08bB73zY1UHaeFQR/oaYEifjC1vdxg4KbyrtLb3pvHCaIUlXG7Wm26b7NALPQMkLOnmFtKb2aBAg6bvw 9XHmBtUYCDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ8PUKkucquRa7cCLEB2knJwbJfnj73wN1rDKa/JhYB1UuzRGwenttTKCWvvDdVBj3ZrvLK7Su7THP1rKY7aS1XfMhDr09QEfWObUIULksUVEKpTtqwBknhrh5dgpkzupsZNebsDC2yru4b3W2b5PsdXBL/Di
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:16:43 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /images/download/ask/browsers_0927.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 23 Sep 2013 16:14:08 GMT

ETag: "113791-1415-4e70f4f57f7c1"

Accept-Ranges: bytes

Content-Length: 5141

Cache-Control: max-age=314993402

Expires: Thu, 21 Sep 2023 16:14:08 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:33 GMT

Connection: keep-alive
.PNG........IHDR...O...,.....$T.r....tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx..[..T....V{uU.J.t.Jw#. Kp..........h.h.Kf&..':...C.....h4
.c..0*[email protected]......}....Q...`...='.=............[...:...V.."..E.?.
...eD...Bt).v...6.UD.D6....e.;...a...1.........._..Q..~..8.s..a!:....&
gt;...O.<.G.Q.....~......g.o:.......2....i...6. ....{....k...$....e
.g.....;..9.l_..W^....>.A.46Q[[..X.".....Z.J/)).s......P}....<.u
..=...d...9a..c>6......k{.hc...i....v...3..../......|?p....6[..9s.M
d5/ ........3.7D..h.'.Y...1>;.-[.....r................v.1`~~.~...O.
X..l..=r.H..8q.>z.h...dV....k.eeezkk.~...c\.c.t.Rc...SO=......$..7W
x.?.x.w555.0.={..|&.e....L o...1VVP...c0...........45S.<...Sb..v...
..G.yD..........;|.p...]..O.-../......Y...2A...o.x...0X.5.\..x....7 ..
. W.4.b.g7.5q..b.g...>..c..7.|.9.c<..ll6.....k^.Ta.........../..
G.}.....<V.v....c..!...)S.p8..X,f....3..S.....$,.}.................
.,8..tHF.p.B..?.t(.............i.&....$(...{X.z5H.>u>...F.......
....y...X.v......q.M7......j...Wc.W_}....[.2g......w/......}..........
C.E..C.4l...O<.D.5.. ..."c.w.q.!`UU1{............*..cf....,..:3s..&
lt;.c...f....l....t.9.....>..Z.../_n<3..5[...............Y.5...@
..1..>....Md.j./..Y!..u..>.....&.|....GWW.....H...]L.......o..3.
.9....5c......C.2.....S../.~b.....n..........J0.{....L...^.5...l..._..
)3..sd:.s}...t1.m...g.x.b..(w....L.o.p....\I]........z.D;....;...56."e
.f.QNhH.f..*.....\yn.v..H..&U...<.y8...,k3....gv Ph)....(.`.p.f?..9
....Pb.........d.QY.A_BG...]Q.....Y. ..3Ij.k....XW..IX..x...9.LY..<<< skipped >>>

GET /images/anx/anemone-1.2.7.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 08 Jul 2013 20:02:48 GMT

ETag: "774114-a236-4e105875b5290"

Accept-Ranges: bytes

Content-Length: 41526

Cache-Control: max-age=309572103

Expires: Thu, 06 Jul 2023 20:02:48 GMT

Content-Type: application/javascript

Date: Thu, 12 Jun 2014 10:16:35 GMT

Connection: keep-alive
// You can define an _AnemoneParams global var with the following memb
ers (all are optional):..// uniqueUser: unique user ID (${eventRecord.
uniqueUserId}) -- if missing, will generate a value..// appId: applica
tion ID (${eventRecord.application}) -- if missing, will use current h
ostname..// appVersion: application build version (${eventRecord.appBu
ildVersion})..// appDate: application build date (${eventRecord.appBui
ldDate}) -- if missing, will attempt to use document.lastModified..// 
logPageView: if true, each page view will be logged (only do this if y
ou are not using server-side logging -- otherwise each page view will 
be logged twice)..// updateSession: if true, the session and referrer 
info in the cookie will be updated (only do this if you are not using 
server-side logging at all, or not using the Java servlet filter -- ot
herwise events may be double-counted and sessions may expire unexpecte
dly)..// domain: cookie domain (if not present, will use the last two 
components of the current hostname)..// url: base URL for callback (if
 not present, will use the current URL with "anemone.jhtml" instead of
 the page)..// getAppParams: function which returns an object whose pr
operty names/values will be logged for page views and events (values w
ill be URL-encoded)..// getAppCookieChips: function which returns an o
bject whose property names/values will be added to the Anemone cookie 
(names should begin with "x")..// getUserSegments: function which acce
pts an array of segment IDs and returns the array, possibly adding<<< skipped >>>

GET /xbbe/invitepixel/pixel?pixelID=101809&pixelID=101807&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segment HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/splashPixels.jhtml

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Cookie: test_cookie=CheckForPermission

Connection: Keep-Alive

Host: bid.g.doubleclick.net


HTTP/1.1 200 OK

Content-Type: image/gif

Cache-Control: no-cache

Pragma: no-cache

X-Content-Type-Options: nosniff

Date: Thu, 12 Jun 2014 10:16:36 GMT

Server: xbfe

Content-Length: 43

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Alternate-Protocol: 80:quic

Set-Cookie: id=225fd4cddb010079||t=1402568196|et=730|cs=002213fd480cc9ad4f2687ef08; expires=Sat, 11-Jun-2016 10:16:36 GMT; path=/; domain=.doubleclick.net

Set-Cookie: test_cookie=; expires=Mon, 21-Jul-2008 23:59:00 GMT; path=/; domain=.doubleclick.net

Expires: Thu, 12 Jun 2014 10:16:36 GMT
GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Content-Ty
pe: image/gif..Cache-Control: no-cache..Pragma: no-cache..X-Content-Ty
pe-Options: nosniff..Date: Thu, 12 Jun 2014 10:16:36 GMT..Server: xbfe
..Content-Length: 43..X-XSS-Protection: 1; mode=block..X-Frame-Options
: SAMEORIGIN..Alternate-Protocol: 80:quic..Set-Cookie: id=225fd4cddb01
0079||t=1402568196|et=730|cs=002213fd480cc9ad4f2687ef08; expires=Sat, 
11-Jun-2016 10:16:36 GMT; path=/; domain=.doubleclick.net..Set-Cookie:
 test_cookie=; expires=Mon, 21-Jul-2008 23:59:00 GMT; path=/; domain=.
doubleclick.net..Expires: Thu, 12 Jun 2014 10:16:36 GMT..GIF89a.......
......!.......,...........D..;..

GET /dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-US&anxlv=1402568210034&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=026D63ED-0A45-4DD4-A6FA-7C6A7991CB70&anxe=backFill&anxr=1051579203 HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Cookie: sessionData="7JRNV6bd9p3sD6hd1243kxFdEMojLcZ72bfIbGsNKv819Kfp7BJgb W/2hwJsia2xuQWljAedxSdh SiFsGi4FXox6Sw2rYh1bcmTuBafRH5J8v4vQNQAIBJnfgkI3VAX4nw3AtIAxe0FD0Jvpw/Fv2T6b6uTtPF2D987NjsSVgS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568210038&nv=2&t=-&v=-&p=-&si=-&sn=dfprdsndlfe31.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:16:52 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /activity;src=3335366;type=retar633;cat=conve083;ord=1;num=6423664209432.9? HTTP/1.1

Host: ad.doubleclick.net

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

X-Client-Data: CPm1yQEIjrbJAQiltskBCKm2yQEIwbbJAQiehsoBCKKIygEIuYjKAQ==

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: id=22ea7401d9010055||t=1399971138|et=730|cs=002213fd4871337c59c7a2218a


HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Date: Thu, 12 Jun 2014 10:18:02 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Content-Type: image/gif

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 42

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..P3P: policy
ref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa
 ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC 
NOI DSP COR"..Date: Thu, 12 Jun 2014 10:18:02 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-r
evalidate..Content-Type: image/gif..X-Content-Type-Options: nosniff..S
erver: cafe..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alte
rnate-Protocol: 80:quic..GIF89a.............!.......,...........D.;ont>....

GET /dl/ HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:16:50 GMT

Server: Apache

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData="7JRNV6bd9p3sD6hd1243kxFdEMojLcZ72bfIbGsNKv819Kfp7BJgb W/2hwJsia2xuQWljAedxSdh SiFsGi4FXox6Sw2rYh1bcmTuBafRH5J8v4vQNQAIBJnfgkI3VAX4nw3AtIAxe0FD0Jvpw/Fv2T6b6uTtPF2D987NjsSVgS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; Version=1; Domain=.cursormania.com; Path=/

Set-Cookie: anx="xrp=^ZC^yyyyyy^YYA^ua&xnt=&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&fv=1402568210034&xn=&xrm=&xtp=vhigh&xct=&xs=15346&lv=1402568210034&xp=vicinio&xrt=YYA&xt=rrdefaulta&nv=1&xu=&xrs=&oc=-&od=none&ob=-&xkw=&om=-&xrco=ZC&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe31.df.jabodo.com&xgc=false&op=-&xbkw=&xrca=yyyyyy&xrcc=ua&xft=&xad=&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3"; Version=1; Domain=.cursormania.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:16:50 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html;charset=UTF-8
1ff8..............{{.6.8.....;0l7.bZ....&.....'>...q\?.HIL$Q%)_....
.\...E...v.;.nc........6...............-k........w6,{iy...............
V..b...8..0.{....7.e..t...|~~.<................R..l..o?..X.'#kA.,(.
.b-..@....}1.........O..... ...X*..a...2...Q.z."X.~..g.....`...\N..../
.N..t........ u..l/=..e.. 0..Q...4.D.V.&.....n.N.53.>...Q.'E.$...V.
d...IBY.....q.{C..2r.......t...p.f.L...2.|?.....T.f.V'..z.zC.z....4.z.
.@..%A............q....,L"...8.zix....y.........A....].....#/}..RI1%.Y
CH2....A.*.4....^,!......A.(3...*..H.d....5..%o....].. ...Y......5k..~
0V8.Zk... .(M.;.>..?.F@..  .W;....t..#...I.......$.=X..R.......gm..
.4%.....4../.A2...:Uk.....E....f=j=QiJ.dw/H.i.Z.N.}.L.&n..$!2....f-iB~
...\ ..N....$8.&..c......4..Y...X...... .T.%....Q*.fc.41P...t..a...e..
[....).nM^r..h...I]..M....40.....u:,...r,1.U....0d..$.......i4..\..Ei^
...}H*d..nS...j<a...%vHX....?r.e6?T.......k..d....0..F6..c...3... .
3B........qe....&Q.z.4.jOvr..L.|<..AI.s#..aZ`@..C/......lF.30.8...c
...........c...~.`.V..D*.J..(>._1H|.....'p.v.4...$g.JLX.PS.~..|.R..
..&t...~.A?,...[5.. ... J.........h..8Q.$|..v.f...9.......N.^=.x.0..\h
fCr.....C............8..'Q...2u...$... l....../.Vv}.Y8..&..*...p......
..,4Q9.^$-....*.z....%.>[email protected].<.ST....z.W.....
..r.....a.......J....m...<.y..(.y}..i<.......G......h.L...Y...a.
.'.%.4.....Ch.r.q.u..........>h5.a.%kA~...`...H.u ..S..x.....j.....
...^.6.{.<=..a.}...s.O.p...v.I.O.i.#.5......].J@ R..y..M...`..(....
A....H......=^dla.A.!.O..,r... ......C...$.!..-...D..."..P....g:..<<< skipped >>>

GET /localStorage.jhtml?toolbarData={"toolbarId":"4C8D7C7E-AB7A-4460-92CC-11D4915F6277","partnerId":"^ZC^chryyy^YYA^ua","partnerSubId":"","installDate":"2014061201","homePageOption":"true","homePage":"true","defaultSearchOption":"true","defaultSearch":"true","installType":"CRX_WEBSTORE","pixelUrl":"http://cursormania.dl.tb.ask.com/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=","successUrl":"http://VVV.cursormania.com/dl/installComplete.jhtml","dlput":"YYA"} HTTP/1.1

Host: cursormania.dl.tb.ask.com

Connection: keep-alive

Cache-Control: max-age=0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: sessionData="60GyHS2fzacvA5oAkpN Rm0f2HsHZDTWAZ1jQoCc00lTAXlvYTENuIG6AIiOsNw9xuQWljAedxSdh SiFsGi4E5D80Jwp/Dq6FcR1IvRx7r5J8v4vQNQAIBJnfgkI3VAEnPS2VbnPTX/TzS15LJ5HtR6a2S59Z7lTkPqpn2fHRUS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoC
HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:42 GMT

Server: Apache

Set-Cookie: anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568260714&xn=&xrm=&xtp=&xct=&xs=&lv=1402568262287&xp=&xrt=&xt=&nv=3&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe31.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="; Version=1; Domain=.tb.ask.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:17:42 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Content-Length: 472

Connection: close

Content-Type: text/html;charset=UTF-8
..........eR.n.0.}...C...J..(...M4P.=....u....i.:vd...i.>...._l.s..
....X....N....-...C..T,"J..5.....FD.Rdl....%.rK.N..*k........'x..JL...
P.J.SPs0.#..'9...\.?...8X.f7.l.... ..x..s?tG.c/.H...P..d.#^.B.m.~x...8
.I..K.R...........p...P....xd..K)...ag...X............|............Mr.
.[t>..._.7L.X_;.m....Q..q.S...Me...m..m?u.......!..\fQ.4..9..t.{a:.
=....0..#..(<.M.E=..Lu'.J7.2._..n.....Q....eUs........4jc...xo..K.&
lt;A..Dm.p...$ga }.S..lkT.x,......2=..!J]..cT....=.....oS.........

GET /tr.gif?anxa=CAPNative&anxv=6.52.4.5102&anxe=ToolbarActive&anxt=119C6B41-CF2E-4DFF-A692-17BCF08918F4&anxtv=6.52.4.5102&anxp=^ZC^foxyyy^YYA^ua&anxsi=&anxr=613136939&anxd=2014-06-05T16:49:01.411Z&f=00500000&homePageEnabled=true&tabEnabled=true&keywordEnabled=true&defaultSearch=true&buttonIds=[221336046,221336047,221336049,221336053,221336056,221336059,221335917,221335932,221335934,221335935,221335942,221335948,221335956,221335957,221335958,221335959,221335960,221335961,221335962,221335963,221335964,221335965,221335966,221335967,221335968,221335969,221335970,221335971,221335972,221335973,221335974,221335975,221335976,221335977,221335978,221335979,221335980,221335981,221335982,221335983,221335984,221335985,221335986,221335987,221335988,221335989,221335990,221335991,221335992,221335993,221335994,221335995,221335996,221335997,221335998,221335999,221336000,221336001,221336002,221336003,221336004,221336005,221336006,221336007,221336008,221336009,221336010,221336011,221336012,221336013,221336014,221336015,221336016,221336017,221336018,221336019,221336020,221336021,221336022,221336023,221336024,221336025,221336026,221336027,221336028,221336029,221336030,221336031,221336032,221770541,221336063,221336068,221336069,221336087] HTTP/1.1

Host: live.tb.ask.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101
HTTP/1.1 204 No Content

Server: nginx/1.0.1

Date: Thu, 12 Jun 2014 10:17:04 GMT

Connection: close

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Cache-Control: max-age=0

GET /dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-US&anxlv=1402568258073&anxsq=4&cookiesEnabled=1&anxe=SplashLanding&anxr=1980426285 HTTP/1.1

Host: VVV.cursormania.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: sessionData="60GyHS2fzacvA5oAkpN Rm0f2HsHZDTWAZ1jQoCc00lTAXlvYTENuIG6AIiOsNw9xuQWljAedxSdh SiFsGi4E5D80Jwp/Dq6FcR1IvRx7r5J8v4vQNQAIBJnfgkI3VAEnPS2VbnPTX/TzS15LJ5HtR6a2S59Z7lTkPqpn2fHRUS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; partnerId=^ZC^chryyy^YYA^ua; installDate=2014061201; toolbarId=4C8D7C7E-AB7A-4460-92CC-11D4915F6277; partnerSubId=; dlput=YYA; installType=CRX_WEBSTORE; pixelUrl=hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:17:41 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /ga.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: VVV.google-analytics.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Wed, 11 Jun 2014 23:42:41 GMT

Expires: Thu, 12 Jun 2014 11:42:41 GMT

Last-Modified: Thu, 29 May 2014 22:33:33 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 15836

Cache-Control: public, max-age=43200

Age: 38032

Alternate-Protocol: 80:quic
...........}kW.:..w~....c...pk..f.....ZhiI..dY.iB.b.KI.o.gF.-'..9....n
byF..h4...../....z..|..y .b../......A_.S.....w......$2=.\..8e..:.G..].
.<.b....M_7.,.I...{..t<./s....x...,...(r4...8W|&N._K...M...p.\9.
..'.I.._.Jz.!.6.....8........P...F.......]H...-..!.M.t...?..6..5O..1..
p0..7.n$y*.z..Z...".W .8XE.....z.a....`.n....t....v.u..6.....A:H...=..
z.....!...5.u [email protected](;. ... W#.M..4
.0.u|.8..{..5...v.T.....5.@)..M..wr.....A>.v..%w..C.B..,Wjj8......j
.r./.Y..RI.6.(........T....Dq......Al...b...:.r.........}1.C...ZYv..y.
r.=d^.....T....L.U(.2 ...`..5......8.tD=..........c.#u.h...-..yu.....r
..?D....j.JQa.T.....f...G.q?r....7_llo>..@....].n;[email protected]_.@...
....#[email protected]...~.UL&...,X.a.Gl...C..c....W........i..2....w.V.{S
...T(w..KF........1.".......V..N.J V.y...K.....4....  .W...Y.......k$.
..r...P..H.J.^.......|... [email protected]..,|\AH`..._..k. x...A...d$.X.~.H
|.3..w>.@M"...s....1..Yi.#..G.........tO....v...1...{k.......np...8
y...Aa....V1.UvB...UJ.q.YC.=.W....1..Yns....s.8.....}..}.0h:......[.Q.
[email protected].}.(..Z.%..q....=Q.$HD....|.[Yq5A..rR.|.r...A....,....^.3
.w...4.:..3.=...>.Z_.A?2X.W..vl...Y.Q].....`VUv......9.R%<.k)..P
OLv..rm..Gc._j.cr/...yBjJ....:7....'....uQ.7.W..0s/K...|..*bY...&...pe
E.50.......&...T)-.-.)......A.."....aK...M.#.Y..... Js......ns.......V
....F;Q....0.P..S.L..l...B..&...nfX3d.....Z....5...6... :.[.{.".!.7*.0
...ylO..N...n ....r.M [email protected]..]W.u..D...m..J.5k..nT...t!.
..._..=..G.Y..^Y..f..]...d.N^....9....m1-0..`K.uB..R.MB.......%.!.<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/asset3/1394811841643.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 14 Mar 2014 15:44:01 GMT

ETag: "d6f2c-2c2b-4f492f05b837e"

Accept-Ranges: bytes

Content-Length: 11307

Cache-Control: max-age=308301941

Expires: Mon, 11 Mar 2024 15:44:01 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:33 GMT

Connection: keep-alive
.PNG........IHDR... ...F.....45......tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:C5D771D6764611E3AD6DE9
2B10AFB3D2" xmpMM:DocumentID="xmp.did:C5D771D7764611E3AD6DE92B10AFB3D2
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C531C22B764611E3
AD6DE92B10AFB3D2" stRef:documentID="xmp.did:C531C22C764611E3AD6DE92B10
AFB3D2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.C....(.IDATx....`T....w........H....m.VE
.........~.U......}...h.ZQ.Z...(..O.Z..".. ..../....<..L&.m.L.|~z.w
.=...s.......,]..a...F.f.. ....0..0..0...i.H.E..H;BW.B.M"-...I.&......
...^.U.0..0..0LDx.^sSSSaYYY........,..".C..................u5.P}^.E.a.
.a..a"B..a.$`..Q..B......c..|h.V...YD.c...p:..X..k.a..a..a.nC....V&.".
.PU..;w..h..u...".B ...Y|0..0..0..'.s.4.i..|..$@n.<y......z.%.a..a.
.a.....5Hs......YYY..G.I..O....-\...0..0L.BZ.4.i.. y......d.....CG"...
z.....Gl..wrWD........3`.U...0..0..E(. 95.f.H..u:]TG.....#.|......:.!.
...... i.P...N.....x..1..s...:.q*...a..a.hAZ.4.i.C......=...."$...<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/asset10/1394822524983.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 14 Mar 2014 18:42:05 GMT

ETag: "40cad3-e1e6-4f4956d2379fd"

Accept-Ranges: bytes

Content-Length: 57830

Cache-Control: max-age=307680170

Expires: Mon, 11 Mar 2024 18:42:05 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:35 GMT

Connection: keep-alive
.PNG........IHDR...8...........n.....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/button5/1380295452574.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 27 Sep 2013 15:24:06 GMT

ETag: "b9eb9d-bbd-4e75f13c3e46c"

Accept-Ranges: bytes

Content-Length: 3005

Cache-Control: max-age=293153057

Expires: Mon, 25 Sep 2023 15:24:06 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:39 GMT

Connection: keep-alive
.PNG........IHDR.......$......S......tEXtSoftware.Adobe ImageReadyq.e&
lt;... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5 Windows" xmpMM:InstanceID="xmp.iid:DB0F3283C93911E28CBB9E7085
56C4D5" xmpMM:DocumentID="xmp.did:DB0F3284C93911E28CBB9E708556C4D5">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DB0F3281C93911E28CBB
9E708556C4D5" stRef:documentID="xmp.did:DB0F3282C93911E28CBB9E708556C4
D5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>._.....3IDATx..\{lSU.....&....1...D.2. ......
.&.....h.._..Q.Qy....1...#[email protected].....)..;.Nt/Y...].{..9....v.CX..|...|
........e$I. .6p....W!.#...F......bVX......Z..%7^.F.....s.;"...g..j...
.. ...&s.^."Ovt.7.K.f.rh....e....k........../C^........7P.|.t9Z.<..
.Ex....8j..I.A..!.A..1..#..{N.onYDjQ.@a8..^.l.$G.#.7.~....4!.c/1..uL.o
....,.5..z...^...J..H.RG*1.(.'..1t.......d..".(n(.2u?'....<..O...:.
P>..j.........(}.'..25P.*....3e.Q`>.[T.b_.H.n..W..`..YJ....M...J
..7z*$...L..........fic.....s...._......|..J.A.U<.`a.U`.U.....k...&
...:sX.L..9Z.k.r.;abU.>I.F.x..q........ i..O.v... {..........i&<<< skipped >>>

GET /images/nocache/vicinio/executable-packages/CursorMania/1386165543761/CursorManiaSetup.exe HTTP/1.1

Host: ak.dl.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Cookie: sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMPbBRxwZwkK87qCZecb462PccKM8fGn8T179UMBuW3DaOhhEgxJog/eQnkWp1QdQPPp3AcMBkns7IKsyiDDgHZUmNyrtBgqTRr73ZzfcQkbHi20qfZ5OgT5c60gbHaBgIj4FQZWc0Ra4VH6 1lS38d yDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ/tnV0cvha2DxDvsgdl2VpzEx/gDDzXe5Cze/D5dJk MBKzA/Uzkl/YQhqmeHU33BkTbDYFJALeqEtu3HPPe7kq0vwuq4tAFgH2wNRjNxZSfV1m0i1fnm meHodLzRRcQ61S/t3ulsipGnXzZ1Qqj0dT973/jTMm58mg7F01tnYr yE9uyEm17nSNdgv48Et/e/z/H6gB5/ajLJtaw/foSzBvgZ5OAfVxicKkw6tlQOMBw8tkxC/rv6PmJGbb24GE"; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568224395&nv=11&t=-&v=-&p=-&si=-&sn=dfprdsndlfe9.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3&xx=install"; anxs="s=576842202&sv=1402568210036&sd=none&sp=-&sk=-&sm=-&sb=-&sc=-&ss=-"; partnerId=^ZC^foxyyy^YYA^ua
HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 04 Dec 2013 13:59:15 GMT

ETag: "31dbbd-1eaf18-4ecb5d18b91ef"

Accept-Ranges: bytes

Content-Length: 2010904

Cache-Control: max-age=298957330

Expires: Sat 02 Apr 1977 17:15:00 GMT

Pragma: no-cache

Content-Type: application/x-msdownload

Date: Thu, 12 Jun 2014 10:17:05 GMT

Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........2...\...\.
..\..'....\..'....\.......\...]...\..'....\..'....\..'....\.Rich..\...
......PE..L......R.................X...........).......p....@.........
.................P......3n....@.................................<..
.d........n..............`....0.......................................
...@............p..x............................text....W.......X.....
............. ..`.rdata.......p...0...\..............@[email protected]....
[email protected]..................@[email protected]
[email protected].................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U...X......... [email protected].
SVW.}[email protected]@.P..hq@........`........V......SP.......Pp@..
..W..;.}[email protected][email protected]...
@..4.......P...p@......./ub......<Tt"<Wt.<tt.<wuL......P..
...u>.......6......P.....~(......:u....~....P......P......P........
[email protected]@[email protected];[email protected].
[email protected]@........u....M._..^3.[.........V..W3.h..
[email protected].....<[email protected]<<< skipped >>>

GET /images/nocache/vicinio/executable-packages/PopularScreensavers/1355930226649/PopularScreensaversSetup.exe HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Host: ak.imgfarm.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 19 Dec 2012 15:18:08 GMT

ETag: "1433cef-2297b8-4d1361f29c9d4"

Accept-Ranges: bytes

Content-Length: 2267064

Cache-Control: max-age=269507442

Expires: Sat 02 Apr 1977 17:15:00 GMT

Pragma: no-cache

Content-Type: application/x-msdownload

Date: Thu, 12 Jun 2014 10:17:06 GMT

Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........2...\...\.
..\..'....\..'....\.......\...]...\..'....\..'....\..'....\.Rich..\...
......PE..L...J..O.................X...........).......p....@.........
.................P......H.#...@.................................<..
.d........n...........}"......0.......................................
...@............p..x............................text....W.......X.....
............. ..`.rdata.......p...0...\..............@[email protected]....
[email protected]..................@[email protected]
[email protected].................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U...X......... [email protected].
SVW.}[email protected]@.P..hq@........`........V......SP.......Pp@..
..W..;.}[email protected][email protected]...
@..4.......P...p@......./ub......<Tt"<Wt.<tt.<wuL......P..
...u>.......6......P.....~(......:u....~....P......P......P........
[email protected]@[email protected];[email protected].
[email protected]@........u....M._..^3.[.........V..W3.h..
[email protected].....<[email protected]<<< skipped >>>

GET /images/nocache/vicinio/executable-packages/CursorMania/1355864360804/CursorManiaSetup.exe HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Host: ak.imgfarm.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 18 Dec 2012 20:59:35 GMT

ETag: "11c6449-1d26b8-4d126c6792682"

Accept-Ranges: bytes

Content-Length: 1910456

Cache-Control: max-age=268656143

Expires: Sat 02 Apr 1977 17:15:00 GMT

Pragma: no-cache

Content-Type: application/x-msdownload

Date: Thu, 12 Jun 2014 10:17:12 GMT

Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........2...\...\.
..\..'....\..'....\.......\...]...\..'....\..'....\..'....\.Rich..\...
......PE..L...J..O.................X...........).......p....@.........
.................P......).....@.................................<..
.d.......tn...................0.......................................
...@............p..x............................text....W.......X.....
............. ..`.rdata.......p...0...\..............@[email protected]....
[email protected]..................@[email protected]
[email protected].................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U...X......... [email protected].
SVW.}[email protected]@.P..hq@........`........V......SP.......Pp@..
..W..;.}[email protected][email protected]...
@..4.......P...p@......./ub......<Tt"<Wt.<tt.<wuL......P..
...u>.......6......P.....~(......:u....~....P......P......P........
[email protected]@[email protected];[email protected].
[email protected]@........u....M._..^3.[.........V..W3.h..
[email protected].....<[email protected]<<< skipped >>>

GET /dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-us&anxlv=1402568192653&anxsq=3&present=false&anxe=ToolbarDetect&anxr=1873814278 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: VVV.cursormania.com

Connection: Keep-Alive

Cookie: sessionData="MG38RZOZYxIZQAx/8yOk0ZtFMk M1 OsgOVQPfkbKAfR/FtWYJA2jadAGi7yhXswxuQWljAedxSdh SiFsGi4GUG9ryLhTRe z/DQ2ZT31v5J8v4vQNQAIBJnfgkI3VAivJW6oOxfnNuQnVFta5odcdk3CElqS0VZ8KDSAaaQ gS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; anx="u=A81F63A5-8FF1-437F-8109-400CE53AA80A&fv=1402568192637&lv=1402568192871&nv=3&t=-&v=-&p=-&si=-&sn=dfprdsndlfe3.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=32&f=10.0&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^y
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:16:36 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /px?u=Cy&rtv=convertor&ct=ffd59f4f6ea2c23b&ctval1=[CONVERSION TYPE] HTTP/1.1

Host: a.triggit.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=

Connection: keep-alive


HTTP/1.1 302 Found

Cache-Control: private, no-cache, no-store, must-revalidate

Expires: Sat, 01 Jan 2000 00:00:00 GMT

Pragma: no-cache

P3P: CP="DEVo PSDo OUR BUS DSP ALL COR"

X-From: uk-bidder-02

Set-Cookie: trgu=Qsjq7rvERG61T7DtbRiJFA; domain=.triggit.com; path=/; expires=Sun, 12-Jun-2016 00:00:00 GMT

Set-Cookie: trgs=848069640; domain=.triggit.com; path=/;

Set-Cookie: trgp=; domain=.triggit.com; path=/; expires=Thu, 17-Jul-2014 00:00:00 GMT

Location: hXXp://cm.g.doubleclick.net/pixel?google_nid=triggit1&cb=rs2946&google_hm=UXNqcTdydkVSRzYxVDdEdGJSaUpGQQ==

Date: Thu, 12 Jun 2014 10:17:04 GMT

Content-Length: 11

Content-Type: text/html; charset=ISO-8859-1
RedirectingHTTP/1.1 302 Found..Cache-Control: private, no-cache, no-st
ore, must-revalidate..Expires: Sat, 01 Jan 2000 00:00:00 GMT..Pragma: 
no-cache..P3P: CP="DEVo PSDo OUR BUS DSP ALL COR"..X-From: uk-bidder-0
2..Set-Cookie: trgu=Qsjq7rvERG61T7DtbRiJFA; domain=.triggit.com; path=
/; expires=Sun, 12-Jun-2016 00:00:00 GMT..Set-Cookie: trgs=848069640; 
domain=.triggit.com; path=/;..Set-Cookie: trgp=; domain=.triggit.com; 
path=/; expires=Thu, 17-Jul-2014 00:00:00 GMT..Location: hXXp://cm.g.d
oubleclick.net/pixel?google_nid=triggit1&cb=rs2946&google_hm=UXNqcTdyd
kVSRzYxVDdEdGJSaUpGQQ==..Date: Thu, 12 Jun 2014 10:17:04 GMT..Cont
ent-Length: 11..Content-Type: text/html; charset=ISO-8859-1..Redirecti
ng....


GET /pxgcm?id=&cb=rs2946 HTTP/1.1

Host: a.triggit.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=

Cookie: trgu=Qsjq7rvERG61T7DtbRiJFA; trgs=848069640; trgp=

Connection: keep-alive


HTTP/1.1 302 Found

Cache-Control: private, no-cache, no-store, must-revalidate

Expires: Sat, 01 Jan 2000 00:00:00 GMT

Pragma: no-cache

P3P: CP="DEVo PSDo OUR BUS DSP ALL COR"

X-From: uk-bidder-02

Set-Cookie: trgp=GKH85ZwF; domain=.triggit.com; path=/; expires=Thu, 17-Jul-2014 00:00:00 GMT

Location: hXXp://VVV.facebook.com/fr/u.php?p=185501061579159&m=Qsjq7rvERG61T7DtbRiJFA&t=2592000&cb=ewvc6u

Date: Thu, 12 Jun 2014 10:17:05 GMT

Content-Length: 11

Content-Type: text/html; charset=ISO-8859-1
RedirectingHTTP/1.1 302 Found..Cache-Control: private, no-cache, no-st
ore, must-revalidate..Expires: Sat, 01 Jan 2000 00:00:00 GMT..Pragma: 
no-cache..P3P: CP="DEVo PSDo OUR BUS DSP ALL COR"..X-From: uk-bidder-0
2..Set-Cookie: trgp=GKH85ZwF; domain=.triggit.com; path=/; expires=Thu
, 17-Jul-2014 00:00:00 GMT..Location: hXXp://VVV.facebook.com/fr/u.php
?p=185501061579159&m=Qsjq7rvERG61T7DtbRiJFA&t=2592000&cb=ewvc6u..Date:
 Thu, 12 Jun 2014 10:17:05 GMT..Content-Length: 11..Content-Type: text
/html; charset=ISO-8859-1..Redirecting....


GET /pxfbcm?s=miss HTTP/1.1

Host: a.triggit.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=

Cookie: trgu=Qsjq7rvERG61T7DtbRiJFA; trgs=848069640; trgp=GKH85ZwF

Connection: keep-alive


HTTP/1.1 200 OK

Cache-Control: private, no-cache, no-store, must-revalidate

Expires: Sat, 01 Jan 2000 00:00:00 GMT

Pragma: no-cache

P3P: CP="DEVo PSDo OUR BUS DSP ALL COR"

X-From: uk-bidder-02

Set-Cookie: trgp=GKH85ZwFSKH85ZwFUAA=; domain=.triggit.com; path=/; expires=Thu, 17-Jul-2014 00:00:00 GMT

Content-Type: image/gif

Date: Thu, 12 Jun 2014 10:17:05 GMT

Content-Length: 43

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, no-cache, no-store, must-revalidate..Expires: Sat, 01 Ja
n 2000 00:00:00 GMT..Pragma: no-cache..P3P: CP="DEVo PSDo OUR BUS DSP 
ALL COR"..X-From: uk-bidder-02..Set-Cookie: trgp=GKH85ZwFSKH85ZwFUAA=;
 domain=.triggit.com; path=/; expires=Thu, 17-Jul-2014 00:00:00 GMT..C
ontent-Type: image/gif..Date: Thu, 12 Jun 2014 10:17:05 GMT..Content-L
ength: 43..GIF89a.............!.......,...........L..;..

GET /images/vicinio/dsp-images/john.bonarrigo/asset5/1371061369351.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 12 Jun 2013 18:22:52 GMT

ETag: "2b70d2-a15-4def91a100556"

Accept-Ranges: bytes

Content-Length: 2581

Cache-Control: max-age=285040331

Expires: Sat, 10 Jun 2023 18:22:52 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:50 GMT

Connection: keep-alive
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:BE138D91D38C11E29792B31D
8512DC36" xmpMM:DocumentID="xmp.did:BE138D92D38C11E29792B31D8512DC36"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BE138D8FD38C11E297
92B31D8512DC36" stRef:documentID="xmp.did:BE138D90D38C11E29792B31D8512
DC36"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>S..g....IDATx..Z.n.F...!@..!.......{-]..d..
$..[..RHB/.Q>..B..H>..Et...'.s...N].?.;c..5....W.bh....;;3;..,U.
..r...-..j............W._...........j".9.."..:4./.q.c...$k..w....|....
o.FG.;.q...J.C...l....L>.'Ob.9..._...].x....iE..._...............l}
x..{.cO..07..9.9(.<...~~.,......8#.q?. .$.-@/7...........~I.'...LK.
.Mj.....#A>...>;.w.%....$[.$...Q...7#..J..S..2z.LH.%....K....0..
.....v...C...~u.9p.S.P.:.n........8..[.....v.4....e.Q..|!.Qe..F....\..
Jr.....5..Pe.|.!... ..fq.2.rC..H....O.hXD(.:..%Ne.X.T....C:........<
;....lQ....>..22.].XF{...d...P..P.6..U.6...:.D..=..,.1U2.W"..m]<<< skipped >>>

GET /images/download/ask/pba_0927.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 23 Sep 2013 16:06:07 GMT

ETag: "113790-dd6-4e70f32b009c4"

Accept-Ranges: bytes

Content-Length: 3542

Cache-Control: max-age=315354163

Expires: Thu, 21 Sep 2023 16:06:07 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:51 GMT

Connection: keep-alive
.PNG........IHDR....... .......P.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...xIDATx..\.TT....A.......b..k.#..hb..R..... -...k..t.Y....L..KrUv
...k.%|.c.^..@ h..G.<..a........a..0..v..~..{......_..T. .B..(.@!"W
.....|.8.;$m...!W.vV)..?.....S.......A..U/.F... ...5...Cw....)r.....$.
"..7......A.....g.....h..FA.:nF.F..9..q]&...jkka...PYi9.......NE..]R0(
@[email protected]. .........Bbb".....BCC..7...#F..e..i.
.3......;GN.\[email protected].....
..e\*......`.....c~.f.W....=..............k..{][email protected]
..>y.d.../.... ^C..>[email protected]..[.o.....~.4....n.._......)Y..
|$.H..^.Z.#8].....ju..... p....w.3.u.%.k3.W...?a..BLL.dee..Y.f..M.`..-
.~...HJJ.U.1..............o|.....n....s.]...#"....Z..t...wO....j......
..\f'..7.....K.,......N.E.@Q.]Q.!..p.R...}....A..>..O........;.....
7h.z.s#.@.`...H4xO....../5;;....=8p..I.Q. ..X..a;...J.A.?.*WWP{...D...
...b........&.jJObu.......}..%.... ./....c..0..R.6m..w..r....Z.....$..
\..e... t........)...3....Ik.zw....h#.I.P......l.vr.;^!. ...6.n9 p....
.i...O...;.v..<-@(6I.R5n.Y...044:.. .....*@.C...s1V....|..Mg..YL.t.
.u.~`..Ahm...(.Z0...U.3..j....l;T<..#....mx.R..$B............,.~.vT
.z...|:.|.H..A........l.<....}..P....oA...._.B..c....Dp...1*Th....O
."...d...lk,.............xy......X....n[....Z-...U9..W..$B...c....p.A.
2X.....N|..3.@=..}...".t?.C....s.(..v=.....{.I......}ee..m..J........"
4...-.....h:...|.}.....7...W..&X.. .....Q.R..6d.EX.m.........1........
...VB..S...Q.4P....Hl....`u.$R.,...g$..V...p.M....j.5....6.g..BqO.<<< skipped >>>

GET /images/vicinio/dsp-images/lisa.delmar/background/1355162773241.gif HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 10 Dec 2012 18:06:13 GMT

ETag: "2e6a5c-6da3-4d0836bb85903"

Accept-Ranges: bytes

Content-Length: 28067

Cache-Control: max-age=275457585

Expires: Thu, 08 Dec 2022 18:06:13 GMT

Content-Type: image/gif

Date: Thu, 12 Jun 2014 10:16:51 GMT

Connection: keep-alive
GIF89a.......888777........................111............!!!.........
......$$$///............"""222   &&&---(((......***000............)))#
##,,,%%%'''...   ......555444666......333........................!....
...,.............e!9.<...... .. V{.66..`(.(5..V`....g......j0..:.Fb
..<.....-I...61..(.1....1c..6..a85&.7.. ..c8%/-# ..%D.()...#.......
 ........&1...!.5_6.Mb1.(..1....56....-/.../.*%"'( .!.423.#.d....6D..P
.....6..q....Z.... C..$.D.!.A...^..!....%6..ao...`.a.([email protected].......
`.c..../.m.. [email protected]....$0..%...8.@ f..8..].pcA.....([c......\.....
.j4h..*.Z..\.*C...3H.x.....d6>[email protected]...(.. .....DT.C...g.P..,#@..)..8
0.%m.S...t*... dH(H....8F(`1..)....X..v..((.X..%...jL.h....(P8....%..X
. ~....8...y.....'|.....@B... CI......@G...`..A..\.........D..........
 ..*[email protected].....@.[.D..t5$..........0...T....a.C.0.pC..H ....7.....B`!T
G%..lpRA%<...*....b....34(...4..~.(...w....^Lp...p4...l...Y. .. ...
...i.......%.P...p`..-.0..0. .......C...... .G#4.....0,.60 ..,..#.1...
. .A...`..... A..X.f..\....%l.BZ..).jT..."*D0......g#....".....%....8.
.....By.h.RA.Lx.).f0........,._..>p.9k.!."s.Y..*[email protected]..*p......E
......P0.. $w..[=`t.Jf...N....-.cC........@@.%T.../.*.)[email protected]`@..tu..
...'..t.B.B.................wW..@.. .3....0....)q.-.P.N~.....,...".`..
........`[email protected]"..| ..M.p...Zp._..0....0y.!(....X.@.'DV...T.B..8..
.... ....!..<...Wc....T..[...,...40...0.....jh...S..V0...*@*...H0,p
./............(...dC..,._o. [email protected][email protected].,.H.....X..2
...D [email protected]!D.C...DP......X.l"`.]T...h.AXVd.....<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/button1/1384360058230.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 13 Nov 2013 16:27:38 GMT

ETag: "b27b16-bd5-4eb117183e6f0"

Accept-Ranges: bytes

Content-Length: 3029

Cache-Control: max-age=297217704

Expires: Sat, 11 Nov 2023 16:27:38 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:55 GMT

Connection: keep-alive
.PNG........IHDR.......$......S......tEXtSoftware.Adobe ImageReadyq.e&
lt;...!iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC (Windows)" xmpMM:InstanceID="xmp.iid:2A37056610E911E3AC809FB54
AEE8879" xmpMM:DocumentID="xmp.did:2A37056710E911E3AC809FB54AEE8879"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2A37056410E911E3AC8
09FB54AEE8879" stRef:documentID="xmp.did:2A37056510E911E3AC809FB54AEE8
879"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>.Z.L...JIDATx..\{PT.....eawY. .<\B$..E!Fk
..Nh..A....S....kkR.f.v........?j'.I..q....dL...I.5I......ty?va.w.....
.]!Eh..c~....{.;.~...;...J...Y".p-..0..............v.U./.F.7..&|.p=.Z.
.%.A.j.?}...9..lj.Z.:j$.!4 s.5...-.....A..l..'....$..2wQ. ....i...KQ.=
..z....%.:V..DM"..Xh....><~7.>.&....HB.).G..:.p.R...o.7....8.
....0i.)..D..;q...AO..j.pcS^w;k,..........L.$#/....F..hH.<Vt:..^.s.
o\...2^xX.B. ~.x...qyP.?...LF....n8.....7....J..B...'<..M..>.&..
.e.....z.zG."j=....A_....2i.".n.K..(D...[.>.h.]..8.J.E.w.'".2i..D$A
;.%...Y<..=(dW.~.....(LY. .Q...[....q...[.6.....o..u.l.F..&G...<<< skipped >>>

GET /images/vicinio/dsp-images/210720343/background4/1395093174747.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://cursormania.dl.tb.ask.com/ffInstruct.jhtml

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 17 Mar 2014 21:52:54 GMT

ETag: "e247a-3843-4f4d471141956"

Accept-Ranges: bytes

Content-Length: 14403

Cache-Control: max-age=307884948

Expires: Thu, 14 Mar 2024 21:52:54 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:17:05 GMT

Connection: keep-alive
.PNG........IHDR... ..........z.K....tEXtSoftware.Adobe ImageReadyq.e&
lt;...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:76BD1027B856E311B55F833B9E243AA8" xmpMM:DocumentID="xmp.did:6E41
24555E8C11E3876FE4B7DCC9A7E5" xmpMM:InstanceID="xmp.iid:6E4124545E8C11
E3876FE4B7DCC9A7E5" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> 
<xmpMM:DerivedFrom stRef:instanceID="xmp.iid:77BD1027B856E311B55F83
3B9E243AA8" stRef:documentID="xmp.did:76BD1027B856E311B55F833B9E243AA8
"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> &l
t;?xpacket end="r"?>...F..4uIDATx.....T...Ouu7..-.Q\h...(..."...QG.
.d..*$Of.l.|:...(I.Y&...l3.G.$j..h...Y.pgq!h...}..../.6.o...VW......V.
{...n...{.sn,.J..<lLW)B....:...k..>.-...X..1...Z..}"d.A.~....t.&
lt;..I?#?..[ZZ..b1SV.y.uv.[..m..<.m.!.....K....~....`...!..B"......
..x ......B.!..t..$#~.-......B....Q.GL...i..B.!...!.5~..BB.!....Jqq...
...J...UP..)/..B..\V@,..h.<....M...B.!.....Z]....y)..B..5Y.......):
..B.!.D  .....p<.nweB.!..Hd.S@|...5...V.!.......s..B.!..^.......Ai.
.yua..lD."..B( ....'.d.KF.!..B.........[...B.!.......*..X.Q*...B.!<<< skipped >>>

GET /images/vicinio/dsp-images/211634648/background999/1372437932631.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/installComplete.jhtml

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 28 Jun 2013 16:45:31 GMT

ETag: "a1b209-890-4e0399b6934cd"

Accept-Ranges: bytes

Content-Length: 2192

Cache-Control: max-age=306837220

Expires: Mon, 26 Jun 2023 16:45:31 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:17:22 GMT

Connection: keep-alive
.PNG........IHDR...P............*....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:24A8CA07D82411E2B456F7
9AB3D903A2" xmpMM:DocumentID="xmp.did:24A8CA08D82411E2B456F79AB3D903A2
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:24A8CA05D82411E2
B456F79AB3D903A2" stRef:documentID="xmp.did:24A8CA06D82411E2B456F79AB3
D903A2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>........IDATx..W]L\E.... `.K...].FK.....I
-aA./&.5......<..../.6.'..4.X}Y.BHS...&&.-$.!...-....e...XS....Y...
.../..dg...33.|..3s5..p...ii.G*]Up8..V...4]..N~eA.<.....z..d'c.....
U.........{...=..h.S.0.v......~._w....b....7.....Q...WH*..LP).!'..G..C
e.j3..a.....AFXQ 0K:^Fnu....|<..M.Q#...P>.e .._. B(L!.d{|T......
.n...J..I...5x...*nU.w..O#v..f.~?.G.X..V.....'.."..z............}..2..
..0.3.....X.|...oS..d".J..m........=...u....D..x....~*..../..b....z..I
<&.:]\{y...r..?.A..<wTY'D.D..../Y..<G.L.U.I......i"....%{P..g
X.3..{.RZ4...$6..K,...0_..s..`..S......N.0(....~.k..W.....?...~.aQ<<< skipped >>>

GET /crls/gtglobal.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: crl.geotrust.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Server: Apache

ETag: "63d4372b90d860b99d5485e751e4064c:1402567812"

Last-Modified: Thu, 12 Jun 2014 10:10:12 GMT

Accept-Ranges: bytes

Content-Length: 554

Date: Thu, 12 Jun 2014 10:17:10 GMT

Connection: keep-alive

Content-Type: application/pkix-crl
0..&0...0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U.
...GeoTrust Global CA..140612094300Z..140622094300Z0..0....4...0310111
41952Z0....5...060809140549Z0....4]..020522080843Z0....5Y..05072212592
6Z0....4\..020522080900Z0....6k..070711055050Z0....4Z..020521134804Z0.
..*.H.............Q.#..X..k... .]qT.?RN%."...a..*c.&...t..-4|.Ty...{.v
......,d......\..O..g..Dp..d*.pZQ..*.8..l.v_.G..w..B..c.'......p.....h
...,80..<.n.U'G4J......=.Eb.-P<0..@LYjR~...........=:[email protected]/..2
S.Q.:.&.:_.......2..y..T..){_..."u..h.....(~m..G....{f...:8.(:<...-
h..HTTP/1.1 200 OK..Server: Apache..ETag: "63d4372b90d860b99d5485e751e
4064c:1402567812"..Last-Modified: Thu, 12 Jun 2014 10:10:12 GMT..Accep
t-Ranges: bytes..Content-Length: 554..Date: Thu, 12 Jun 2014 10:17:10 
GMT..Connection: keep-alive..Content-Type: application/pkix-crl..0..&0
...0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....Ge
oTrust Global CA..140612094300Z..140622094300Z0..0....4...031011141952
Z0....5...060809140549Z0....4]..020522080843Z0....5Y..050722125926Z0..
..4\..020522080900Z0....6k..070711055050Z0....4Z..020521134804Z0...*.H
.............Q.#..X..k... .]qT.?RN%."...a..*c.&...t..-4|.Ty...{.v.....
.,d......\..O..g..Dp..d*.pZQ..*.8..l.v_.G..w..B..c.'......p.....h...,8
0..<.n.U'G4J......=.Eb.-P<0..@LYjR~...........=:[email protected]/..2S.Q.:
.&.:_.......2..y..T..){_..."u..h.....(~m..G....{f...:8.(:<...-h....<<< skipped >>>

GET /dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-US&anxlv=1402568257969&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=E04CF954-69DE-4E5C-B4F1-A4FC96E1A07E&anxe=backFill&anxr=520444235 HTTP/1.1

Host: VVV.cursormania.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: sessionData="60GyHS2fzacvA5oAkpN Rm0f2HsHZDTWAZ1jQoCc00lTAXlvYTENuIG6AIiOsNw9xuQWljAedxSdh SiFsGi4E5D80Jwp/Dq6FcR1IvRx7r5J8v4vQNQAIBJnfgkI3VAEnPS2VbnPTX/TzS15LJ5HtR6a2S59Z7lTkPqpn2fHRUS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; partnerId=^ZC^chryyy^YYA^ua; installDate=2014061201; toolbarId=4C8D7C7E-AB7A-4460-92CC-11D4915F6277; partnerSubId=; dlput=YYA; installType=CRX_WEBSTORE; pixelUrl=hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?par
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:17:41 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /images/download/ask/browsers_0927.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 23 Sep 2013 16:14:08 GMT

ETag: "113791-1415-4e70f4f57f7c1"

Accept-Ranges: bytes

Content-Length: 5141

Cache-Control: max-age=314993402

Expires: Thu, 21 Sep 2023 16:14:08 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:50 GMT

Connection: keep-alive
.PNG........IHDR...O...,.....$T.r....tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx..[..T....V{uU.J.t.Jw#. Kp..........h.h.Kf&..':...C.....h4
.c..0*[email protected]......}....Q...`...='.=............[...:...V.."..E.?.
...eD...Bt).v...6.UD.D6....e.;...a...1.........._..Q..~..8.s..a!:....&
gt;...O.<.G.Q.....~......g.o:.......2....i...6. ....{....k...$....e
.g.....;..9.l_..W^....>.A.46Q[[..X.".....Z.J/)).s......P}....<.u
..=...d...9a..c>6......k{.hc...i....v...3..../......|?p....6[..9s.M
d5/ ........3.7D..h.'.Y...1>;.-[.....r................v.1`~~.~...O.
X..l..=r.H..8q.>z.h...dV....k.eeezkk.~...c\.c.t.Rc...SO=......$..7W
x.?.x.w555.0.={..|&.e....L o...1VVP...c0...........45S.<...Sb..v...
..G.yD..........;|.p...]..O.-../......Y...2A...o.x...0X.5.\..x....7 ..
. W.4.b.g7.5q..b.g...>..c..7.|.9.c<..ll6.....k^.Ta.........../..
G.}.....<V.v....c..!...)S.p8..X,f....3..S.....$,.}.................
.,8..tHF.p.B..?.t(.............i.&....$(...{X.z5H.>u>...F.......
....y...X.v......q.M7......j...Wc.W_}....[.2g......w/......}..........
C.E..C.4l...O<.D.5.. ..."c.w.q.!`UU1{............*..cf....,..:3s..&
lt;.c...f....l....t.9.....>..Z.../_n<3..5[...............Y.5...@
..1.HTTP/1.1 200 OK..Server: Apache..Last-Modified: Mon, 23 Sep 2013 1
6:14:08 GMT..ETag: "113791-1415-4e70f4f57f7c1"..Accept-Ranges: bytes..
Content-Length: 5141..Cache-Control: max-age=314993402..Expires: Thu, 
21 Sep 2023 16:14:08 GMT..Content-Type: image/png..Date: Thu, 12 Jun 2
014 10:16:50 GMT..Connection: keep-alive...PNG........IHDR...O...,<<< skipped >>>

GET /dl/ HTTP/1.1

Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: VVV.cursormania.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:16:32 GMT

Server: Apache

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData="MG38RZOZYxIZQAx/8yOk0ZtFMk M1 OsgOVQPfkbKAfR/FtWYJA2jadAGi7yhXswxuQWljAedxSdh SiFsGi4GUG9ryLhTRe z/DQ2ZT31v5J8v4vQNQAIBJnfgkI3VAivJW6oOxfnNuQnVFta5odcdk3CElqS0VZ8KDSAaaQ gS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; Version=1; Domain=.cursormania.com; Path=/

Set-Cookie: anx="xrp=^ZC^yyyyyy^YYA^ua&xnt=&xh=8046&xpp=^ZC^yyyyyy^YYA^ua&xi=RUN_RUN&fv=1402568192637&xn=&xrm=&xtp=vhigh&xct=&xs=15346&lv=1402568192637&xp=vicinio&xrt=YYA&xt=rrdefaulta&nv=1&xu=&xrs=&oc=-&od=none&ob=-&xkw=&om=-&xrco=ZC&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe3.df.jabodo.com&xgc=false&op=-&xbkw=&xrca=yyyyyy&xrcc=ua&xft=&xad=&xcid=28d7591a7c4e47b4a7b26eadf5174547&xuer=3"; Version=1; Domain=.cursormania.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:16:32 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html;charset=UTF-8
1ff8..............m{.F.0.Y.....u..bI..8/v......qb..i.w....)..$jI./M..o
..>.R......v.K.....`......}..............l:....8......._.......y..t
.....;.i...(...?Y_...z..,.o.._^^./....l..x..au.2...... .......(.*.IE..
O..}...{F(_M'[email protected].>...<...X ..I...:..O.a.{....{.]....,.gY..
z.V.....f.U.........a.{s......#...4..a../..8.jW..^$..Q...,..>...q..
.Biv=.........^...~.ga.O...H.a.\{..I.~r......j.=..A....Gchj..n....$.'M
..pr.f..oz).g ..h..o.....P......Ne....J...E.!..\FAv..x.5S.../....X..$.
..p......7.Gf........3Yl4..D...[.0....:.x..*.....=x.H..n....h8....."..
..x...... .g..D.......i.?...H..I.....<.....A8....nt&].%y`D[i.[..=..
..p.......S.J...[.i8......SO.T.G..n......-.Q..|&.O.wEPL.W....#F.....OS
BC.HwS....CU..Z"...x....Y<...GG..d_dY<Sm:!1.OO..N.Asz....j...fg 
..H.b....I...R..6.`. .`X....i<...IC[a]}......|S..V....0%G....H( O".
5/Ix.a....Y<..Y.q.g6.....)........j4ae..:...T.N..VG..7...).a.d-..c.
..(....6......M.....3.............E.y.d.,.I..A.I...O&.,tt.ZA6....B4...
.w.N. 3BK..p]...Gs.'.aLa...\...I...f..r"&^..;...:...o^..6.S.{.$...K.9D
.{..I?]rnvr.sS....}<Kb....=.Ts?..8....7..{[email protected]@.*D...hdv#..M..&.
d..d~....?..k...l.J.g[^{.?.....Z.iD.E.b..8..^...VK.0.ol...$......b.S..
..|N.......0........6NN..i.8U..._?.B..../.p.2Q.s}.f...hB.X......j6..N.
K..n....GS.@.\'..9i.%.e..4....M.l....)...ES..f."......lG....L..x.N....
h...x=H.-.h..~;.'..u.q..`s..h.........h..U....$...*._..YNM..........~.
i....V....^.N.x2d.h....... /..Y.%.QfCd|.0_FI8....  )E...c&..b..?.9jv.&
lt;.....*.A........7..y....y.~;:O..z...... .$..w..|..Q.4..b.qt...O<<< skipped >>>

POST / HTTP/1.1

Host: ocsp.verisign.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Length: 115

Content-Type: application/ocsp-request

Connection: keep-alive

0q0o0M0K0I0... ........l .Z....`....?#...Y.........A..Je.H...W-}G.....L.y9-.....;O...0.0... .....0...
0... .....0..
HTTP/1.1 200 OK

Last-Modified: Thu, 12 Jun 2014 00:41:52 GMT

Expires: Thu, 19 Jun 2014 00:41:52 GMT

Content-Type: application/ocsp-response

content-transfer-encoding: binary

Content-Length: 1852

Cache-Control: max-age=570392, public, no-transform, must-revalidate

Date: Thu, 12 Jun 2014 10:16:51 GMT

Connection: keep-alive
0..8......10..-.. .....0......0...0...........0..1.0...U....US1.0...U.
...VeriSign, Inc.1.0...U....VeriSign Trust Network1>0<..U...5Ver
iSign Class 3 Secure Server CA - G2 OCSP Responder..20140612004152Z0s0
q0I0... ........l .Z....`....?#...Y.........A..Je.H...W-}G.....L.y9-..
...;O.....20140612004152Z....20140619004152Z0...*.H................,[p
..U.:.....*.p..V....~........Q.....B..pR.[....3..V.D...a..Y.3.s..E.`..
..*[email protected]...'......t*#.N.w....r.lV.%p.B.L.[...
..u.pjA._.....x..Y[.....s..mx.P.u........bg.>NgT.......|0.uF.X..(.o
.Ap~....">...^S....ER`.S......:...Ah*...R......0...0...0..........?
.Q..R^O._D.h*0.0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc
.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://w
ww.verisign.com/rpa (c)091/0-..U...&VeriSign Class 3 Secure Server CA 
- G20...140504000000Z..140802235959Z0..1.0...U....US1.0...U....VeriSig
n, Inc.1.0...U....VeriSign Trust Network1>0<..U...5VeriSign Clas
s 3 Secure Server CA - G2 OCSP Responder0.."0...*.H.............0.....
.......t..y...J.....@./..3.....PE......&W...y.....N....3.\.y.kB.^.....
....MA.w.\f.F-..(.......4.t.......H;$.SJk.....7,..kH<....]QB..Eb)..
..-.O.._o..b..j......L.....g.....6r..c.G...Q....MQ......'w....l.'.....
>...w.j'fX.Qh.v...N7..Q...Q{.z..bY....>q..cK.I.*.S=..........0..
.0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://www
.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS
 incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .....<<< skipped >>>

POST / HTTP/1.1

Host: ocsp.verisign.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Length: 115

Content-Type: application/ocsp-request

Connection: keep-alive

0q0o0M0K0I0... ...................F....0.yV......{&.K......&............d..{2...ze...0.0... .....0...
0... .....0..
HTTP/1.1 200 OK

Last-Modified: Thu, 12 Jun 2014 07:30:40 GMT

Expires: Thu, 19 Jun 2014 07:30:40 GMT

Content-Type: application/ocsp-response

content-transfer-encoding: binary

Content-Length: 1843

Cache-Control: max-age=594871, public, no-transform, must-revalidate

Date: Thu, 12 Jun 2014 10:17:00 GMT

Connection: keep-alive

0../......(0..$.. .....0......0...0...........0..1.0...U....US1.0...U.
...VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign 
Class 3 Code Signing 2010 OCSP Responder..20140612073040Z0s0q0I0... ..
.................F....0.yV......{&.K......&............d..{2...ze.....
20140612073040Z....20140619073040Z0...*.H...................BJr.2i..a.
...E....c..1}.....)q8...f:...]" .6:&m.......8E.N.ef.Q.W..}u.....e.o$.Y
E..%..d..*....3gl.4......YK.....c.}?.j.Q.{O...AK..!.!y.....MW....)..q.
...N..C..8m/3....JY.i..........^P...o....C..L..G>Si..(..7..i.U..J..
..4....:..G..%..=..M.A....K..........0...0...0............b.Y".!.F.|..
..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....V
eriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.c
om/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...140330
000000Z..140628235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U
....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 201
0 OCSP Responder0.."0...*.H.............0.........F........../.j...{..
...T......ZI.X......AD..;...`...Yg..../..:...$U.G1.....G4.Pan..}`.....
.a...>a.f.9.d...CH][email protected].. .. ...\...aT
FB..a....]..........lw.d...|[email protected].&7.2.." u..u..:..BY.....
.....hJ.n.is!...U. .P.YQ ............0...0...U....0.0....U. ...0..0...
.`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0
V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. lt
d. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0....

<<< skipped >>>

POST / HTTP/1.1

Host: ocsp.verisign.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Length: 115

Content-Type: application/ocsp-request

Connection: keep-alive

0q0o0M0K0I0... .........)8t..).~.5bRd.S
....
D\.SD..~. .%..c..y...]......[y......k..0.0... .....0...
0... .....0..
HTTP/1.1 200 OK

Last-Modified: Wed, 11 Jun 2014 17:41:36 GMT

Expires: Wed, 18 Jun 2014 17:41:36 GMT

Content-Type: application/ocsp-response

content-transfer-encoding: binary

Content-Length: 1852

Cache-Control: max-age=545271, public, no-transform, must-revalidate

Date: Thu, 12 Jun 2014 10:17:01 GMT

Connection: keep-alive
0..8......10..-.. .....0......0...0...........0..1.0...U....US1.0...U.
...VeriSign, Inc.1.0...U....VeriSign Trust Network1>0<..U...5Ver
iSign Class 3 Secure Server CA - G3 OCSP Responder..20140611174136Z0s0
q0I0... ..........)8t..).~.5bRd.S......D\.SD..~. .%..c..y...]......[y.
.....k....20140611174136Z....20140618174136Z0...*.H...................
.!.....3.......$Q.......=(W..~........f..y.v......D.i. wH:Wy.LB.3..p[;
0.....;.T.$...V:...R..#..9S......B..[.!.L...............z.....e.sp.2=.
.. ..... ....H$..V]..B.......}.. .W_..tc9...x..(....qo.]...\.^.{{.Aq@.
 o......j......2.M{;.7..<.....x...rRJ.......0...0...0..........j...
.nN.8...6...0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.
0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.
verisign.com/rpa (c)101/0-..U...&VeriSign Class 3 Secure Server CA - G
30...140330000000Z..140628235959Z0..1.0...U....US1.0...U....VeriSign, 
Inc.1.0...U....VeriSign Trust Network1>0<..U...5VeriSign Class 3
 Secure Server CA - G3 OCSP Responder0.."0...*.H.............0........
.7o./E.G .^U.........!.......]..\..B..j.8.{32...2. K.&.B.x....N.UV.F7.
D.X..w.E.......f.........(d0o.....&d...Oc.&....K?P.>......NZ .C.{O.
S....=.A<....G.....?.d...|6A.[..)2m.....t.^.8.Xys[..).-....yp....i.
{%..N`.........c.xv.Y|..Z..../...M...;nr.]..-..3y)...........0...0...U
....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.veris
ign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incor
p. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...<<< skipped >>>

GET /dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-US&anxlv=1402568257998&anxsq=3&present=false&anxe=ToolbarDetect&anxr=136610202 HTTP/1.1

Host: VVV.cursormania.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: sessionData="60GyHS2fzacvA5oAkpN Rm0f2HsHZDTWAZ1jQoCc00lTAXlvYTENuIG6AIiOsNw9xuQWljAedxSdh SiFsGi4E5D80Jwp/Dq6FcR1IvRx7r5J8v4vQNQAIBJnfgkI3VAEnPS2VbnPTX/TzS15LJ5HtR6a2S59Z7lTkPqpn2fHRUS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; partnerId=^ZC^chryyy^YYA^ua; installDate=2014061201; toolbarId=4C8D7C7E-AB7A-4460-92CC-11D4915F6277; partnerSubId=; dlput=YYA; installType=CRX_WEBSTORE; pixelUrl=hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=; s
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:17:41 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id= HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Cookie: sessionData="/UhhXZj JXP8vWlpsd2Hefe4Btdi3wD1t4uMbRKMNjXcUdck9EAhY4CILC4uwrSzaBOjRqt2qybk0VJpc7ji7k7EoAYVt9Mx3gPYa0G0Cny3SiG3e2lVftdFKDemtcMFsaMrbJZjGRACWMKdVQevupyBKdDwMxzj0NxFRnxBmxcB9y8ttHrU7XNVlI6hzCbuj6fV3egGMJJ/suHllaouPeu b98O/YNgkLlx hYzTHl6K/TqWhf0 wikLiWI08bB73zY1UHaeFQR/oaYEifjCwuK7N U8KVGhwuoexcS90pq041TeuVr9aW6lWsAUD2Br7WJd1BFu9CC /Z5XrKrAiDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ8PUKkucquRa7cCLEB2knJzqCJHi6W0BIGxfyCWskwi8Zdm/a t1EDGPUlO03thJujpu2kiZYdYxY648eK6i2YPMhDr09QEfWObUIULksUVH7d u6E0GDYW6nGokIcX7qZNebsDC2yru4b3W2b5PsdXBL/Dif6mpoWVZdy9k9m3uLjgrUpelvAn8ttx/YBhg64n08jI1FkBdNjHhKhbGJ1w=="; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568221468&nv=9&t=-&v=-&p=-&si=-&sn=dfprdsndlfe26.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3&xx=install"; anxs="s=576842202&sv=1402568210036&sd=none&sp=-&sk=-&sm=-&sb=-&sc=-&ss=-"; cookieEnabled=true; partnerId=^ZC^foxyyy^YYA^ua; ins
HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:04 GMT

Server: Apache

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMPbBRxwZwkK87qCZecb462PccKM8fGn8T179UMBuW3DaOhhEgxJog/eQnkWp1QdQPPp3AcMBkns7IKsyiDDgHZUmNyrtBgqTRr73ZzfcQkbHi20qfZ5OgT5c60gbHaBgIj4FQZWc0Ra4VH6 1lS38d yDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ/tnV0cvha2DxDvsgdl2VpzEx/gDDzXe5Cze/D5dJk MBKzA/Uzkl/YQhqmeHU33BkTbDYFJALeqEtu3HPPe7kq0vwuq4tAFgH2wNRjNxZSfV1m0i1fnm meHodLzRRcQ61S/t3ulsipGnXzZ1Qqj0dT973/jTMm58mg7F01tnYr yE9uyEm17nSNdgv48Et/e/z/H6gB5/ajLJtaw/foSzBvgZ5OAfVxicKkw6tlQOMBw8tkxC/rv6PmJGbb24GE"; Version=1; Domain=.cursormania.com; Path=/

Set-Cookie: anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568224384&nv=10&t=-&v=-&p=-&si=-&sn=dfprdsndlfe9.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3&xx=install&xnt=&xn=&xrm=&xct=&xu=&xrs=&xkw=&xit=&xg=&xbkw=&xft=&xad="; Version=1; Domain=.cursormania.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:17:04 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html;charset=UTF-8
2002.............}.w.8....9.?...c{.8.>...4.i..6.I:;{sz|dK....W...N.
......%;i;..o.;.-. .......q6._........z.;....."w.w.$..Y..A.e~.u.(."..n
.(..a._9.z.t.....n4..#@...t.CG.#..  ...,-5..h..q.l}6._...M.W@A|..ko.m.
.........S7..8....#K.8.Y.....,.'~.....h....)s. en.............=`.0..Y.
..T.....q.d.YV,....HXW......~\..i.',...,.Ga.z,......,t3_.. .....hW...)
...42cA..a..-..........a.w......../..S,..:..I^.-...x0..Ht\..../G....I.
.T..t....r.:.....6.}..!.'..?.....>.`.}.=t..om....M..m......h`...1U.
...f.h:qD|O3..........qz%T...t.]g.O....N.i.97<.N.E>..(.`.6.F..y.
.4v.C.(......?.dI..[q|.K........%.F~vF.F.f..mf.....$..0:.g.........V..
V[1"~.-.K@..<}}s.....l:.S......Z...uR?...$..2..n.(!N._g......^N.X,.
.P.l.bi2....e..1%..n..v......q.zM.5.F....\.I~..S..HY.....Ys....C.lf. .
.`..k...`...l.!..F.........&..N..X.....5.......-#-5.......6&...A]...}.
V#A..i..Gk..T...o...u{.Cv.e.S.....(............Go8..O.....o....a....;t
.@Yj...#....j;T...l.@K.._..?...lpz.....}..,...|...].y.^O..j......10..`
...a1...W...8........h([email protected]..?.%..I.r.......J........n..*...V3K.......
.>..\...`.#qh$/.s.3G.,.r[S.m.0...v..89>;op..fY2....'.R6.....h0N.
(....6\,........}B...p.......E..^.\]]...d..U.. F..l.....M.........3...
.).T..].j&...>.qd..4K.g..4.%2.P.D..../..f.'z.....Ut..w....... .X..`
..m,S....r....e..........~.9.......l...8irb...'........Li..\..wq.n....
{.L...l.|.tC}.....CP...@=..g>=qf...*.].W..j.*6..'.0..IE..$.9.s.....
.(...$..;`b...._0S.n..?3?QSN9p.N...m.(.#....CP.T......aZ7.....ESG.....
m..wC7M..o. ..6.H..Z.....?[...".....d'..Hf.x..`..........8..IZK2.p<<< skipped >>>

GET /serve/fb/ver?uatFilter=false&fb_key=cat=&name=success&sid=4242&crv=client_revenue&oid=order_id&xr=8419881041540792783&referer=http://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^zc^foxyyy^yya^ua&coid=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=http://pixel.fetchback.com/serve/fb/pdj?cat=&name=success&sid=4242&crv=client_revenue&oid=order_id /serve/fb/pdc  http://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^zc^foxyyy^yya^ua&coid=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=&cat=&sid=4242&name=success&uid=1402568225317:5468785824816444&crv=0.0&oid=ORDER_ID HTTP/1.1

Host: pixel.fetchback.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://pixel.fetchback.com/serve/fb/blank

Cookie: fbid=mdDELxxoWVxHRLM9z3mM3S; uid=2_1402568225_1402568225317-5468785824816444; kwd=2_1402568225; uat=2_1402568225; bpd=2_1402568225; cmp=2_1402568225; clk=2_1402568225; afl=2_1402568225; sit=2_1402568225_4242-0-0; cre=2_1402568225; scg=2_1402568225; apd=2_1402568225; eng=2_1402568225; ppd=2_1402568225; act=2_1402568225

Connection: keep-alive


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:06 GMT

Cache-Control: max-age=0, no-store, must-revalidate, no-cache

Expires: Thu, 12 Jun 2014 10:17:06 GMT

Pragma: no-cache

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Content-Type: image/gif

Vary: Accept-Encoding

Content-Encoding: gzip

Connection: close

Transfer-Encoding: chunked

36............r.t..Ldd`dh``...?....O.F ..."@2.LL............a........ 
.....0..

GET /dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-US&anxlv=1402568210038&anxsq=3&present=false&anxe=ToolbarDetect&anxr=1139351036 HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Cookie: sessionData="7JRNV6bd9p3sD6hd1243kxFdEMojLcZ72bfIbGsNKv819Kfp7BJgb W/2hwJsia2xuQWljAedxSdh SiFsGi4FXox6Sw2rYh1bcmTuBafRH5J8v4vQNQAIBJnfgkI3VAX4nw3AtIAxe0FD0Jvpw/Fv2T6b6uTtPF2D987NjsSVgS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568210058&nv=3&t=-&v=-&p=-&si=-&sn=dfprdsndlfe31.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyy
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:16:52 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /localStorage.jhtml?toolbarData={"toolbarId":"4C8D7C7E-AB7A-4460-92CC-11D4915F6277","partnerId":"^ZC^chryyy^YYA^ua","partnerSubId":"","installDate":"2014061201","homePageOption":"true","homePage":"true","defaultSearchOption":"true","defaultSearch":"true","installType":"CRX_WEBSTORE","pixelUrl":"http://cursormania.dl.tb.ask.com/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=","successUrl":"http://VVV.cursormania.com/dl/installComplete.jhtml","dlput":"YYA"} HTTP/1.1

Host: cursormania.dl.tb.ask.com

Connection: keep-alive

Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:40 GMT

Server: Apache

Set-Cookie: anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568260714&xn=&xrm=&xtp=&xct=&xs=&lv=1402568260714&xp=&xrt=&xt=&nv=1&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe11.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="; Version=1; Domain=.tb.ask.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:17:40 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Content-Length: 472

Connection: close

Content-Type: text/html;charset=UTF-8
..........eR.n.0.}...C...J..(...M4P.=....u....i.:vd...i.>...._l.s..
....X....N....-...C..T,"J..5.....FD.Rdl....%.rK.N..*k........'x..JL...
P.J.SPs0.#..'9...\.?...8X.f7.l.... ..x..s?tG.c/.H...P..d.#^.B.m.~x...8
.I..K.R...........p...P....xd..K)...ag...X............|............Mr.
.[t>..._.7L.X_;.m....Q..q.S...Me...m..m?u.......!..\fQ.4..9..t.{a:.
=....0..#..(<.M.E=..Lu'.J7.2._..n.....Q....eUs........4jc...xo..K.&
lt;A..Dm.p...$ga }.S..lkT.x,......2=..!J]..cT....=.....oS.........

GET /images/anx/anemone-1.2.7.js HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: */*

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 08 Jul 2013 20:02:48 GMT

ETag: "774114-a236-4e105875b5290"

Accept-Ranges: bytes

Content-Length: 41526

Cache-Control: max-age=309572103

Expires: Thu, 06 Jul 2023 20:02:48 GMT

Content-Type: application/javascript

Date: Thu, 12 Jun 2014 10:16:50 GMT

Connection: keep-alive
// You can define an _AnemoneParams global var with the following memb
ers (all are optional):..// uniqueUser: unique user ID (${eventRecord.
uniqueUserId}) -- if missing, will generate a value..// appId: applica
tion ID (${eventRecord.application}) -- if missing, will use current h
ostname..// appVersion: application build version (${eventRecord.appBu
ildVersion})..// appDate: application build date (${eventRecord.appBui
ldDate}) -- if missing, will attempt to use document.lastModified..// 
logPageView: if true, each page view will be logged (only do this if y
ou are not using server-side logging -- otherwise each page view will 
be logged twice)..// updateSession: if true, the session and referrer 
info in the cookie will be updated (only do this if you are not using 
server-side logging at all, or not using the Java servlet filter -- ot
herwise events may be double-counted and sessions may expire unexpecte
dly)..// domain: cookie domain (if not present, will use the last two 
components of the current hostname)..// url: base URL for callback (if
 not present, will use the current URL with "anemone.jhtml" instead of
 the page)..// getAppParams: function which returns an object whose pr
operty names/values will be logged for page views and events (values w
ill be URL-encoded)..// getAppCookieChips: function which returns an o
bject whose property names/values will be added to the Anemone cookie 
(names should begin with "x")..// getUserSegments: function which acce
pts an array of segment IDs and returns the array, possibly adding<<< skipped >>>

GET /images/vicinio/dsp-images/lisa.delmar/background999/1355163506143.gif HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 10 Dec 2012 18:18:26 GMT

ETag: "47c760-6408-4d0839766aa53"

Accept-Ranges: bytes

Content-Length: 25608

Cache-Control: max-age=269142465

Expires: Thu, 08 Dec 2022 18:18:26 GMT

Content-Type: image/gif

Date: Thu, 12 Jun 2014 10:16:51 GMT

Connection: keep-alive
GIF89a .X........OyG..'>.Q.S.........!!!<y..X.....W....".&0q....
.........$h.6t.dt....N...T.......\[[,.0.Z.............'f....6.9/o..].v
...UUH~.I.Lz.}.[....;;;....`.j.....*l....,,,[email protected]....^.R.U..
..........K.N?z..........)l.&.*............8r....;P.......-n.U.W^.ah.k
...xxx/.3...............Y..z...........3.6...B.D.........(k.F.....E.H.
..d........!f.^]\9v.............O.QIII>.@fff:.=.....23s.S........9.
<_.b...f...b....U......."...C}.......&&&nnn......2r.&i.M.O......987
......).-...._.B}.U.X=y.....[.l.o*..VVV............WWWv.x.c.\........O
.R...p...........r.t...............I.L%i. m.2r.....Y.?z.......Z.\...QQ
Qb.d...P.R...}..8u....^.........[.-n....i..m.......m...Y...^..........
E.H.b.*l.w..4s.8u....7u.._.!f.............f.h"g.|..Z.]..^.zO......5s..
..............:w.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket b
egin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="a
dobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-
17:32:00        "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02
/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="
hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/
1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM
:OriginalDocumentID="xmp.did:06801174072068119109E36B2E3A2A2D" xmpMM:D
ocumentID="xmp.did:38AEE49E3B1A11E296BADC67452E41EC" xmpMM:InstanceID=
"xmp.iid:38AEE49D3B1A11E296BADC67452E41EC" xmp:CreatorTool="Adobe Phot
oshop CS5 Macintosh"> <xmpMM:DerivedFrom stRef:instanceID="x<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/asset3/1394811841643.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 14 Mar 2014 15:44:01 GMT

ETag: "d6f2c-2c2b-4f492f05b837e"

Accept-Ranges: bytes

Content-Length: 11307

Cache-Control: max-age=308301941

Expires: Mon, 11 Mar 2024 15:44:01 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:51 GMT

Connection: keep-alive
.PNG........IHDR... ...F.....45......tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:C5D771D6764611E3AD6DE9
2B10AFB3D2" xmpMM:DocumentID="xmp.did:C5D771D7764611E3AD6DE92B10AFB3D2
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C531C22B764611E3
AD6DE92B10AFB3D2" stRef:documentID="xmp.did:C531C22C764611E3AD6DE92B10
AFB3D2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.C....(.IDATx....`T....w........H....m.VE
.........~.U......}...h.ZQ.Z...(..O.Z..".. ..../....<..L&.m.L.|~z.w
.=...s.......,]..a...F.f.. ....0..0..0...i.H.E..H;BW.B.M"-...I.&......
...^.U.0..0..0LDx.^sSSSaYYY........,..".C..................u5.P}^.E.a.
.a..a"B..a.$`..Q..B......c..|h.V...YD.c...p:..X..k.a..a..a.nC....V&.".
.PU..;w..h..u...".B ...Y|0..0..0..'.s.4.i..|..$@n.<y......z.%.a..a.
.a.....5Hs......YYY..G.I..O....-\...0..0L.BZ.4.i.. y......d.....CG"...
z.....Gl..wrWD........3`.U...0..0..E(. 95.f.H..u:]TG.....#.|......:.!.
...... i.P...N.....x..1..s...:.q*...a..a.hAZ.4.i.C......=...."$...<<< skipped >>>

GET /images/download/firefox/InstallOnFirefox.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 06 Dec 2013 21:03:05 GMT

ETag: "ae35b6-1604-4ece3f8fb566d"

Accept-Ranges: bytes

Content-Length: 5636

Cache-Control: max-age=311341818

Expires: Mon, 04 Dec 2023 21:03:05 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:55 GMT

Connection: keep-alive
.PNG........IHDR...Z...B......-......sBIT....|.d.....pHYs...........~.
....tEXtSoftware.Adobe Fireworks CS6.......~IDATx...{.T...?{.S..~V7...
...y..$..f..1...q...`\.n..:.....hL.,c...;...........^2#.Fy)" m...44...
QU..s..Guwx.>(2......:..}~.....g.}~Bk.).../.R^..^,.l.BT..S..g......
......e.....[.v...8..h.O.I..?..zS........d..5.\...[.,..=z....B...v....
.h<.Q.t~.?/. ... f..R.5.....m..-.^.x..@p....... L..5.v.&.i..:.f..$e
JR!AD..R.].v}f..9...c|.(.}...4...p...:._...].P.1H.........Y.f=.x.!.<
;..&.4W.....9'.i...' . ....3f.....~..:...G.Z..B....O>...&b.4..Ba..y
..j........G.A.Y!.|Gi......s.....bs.|.....hDh...z.....Q...wI...D$.....
.^.....O...T..h...]\...|.k_y.'.c..<...S.kkm....g......."9_a..H$..j.
....j).....J?.}...ik}....iF.lnn......Z/.(..L......<.....0o.B*...F..
.... ?........ m.-4653....-...6L.FcS.[.u..OV....`.s..mkm!.O..o...K.^A4
.?j.]}.)5)....TVV^HQh..R....C.^...._..q.?.....N......M.........=.]...`
...l.......|.......U......kkO....?V....'...eK...H..b..<.(.w........
../..\F..2..O.8'$........~.-.\........-.hkma...\v.5.\....}....v.z....0
o.%|..Gy........w...u...o......V...h....w.r.F.....x....U.....~....[x..
.-cW...~..>s..q"F.4...0.i22..n{....I...d. ....U...1..s..1O.%U^AcS3.
.&.`.e....<.,...........V=...f....b.../:..?..s..KXx.R.....G])....dT
K!D.b.-..>....eGRY......_...._... .......k.*...[..?........`..)G}..
?.........i"x/.>...}..ts....`Y.......C........w.......x/.F..u......
jjy..W....S.x.e.b..{d..........u~t..~......!.H.E.G9.......A.....=.....
Q....%......&m.-<..q..~.iM...I.........>.g...^.............j<<< skipped >>>

GET /images/nocache/vicinio/installers/210720343.YYA.3/267246-140605124901-YYA.3/7lffxtbr-rsl@CursorMania_7l.com.xpi HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 05 Jun 2014 16:49:09 GMT

ETag: "42f199-d058f-4fb1986175ded"

Accept-Ranges: bytes

Content-Length: 853391

Cache-Control: max-age=314778731

Expires: Sat 02 Apr 1977 17:15:00 GMT

Pragma: no-cache

Content-Type: application/x-xpinstall

Date: Thu, 12 Jun 2014 10:16:57 GMT

Connection: keep-alive
PK........$f.D..s/............META-INF/zigbert.rsa0.....*.H..........0
......1.0... ......0...*.H.........i0...0..k............d..{2...ze.0..
.*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSi
gn Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rp
a (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...12041000000
0Z..150506235959Z0..1.0...U....US1.0...U....NewYork1.0...U....White Pl
ains1&0$..U....Mindspark Interactive Network1>0<..U...5Digital I
D Class 3 - Microsoft Software Validation v21&0$..U....Mindspark Inter
active Network0.."0...*.H.............0.........]V.}.>...<.s`...
...\U.idS=..b.o%.....Cu.`..z.........vK....'Q.p..;.......m......3..>
;..&..$......L..$..l..^....H,q).'.....sGk.....*.8.T.r.=U.(l...s}....t.
b.%.s.Y.....$...5...J6._.M..j.V.....mh0^.7..-....cl...U.....!|]."}....
.i...}/Xc..d|t...hw...v.6......g........{0..w0...U....0.0...U.........
[email protected]./hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
..U. .=0;09..`.H...E....0*0(.. .........hXXps://VVV.verisign.com/rpa0.
..U.%..0... .......0q.. ........e0c0$.. .....0...hXXp://ocsp.verisign.
com0;.. .....0../hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0...U.
#..0.......{&.K......&.....0...`.H...B........0... .....7.....0.......
0...*.H................h.6.I..%.....a.:.O<.]./...a.W.}..%P"....g...
..\..a1..G~.[.....x........?J.\...8Sa6..L..Q.7.5@[email protected].}.p3..&l
t;f";.;.......hJ|<...Hk.C..5..l....,b..F...@9cB...;..Y..>F..J$`.
.....0 ....w....?!}.....<[email protected].<<< skipped >>>

POST /mirrorCookies.jhtml HTTP/1.1

Host: cursormania.dl.tb.ask.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive

Content-Type: application/x-www-form-urlencoded

Content-Length: 704

sessionData=,,-1,false,1,"7JRNV6bd9p3sD6hd1243kxFdEMojLcZ72bfIbGsNKv819Kfp7BJgb+W/2hwJsia2xuQWljAedxSdh+SiFsGi4FXox6Sw2rYh1bcmTuBafRH5J8v4vQNQAIBJnfgkI3VAX4nw3AtIAxe0FD0Jvpw/Fv2T6b6uTtPF2D987NjsSVgS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx+RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg+48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG+GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5+FVq0pHaSnmXsW6fb3bVQf+D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="&dlput=,,-1,false,1,YYA
HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:16:52 GMT

Server: Apache

Set-Cookie: sessionData="7JRNV6bd9p3sD6hd1243kxFdEMojLcZ72bfIbGsNKv819Kfp7BJgb W/2hwJsia2xuQWljAedxSdh SiFsGi4FXox6Sw2rYh1bcmTuBafRH5J8v4vQNQAIBJnfgkI3VAX4nw3AtIAxe0FD0Jvpw/Fv2T6b6uTtPF2D987NjsSVgS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; Version=1; Domain=cursormania.dl.tb.ask.com; Max-Age=2592000; Expires=Sat, 12-Jul-2014 10:16:54 GMT; Path=""

Set-Cookie: dlput=YYA; Version=1; Domain=cursormania.dl.tb.ask.com; Max-Age=2592000; Expires=Sat, 12-Jul-2014 10:16:54 GMT; Path=""

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568214380&xn=&xrm=&xtp=&xct=&xs=&lv=1402568214380&xp=&xrt=&xt=&nv=1&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe5.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="; Version=1; Domain=.tb.ask.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:16:54 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Length: 93

Connection: close

Content-Type: text/html
..........-.A..0...Rr.....im.B.....W..0...>4s..2.....I...w.3..<.
a.&....TqP.....]..x.7...KX.....<<< skipped >>>

GET /CSC3-2010.cer HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: csc3-2010-aia.verisign.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

ETag: "4df6e0fc400cae9c052fae98c66d379f:1367386211"

Last-Modified: Wed, 01 May 2013 05:30:11 GMT

Accept-Ranges: bytes

Content-Length: 1550

Content-Type: text/plain

Date: Thu, 12 Jun 2014 10:17:05 GMT

Connection: keep-alive
0...0..........R...%V.......K3.0...*.H........0..1.0...U....US1.0...U.
...VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 
VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3
 Public Primary Certification Authority - G50...100208000000Z..2002072
35959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Tru
st Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)1
01.0,..U...%VeriSign Class 3 Code Signing 2010 CA0.."0...*.H..........
...0.........#K^....2..W....&~......}..6k..u.0..h.. u......i..7..{....
.7M_.;......'5.%.8..c.........jb.L.!......;.*O.[..O..v..'.|..~}......H
.i...<<A.>......q.U...&J@<..&...m...%{..?../....w..V.z;T0S
..b4....Z.(..L.N~[.........u....G...r..4....L~..O.=W.0..6...v.....~4-.
.........0...0...U.......0.......0p..U. .i0g0e..`.H...E....0V0(.. ....
.....hXXps://VVV.verisign.com/cps0*.. .......0...hXXps://VVV.verisign.
com/rpa0...U...........0m.. ........a0_.].[0Y0W0U..image/gif0!0.0... .
.............k...j.H.,{..0%.#hXXp://logo.verisign.com/vslogo.gif04..U.
..-0 0).'.%.#hXXp://crl.verisign.com/pca3-g5.crl04.. ........(0&0$.. .
....0...hXXp://ocsp.verisign.com0...U.%..0... ......... .......0(..U..
.!0...0.1.0...U....VeriSignMPKI-2-80...U..........{&.K......&.....0...
U.#..0.....e......0..C9...3130...*.H.............V".4..a.H...V.d......
....z."..G8J-l..q.|.p...O...S..^.t.I$..&...G.Lc...4..E...&s....dm.q..E
.`.YQ9.X.k....yk..Ar.7"...#.?D...a....\.=...B=e6..=@(....#&.K ...].L4.
<..7.o. .4.&.........!.3o..X.%|t.X.u.c?.1|......Sv.[........].!<<< skipped >>>

GET /dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe19.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/installComplete.jhtml&anxl=en-US&anxlv=1402568242162&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&anxe=installCompleteLanding&anxr=208761035 HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/installComplete.jhtml

Cookie: sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMPbBRxwZwkK87qCZecb462PccKM8fGn8T179UMBuW3DaOhhEgxJog/eQnkWp1QdQPPp3AcMBkns7IKsyiDDgHZUmNyrtBgqTRr73ZzfcQkbHi20qfZ5OgT5c60gbHaBgIj4FQZWc0Ra4VH6 1lS38d yDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ/tnV0cvha2DxDvsgdl2VpzEx/gDDzXe5Cze/D5dJk MBKzA/Uzkl/YQhqmeHU33BkTbDYFJALeqEtu3HPPe7kq0vwuq4tAFgH2wNRjNxZSfV1m0i1fnm meHodLzRRcQ61S/t3ulsipGnXzZ1Qqj0ZjeR5Sxf30IpmoXxNd3efn yE9uyEm17nSNdgv48Et/e/z/H6gB5/ajLJtaw/foSzBvgZ5OAfVxicKkw6tlQOMBw8tkxC/rv6PmJGbb24GE"; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568242167&nv=13&t=-&v=-&p=-&si=-&sn=dfprdsndlfe19.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyy
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:17:23 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /ThawteTimestampingCA.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: crl.thawte.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Server: Apache

ETag: "b4afc7d74ed1d09414b43a1c8c3ae177:1396042209"

Last-Modified: Fri, 28 Mar 2014 21:30:09 GMT

Accept-Ranges: bytes

Content-Length: 341

Date: Thu, 12 Jun 2014 10:17:00 GMT

Connection: keep-alive

Content-Type: application/pkix-crl

0..Q0..0...*.H........0..1.0...U....ZA1.0...U....Western Cape1.0...U..
..Durbanville1.0...U....Thawte1.0...U....Thawte Certification1.0...U..
..Thawte Timestamping CA..140320000000Z..140630235959Z0...*.H.........
...(.3..'..g~;...pJa...*B.u..prG.[...K.B...F/....-g....y....>...1..
...y...e....[.f.....*.B4..]....Q |...K-.\.~.26......|*...B.:#r.;HTTP/1
.1 200 OK..Server: Apache..ETag: "b4afc7d74ed1d09414b43a1c8c3ae177:139
6042209"..Last-Modified: Fri, 28 Mar 2014 21:30:09 GMT..Accept-Ranges:
 bytes..Content-Length: 341..Date: Thu, 12 Jun 2014 10:17:00 GMT..Conn
ection: keep-alive..Content-Type: application/pkix-crl..0..Q0..0...*.H
........0..1.0...U....ZA1.0...U....Western Cape1.0...U....Durbanville1
.0...U....Thawte1.0...U....Thawte Certification1.0...U....Thawte Times
tamping CA..140320000000Z..140630235959Z0...*.H............(.3..'..g~;
...pJa...*B.u..prG.[...K.B...F/....-g....y....>...1.....y...e....[.
f.....*.B4..]....Q |...K-.\.~.26......|*...B.:#r.;..

GET /pixel?pixelID=101809&pixelID=101807&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segment HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/splashPixels.jhtml

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: segment-pixel.invitemedia.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Location: hXXp://bid.g.doubleclick.net/xbbe/invitepixel/pixel?pixelID=101809&pixelID=101807&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segment

Cache-Control: private

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Date: Thu, 12 Jun 2014 10:16:36 GMT

Server: sffe

Content-Length: 373

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://bid.g.doubleclick.net/xbbe/invitepixel/pixel?pix
elID=101809&pixelID=101807&pixelID=101808&pixelID=101806&a
mp;pixelID=101810&partnerID=269&key=segment">here</A>
...</BODY></HTML>..HTTP/1.1 302 Found..Location: hXXp://bi
d.g.doubleclick.net/xbbe/invitepixel/pixel?pixelID=101809&pixelID=1018
07&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segm
ent..Cache-Control: private..Content-Type: text/html; charset=UTF-8..X
-Content-Type-Options: nosniff..Date: Thu, 12 Jun 2014 10:16:36 GMT..S
erver: sffe..Content-Length: 373..X-XSS-Protection: 1; mode=block..Alt
ernate-Protocol: 80:quic..<HTML><HEAD><meta http-equiv=
"content-type" content="text/html;charset=utf-8">.<TITLE>302 
Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H
1>.The document has moved.<A HREF="hXXp://bid.g.doubleclick.net/
xbbe/invitepixel/pixel?pixelID=101809&pixelID=101807&pixelID=1
01808&pixelID=101806&pixelID=101810&partnerID=269&key=
segment">here</A>...</BODY></HTML>....<<< skipped >>>

GET /dl/anemone.jhtml?anxuu=B938F72F-35CF-4A29-8572-09BD4B809217&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe17.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-US&anxlv=1402568258078&anxsq=5&anxe=SplashLandingClicked&anxr=921284325 HTTP/1.1

Host: VVV.cursormania.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: sessionData="60GyHS2fzacvA5oAkpN Rm0f2HsHZDTWAZ1jQoCc00lTAXlvYTENuIG6AIiOsNw9xuQWljAedxSdh SiFsGi4E5D80Jwp/Dq6FcR1IvRx7r5J8v4vQNQAIBJnfgkI3VAEnPS2VbnPTX/TzS15LJ5HtR6a2S59Z7lTkPqpn2fHRUS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; cookieEnabled=true; partnerId=^ZC^chryyy^YYA^ua; installDate=2014061201; toolbarId=4C8D7C7E-AB7A-4460-92CC-11D4915F6277; partnerSubId=; dlput=YYA; installType=CRX_WEBSTORE; pixelUrl=hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:17:42 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /tr.gif?anxa=CAPNative&anxv=8.27.3.62908&anxe=ToolbarActive&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi=&anxd=2014-05-12T15:14:33.544Z&f=00400000&anxr=1121207913&defaultSearchState=overridePending&isStore=true&tabEnabled=true HTTP/1.1

Host: live.tb.ask.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Accept: */*

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568260714&xn=&xrm=&xtp=&xct=&xs=&lv=1402568263154&xp=&xrt=&xt=&nv=3&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe11.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="


HTTP/1.1 204 No Content

Server: nginx/1.0.1

Date: Thu, 12 Jun 2014 10:18:01 GMT

Connection: close

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Cache-Control: max-age=0

GET /images/vicinio/dsp-images/lisa.delmar/asset1Backup/1355163627935.gif HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 10 Dec 2012 18:20:28 GMT

ETag: "b6f86b-1d0fa-4d0839eaad48a"

Accept-Ranges: bytes

Content-Length: 119034

Cache-Control: max-age=267955417

Expires: Thu, 08 Dec 2022 18:20:28 GMT

Content-Type: image/gif

Date: Thu, 12 Jun 2014 10:16:51 GMT

Connection: keep-alive
GIF89a..|...........^.iRH..p("....(...qN.T.G0(b.W.tk....k.nO,i0....b.b
...Z...^.N). "Y..(..d.......^O..........L..j.U.!sF.......Yc......P..r.
.........R'.uIKn..\...i...`.......s.g.........R.p....*I[...........Q.p
.(T..OL..i...h....,NOk...h.$..j.'.I..lOj..........su..sqi.RhN0J-.F.l.O
q0 ..N........E........o.r..........OH.(.&.....LDCD....(.wxx3.L..-,s.U
UU....?.....4...............(...V..335fff.q....*v,...UUD.HF....N......
).No..Ms..ffU..."""......wxf33.DD3'M...wIw0..I.....o..G..w,...........
Iv....Qij.....0ffDwwUwdU.....w..f........w.....n."'UU3......qq........
[email protected]...&..3""........?K. wfDDD"... .`.m,l.........N.UD
"[email protected]:....}dz...[DU..cAVD...9!5...q.'ffww{A....?....fwf!!4
DUU"6"..w......... 48...`|T......;....Y......UV"............DU3b|z....
...........!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSz
NTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe X
MP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> <rdf:R
DF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf
:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xml
ns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adob
e.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5
 Macintosh" xmpMM:InstanceID="xmp.iid:2AA8AD42123811E2AA52E600E90B6545
" xmpMM:DocumentID="xmp.did:F8069EC4123911E2AA52E600E90B6545"> <
xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2AA8AD40123811E2AA52E600E9
0B6545" stRef:documentID="xmp.did:2AA8AD41123811E2AA52E600E90B6545<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/background1/1371061585053.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 12 Jun 2013 18:26:28 GMT

ETag: "86adcb-1ae0-4def926ebd010"

Accept-Ranges: bytes

Content-Length: 6880

Cache-Control: max-age=283919237

Expires: Sat, 10 Jun 2023 18:26:28 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:55 GMT

Connection: keep-alive
[email protected] ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:7A86773D6BD411E2BFD9E432
700E40AC" xmpMM:DocumentID="xmp.did:7A86773E6BD411E2BFD9E432700E40AC"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7A86773B6BD411E2BF
D9E432700E40AC" stRef:documentID="xmp.did:7A86773C6BD411E2BFD9E432700E
40AC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>.$.....TIDATx.....$.]...S.=3;k.qbG.'.......
../J..C.p..)....p! .@H"..p..n.A..H..$ ..y1...{./3..PU..]=......n=....=
3=.....o?.T=....gq..}.....=q..Q.Y.h....HUD..R............X_.......w.f.
u.W.>..............?.~...R.?/.8.....^.B.9..3.L....].....j.....<.
..A..[7....x.>n.....?...}v.6..8^......s..E...fQ....S....8h.........
z..q.}.._..{......x....3....M/..Kr{.i..v{y.;..xZ?`..W...O.....i....]0u
W..?.z....z.vC..q ..../.5.F.1{[email protected]...~..;w..8..u..B._U.{
.}..-...2..y...c.,.(..Q........rq....o.SO]....?Mw..7....W?...........4
..q;.|......ut...]R........o.\^......?......./<.s.A.d#.<....<<< skipped >>>

GET /images/download/wb/fftest_arrow_lrg_up.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 28 Jan 2013 14:56:30 GMT

ETag: "3854dc-dea-4d45a7b774e1e"

Accept-Ranges: bytes

Content-Length: 3562

Cache-Control: max-age=275011125

Expires: Thu, 26 Jan 2023 14:56:30 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:57 GMT

Connection: keep-alive
.PNG........IHDR...U...?........f....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:1DC8C455390211E2878D81FE
B4164471" xmpMM:DocumentID="xmp.did:1DC8C456390211E2878D81FEB4164471"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1DC8C453390211E287
8D81FEB4164471" stRef:documentID="xmp.did:1DC8C454390211E2878D81FEB416
4471"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>...N...^IDATx..._.]E....s..l..< .`...D..
.hb..`...,-.rCc.[..J.[ ....BY...........L\.........o..y.`......{.....9
s...9..{w.EOrz..33...|.7..........p......C.E.oh.Q......c......e.._.S.s
o......9]..K.X.."...I.....|.."..O....Gt6G...............|n3. .C.7...:.
H?5....~....O.P.P...b....;A..~Qj.g*}...%..S.R....q...5.....:.Y.4....U#
.d.&..3.UR..l_...R...,..I.u........^_.......B'....e.7K`..{...u.>.n.
...vm.n3-.X...-..O......P.a...<.s.UW.P.tu.h.......e.S.{.._..B......
..3...P}...!.gz..~....>.._................q2........P.RW?.{...].i..
..}...[Y......"T.t....Ot.y.S.3'...w.l.@[email protected]_j...b.{`..=.....u<<< skipped >>>

GET /images/nocache/vicinio/installers/210720343.YYA.3/267246-140605124901-YYA.3/7lffxtbr-rsl@CursorMania_7l.com.xpi HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 05 Jun 2014 16:49:09 GMT

ETag: "42f199-d058f-4fb1986175ded"

Accept-Ranges: bytes

Content-Length: 853391

Cache-Control: max-age=314778731

Expires: Sat 02 Apr 1977 17:15:00 GMT

Pragma: no-cache

Content-Type: application/x-xpinstall

Date: Thu, 12 Jun 2014 10:16:58 GMT

Connection: keep-alive
PK........$f.D..s/............META-INF/zigbert.rsa0.....*.H..........0
......1.0... ......0...*.H.........i0...0..k............d..{2...ze.0..
.*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSi
gn Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rp
a (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...12041000000
0Z..150506235959Z0..1.0...U....US1.0...U....NewYork1.0...U....White Pl
ains1&0$..U....Mindspark Interactive Network1>0<..U...5Digital I
D Class 3 - Microsoft Software Validation v21&0$..U....Mindspark Inter
active Network0.."0...*.H.............0.........]V.}.>...<.s`...
...\U.idS=..b.o%.....Cu.`..z.........vK....'Q.p..;.......m......3..>
;..&..$......L..$..l..^....H,q).'.....sGk.....*.8.T.r.=U.(l...s}....t.
b.%.s.Y.....$...5...J6._.M..j.V.....mh0^.7..-....cl...U.....!|]."}....
.i...}/Xc..d|t...hw...v.6......g........{0..w0...U....0.0...U.........
[email protected]./hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
..U. .=0;09..`.H...E....0*0(.. .........hXXps://VVV.verisign.com/rpa0.
..U.%..0... .......0q.. ........e0c0$.. .....0...hXXp://ocsp.verisign.
com0;.. .....0../hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0...U.
#..0.......{&.K......&.....0...`.H...B........0... .....7.....0.......
0...*.H................h.6.I..%.....a.:.O<.]./...a.W.}..%P"....g...
..\..a1..G~.[.....x........?J.\...8Sa6..L..Q.7.5@[email protected].}.p3..&l
t;f";.;.......hJ|<...Hk.C..5..l....,b..F...@9cB...;..Y..>F..J$`.
.....0 ....w....?!}.....<[email protected].<<< skipped >>>

GET /images/nocache/native/cDNS.json HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 20 Mar 2014 16:27:21 GMT

ETag: "7d65a4-170-4f50c3e5fc757"

Accept-Ranges: bytes

Content-Length: 368

Cache-Control: max-age=309264378

Expires: Sat 02 Apr 1977 17:15:00 GMT

Pragma: no-cache

Content-Type: application/json

Date: Thu, 12 Jun 2014 10:17:04 GMT

Connection: keep-alive
{..    "comment": "refresh every 1 week (7*24*60*60*1000)",..    "refr
eshPeriod": 604800000,..    "list": [..        {"url": "hXXp://VVV.dns
rsearch.com/index.php", "p": "origURL"},..        {"url": "hXXp://sear
ch.dnsassist.verizon.net/assist.php", "p": "url"},..        {"url": "h
ttp://domainnotfound.optimum.net/cablevassist/dnsassist/main/", "p": "
domain"}..    ]..}....


GET /images/vicinio/dsp-images/210720343/asset6/1395093189079.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://cursormania.dl.tb.ask.com/ffInstruct.jhtml

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 17 Mar 2014 21:53:08 GMT

ETag: "e247b-174a-4f4d471ee9ea5"

Accept-Ranges: bytes

Content-Length: 5962

Cache-Control: max-age=307884962

Expires: Thu, 14 Mar 2024 21:53:08 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:17:05 GMT

Connection: keep-alive
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e&
lt;...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:C7C1758BF35DE311B7CBE176D78362FF" xmpMM:DocumentID="xmp.did:6FB5
FC1B5E9011E382E1E036CEE6FC57" xmpMM:InstanceID="xmp.iid:6FB5FC1A5E9011
E382E1E036CEE6FC57" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> 
<xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C8C1758BF35DE311B7CBE1
76D78362FF" stRef:documentID="xmp.did:C7C1758BF35DE311B7CBE176D78362FF
"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> &l
t;?xpacket end="r"?>..[.....PLTE......k..W..r.....e.....].."..2....
.......ffg-.1............q.t.~....==>...B.E{.}.........F...........
...j.m...].`........................M.Q......:.....P.RI.L<[email protected]
[email protected]>.....V.Y......*.....*........Z.]I.....M..tt
u~........n.q......O.....v.x...f.i...{{{%%%.........1.5...............
...).....t........[..y.....qqq~..............Q.N...`.c...............X
.Z............x.{'..v........S..F.I//0[[[;.?.}.(.,..................KK
L...&...........3.76.....9.=7.....=........2.6.........R.U8.<O.<<< skipped >>>

GET /images/vicinio/dsp-images/210720343/asset1/1395071993944.png HTTP/1.1

Host: ak.imgfarm.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/installComplete.jhtml

Connection: keep-alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 17 Mar 2014 15:59:54 GMT

ETag: "7c1781-44a3-4f4cf82a5965b"

Accept-Ranges: bytes

Content-Length: 17571

Cache-Control: max-age=307863751

Expires: Thu, 14 Mar 2024 15:59:54 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:17:23 GMT

Connection: keep-alive
.PNG........IHDR.......#......3......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......<<< skipped >>>

GET /fr/u.php?p=185501061579159&m=Qsjq7rvERG61T7DtbRiJFA&t=2592000&cb=ewvc6u HTTP/1.1

Host: VVV.facebook.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=

Connection: keep-alive


HTTP/1.1 302 forced.302

Location: hXXp://a.triggit.com/pxfbcm?s=miss

Date: Thu, 12 Jun 2014 03:17:05 PDT

X-Content-Type-Options: nosniff

Pragma: public

Content-Security-Policy: default-src *;script-src hXXps://*.facebook.com hXXp://*.facebook.com hXXps://*.fbcdn.net hXXp://*.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' hXXps://*.akamaihd.net hXXp://*.akamaihd.net *.atlassolutions.com;style-src * 'unsafe-inline';connect-src hXXps://*.facebook.com hXXp://*.facebook.com hXXps://*.fbcdn.net hXXp://*.fbcdn.net *.facebook.net *.spotilocal.com:* hXXps://*.akamaihd.net ws://*.facebook.com:* hXXp://*.akamaihd.net hXXps://fb.scanandcleanlocal.com:* *.atlassolutions.com hXXp://attachment.fbsbx.com hXXps://attachment.fbsbx.com;

X-XSS-Protection: 0

Cache-Control: public, max-age=0

Expires: Thu, 12 Jun 2014 03:17:05 PDT

Content-Type: text/html; charset=utf-8

X-FB-Debug: EPb4ZN YoO9 EQL2cX/3VTneE1k4LeeDPogedWwO7LgKd2KbvOLzLkoE3lmtMHwTKtcWNk/bwInSvbN9nxFnWw==

Connection: keep-alive

Content-Length: 0

HTTP/1.1 302 forced.302..Location: hXXp://a.triggit.com/pxfbcm?s=miss.
.Date: Thu, 12 Jun 2014 03:17:05 PDT..X-Content-Type-Options: nosniff.
.Pragma: public..Content-Security-Policy: default-src *;script-src htt
ps://*.facebook.com hXXp://*.facebook.com hXXps://*.fbcdn.net hXXp://*
.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.
google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval
' hXXps://*.akamaihd.net hXXp://*.akamaihd.net *.atlassolutions.com;st
yle-src * 'unsafe-inline';connect-src hXXps://*.facebook.com hXXp://*.
facebook.com hXXps://*.fbcdn.net hXXp://*.fbcdn.net *.facebook.net *.s
potilocal.com:* hXXps://*.akamaihd.net ws://*.facebook.com:* hXXp://*.
akamaihd.net hXXps://fb.scanandcleanlocal.com:* *.atlassolutions.com h
ttp://attachment.fbsbx.com hXXps://attachment.fbsbx.com;..X-XSS-Protec
tion: 0..Cache-Control: public, max-age=0..Expires: Thu, 12 Jun 2014 0
3:17:05 PDT..Content-Type: text/html; charset=utf-8..X-FB-Debug: EPb4Z
N YoO9 EQL2cX/3VTneE1k4LeeDPogedWwO7LgKd2KbvOLzLkoE3lmtMHwTKtcWNk/bwIn
SvbN9nxFnWw==..Connection: keep-alive..Content-Length: 0..

<<< skipped >>>

GET /dl/ HTTP/1.1

Host: VVV.cursormania.com

Connection: keep-alive

Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:37 GMT

Server: Apache

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData="60GyHS2fzacvA5oAkpN Rm0f2HsHZDTWAZ1jQoCc00lTAXlvYTENuIG6AIiOsNw9xuQWljAedxSdh SiFsGi4E5D80Jwp/Dq6FcR1IvRx7r5J8v4vQNQAIBJnfgkI3VAEnPS2VbnPTX/TzS15LJ5HtR6a2S59Z7lTkPqpn2fHRUS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; Version=1; Domain=.cursormania.com; Path=/

Set-Cookie: anx="xrp=^ZC^yyyyyy^YYA^ua&xnt=&xh=8046&xpp=^ZC^chryyy^YYA^ua&xi=CRX_WEBSTORE&fv=1402568257969&xn=&xrm=&xtp=vhigh&xct=&xs=15348&lv=1402568257969&xp=vicinio&xrt=YYA&xt=crxdefaulta&nv=1&xu=&xrs=&oc=-&od=none&ob=-&xkw=&om=-&xrco=ZC&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe17.df.jabodo.com&xgc=false&op=-&xbkw=&xrca=yyyyyy&xrcc=ua&xft=&xad=&xcid=dac75bfa09b5429b8f2aa42f1998f5e1&xuer=3"; Version=1; Domain=.cursormania.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:17:37 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Language: en-US

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html;charset=UTF-8
1ff8..............{[.G.8.7.y.....%.AB. .....d...N....4#i..F..q....oU.}
..8...w............V...|...........-k.."k.........j....jm.nZGo.w.Z...u
.x.4..x.E...;...Y6Yk........8....[........L ..3.~!...G...S.d.H.... ...
H..E..-!....3V?..|.x..,..Y..x.b.1e.d.........ko..,.gK.W...z..kg.e.B...
7..4........V..,pLco...7..q....F.......d.L....E..i.(......LN]/M)....1.
...Y.Z..n._Y...#/...5kyr.a)[email protected]{eri.'..9.. :....9V.....I......
}/....=h4..0.Y..%A.e.y.........<b.,pB.......f?...m......fE.d....a.*
.4..../[email protected].........$<#>[email protected].
...|.\.......K..(..._^~....e...'.1.hL:.H.@.........*&.....=k .F......\
.P......SK.T.EO......l.....T.I.... 8..k.u..#..l.F..)..5..H......#...{.
4... 8.'..c......,....RLL.....C .T.%....(.......H.b.t.Q.d3hY..VV.B0E..
. V.0.l.rR.....>ep.....3k.F..aZ.%.vEc.,...j.It.n.i..,..dV...Y^...}D
*d.....%..x.`....!n......5.....V........L......aidC.:fJ.<s....8#..K
....Q....{.h.'.7....D'.,...'Q8.J...AV....B.E^re...... g`.p\..."..C?..&
e.....G~.`.V..D(.r..H>...$...G......;K..).....V>....n9.-.,.#..].
.y....K...RM.$P......`.7..?b....'....{....b#4."[email protected]...,m
.j>.)~.B.\.!..;MR.}.... R.0Z..A...6h..}..B`E......pB...^..#...E.}.e
...I."m..._ ...8.....\....S..3.y._...ct..-.R....P.r.F.Q^!.s4.....9./..
..]..;...J.......d..&E.....N....w.s3...^2j..Q....y...a.....O...k.A..i)
.....G.. O...<l7.a.%kA|...`...H.u .N..p\.z.v#....lk.u.W....e...q.e.
.....'B8.....i.L{Y.#.k..:L.~|y&..Hi2.}J4....E.#..j7.I<..#.......x..
...}..?......{.$WR.VW...>.H..~.x.W.....t*..........3A9...(.....<<< skipped >>>

POST /mirrorCookies.jhtml HTTP/1.1

Host: cursormania.dl.tb.ask.com

Connection: keep-alive

Content-Length: 704

Cache-Control: max-age=0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Origin: hXXp://VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568260714&xn=&xrm=&xtp=&xct=&xs=&lv=1402568260714&xp=&xrt=&xt=&nv=1&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe11.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="

sessionData=,,-1,false,1,"60GyHS2fzacvA5oAkpN+Rm0f2HsHZDTWAZ1jQoCc00lTAXlvYTENuIG6AIiOsNw9xuQWljAedxSdh+SiFsGi4E5D80Jwp/Dq6FcR1IvRx7r5J8v4vQNQAIBJnfgkI3VAEnPS2VbnPTX/TzS15LJ5HtR6a2S59Z7lTkPqpn2fHRUS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx+RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg+48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG+GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5+FVq0pHaSnmXsW6fb3bVQf+D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="&dlput=,,-1,false,1,YYA
HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:41 GMT

Server: Apache

Set-Cookie: sessionData="60GyHS2fzacvA5oAkpN Rm0f2HsHZDTWAZ1jQoCc00lTAXlvYTENuIG6AIiOsNw9xuQWljAedxSdh SiFsGi4E5D80Jwp/Dq6FcR1IvRx7r5J8v4vQNQAIBJnfgkI3VAEnPS2VbnPTX/TzS15LJ5HtR6a2S59Z7lTkPqpn2fHRUS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; Version=1; Domain=cursormania.dl.tb.ask.com; Max-Age=2592000; Expires=Sat, 12-Jul-2014 10:17:41 GMT; Path=""

Set-Cookie: dlput=YYA; Version=1; Domain=cursormania.dl.tb.ask.com; Max-Age=2592000; Expires=Sat, 12-Jul-2014 10:17:41 GMT; Path=""

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568260714&xn=&xrm=&xtp=&xct=&xs=&lv=1402568261133&xp=&xrt=&xt=&nv=2&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe24.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="; Version=1; Domain=.tb.ask.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:17:41 GMT; Path=/

Content-Encoding: gzip

Vary: Accept-Encoding

Content-Length: 93

Connection: close

Content-Type: text/html
..........-.A..0...Rr.....im.B.....W..0...>4s..2.....I...w.3..<.
a.&....TqP.....]..x.7...KX.....<<< skipped >>>

GET /images/vicinio/dsp-images/lisa.delmar/background999/1355163506143.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 10 Dec 2012 18:18:26 GMT

ETag: "47c760-6408-4d0839766aa53"

Accept-Ranges: bytes

Content-Length: 25608

Cache-Control: max-age=269142465

Expires: Thu, 08 Dec 2022 18:18:26 GMT

Content-Type: image/gif

Date: Thu, 12 Jun 2014 10:16:33 GMT

Connection: keep-alive
GIF89a .X........OyG..'>.Q.S.........!!!<y..X.....W....".&0q....
.........$h.6t.dt....N...T.......\[[,.0.Z.............'f....6.9/o..].v
...UUH~.I.Lz.}.[....;;;....`.j.....*l....,,,[email protected]....^.R.U..
..........K.N?z..........)l.&.*............8r....;P.......-n.U.W^.ah.k
...xxx/.3...............Y..z...........3.6...B.D.........(k.F.....E.H.
..d........!f.^]\9v.............O.QIII>.@fff:.=.....23s.S........9.
<_.b...f...b....U......."...C}.......&&&nnn......2r.&i.M.O......987
......).-...._.B}.U.X=y.....[.l.o*..VVV............WWWv.x.c.\........O
.R...p...........r.t...............I.L%i. m.2r.....Y.?z.......Z.\...QQ
Qb.d...P.R...}..8u....^.........[.-n....i..m.......m...Y...^..........
E.H.b.*l.w..4s.8u....7u.._.!f.............f.h"g.|..Z.]..^.zO......5s..
..............:w.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket b
egin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="a
dobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-
17:32:00        "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02
/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="
hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/
1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM
:OriginalDocumentID="xmp.did:06801174072068119109E36B2E3A2A2D" xmpMM:D
ocumentID="xmp.did:38AEE49E3B1A11E296BADC67452E41EC" xmpMM:InstanceID=
"xmp.iid:38AEE49D3B1A11E296BADC67452E41EC" xmp:CreatorTool="Adobe Phot
oshop CS5 Macintosh"> <xmpMM:DerivedFrom stRef:instanceID="x<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/asset11/1394822508896.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 14 Mar 2014 18:41:49 GMT

ETag: "c4934-c8c2-4f4956c2db8b3"

Accept-Ranges: bytes

Content-Length: 51394

Cache-Control: max-age=307680158

Expires: Mon, 11 Mar 2024 18:41:49 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:35 GMT

Connection: keep-alive
.PNG........IHDR...8...........n.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...hiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:1E5A1CC80C206811822AD392055CB2AC" xmpMM:DocumentID="xmp.did:44EF
C8747F8911E3869488C434A73F85" xmpMM:InstanceID="xmp.iid:44EFC8737F8911
E3869488C434A73F85" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1F5A1CC80C20681182
2AD392055CB2AC" stRef:documentID="xmp.did:1E5A1CC80C206811822AD392055C
B2AC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>........IDATx..}..$E..W..3;.s.....E8@.....(
........S..f?.*[email protected]@8$..'.......9...........'.....~.{=....U=.W.W.^..}
.......(~..E.9...%\K...8S~*)...P8.....dK..J).gx...eR[.'.`.s.O.H......J
e.)..b.Y..\.....*..c.P<..)..pV-J..]...BB....X...8...Z.J.-........V.
JV.....xm...*....>...O.?..R..Y...pL2.......6..Z^. . ...q..t.A%.JS&.
g0....h&R.tl.c....X%..1JA...]..\..eq.....xB./..3..B.X.l...m.~.<...u
n..K26......P....RU<bT].(...P..(.....Q.A......3..Kt|..d......&.rP..
....*..f$.x.fA*[email protected]....]..DL.?..L....q.....fk.r.3...R<<< skipped >>>

GET /images/vicinio/dsp-images/john.bonarrigo/asset4/1371062270841.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ak.imgfarm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 12 Jun 2013 18:37:53 GMT

ETag: "86adcc-32c2-4def94fcbd797"

Accept-Ranges: bytes

Content-Length: 12994

Cache-Control: max-age=283919884

Expires: Sat, 10 Jun 2023 18:37:53 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:16:39 GMT

Connection: keep-alive
.PNG........IHDR..............Uc.....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......<<< skipped >>>

GET /xbbe/invitepixel/pixel?pixelID=101809&pixelID=101807&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segment HTTP/1.1

Host: bid.g.doubleclick.net

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/splashPixels.jhtml

Connection: keep-alive


HTTP/1.1 200 OK

Content-Type: image/gif

Cache-Control: no-cache

Pragma: no-cache

X-Content-Type-Options: nosniff

Date: Thu, 12 Jun 2014 10:16:55 GMT

Server: xbfe

Content-Length: 43

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Alternate-Protocol: 80:quic

Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 12-Jun-2014 10:31:55 GMT; path=/; domain=.doubleclick.net

Expires: Thu, 12 Jun 2014 10:16:55 GMT

GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Content-Ty
pe: image/gif..Cache-Control: no-cache..Pragma: no-cache..X-Content-Ty
pe-Options: nosniff..Date: Thu, 12 Jun 2014 10:16:55 GMT..Server: xbfe
..Content-Length: 43..X-XSS-Protection: 1; mode=block..X-Frame-Options
: SAMEORIGIN..Alternate-Protocol: 80:quic..Set-Cookie: test_cookie=Che
ckForPermission; expires=Thu, 12-Jun-2014 10:31:55 GMT; path=/; domain
=.doubleclick.net..Expires: Thu, 12 Jun 2014 10:16:55 GMT..GIF89a.....
........!.......,...........D..;..

GET /dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-us&anxlv=1402568199512&anxsq=10&searchAssistantOptIn=true&homePageOptIn=true&tbUID=3D4D7956-DFB1-4C00-9DBA-6608C186B6A4&tbVer=2.5.14.85&anxe=InstallerFinished&anxr=1036977062 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: VVV.cursormania.com

Connection: Keep-Alive

Cookie: sessionData="/UhhXZj JXP8vWlpsd2Hefe4Btdi3wD1t4uMbRKMNjXcUdck9EAhY4CILC4uwrSzaBOjRqt2qybk0VJpc7ji7k7EoAYVt9Mx3gPYa0G0Cny3SiG3e2lVftdFKDemtcMFsaMrbJZjGRACWMKdVQevupyBKdDwMxzj0NxFRnxBmxcB9y8ttHrU7XNVlI6hzCbuj6fV3egGMJJ/suHllaouPeu b98O/YNgkLlx hYzTHl6K/TqWhf0 wikLiWI08bB73zY1UHaeFQR/oaYEifjC1vdxg4KbyrtLb3pvHCaIUlXG7Wm26b7NALPQMkLOnmFtKb2aBAg6bvw 9XHmBtUYCDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ8PUKkucquRa7cCLEB2knJwbJfnj73wN1rDKa/JhYB1UuzRGwenttTKCWvvDdVBj3ZrvLK7Su7THP1rKY7aS1XfMhDr09QEfWObUIULksUVEKpTtqwBknhrh5dgpkzupsZNebsDC2yru4b3W2b5PsdXBL/Dif6mpoWVZdy9k9m3uLjgrUpelvAn8ttx/YBhg64n08jI1FkBdNjHhKhbGJ1w=="; anx="u=A81F63A5-8FF1-437F-8109-400CE53AA80A&fv=1402568192637&lv=1402568223325&nv=11&t=-&v=-&p=-&si=-&sn=dfprdsndlfe31.df.jabodo.com&od=none&op=-&ok=-&om=-
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:17:07 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /images/vicinio/dsp-images/lisa.delmar/background/1355162773241.gif HTTP/1.1

Host: ak.imgfarm.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 10 Dec 2012 18:06:13 GMT

ETag: "2e6a5c-6da3-4d0836bb85903"

Accept-Ranges: bytes

Content-Length: 28067

Cache-Control: max-age=268741575

Expires: Thu, 08 Dec 2022 18:06:13 GMT

Content-Type: image/gif

Date: Thu, 12 Jun 2014 10:17:38 GMT

Connection: keep-alive
GIF89a.......888777........................111............!!!.........
......$$$///............"""222   &&&---(((......***000............)))#
##,,,%%%'''...   ......555444666......333........................!....
...,.............e!9.<...... .. V{.66..`(.(5..V`....g......j0..:.Fb
..<.....-I...61..(.1....1c..6..a85&.7.. ..c8%/-# ..%D.()...#.......
 ........&1...!.5_6.Mb1.(..1....56....-/.../.*%"'( .!.423.#.d....6D..P
.....6..q....Z.... C..$.D.!.A...^..!....%6..ao...`.a.([email protected].......
`.c..../.m.. [email protected]....$0..%...8.@ f..8..].pcA.....([c......\.....
.j4h..*.Z..\.*C...3H.x.....d6>[email protected]...(.. .....DT.C...g.P..,#@..)..8
0.%m.S...t*... dH(H....8F(`1..)....X..v..((.X..%...jL.h....(P8....%..X
. ~....8...y.....'|.....@B... CI......@G...`..A..\.........D..........
 ..*[email protected].....@.[.D..t5$..........0...T....a.C.0.pC..H ....7.....B`!T
G%..lpRA%<...*....b....34(...4..~.(...w....^Lp...p4...l...Y. .. ...
...i.......%.P...p`..-.0..0. .......C...... .G#4.....0,.60 ..,..#.1...
. .A...`..... A..X.f..\....%l.BZ..).jT..."*D0......g#....".....%....8.
.....By.h.RA.Lx.).f0........,._..>p.9k.!."s.Y..*[email protected]..*p......E
......P0.. $w..[=`t.Jf...N....-.cC........@@.%T.../.*.)[email protected]`@..tu..
...'..t.B.B.................wW..@.. .3....0....)q.-.P.N~.....,...".`..
........`[email protected]"..| ..M.p...Zp._..0....0y.!(....X.@.'DV...T.B..8..
.... ....!..<...Wc....T..[...,...40...0.....jh...S..V0...*@*...H0,p
./............(...dC..,._o. [email protected][email protected].,.H.....X..2
...D [email protected]!D.C...DP......X.l"`.]T...h.AXVd.....<<< skipped >>>

GET /images/download/ask/pba_0927.png HTTP/1.1

Host: ak.imgfarm.com

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 23 Sep 2013 16:06:07 GMT

ETag: "113790-dd6-4e70f32b009c4"

Accept-Ranges: bytes

Content-Length: 3542

Cache-Control: max-age=315354238

Expires: Thu, 21 Sep 2023 16:06:07 GMT

Content-Type: image/png

Date: Thu, 12 Jun 2014 10:17:39 GMT

Connection: keep-alive
.PNG........IHDR....... .......P.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...xIDATx..\.TT....A.......b..k.#..hb..R..... -...k..t.Y....L..KrUv
...k.%|.c.^..@ h..G.<..a........a..0..v..~..{......_..T. .B..(.@!"W
.....|.8.;$m...!W.vV)..?.....S.......A..U/.F... ...5...Cw....)r.....$.
"..7......A.....g.....h..FA.:nF.F..9..q]&...jkka...PYi9.......NE..]R0(
@[email protected]. .........Bbb".....BCC..7...#F..e..i.
.3......;GN.\[email protected].....
..e\*......`.....c~.f.W....=..............k..{][email protected]
..>y.d.../.... ^C..>[email protected]..[.o.....~.4....n.._......)Y..
|$.H..^.Z.#8].....ju..... p....w.3.u.%.k3.W...?a..BLL.dee..Y.f..M.`..-
.~...HJJ.U.1..............o|.....n....s.]...#"....Z..t...wO....j......
..\f'..7.....K.,......N.E.@Q.]Q.!..p.R...}....A..>..O........;.....
7h.z.s#.@.`...H4xO....../5;;....=8p..I.Q. ..X..a;...J.A.?.*WWP{...D...
...b........&.jJObu.......}..%.... ./....c..0..R.6m..w..r....Z.....$..
\..e... t........)...3....Ik.zw....h#.I.P......l.vr.;^!. ...6.n9 p....
.i...O...;.v..<-@(6I.R5n.Y...044:.. .....*@.C...s1V....|..Mg..YL.t.
.u.~`..Ahm...(.Z0...U.3..j....l;T<..#....mx.R..$B............,.~.vT
.z...|:.|.H..A........l.<....}..P....oA...._.B..c....Dp...1*Th....O
."...d...lk,.............xy......X....n[....Z-...U9..W..$B...c....p.A.
2X.....N|..3.@=..}...".t?.C....s.(..v=.....{.I......}ee..m..J........"
4...-.....h:...|.}.....7...W..&X.. .....Q.R..6d.EX.m.........1........
...VB..S...Q.4P....Hl....`u.$R.,...g$..V...p.M....j.5....6.g..BqO.<<< skipped >>>

GET /images/nocache/vicinio/installers/210720343.YYA.3/267246-140605124901-YYA.3/CursorManiaSetup.exe HTTP/1.1

Accept: */*

User-Agent: Mozilla/4.0 (Compatible; CursorMania_7lEIInstaller)

Host: ak.imgfarm.com

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 05 Jun 2014 16:49:29 GMT

ETag: "cd2667-5ca980-4fb1987508651"

Accept-Ranges: bytes

Content-Length: 6072704

Cache-Control: max-age=314778770

Expires: Sat 02 Apr 1977 17:15:00 GMT

Pragma: no-cache

Content-Type: application/x-msdownload

Date: Thu, 12 Jun 2014 10:16:39 GMT

Connection: keep-alive

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......\..|.../.../
.../.../.../N../.../.../.../z../.../.../.../.../.../Rich.../..........
..............PE..L....."S.................0...P\......(.......@....@.
..........................\.......\...................................
...[..x.........\...........\.........................................
.....................@[email protected]%.......0
.................. ..`.rdata..."[email protected]...@..............@[email protected]...
^[email protected].....\.......\.................@.
.@....................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................

<<< skipped >>>

GET /CSC3-2010.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: csc3-2010-crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Server: Apache

ETag: "0f14141ea04a8c7ee7a6860de08e0985:1402564211"

Last-Modified: Thu, 12 Jun 2014 09:10:11 GMT

Accept-Ranges: bytes

Content-Length: 129951

Date: Thu, 12 Jun 2014 10:17:00 GMT

Connection: keep-alive

Content-Type: application/pkix-crl
0....0.......0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1
.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://www
.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 C
A..140612090003Z..140626090003Z0...c0!....c..k....D.k.....120708062201
Z0!... _...u.t.=.<.&...130218061114Z0!...&..].....P.k.:...120125130
117Z0!...7P.x....8.Q...s..130227010252Z0!...J.....Q..Y.[.....110404153
956Z0!...d...=..q!_...g9..130729145216Z0!...l.....h2<.H......120329
152211Z0!...q.9...`H.*.Y.C...120525202212Z0!...s...TM.......0...121221
080842Z0!...t..,.. ...eL.....130314222305Z0!...y..r.HW.v.....w..140423
054643Z0!..../u.......A..5...101214165045Z0!.....0.Xc...%...iM..121102
230226Z0!.......S.a&.X5t.E]..111206083350Z0!....c.(....B.[M83...140108
164517Z0!....A.Sv.....f,.....110609003155Z0!.....z......!.ID{]..101228
182208Z0!....b^......{d.J'...130102154110Z0!.......n........'u..140521
222808Z0!......0..........I..130912181631Z0!....6e...~..T.......130131
012247Z0!.........bD#*u......130226223939Z0!.......@..'$.).;}\..130121
172259Z0!....7.v..........n..120724160733Z0!....P;.Y..d...c.(...120209
181451Z0!.....].bb[.....!....140328205453Z0!.....a...L`..IV.....130402
[email protected]!...........].{7.....120730
000000Z0!...".......Z.V.,.e..121031192224Z0!...'....[.1......g..130318
195659Z0!...,GI.jH.|...J.....120518121623Z0!...<%a.=.d.......O..120
424164254Z0!...@........... .a..121109212441Z0!...L.&L..o.8..=6....110
311141238Z0!...L...5...s $.=.=..130205142241Z0!...O.c.........t...<<< skipped >>>

GET /pixel?pixelID=101809&pixelID=101807&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segment HTTP/1.1

Host: segment-pixel.invitemedia.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/splashPixels.jhtml

Connection: keep-alive


HTTP/1.1 302 Found

Location: hXXp://bid.g.doubleclick.net/xbbe/invitepixel/pixel?pixelID=101809&pixelID=101807&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segment

Cache-Control: private

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Date: Thu, 12 Jun 2014 10:16:55 GMT

Server: sffe

Content-Length: 373

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://bid.g.doubleclick.net/xbbe/invitepixel/pixel?pix
elID=101809&pixelID=101807&pixelID=101808&pixelID=101806&a
mp;pixelID=101810&partnerID=269&key=segment">here</A>
...</BODY></HTML>..HTTP/1.1 302 Found..Location: hXXp://bi
d.g.doubleclick.net/xbbe/invitepixel/pixel?pixelID=101809&pixelID=1018
07&pixelID=101808&pixelID=101806&pixelID=101810&partnerID=269&key=segm
ent..Cache-Control: private..Content-Type: text/html; charset=UTF-8..X
-Content-Type-Options: nosniff..Date: Thu, 12 Jun 2014 10:16:55 GMT..S
erver: sffe..Content-Length: 373..X-XSS-Protection: 1; mode=block..Alt
ernate-Protocol: 80:quic..<HTML><HEAD><meta http-equiv=
"content-type" content="text/html;charset=utf-8">.<TITLE>302 
Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H
1>.The document has moved.<A HREF="hXXp://bid.g.doubleclick.net/
xbbe/invitepixel/pixel?pixelID=101809&pixelID=101807&pixelID=1
01808&pixelID=101806&pixelID=101810&partnerID=269&key=
segment">here</A>...</BODY></HTML>....<<< skipped >>>

GET /dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-us&anxlv=1402568196511&anxsq=5&anxe=SplashLandingClicked&anxr=1886700093 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: VVV.cursormania.com

Connection: Keep-Alive

Cookie: sessionData="/UhhXZj JXP8vWlpsd2Hefe4Btdi3wD1t4uMbRKMNjXcUdck9EAhY4CILC4uwrSzaBOjRqt2qybk0VJpc7ji7k7EoAYVt9Mx3gPYa0G0Cny3SiG3e2lVftdFKDemtcMFsaMrbJZjGRACWMKdVQevupyBKdDwMxzj0NxFRnxBmxcB9y8ttHrU7XNVlI6hzCbuj6fV3egGMJJ/suHllaouPeu b98O/YNgkLlx hYzTHl6K/TqWhf0 wikLiWI08bB73zY1UHaeFQR/oaYEifjC1vdxg4KbyrtLb3pvHCaIUlXG7Wm26b7NALPQMkLOnmFtKb2aBAg6bvw 9XHmBtUYCDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ8PUKkucquRa7cCLEB2knJwbJfnj73wN1rDKa/JhYB1UuzRGwenttTKCWvvDdVBj3ZrvLK7Su7THP1rKY7aS1XfMhDr09QEfWObUIULksUVEKpTtqwBknhrh5dgpkzupsZNebsDC2yru4b3W2b5PsdXBL/Dif6mpoWVZdy9k9m3uLjgrUpelvAn8ttx/YBhg64n08jI1FkBdNjHhKhbGJ1w=="; anx="u=A81F63A5-8FF1-437F-8109-400CE53AA80A&fv=1402568192637&lv=1402568195450&nv=6&t=-&v=-&p=-&si=-&sn=dfprdsndlfe31.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=32&f=10.0&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^yyyyyy%
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:16:39 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe9.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/install_pixels.jhtml&anxl=en-US&anxlv=1402568224384&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=2&tbUID=F6724F5F-8A2A-4A32-ACE9-C88178256EA8&tbVer=8.27.3.62908&anxe=PixelFrameTB&anxr=1431431657 HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^foxyyy^YYA^ua&coId=0ac5b57c65794efeb7add2879ec47253&cake_id=&offer_id=

Cookie: sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMPbBRxwZwkK87qCZecb462PccKM8fGn8T179UMBuW3DaOhhEgxJog/eQnkWp1QdQPPp3AcMBkns7IKsyiDDgHZUmNyrtBgqTRr73ZzfcQkbHi20qfZ5OgT5c60gbHaBgIj4FQZWc0Ra4VH6 1lS38d yDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ/tnV0cvha2DxDvsgdl2VpzEx/gDDzXe5Cze/D5dJk MBKzA/Uzkl/YQhqmeHU33BkTbDYFJALeqEtu3HPPe7kq0vwuq4tAFgH2wNRjNxZSfV1m0i1fnm meHodLzRRcQ61S/t3ulsipGnXzZ1Qqj0dT973/jTMm58mg7F01tnYr yE9uyEm17nSNdgv48Et/e/z/H6gB5/ajLJtaw/foSzBvgZ5OAfVxicKkw6tlQOMBw8tkxC/rv6PmJGbb24GE"; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568224395&nv=
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:17:04 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /dl/anemone.jhtml?anxuu=A81F63A5-8FF1-437F-8109-400CE53AA80A&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe3.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-us&anxlv=1402568192637&anxrd=none&anxrp=-&anxrk=-&anxrm=-&anxrb=-&anxrc=-&anxrs=-&anxsq=1&anxi=A4BB6989-C227-45E6-B2F9-B8B4843A364F&anxe=backFill&anxr=159317892 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: VVV.cursormania.com

Connection: Keep-Alive

Cookie: sessionData="MG38RZOZYxIZQAx/8yOk0ZtFMk M1 OsgOVQPfkbKAfR/FtWYJA2jadAGi7yhXswxuQWljAedxSdh SiFsGi4GUG9ryLhTRe z/DQ2ZT31v5J8v4vQNQAIBJnfgkI3VAivJW6oOxfnNuQnVFta5odcdk3CElqS0VZ8KDSAaaQ gS5sSUDVupjcLu0fmBSNV7wTkVYREC9dxMh2JJy7R8kUpkvjkpFtTzx RZ3yRmlYG5jzVaHjJG6zln4p2aYgkg 48xI0oNt6IlYdivzZ6FqoSLMJloCN8pweqwNAuxuLuek245lQVG1pBbxgohGAIQ4EabZSyJVxZAYyTAqPst93AnwhyGeE8wYDPm45NdbRkeeE671wdfl379ijtHe1pS6oEmi3gXb9RF2xW2NkqZarfGMGl8xltYsZOj7yMzqrSLxjnccqzPuk71fgBajT00C/tpoCc597wpTJVBYqG GqY1o9LoXVQSI90JiAqPqU1YlcfeV/cyH74JAznZ7Q0cowBf6HL5 FVq0pHaSnmXsW6fb3bVQf D3xOFt/YpjgDXL9BYMsTAwc6rm/AjAUge9xA46QWI0dcj6RFzKYyBzg=="; anx="u=A81F63A5-8FF1-437F-8109-400CE53AA80A&fv=1402568192637&lv=1402568192653&nv=2&t=-&v=-&p=-&si=-&sn=dfprdsndlfe3.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:16:36 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /anx.gif?anxa=CAPNative&anxe=CompanionSoftware&anxr=2007665500&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi=&anxd=2014-05-12T15:14:33.544Z&source=Install&softwareDetected=true&packageName=CursorMania&downloaded=false HTTP/1.1

Host: anx.tb.ask.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Accept: */*

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568260714&xn=&xrm=&xtp=&xct=&xs=&lv=1402568263154&xp=&xrt=&xt=&nv=3&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe11.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="


HTTP/1.1 204 No Content

Server: nginx/1.0.10

Date: Thu, 12 Jun 2014 10:18:02 GMT

Connection: close

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Cache-Control: max-age=0

GET /dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-US&anxlv=1402568213689&anxsq=6&optIn=true&anxe=InstallerAccepted&anxr=2030124105 HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Cookie: sessionData="/UhhXZj JXP8vWlpsd2Hefe4Btdi3wD1t4uMbRKMNjXcUdck9EAhY4CILC4uwrSzaBOjRqt2qybk0VJpc7ji7k7EoAYVt9Mx3gPYa0G0Cny3SiG3e2lVftdFKDemtcMFsaMrbJZjGRACWMKdVQevupyBKdDwMxzj0NxFRnxBmxcB9y8ttHrU7XNVlI6hzCbuj6fV3egGMJJ/suHllaouPeu b98O/YNgkLlx hYzTHl6K/TqWhf0 wikLiWI08bB73zY1UHaeFQR/oaYEifjCwuK7N U8KVGhwuoexcS90pq041TeuVr9aW6lWsAUD2Br7WJd1BFu9CC /Z5XrKrAiDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ8PUKkucquRa7cCLEB2knJzqCJHi6W0BIGxfyCWskwi8Zdm/a t1EDGPUlO03thJujpu2kiZYdYxY648eK6i2YPMhDr09QEfWObUIULksUVH7d u6E0GDYW6nGokIcX7qZNebsDC2yru4b3W2b5PsdXBL/Dif6mpoWVZdy9k9m3uLjgrUpelvAn8ttx/YBhg64n08jI1FkBdNjHhKhbGJ1w=="; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568215062&nv=7&t=-&v=-&p=-&si=-&sn=dfprdsndlfe26.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yy
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:16:57 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /activity;src=3335366;type=retar633;cat=curso442;ord=3216017166045.257? HTTP/1.1

Accept: */*

Referer: hXXp://VVV.cursormania.com/dl/splashPixels.jhtml

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Accept-Encoding: gzip, deflate

Host: ad.doubleclick.net

Connection: Keep-Alive


HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Date: Thu, 12 Jun 2014 10:16:36 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Content-Type: image/gif

Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 12-Jun-2014 10:31:36 GMT; path=/; domain=.doubleclick.net

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 42

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..P3P: policy
ref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa
 ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC 
NOI DSP COR"..Date: Thu, 12 Jun 2014 10:16:36 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-r
evalidate..Content-Type: image/gif..Set-Cookie: test_cookie=CheckForPe
rmission; expires=Thu, 12-Jun-2014 10:31:36 GMT; path=/; domain=.doubl
eclick.net..X-Content-Type-Options: nosniff..Server: cafe..Content-Len
gth: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic.
.GIF89a.............!.......,...........D.;..

GET /dl/installComplete.jhtml HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Cookie: sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMPbBRxwZwkK87qCZecb462PccKM8fGn8T179UMBuW3DaOhhEgxJog/eQnkWp1QdQPPp3AcMBkns7IKsyiDDgHZUmNyrtBgqTRr73ZzfcQkbHi20qfZ5OgT5c60gbHaBgIj4FQZWc0Ra4VH6 1lS38d yDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ/tnV0cvha2DxDvsgdl2VpzEx/gDDzXe5Cze/D5dJk MBKzA/Uzkl/YQhqmeHU33BkTbDYFJALeqEtu3HPPe7kq0vwuq4tAFgH2wNRjNxZSfV1m0i1fnm meHodLzRRcQ61S/t3ulsipGnXzZ1Qqj0dT973/jTMm58mg7F01tnYr yE9uyEm17nSNdgv48Et/e/z/H6gB5/ajLJtaw/foSzBvgZ5OAfVxicKkw6tlQOMBw8tkxC/rv6PmJGbb24GE"; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568224395&nv=11&t=-&v=-&p=-&si=-&sn=dfprdsndlfe9.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3&xx=install"; anxs="s=576842202&sv=1402568210036&sd=none&sp=-&sk=-&sm=-&sb=-&sc=-&ss=-"; cookieEnabled=true; partnerId=^ZC^foxyyy^YYA^ua; installDate=2014061201; toolbarId=119C6B41-CF
HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:17:21 GMT

Server: Apache

P3P: CP='CURa ADMa DEVa PSA PSD OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Set-Cookie: sessionData="HnhOu9cHX5d /Yo7R3taUn3kGrL2fn5GLOyQnwNey8l XbGM9qyORIykuzJkpUsouiOUsaT0NKKTMuP0DmxWNbNu/bXwQDhmMm JXta6/Ge07fRxAcc9JqUJ/bGz9 uoSfNwU9nVeylRom2Sqsk9uaequ4kvTzEEkCEjuHheHi0mMh24xluz0Wpr/KrgNmMPbBRxwZwkK87qCZecb462PccKM8fGn8T179UMBuW3DaOhhEgxJog/eQnkWp1QdQPPp3AcMBkns7IKsyiDDgHZUmNyrtBgqTRr73ZzfcQkbHi20qfZ5OgT5c60gbHaBgIj4FQZWc0Ra4VH6 1lS38d yDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ/tnV0cvha2DxDvsgdl2VpzEx/gDDzXe5Cze/D5dJk MBKzA/Uzkl/YQhqmeHU33BkTbDYFJALeqEtu3HPPe7kq0vwuq4tAFgH2wNRjNxZSfV1m0i1fnm meHodLzRRcQ61S/t3ulsipGnXzZ1Qqj0a It2ToA1F6zdiJPgoT36j yE9uyEm17nSNdgv48Et/e/z/H6gB5/ajLJtaw/foSzBvgZ5OAfVxicKkw6tlQOMBw8tkxC/rv6PmJGbb24GE"; Version=1; Domain=.cursormania.com; Path=/

Set-Cookie: anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568241681&nv=12&t=-&v=-&p=-&si=-&sn=dfprdsndlfe18.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy^YYA^ua&xi=XPI&xtp=vhigh&xs=15346&xp=vicinio&xrt=YYA&xt=rrdefaulta&xrco=ZC&xgc=false&xrca=yyyyyy&xrcc=ua&xcid=0ac5b57c65794efeb7add2879ec47253&xuer=3&xx=install&xnt=&xn=&xrm=&xct=&xu=&xrs=&xkw=&xit=&xg=&xbkw=&xft=&xad="; Version=1; Domain=.cursormania.com; Max-Age=7776000; Expires=Wed, 10-Sep-2014 10:17:21 GMT; Path=/

GET /webslices/ie8?culture=en-us&r=asdf9488 HTTP/1.1

Accept: */*

A-IM: feed

Accept-Language: en-us

User-Agent: Windows-RSS-Platform/2.0 (MSIE 8.0; Windows NT 5.1)

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

Cache-Control: no-cache

Host: az307127.vo.msecnd.net


HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: public, max-age=7200

Content-Type: text/html; charset=utf-8

Date: Thu, 12 Jun 2014 10:19:24 GMT

Expires: Thu, 12 Jun 2014 12:19:24 GMT

Last-Modified: Thu, 12 Jun 2014 09:05:11 GMT

Server: ECAcc (fcn/40CB)

X-AspNet-Version: 4.0.30319

X-AspNetMvc-Version: 3.0

X-Cache: HIT

X-Powered-By: ASP.NET

Content-Length: 2044
..<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.
org/TR/html401/strict.dtd">..<html xmlns="hXXp://VVV.w3.org/1999
/xhtml"..      lang="en-US">..    <head>..        <title&g
t;Personalize Your Web Browser</title>..    ..    ..    ..    ..
    ..    ..    ..    ..    ..    ..    ..    <script src="hXXp://a
z307127.vo.msecnd.net/?v=1e84fd8_9f72d9476963b62ddbb9dce9fb63c036&p=sc
ripts&js=jquery-1.5.1,jquery-ui-1.8.11.min,jquery.tools.scrollable,jqu
ery.tools.scrollable.autoscroll.pete,jquery.tools.scrollable.navigator
,jquery.jscrollpane.min,jquery.mousewheel" type="text/javascript">&
lt;/script>...    ..    ..    ..     ..    ..     ..    ..    ..   
 ..    ....    <script src="hXXp://az307127.vo.msecnd.net/?v=1e84fd
8_9f72d9476963b62ddbb9dce9fb63c036&p=content/js&js=s_code,analytics,ga
llery,gallery.layout,gallery.browse,layout,addon_utils,detail" type="t
ext/javascript"></script>.  ..        <script type="text/j
avascript">..            var langAndLoc = "en-us";..        </sc
ript>..        <link type="text/css" href="hXXp://az307127.vo.ms
ecnd.net/content/css/webslices.css?v=1e84fd8" rel="stylesheet" />..
    </head>..    <body>..<div id="ie9slice" class="hsli
ce">..    <span class="entry-title">Get more Add-ons</span
>  ..    <p style="display:none;"><span class="ttl">999
9999</span></p>   ..    <div class="entry-content ie8sl
ice">..        <div id="slice-inner">..            <im<<< skipped >>>

GET /dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-US&anxlv=1402568215069&anxsq=8&searchAssistantOptIn=true&homePageOptIn=true&tbUID=119C6B41-CF2E-4DFF-A692-17BCF08918F4&tbVer=6.52.4.5102&anxe=InstallerFinished&anxr=1953297045 HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Cookie: sessionData="/UhhXZj JXP8vWlpsd2Hefe4Btdi3wD1t4uMbRKMNjXcUdck9EAhY4CILC4uwrSzaBOjRqt2qybk0VJpc7ji7k7EoAYVt9Mx3gPYa0G0Cny3SiG3e2lVftdFKDemtcMFsaMrbJZjGRACWMKdVQevupyBKdDwMxzj0NxFRnxBmxcB9y8ttHrU7XNVlI6hzCbuj6fV3egGMJJ/suHllaouPeu b98O/YNgkLlx hYzTHl6K/TqWhf0 wikLiWI08bB73zY1UHaeFQR/oaYEifjCwuK7N U8KVGhwuoexcS90pq041TeuVr9aW6lWsAUD2Br7WJd1BFu9CC /Z5XrKrAiDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ8PUKkucquRa7cCLEB2knJzqCJHi6W0BIGxfyCWskwi8Zdm/a t1EDGPUlO03thJujpu2kiZYdYxY648eK6i2YPMhDr09QEfWObUIULksUVH7d u6E0GDYW6nGokIcX7qZNebsDC2yru4b3W2b5PsdXBL/Dif6mpoWVZdy9k9m3uLjgrUpelvAn8ttx/YBhg64n08jI1FkBdNjHhKhbGJ1w=="; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568221468&nv=9&t=-&v=-&p=-&si=-&sn=dfprdsndlfe26.df.jabodo.com&od=none&op=-&ok=-&om=-&ob=-&oc=-&os=-&w=1716&h=901&cd=24&f=-&g=-&xrp=^ZC^yyyyyy^YYA^ua&xh=8046&xpp=^ZC^foxyyy%
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:17:04 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

POST /anx.gif?anxa=CAPToolbarButtons&anxe=ButtonStructure&anxr=945344988&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi= HTTP/1.1

Host: anx.tb.ask.com

Connection: keep-alive

Content-Length: 8868

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Origin: chrome-extension://gchljcfaonjffjifnjlcalnhgdmjckhg

Content-Type: application/x-www-form-urlencoded

Accept: */*

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568260714&xn=&xrm=&xtp=&xct=&xs=&lv=1402568263154&xp=&xrt=&xt=&nv=3&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe11.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="

buttons=[{"b":221336046,"c":"mindspark.magnify","p":"L.0"},{"b":221336047,"c":"mindspark.entersearchterms","p":"L.0.0"},{"b":221336049,"c":"mindspark.full","p":"L.0.1"},{"b":221336053,"c":"mindspark.image","p":"L.0.2"},{"b":221336056,"c":"mindspark.advanced","p":"L.0.3"},{"b":221336059,"c":"mindspark.directorysearch","p":"L.0.4"},{"b":221335932,"c":"mindspark.search","p":"L.1"},{"b":221335934,"c":"mindspark.cursormania
HTTP/1.1 204 No Content

Server: nginx/1.0.10

Date: Thu, 12 Jun 2014 10:18:02 GMT

Connection: close

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Cache-Control: max-age=0

GET /pixel?google_nid=triggit1&cb=514gly&google_hm=dU9PT1JvVEFSMDZfU2IyWTdnNEJ0UQ== HTTP/1.1

Host: cm.g.doubleclick.net

Connection: keep-alive

Accept: image/webp,*/*;q=0.8

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Referer: hXXp://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id=

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: id=22ea7401d9010055||t=1399971138|et=730|cs=002213fd4871337c59c7a2218a


HTTP/1.1 302 Found

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Location: hXXp://a.triggit.com/pxgcm?id=&cb=514gly

Date: Thu, 12 Jun 2014 10:18:02 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Content-Type: text/html; charset=UTF-8

Server: HTTP server (unknown)

Content-Length: 241

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://a.triggit.com/pxgcm?id=&cb=514gly">here&l
t;/A>...</BODY></HTML>..HTTP/1.1 302 Found..P3P: policy
ref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa
 ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC 
NOI DSP COR"..Location: hXXp://a.triggit.com/pxgcm?id=&cb=514gly..Date
: Thu, 12 Jun 2014 10:18:02 GMT..Pragma: no-cache..Expires: Fri, 01 Ja
n 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Content
-Type: text/html; charset=UTF-8..Server: HTTP server (unknown)..Conten
t-Length: 241..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80
:quic..<HTML><HEAD><meta http-equiv="content-type" cont
ent="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE>
</HEAD><BODY>.<H1>302 Moved</H1>.The document 
has moved.<A HREF="hXXp://a.triggit.com/pxgcm?id=&cb=514gly">
;here</A>...</BODY></HTML>......
<<< skipped >>>

GET /dl/anemone.jhtml?anxuu=477D0773-3353-4A9E-B0F9-79F91D3EB403&anxa=CAPDownloadProcess&anxv=1.0.0&anxd=2011-06-01T04:00:00Z&anxsn=dfprdsndlfe31.df.jabodo.com&anxu=http://VVV.cursormania.com/dl/&anxl=en-US&anxlv=1402568215062&anxsq=7&searchAssistantOption=true&searchAssistantOptIn=true&homePageOption=true&homePageOptIn=true&tbUID=119C6B41-CF2E-4DFF-A692-17BCF08918F4&paidInstall=true&restartUrl=http://VVV.cursormania.com/dl/loading.jhtml&anxe=InstallerInvoked&anxr=352827213 HTTP/1.1

Host: VVV.cursormania.com

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

Accept: image/png,image/*;q=0.8,*/*;q=0.5

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: hXXp://VVV.cursormania.com/dl/

Cookie: sessionData="/UhhXZj JXP8vWlpsd2Hefe4Btdi3wD1t4uMbRKMNjXcUdck9EAhY4CILC4uwrSzaBOjRqt2qybk0VJpc7ji7k7EoAYVt9Mx3gPYa0G0Cny3SiG3e2lVftdFKDemtcMFsaMrbJZjGRACWMKdVQevupyBKdDwMxzj0NxFRnxBmxcB9y8ttHrU7XNVlI6hzCbuj6fV3egGMJJ/suHllaouPeu b98O/YNgkLlx hYzTHl6K/TqWhf0 wikLiWI08bB73zY1UHaeFQR/oaYEifjCwuK7N U8KVGhwuoexcS90pq041TeuVr9aW6lWsAUD2Br7WJd1BFu9CC /Z5XrKrAiDXhtSy573XO1MdcDxAuEFkU5Rf2qQmRPeee/cBYsHZ8PUKkucquRa7cCLEB2knJzqCJHi6W0BIGxfyCWskwi8Zdm/a t1EDGPUlO03thJujpu2kiZYdYxY648eK6i2YPMhDr09QEfWObUIULksUVH7d u6E0GDYW6nGokIcX7qZNebsDC2yru4b3W2b5PsdXBL/Dif6mpoWVZdy9k9m3uLjgrUpelvAn8ttx/YBhg64n08jI1FkBdNjHhKhbGJ1w=="; anx="u=477D0773-3353-4A9E-B0F9-79F91D3EB403&fv=1402568210034&lv=1402568215069&nv=8&t=-&v=-&p=-&si=-&sn=dfprdsndlfe26.df.jabodo.com&od=none&op=-&
HTTP/1.1 204 No Content

Date: Thu, 12 Jun 2014 10:16:57 GMT

Server: Apache

Content-Length: 0

Connection: close

Content-Type: text/plain

GET /serve/fb/pdc?cat=&name=success&sid=4242&crv=CLIENT_REVENUE&oid=ORDER_ID&xr=8123386075797401174&referer=http://VVV.cursormania.com/dl/install_pixels.jhtml?partner=^ZC^chryyy^YYA^ua&coId=dac75bfa09b5429b8f2aa42f1998f5e1&cake_id=&offer_id= HTTP/1.1

Host: pixel.fetchback.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Accept: */*

Referer: hXXp://pixel.fetchback.com/serve/fb/pdj?cat=&name=success&sid=4242&crv=CLIENT_REVENUE&oid=ORDER_ID

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: fbid=CBh8SnOO8HScSv0NwMU8QS


HTTP/1.1 200 OK

Date: Thu, 12 Jun 2014 10:18:02 GMT

Set-Cookie: fbid=CBh8SnOO8HScSv0NwMU8QS; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: uid=2_1402568282_1402568282630-9288289561310825; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: kwd=2_1402568282; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: uat=2_1402568282; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: bpd=2_1402568282; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: cmp=2_1402568282; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: clk=2_1402568282; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: afl=2_1402568282; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: sit=2_1402568282_4242-0-0; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: cre=2_1402568282; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: scg=2_1402568282; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: apd=2_1402568282; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: fbid=CBh8SnOO8HScSv0NwMU8QS; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: eng=2_1402568282; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: ppd=2_1402568282; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Set-Cookie: act=2_1402568282; Domain=.fetchback.com; Expires=Tue, 11-Jun-2019 10:18:02 GMT; Path=/

Cache-Control: max-age=0, no-store, must-revalidate, no-cache

Expires: Thu, 12 Jun 2014 10:18:02 GMT

Pragma: no-cache

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Content-Type: text/html; charset=UTF-8

Vary: Accept-Encoding

Content-Encoding: gzip

Connection: close

Transfer-Encoding: chunked
23a.............TMk.0..............v..RH.9.Bo%,.<Z ........w..CiKO.
..4.4..{X.>[email protected]*..,..k............u..*W..e... ...A..
.....a..AU.t&y..-.. ...f..-X...0..!....U.y.B...{LD..1[.{[email protected]]..b..7
.y.. Hb..V.*....qI.....Dy.|\...... ........qD......W.v.../...E..qm...E
t.U. J=.#...q.......b....4.B...d..L.i........v...Iy....?....0.2.J..d./
.....qs...g......I.=......D...(NX......%..Q..>MXd.E.u..L.OOw.O..;..
.9.C.rP.)3.wH.jW.9.....6...>..$9..'.3..^h..R.f7..d....#..3v..x3.O..
.C#.j.bT..`...U-JC...U\.....i.;..\.~.z0.OG.......[k..o.L..).|>.....
|.F..@.....#\7..&.....pf........a....r.".<.....0..<<< skipped >>>

GET /tr.gif?anxa=CAPNative&anxv=8.27.3.62908&anxe=DialogView&anxt=4C8D7C7E-AB7A-4460-92CC-11D4915F6277&anxtv=8.27.3.62908&anxp=^ZC^chryyy^YYA^ua&anxsi=&anxd=2014-05-12T15:14:33.544Z&f=00400000&anxr=818966407&dialogType=MODAL&anxs=RestartPromptAfterInstall HTTP/1.1

Host: live.tb.ask.com

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Accept: */*

Accept-Encoding: gzip,deflate,sdch

Accept-Language: en-US,en;q=0.8

Cookie: anx="xrp=&xnt=&xh=&xpp=&xi=&fv=1402568260714&xn=&xrm=&xtp=&xct=&xs=&lv=1402568263154&xp=&xrt=&xt=&nv=3&xu=&xrs=&oc=-&od=VVV.cursormania.com&ob=-&xkw=&om=referral&xrco=&ok=-&xit=&xg=&os=-&g=-&sn=dfprdsndlfe11.df.jabodo.com&xgc=&op=-&xbkw=&xrca=&xrcc=&xft=&xad=&xcid=&xuer="


HTTP/1.1 204 No Content

Server: nginx/1.0.1

Date: Thu, 12 Jun 2014 10:18:03 GMT

Connection: close

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Cache-Control: max-age=0

The Trojan connects to the servers at the folowing location(s):

firefox.exe_2692:

.text

`.rdata

@.data

.rsrc

@.reloc

https://crash-reports.mozilla.com/submit?id={ec8030f7-c20a-464f-9b0e-13a3a9e97384}&version=29.0.1&buildid=20140506152807

{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

20140506152807

29.0.1

Firefox

Mozilla

Couldn't read application.ini

Couldn't set %s.

XUL_APP_FILE=%s

application.ini path not recognized: '%s'

Incorrect number of arguments passed to -app

Invalid path found: '%s'

Could not find the Mozilla runtime.

xul.dll

.gtest

dependentlibs.list

\dependentlibs.list

c:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\obj-firefox\browser\app\firefox.pdb

KERNEL32.dll

_amsg_exit

MSVCR100.dll

mozglue.dll

_crt_debugger_hook

version="1.0.0.0"

name="Firefox"

Firefox

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

f^.mHuQ8

.KscP

yy.QG

c"=Ýp

.CE&I8

%d>ZZ

\LMQ!)%C

Wuser32.dll

kernel32.dll

Firefox and Mozilla Developers; available under the MPL 2 license.

Mozilla Corporation

Firefox is a Trademark of The Mozilla Foundation.

firefox.exe

AppIntegrator.exe_3788:

.text

`.rdata

@.data

.rsrc

@.reloc

QWQj.QPQh

xSSSh

FTPjKS

FtPj;S

C.PjRV

Visual C   CRT: Not enough memory to complete call to strerror.

portuguese-brazilian

Broken pipe

Inappropriate I/O control operation

Operation not permitted

operator

GetProcessWindowStation

SHELL32.dll

MaxPolicyElementKey

AppIntegrator.cpp

IAC::AppIntegrator::Application::SetupWindowsHook

E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\SDKs\boost1.46.1\boost/exception/detail/exception_ptr.hpp

()$^.* ?[]|\-{},:=!

E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\ChromeExtAPI_DAL_GCLID_QA\Build.TT\Release.x86\AppIntegrator.pdb

KERNEL32.dll

MsgWaitForMultipleObjects

SetWindowsHookExW

UnhookWindowsHookEx

USER32.dll

ADVAPI32.dll

ole32.dll

USERENV.dll

VERSION.dll

GetCPInfo

RegCloseKey

RegOpenKeyExW

SHLWAPI.dll

.?AV?$bind_t@V?$vector@V?$basic_option@D@program_options@boost@@V?$allocator@V?$basic_option@D@program_options@boost@@@std@@@std@@V?$mf1@V?$vector@V?$basic_option@D@program_options@boost@@V?$allocator@V?$basic_option@D@program_options@boost@@@std@@@std@@Vcmdline@detail@program_options@boost@@AAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@@_mfi@boost@@V?$list2@V?$value@PAVcmdline@detail@program_options@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@5@@_bi@boost@@

zcÁ

.?AV?$_Impl_no_alloc2@U?$_Callable_obj@V@?A0x74a94c0a@AppIntegrator@IAC@@$0A@@tr1@std@@_NABVCRegKey@ATL@@PB_W@tr1@std@@

.?AV?$_Impl_base2@_NABVCRegKey@ATL@@PB_W@tr1@std@@

cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,

5(5,50545

;#<3<]<~<

3%4X4

3&4.464>4~4

0%1U1z1

4%5S5

mscoree.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

nKERNEL32.DLL

WUSER32.DLL

e\AppIntegratorStub.dll

Error calling SetWindowsHookEx

Error: %S

Error: 0x%0x

\StringFileInfo\XX\OriginalFilename

TraceLog.cfg

@^(. ?)\=(. ?)$

).csv

t8res.dll

.ExecutableToIntegratorSharedMemory

C:\PROGRA~1\CURSOR~2\bar\1.bin\AppIntegrator.exe

C:\PROGRA~1\CURSOR~2\bar\1.bin

1.0.7.183

AppIntegrator64.exe

7lsrchmn.exe_732:

.text

`.rdata

@.data

.rsrc

@.reloc

GetProcessWindowStation

operator

t8res.dll

srchmr.dll

E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\ChromeExtAPI_DAL_GCLID_QA\Build.TT\Release.x86\t8SrchMn.pdb

GetCPInfo

KERNEL32.dll

C:\PROGRA~1\CURSOR~2\bar\1.bin\7lsrchmn.exe

C:\PROGRA~1\CURSOR~2\bar\1.bin\t8res.dll

mscoree.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

KERNEL32.DLL

WUSER32.DLL

1, 0, 1, 0

t8SrchMn.exe

2, 3, 0, 0

7lbrmon.exe_1916:

.text

`.rdata

@.data

.rsrc

@.reloc

operator

GetProcessWindowStation

SetProcessShutdownParameters

t8res.dll

brstub.dll

9E107788-A2C8-4ff7-A5E6-8052455B4AED

19D1D781-6DA9-4781-BC16-9017E355E2F9

67DE0C3F-8D3D-4347-808F-D4CE05C7A6B8

advapi32.dll

E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\ChromeExtAPI_DAL_GCLID_QA\Build.TT\Release.x86\t8brmon.pdb

KERNEL32.dll

UnhookWindowsHookEx

SetWindowsHookExA

USER32.dll

SHLWAPI.dll

GetCPInfo

C:\PROGRA~1\CURSOR~2\bar\1.bin\7lbrmon.exe

C:\PROGRA~1\CURSOR~2\bar\1.bin\t8res.dll

mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
KERNEL32.DLL
WUSER32.DLL
kernel32.dll
VER_EXE_FILENAME
VER_EXE_FILENAME.exe

7lHighIn.exe_2308:


.text
`.rdata
@.data
.rsrc
@.reloc
SHLWAPI.dll
KERNEL32.dll
E:\TeamCity\BuildAgent1\work\b016debbe225e71a\Projects\ChromeExtAPI_DAL_GCLID_QA\Build.TT\Release.x86\t8HighIn.pdb
t8HighIn.exe

chrome.exe_428:


.text
`.rdata
@.data
.rsrc
@.reloc
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
c:\b\build\slave\win\build\src\chrome\app\client_util.cc
%d-pct-default
%d-pct-control
%d-pct
No valid Chrome version found
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
blacklist-webgl
disable-webgl
disable-webkit-media-source
disable-web-security
enable-experimental-web-platform-features
enable-experimental-websocket
enable-html-imports
enable-privileged-webgl-extensions
enable-tcp-fastopen
enable-viewport
enable-viewport-meta
enable-vtune-support
enable-web-animations-svg
enable-webgl-draft-extensions
enable-web-midi
ignore-certificate-errors
remote-debugging-port
renderer-cmd-prefix
testing-fixed-http-port
testing-fixed-https-port
utility-cmd-prefix
webgl-command-buffer-size-kb
zygote-cmd-prefix
disable-webrtc-hw-decoding
disable-webrtc-encryption
disable-webrtc-hw-encoding
enable-webrtc-aec-recordings
enable-webrtc-tcp-server-socket
enable-webrtc-hw-vp8-encoding
disable-webaudio
1.3.21.115
%s-x-x
Chrome
0.0.0.0-devel
%s-%x
url-chunk
subresource_url
c:\b\build\slave\win\build\src\ui\gfx\win\dpi.cc
enable-webkit-text-subpixel-positioning
high-dpi-support
CHROME_MAIN_TIME
c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
auto-launch-chrome
chrome
chrome-frame
chrome-sxs
do-not-launch-chrome
make-chrome-default
new-setup-exe
register-chrome-browser
register-chrome-browser-suffix
register-dev-chrome
register-url-protocol
rename-chrome-exe
remove-chrome-registration
update-setup-exe
toast-results-key
c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc
Cannot initialize AppCommands from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
iexplore.exe
googlechrome
googlechromeapphost
googlechromeframe
Cannot initialize an AppCommand from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc
c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc
CHROME_BREAKPAD_PIPE_NAME
c:\b\build\slave\win\build\src\components\breakpad\app\breakpad_win.cc
NTDLL.DLL
SuppressChromeFrameTurndownPrompt
TermsOfServiceURL
URLBlacklist
URLWhitelist
VideoCaptureAllowedUrls
VirtualKeyboardEnabled
AudioCaptureAllowedUrls
AutoSelectCertificateForUrls
ChromeFrameContentTypes
ChromeFrameRendererSettings
ChromeOsLockOnIdleSuspend
ChromeOsMultiProfileUserBehavior
ChromeOsReleaseChannel
ChromeOsReleaseChannelDelegated
CloudPrintProxyEnabled
CloudPrintSubmitEnabled
ContentPackManualBehaviorURLs
CookiesAllowedForUrls
CookiesBlockedForUrls
CookiesSessionOnlyForUrls
DefaultSearchProviderAlternateURLs
DefaultSearchProviderIconURL
DefaultSearchProviderImageURL
DefaultSearchProviderImageURLPostParams
DefaultSearchProviderInstantURL
DefaultSearchProviderInstantURLPostParams
DefaultSearchProviderKeyword
DefaultSearchProviderNewTabURL
DefaultSearchProviderSearchTermsReplacementKey
DefaultSearchProviderSearchURL
DefaultSearchProviderSearchURLPostParams
DefaultSearchProviderSuggestURL
DefaultSearchProviderSuggestURLPostParams
DeviceAllowRedeemChromeOsRegistrationOffers
DeviceLocalAccountAutoLoginBailoutEnabled
DeviceLocalAccountAutoLoginDelay
DeviceLocalAccountAutoLoginId
DeviceLoginScreenDefaultHighContrastEnabled
DeviceLoginScreenDefaultLargeCursorEnabled
DeviceLoginScreenDefaultScreenMagnifierType
DeviceLoginScreenDefaultSpokenFeedbackEnabled
DeviceLoginScreenDefaultVirtualKeyboardEnabled
DeviceLoginScreenPowerManagement
DeviceLoginScreenSaverId
DeviceLoginScreenSaverTimeout
DeviceMetricsReportingEnabled
DeviceStartUpUrls
DeviceUpdateHttpDownloadsEnabled
EnableAuthNegotiatePort
EnableOriginBoundCerts
EnableWebBasedSignin
EnterpriseWebStoreName
EnterpriseWebStoreURL
HideWebStoreIcon
HideWebStorePromo
ImagesAllowedForUrls
ImagesBlockedForUrls
ImportBookmarks
ImportHistory
ImportHomepage
ImportSavedPasswords
ImportSearchEngine
JavaScriptAllowedForUrls
JavaScriptBlockedForUrls
KeyboardDefaultToFunctionKeys
MetricsReportingEnabled
NotificationsAllowedForUrls
NotificationsBlockedForUrls
PasswordManagerAllowShowPasswords
PasswordManagerEnabled
PluginsAllowedForUrls
PluginsBlockedForUrls
PopupsAllowedForUrls
PopupsBlockedForUrls
ProxyBypassList
ProxyPacUrl
RemoteAccessHostAllowClientPairing
RemoteAccessHostAllowGnubbyAuth
RemoteAccessHostDomain
RemoteAccessHostFirewallTraversal
RemoteAccessHostRequireCurtain
RemoteAccessHostRequireTwoFactor
RemoteAccessHostTalkGadgetPrefix
RenderInChromeFrameList
ReportDeviceActivityTimes
ReportDeviceBootMode
ReportDeviceLocation
ReportDeviceNetworkInterfaces
ReportDeviceUsers
ReportDeviceVersionInfo
RestoreOnStartupURLs
kernel32.dll
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
pack-extension-key
promo-server-url
proxy-bypass-list
proxy-pac-url
safebrowsing-url-prefix
safebrowsing-download-feedback-url
spelling-service-feedback-url
sync-invalidate-xmpp-login
sync-notification-host-port
sync-url
sync-try-ssltcp-first-for-xmpp
enable-syncfs-directory-operation
try-chrome-again
variations-server-url
winhttp-proxy-resolver
plugins-metadata-server-url
windows8-search
allow-http-screen-capture
app-list-start-page-url
apps-checkout-url
apps-gallery-download-url
apps-gallery-url
apps-gallery-update-url
certificate-transparency-log
disable-extensions-http-throttling
disable-password-manager-reauthentication
disable-quic-https
disable-quic-port-selection
disable-web-resources
enable-auth-negotiate-port
enable-autologin
enable-http2-draft-04
enable-web-based-signin
enable-metrics-reporting-for-testing
enable-npn-http
enable-quic-https
enable-quic-port-selection
enable-save-password-bubble
enable-sdch-over-https
enable-user-controlled-alternate-protocol-ports
enable-websocket-over-spdy
explicitly-allowed-ports
extensions-not-webstore
google-base-url
google-search-domain-check-url
ignore-urlfetcher-cert-requests
install-from-webstore
limited-install-from-webstore
CHROME_VERSION
>CHROME_PRE_READ_EXPERIMENT
CHROME_SAFE_MODE
2676A9A2-D919-4FEE-9187-152100393AB2
35.0.1916.153
CHROME_HEADLESS
CHROME_LOG_FILE
CHROME_METRO_CONNECTED
CHROMEOS_SESSION_LOG_DIR
CHROME_CRASHED
CHROME_RESTART
chrome.googleechotest.com
http://pipelining.googleechotest.com/
cloud_print.user_settings.printers
cloud_print.submit_enabled
cloud_print.user_settings
net.max_connections_per_proxy
profile.managed_default_content_settings.cookies
profile.managed_default_content_settings.images
profile.managed_default_content_settings.javascript
profile.managed_default_content_settings.plugins
profile.managed_default_content_settings.popups
profile.managed_default_content_settings.geolocation
profile.managed_default_content_settings.notifications
profile.managed_default_content_settings.media_stream
profile.managed_cookies_allowed_for_urls
profile.managed_cookies_blocked_for_urls
profile.managed_cookies_sessiononly_for_urls
profile.managed_images_allowed_for_urls
profile.managed_images_blocked_for_urls
profile.managed_javascript_allowed_for_urls
profile.managed_javascript_blocked_for_urls
profile.managed_plugins_allowed_for_urls
profile.managed_plugins_blocked_for_urls
profile.managed_popups_allowed_for_urls
profile.managed_popups_blocked_for_urls
profile.managed_notifications_allowed_for_urls
profile.managed_notifications_blocked_for_urls
profile.managed_auto_select_certificate_for_urls
hardware.audio_capture_enabled
hardware.audio_capture_allowed_urls
hardware.video_capture_enabled
hardware.video_capture_allowed_urls
hotword.search_enabled_2
hotword.opt_in_popup_times_shown
hotword.audio_logging_enabled
browser.clear_lso_data_enabled
browser.pepper_flash_settings_enabled
browser.disk_cache_dir
browser.disk_cache_size
browser.media_cache_size
cros.system.releaseChannel
feedback.performance_tracing_enabled
background_contents.registered
browser.shown_autolaunch_infobar
auth.schemes
auth.disable_negotiate_cname_lookup
auth.enable_negotiate_port
auth.server_whitelist
auth.negotiate_delegate_whitelist
auth.gssapi_library_name
auth.spdyproxy.origin
auth.allow_cross_origin_prompt
async_dns.enabled
http_received_content_length
http_original_content_length
custom_handlers.registered_protocol_handlers
custom_handlers.ignored_protocol_handlers
custom_handlers.enabled
background_mode.enabled
hardware_acceleration_mode.enabled
policy.device_refresh_rate
message_center.showed_first_run_balloon
recovery_component.version
component_updater.state
browser.attempted_to_enable_autoupdate
media_galleries.gallery_id
media_galleries.remembered_galleries
media_galleries.last_scan_time
shelf_chrome_icon_index
gesture.fling_velocity_cap
gesture.long_press_time_in_seconds
gesture.max_distance_between_taps_for_double_tap
gesture.max_distance_for_two_finger_tap_in_pixels
gesture.max_seconds_between_double_click
gesture.max_separation_for_gesture_touches_in_pixels
gesture.max_swipe_deviation_ratio
gesture.max_touch_down_duration_in_seconds_for_click
gesture.max_touch_move_in_pixels_for_click
gesture.min_distance_for_pinch_scroll_in_pixels
gesture.min_flick_speed_squared
gesture.min_pinch_update_distance_in_pixels
gesture.min_rail_break_velocity
gesture.min_scroll_delta_squared
gesture.min_swipe_speed
gesture.min_touch_down_duration_in_seconds_for_click
gesture.points_buffered_for_velocity
gesture.rail_break_proportion
gesture.rail_start_proportion
gesture.scroll_prediction_seconds
gesture.semi_long_press_time_in_seconds
gesture.show_press_delay_in_ms
gesture.tab_scrub_activation_delay_in_ms
gesture.fling_acceleration_curve_coefficient_0
gesture.fling_acceleration_curve_coefficient_1
gesture.fling_acceleration_curve_coefficient_2
gesture.fling_acceleration_curve_coefficient_3
flingcurve.touchpad_alpha
flingcurve.touchpad_beta
flingcurve.touchpad_gamma
flingcurve.touchscreen_alpha
flingcurve.touchscreen_beta
flingcurve.touchscreen_gamma
gesture.fling_max_cancel_to_down_time_in_ms
gesture.fling_max_tap_gap_time_in_ms
overscroll.horizontal_threshold_complete
overscroll.vertical_threshold_complete
overscroll.minimum_threshold_start
overscroll.minimum_threshold_start_touchpad
overscroll.vertical_threshold_start
overscroll.horizontal_resist_threshold
overscroll.vertical_resist_threshold
network_profile.warnings_left
network_profile.last_warning_time
app_list.profile
app_list.show_on_relaunch
app_list.last_launch_ping
app_list.launch_count
app_list.last_app_launch_ping
app_list.app_launch_count
apps.app_launcher.has_been_enabled
app_list.how_enabled
app_list.when_enabled
apps.app_launcher.should_show_apps_page
apps.app_launcher.shortcut_version
app_launcher.show_promo
apps.app_launch_for_metro_restart
apps.app_launch_for_metro_restart_profile
apps.shortcuts_have_been_created
module_conflict.bubble_shown
settings.privacy.drm_salt
settings.privacy.drm_enabled
profile.extensions.activity_log.num_consumers_active
profile.extensions.activity_log.watchdog_extension_active
profile.preference_hashes
profile.network_time_mapping
proxy.quick_check_enabled
profile.managed.manual_hosts
profile.managed.manual_urls
profile.managed.custodian_email
profile.managed.custodian_name
profile.managed.shared_settings
profile.icon_version
session.restore_on_startup
session.restore_on_startup_migrated
profile.exited_cleanly
profile.exit_type
session.startup_urls
session.urls_to_restore_on_startup
session.startup_urls_migration_time
profile.ephemeral_mode
intl.app_locale
intl.charset_default
intl.accept_languages
intl.static_encodings
bookmark_bar.show_on_all_tabs
bookmark_bar.show_apps_shortcut
bookmark_editor.expanded_nodes
webkit.webprefs.fonts.standard.Zyyy
webkit.webprefs.fonts.fixed.Zyyy
webkit.webprefs.fonts.serif.Zyyy
webkit.webprefs.fonts.sansserif.Zyyy
webkit.webprefs.fonts.cursive.Zyyy
webkit.webprefs.fonts.fantasy.Zyyy
webkit.webprefs.fonts.pictograph.Zyyy
webkit.webprefs.fonts.standard
webkit.webprefs.fonts.fixed
webkit.webprefs.fonts.serif
webkit.webprefs.fonts.sansserif
webkit.webprefs.fonts.cursive
webkit.webprefs.fonts.fantasy
webkit.webprefs.fonts.pictograph
webkit.webprefs.fonts.standard.Arab
webkit.webprefs.fonts.fixed.Arab
webkit.webprefs.fonts.serif.Arab
webkit.webprefs.fonts.sansserif.Arab
webkit.webprefs.fonts.standard.Cyrl
webkit.webprefs.fonts.fixed.Cyrl
webkit.webprefs.fonts.serif.Cyrl
webkit.webprefs.fonts.sansserif.Cyrl
webkit.webprefs.fonts.standard.Grek
webkit.webprefs.fonts.fixed.Grek
webkit.webprefs.fonts.serif.Grek
webkit.webprefs.fonts.sansserif.Grek
webkit.webprefs.fonts.standard.Jpan
webkit.webprefs.fonts.fixed.Jpan
webkit.webprefs.fonts.serif.Jpan
webkit.webprefs.fonts.sansserif.Jpan
webkit.webprefs.fonts.standard.Hang
webkit.webprefs.fonts.fixed.Hang
webkit.webprefs.fonts.serif.Hang
webkit.webprefs.fonts.sansserif.Hang
webkit.webprefs.fonts.cursive.Hang
webkit.webprefs.fonts.standard.Hans
webkit.webprefs.fonts.fixed.Hans
webkit.webprefs.fonts.serif.Hans
webkit.webprefs.fonts.sansserif.Hans
webkit.webprefs.fonts.standard.Hant
webkit.webprefs.fonts.fixed.Hant
webkit.webprefs.fonts.serif.Hant
webkit.webprefs.fonts.sansserif.Hant
webkit.webprefs.default_font_size
webkit.webprefs.default_fixed_font_size
webkit.webprefs.minimum_font_size
webkit.webprefs.minimum_logical_font_size
webkit.webprefs.javascript_enabled
webkit.webprefs.web_security_enabled
webkit.webprefs.javascript_can_open_windows_automatically
webkit.webprefs.loads_images_automatically
webkit.webprefs.plugins_enabled
webkit.webprefs.dom_paste_enabled
webkit.webprefs.shrinks_standalone_images_to_fit
webkit.webprefs.inspector_settings
webkit.webprefs.uses_universal_detector
webkit.webprefs.text_areas_are_resizable
webkit.webprefs.java_enabled
webkit.webprefs.tabs_to_links
webkit.webprefs.allow_displaying_insecure_content
webkit.webprefs.allow_running_insecure_content
autologin.enabled
reverse_autologin.enabled
reverse_autologin.rejected_email_list
safebrowsing.enabled
safebrowsing.download_feedback_enabled
safebrowsing.reporting_enabled
safebrowsing.proceed_anyway_disabled
incognito.mode_availability
search.suggest_enabled
browser.confirm_to_quit
security.cookie_behavior
default_search_provider.synced_guid
default_search_provider.enabled
default_search_provider.search_url
default_search_provider.suggest_url
default_search_provider.instant_url
default_search_provider.image_url
default_search_provider.new_tab_url
default_search_provider.search_url_post_params
default_search_provider.suggest_url_post_params
default_search_provider.instant_url_post_params
default_search_provider.image_url_post_params
default_search_provider.icon_url
default_search_provider.encodings
default_search_provider.name
default_search_provider.keyword
default_search_provider.id
default_search_provider.prepopulate_id
default_search_provider.alternate_urls
default_search_provider.search_terms_replacement_key
download.prompt_for_download
alternate_error_pages.enabled
dns_prefetching.startup_list
dns_prefetching.host_referral_list
spdy.disabled
net.http_server_properties
spdy.servers
spdy.alternate_protocol
protocol.disabled_schemes
instant_ui.zero_suggest_url_prefix
local_state.multiple_profile_prefs_version
dns_prefetching.enabled
hide_web_store_icon
browser.show_home_button
profile.recently_selected_encodings
browser.clear_data.browsing_history
browser.clear_data.download_history
browser.clear_data.cache
browser.clear_data.cookies
browser.clear_data.passwords
browser.clear_data.form_data
browser.clear_data.hosted_apps_data
browser.clear_data.content_licenses
browser.enable_spellchecking
browser.speechinput_censor_results
browser.speechinput_tray_notification_shown_contexts
browser.enabled_labs_experiments
browser.enable_autospellcorrect
history.saving_disabled
history.deleting_enabled
settings.force_safesearch
browser.clear_data.time_period
browser.last_clear_browsing_data_time
extensions.theme.pack
extensions.theme.id
extensions.theme.images
extensions.theme.colors
extensions.theme.tints
extensions.theme.properties
extensions.ui.developer_mode
extensions.commands
plugins.last_internal_directory
plugins.plugins_list
plugins.plugins_disabled
plugins.plugins_disabled_exceptions
plugins.plugins_enabled
plugins.migrated_to_pepper_flash
plugins.removed_old_component_pepper_flash_settings
plugins.show_details
plugins.allow_outdated
plugins.always_authorize
plugins.metadata
plugins.resource_cache_update
browser.check_default_browser
browser.suppress_switch_to_metro_mode_on_set_default
browser.default_browser_setting_enabled
browser.custom_chrome_frame
browser.desktop_notification_position
profile.default_content_settings
profile.content_settings.clear_on_exit_migrated
profile.content_settings.pref_version
profile.content_settings.pattern_pairs
profile.content_settings.whitelist_version
profile.content_settings.plugin_whitelist
profile.block_third_party_cookies
profile.clear_site_data_on_exit
profile.default_zoom_level
profile.per_host_zoom_levels
autofill.data_model_default
autofill.pay_without_wallet
autofill.wallet_location_disclosure
autofill.save_data
autofill.wallet_shipping_same_as_billing
autofill.generated_card_bubble_times_shown
autofill.rac_dialog_defaults
bookmarks.editing_enabled
import_bookmarks
import_history
import_home_page
import_search_engine
import_saved_passwords
profile.avatar_index
profile.name
profile.is_managed
profile.managed_user_id
profile.gaia_info_update_time
profile.gaia_info_picture_url
profile.avatar_bubble_tutorial_shown
profile.user_manager_tutorial_shown
printing.enabled
printing.print_preview_disabled
profile.managed.default_filtering_behavior
profile.managed_user_creation_allowed
profile.managed_users
message_center.disabled_extension_ids
message_center.disabled_system_component_ids
message_center.enabled_sync_notifier_ids
synced_notification.enabled_remote_services
synced_notification.initialized_remote_services
synced_notification.first_run
message_center.welcome_notification_dismissed
message_center.welcome_notification_dismissed_local
message_center.welcome_notification_previously_popped_up
message_center.welcome_notification_expiration_timestamp
fullscreen.allowed
local_discovery.notifications_enabled
prefs.preference_reset_time
profile.reset_prompt_memento
gcm.channel_enabled
easy_unlock.enabled
easy_unlock.show_tutorial
easy_unlock.pairing
ssl.rev_checking.enabled
ssl.rev_checking.required_for_local_anchors
ssl.version_min
ssl.version_max
ssl.cipher_suites.blacklist
ssl.origin_bound_certs.enabled
ssl.ssl_record_splitting.disabled
user_experience_metrics.client_id2
user_experience_metrics.session_id
user_experience_metrics.low_entropy_source2
user_experience_metrics.permuted_entropy_cache
user_experience_metrics.client_id
user_experience_metrics.low_entropy_source
user_experience_metrics.reporting_enabled
user_experience_metrics.client_id_timestamp
user_experience_metrics.machine_id
user_experience_metrics.reset_metrics_ids
user_experience_metrics.initial_logs_as_protobufs
user_experience_metrics.ongoing_logs_as_protobufs
profile.last_used
profile.last_active_profiles
profile.profiles_created
profile.info_cache
profile.created_by_version
user_experience_metrics.stability.execution_phase
user_experience_metrics.stability.exited_cleanly
user_experience_metrics.stability.stats_version
user_experience_metrics.stability.stats_buildtime
user_experience_metrics.stability.session_end_completed
user_experience_metrics.stability.launch_count
user_experience_metrics.stability.crash_count
user_experience_metrics.stability.incomplete_session_end_count
user_experience_metrics.stability.page_load_count
user_experience_metrics.stability.saved_system_profile
user_experience_metrics.stability.saved_system_profile_hash
user_experience_metrics.stability.renderer_crash_count
user_experience_metrics.stability.launch_time_sec
user_experience_metrics.stability.extension_renderer_crash_count
user_experience_metrics.stability.last_timestamp_sec
user_experience_metrics.stability.renderer_hang_count
user_experience_metrics.stability.child_process_crash_count
user_experience_metrics.stability.other_user_crash_count
user_experience_metrics.stability.kernel_crash_count
user_experience_metrics.stability.system_unclean_shutdowns
user_experience_metrics.stability.breakpad_registration_ok
user_experience_metrics.stability.breakpad_registration_fail
user_experience_metrics.stability.debugger_present
user_experience_metrics.stability.debugger_not_present
user_experience_metrics.stability.plugin_stats2
uninstall_metrics.installation_date2
uninstall_metrics.page_load_count
uninstall_metrics.launch_count
uninstall_metrics.uptime_sec
uninstall_metrics.last_launch_time_sec
uninstall_metrics.last_observed_running_time_sec
browser.suppress_default_browser_prompt_for_version
browser.window_placement
task_manager.window_placement
keyword_editor.window_placement
preferences.window_placement
renderer.memory_cache.size
download.default_directory
download.extensions_to_open
download.directory_upgrade
savefile.default_directory
savefile.type
select_file_dialogs.allowed
filebrowser.tasks.default_by_mime_type
filebrowser.tasks.default_by_suffix
selectfile.last_directory
browser.hung_plugin_detect_freq
browser.plugin_message_response_timeout
spellcheck.dictionary
spellcheck.use_spelling_service
protocol_handler.excluded_schemes
safe_browsing.client_key
safe_browsing.wrapped_key
options_window.last_tab_index
content_settings_window.last_tab_index
certificate_manager_window.last_tab_index
browser.last_known_google_url
browser.last_prompted_google_url
browser.last_redirect_origin
shutdown.type
shutdown.num_processes
shutdown.num_processes_slow
restart.last.session.on.shutdown
was.restarted
relaunch.mode
extensions.disabled
plugins.disable_plugin_finder
ntp.app_page_names
ntp.collapsed_foreign_sessions
ntp.collapsed_recently_closed_tabs
ntp.collapsed_snapshot_document
ntp.collapsed_sync_promo
ntp.date_resource_server
ntp.most_visited_blacklist
ntp.promo_desktop_session_found
ntp.promo_resource_cache_update
ntp.shown_bookmarks_folder
ntp.shown_page
ntp.tips_resource_server
ntp.webstore_enabled
devtools.adb_key
devtools.disabled
devtools.discover_usb_devices
devtools.edited_files
devtools.file_system_paths
devtools.open_docked
devtools.port_forwarding_enabled
devtools.port_forwarding_default_set
devtools.port_forwarding_config
google.services.username_pattern
google.services.password_hash
invalidator.client_id
invalidator.invalidation_state
invalidator.saved_invalidations
invalidation_service.use_gcm_channel
sync_promo.startup_count
sync_promo.user_skipped
sync_promo.show_on_first_run_allowed
sync_promo.show_ntp_bubble
browser.web_app.create_on_desktop
browser.web_app.create_in_apps_menu
browser.web_app.create_in_quick_launch_bar
geolocation.access_token
googlegeolocationaccess.enabled
media.default_audio_capture_device
media.default_video_capture_Device
media.device_id_salt
remote_access.host_firewall_traversal
remote_access.host_require_two_factor
remote_access.host_domain
remote_access.host_talkgadget_prefix
remote_access.host_require_curtain
remote_access.host_allow_client_pairing
remote_access.host_allow_gnubby_auth
printing.print_preview_sticky_settings
cloud_print.service_url
cloud_print.signin_url
cloud_print.dialog_size.width
cloud_print.dialog_size.height
cloud_print.signin_dialog_size.width
cloud_print.signin_dialog_size.height
cloud_print.enabled
cloud_print.proxy_id
cloud_print.auth_token
cloud_print.xmpp_auth_token
cloud_print.email
cloud_print.print_system_settings
cloud_print.enable_job_poll
cloud_print.robot_refresh_token
cloud_print.robot_email
cloud_print.user_settings.connectNewPrinters
cloud_print.xmpp_ping_enabled
cloud_print.xmpp_ping_timeout_sec
SHELL32.dll
ole32.dll
OLEAUT32.dll
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
GetProcessWindowStation
operator
%s-%Iu
\uX
full-memory-crash-report
ERROR_REPORT
: Bad boy, the buffer passed to placement new is not aligned!
c:\b\build\slave\win\build\src\base\lazy_instance.h
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
user32.dll
0123456789
.thunks
.syzygy
Unsupported encoding. JSON must be UTF-8.
Dictionary keys must be quoted.
Line: %i, column: %i, %s
C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb
chrome.exe
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
chrome_elf.dll
VERSION.dll
WINMM.dll
SHLWAPI.dll
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ADVAPI32.dll
GetAsyncKeyState
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
USERENV.dll
WTSAPI32.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
35.0.1916.153-000001ac-00144c88
#$(   ....6/6////. )
2(  ..////6//6
( /.///6////
(//.//6///.`
  55;;/?
  55;;>;>/
K%u!Xp
)^%x>
@DQSSSSSQLLHHGG?332200--'
BDRSSSSQLLPHH??332000-7.
6%%%%#%###!!
122200.- *('%
35955220.- ('$
79::995420.-*(&
<<=;;23.
|(==7:89?
ÞDDDCA)
: :$:(:,:0:4:8:<:@:
3#3(3.3{3
4%4.444>4
5#5)5/5:5@5
;>;~<&=">
>"?)?6?[?
= =?=_=~=
1 1$1(1,1014181
< <(<0<8<@<\<
0 0$0(0,0
SOFTWARE\Google\Chrome\Profile
registering_chrome
uninstalling_chrome_frame
echrmstp.exe
app_host.exe
chrome.dll
chrome_child.dll
npchrome_frame.dll
chrome_frame_helper.dll
chrome_frame_helper.exe
ChromeFrameHelperWindowClass
chrome_launcher.exe
metro_driver.dll
new_chrome.exe
old_chrome.exe
delegate_execute.exe
nacl64.exe
setup.exe
InstallerSuccessLaunchCmdLine
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
-chrome
-chromeframe
{8A69D345-D564-463C-AFF1-A69D9E530F96}
{430FD4D0-B729-4F61-AA34-91526481799D}
GoogleUpdateSetup.exe
CFEndTempOptOutCmd
CFOptInCmd
CFOptOutCmd
CFTempOptOutCmd
UninstallCmdLine
WebAccessible
{8A69D345-D564-463c-AFF1-A69D9E530F96}
ChromeHTML
Chrome HTML Document
{5C65F4B0-3651-4514-B207-D10CB699B14B}
http://www.google.com/support/chrome/bin/request.py?hl=$1&contact_type=uninstall
%d.%d.%d
Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}
BGoogle Chrome App Launcher
ChromeAppList
tSoftware\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
BGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Uninstall Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
error %u
hunspecified-crash-key
ntdll.dll
SOFTWARE\Policies\Google\Chrome
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
pipe\
Ckernel32.dll
kernelbase.dll
ekernel32.dll
ALPC Port
xkernel32.dll
xntdll.dll
wow_helper.exe"
${windows}
Chrome_StatusTrayWindow
Reported Crashes.txt
testing_interface.dll
Certificate Revocation Lists
cld2_data.bin
Custom Dictionary.txt
Login Data
Origin Bound Certs
Cached Theme.pak
Web Applications
pepflashplayer.dll
CHROME_METRO_NAV_SEARCH_REQUEST
CHROME_METRO_GET_CURRENT_TAB_INFO
Software\Google\Chrome\Metro
Software\Google\Chrome\BrowserCrashDumpAttempts
Dmscoree.dll
IADVAPI32.DLL
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
Chrome_MessageWindow
sSoftware\Microsoft\Windows\CurrentVersion\Run
ISoftware\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32
Chrome_MessagePumpWindow_%p
Ndebug.log
.\debug.log
debug_message.exe
\StringFileInfo\xx\%ls
%Program Files%\Google\Chrome\Application\chrome.exe
chrome_exe

chrome.exe_1528:


.text
`.rdata
@.data
.rsrc
@.reloc
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
c:\b\build\slave\win\build\src\chrome\app\client_util.cc
%d-pct-default
%d-pct-control
%d-pct
No valid Chrome version found
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
blacklist-webgl
disable-webgl
disable-webkit-media-source
disable-web-security
enable-experimental-web-platform-features
enable-experimental-websocket
enable-html-imports
enable-privileged-webgl-extensions
enable-tcp-fastopen
enable-viewport
enable-viewport-meta
enable-vtune-support
enable-web-animations-svg
enable-webgl-draft-extensions
enable-web-midi
ignore-certificate-errors
remote-debugging-port
renderer-cmd-prefix
testing-fixed-http-port
testing-fixed-https-port
utility-cmd-prefix
webgl-command-buffer-size-kb
zygote-cmd-prefix
disable-webrtc-hw-decoding
disable-webrtc-encryption
disable-webrtc-hw-encoding
enable-webrtc-aec-recordings
enable-webrtc-tcp-server-socket
enable-webrtc-hw-vp8-encoding
disable-webaudio
1.3.21.115
%s-x-x
Chrome
0.0.0.0-devel
%s-%x
url-chunk
subresource_url
c:\b\build\slave\win\build\src\ui\gfx\win\dpi.cc
enable-webkit-text-subpixel-positioning
high-dpi-support
CHROME_MAIN_TIME
c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
auto-launch-chrome
chrome
chrome-frame
chrome-sxs
do-not-launch-chrome
make-chrome-default
new-setup-exe
register-chrome-browser
register-chrome-browser-suffix
register-dev-chrome
register-url-protocol
rename-chrome-exe
remove-chrome-registration
update-setup-exe
toast-results-key
c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc
Cannot initialize AppCommands from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
iexplore.exe
googlechrome
googlechromeapphost
googlechromeframe
Cannot initialize an AppCommand from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc
c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc
CHROME_BREAKPAD_PIPE_NAME
c:\b\build\slave\win\build\src\components\breakpad\app\breakpad_win.cc
NTDLL.DLL
SuppressChromeFrameTurndownPrompt
TermsOfServiceURL
URLBlacklist
URLWhitelist
VideoCaptureAllowedUrls
VirtualKeyboardEnabled
AudioCaptureAllowedUrls
AutoSelectCertificateForUrls
ChromeFrameContentTypes
ChromeFrameRendererSettings
ChromeOsLockOnIdleSuspend
ChromeOsMultiProfileUserBehavior
ChromeOsReleaseChannel
ChromeOsReleaseChannelDelegated
CloudPrintProxyEnabled
CloudPrintSubmitEnabled
ContentPackManualBehaviorURLs
CookiesAllowedForUrls
CookiesBlockedForUrls
CookiesSessionOnlyForUrls
DefaultSearchProviderAlternateURLs
DefaultSearchProviderIconURL
DefaultSearchProviderImageURL
DefaultSearchProviderImageURLPostParams
DefaultSearchProviderInstantURL
DefaultSearchProviderInstantURLPostParams
DefaultSearchProviderKeyword
DefaultSearchProviderNewTabURL
DefaultSearchProviderSearchTermsReplacementKey
DefaultSearchProviderSearchURL
DefaultSearchProviderSearchURLPostParams
DefaultSearchProviderSuggestURL
DefaultSearchProviderSuggestURLPostParams
DeviceAllowRedeemChromeOsRegistrationOffers
DeviceLocalAccountAutoLoginBailoutEnabled
DeviceLocalAccountAutoLoginDelay
DeviceLocalAccountAutoLoginId
DeviceLoginScreenDefaultHighContrastEnabled
DeviceLoginScreenDefaultLargeCursorEnabled
DeviceLoginScreenDefaultScreenMagnifierType
DeviceLoginScreenDefaultSpokenFeedbackEnabled
DeviceLoginScreenDefaultVirtualKeyboardEnabled
DeviceLoginScreenPowerManagement
DeviceLoginScreenSaverId
DeviceLoginScreenSaverTimeout
DeviceMetricsReportingEnabled
DeviceStartUpUrls
DeviceUpdateHttpDownloadsEnabled
EnableAuthNegotiatePort
EnableOriginBoundCerts
EnableWebBasedSignin
EnterpriseWebStoreName
EnterpriseWebStoreURL
HideWebStoreIcon
HideWebStorePromo
ImagesAllowedForUrls
ImagesBlockedForUrls
ImportBookmarks
ImportHistory
ImportHomepage
ImportSavedPasswords
ImportSearchEngine
JavaScriptAllowedForUrls
JavaScriptBlockedForUrls
KeyboardDefaultToFunctionKeys
MetricsReportingEnabled
NotificationsAllowedForUrls
NotificationsBlockedForUrls
PasswordManagerAllowShowPasswords
PasswordManagerEnabled
PluginsAllowedForUrls
PluginsBlockedForUrls
PopupsAllowedForUrls
PopupsBlockedForUrls
ProxyBypassList
ProxyPacUrl
RemoteAccessHostAllowClientPairing
RemoteAccessHostAllowGnubbyAuth
RemoteAccessHostDomain
RemoteAccessHostFirewallTraversal
RemoteAccessHostRequireCurtain
RemoteAccessHostRequireTwoFactor
RemoteAccessHostTalkGadgetPrefix
RenderInChromeFrameList
ReportDeviceActivityTimes
ReportDeviceBootMode
ReportDeviceLocation
ReportDeviceNetworkInterfaces
ReportDeviceUsers
ReportDeviceVersionInfo
RestoreOnStartupURLs
kernel32.dll
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
pack-extension-key
promo-server-url
proxy-bypass-list
proxy-pac-url
safebrowsing-url-prefix
safebrowsing-download-feedback-url
spelling-service-feedback-url
sync-invalidate-xmpp-login
sync-notification-host-port
sync-url
sync-try-ssltcp-first-for-xmpp
enable-syncfs-directory-operation
try-chrome-again
variations-server-url
winhttp-proxy-resolver
plugins-metadata-server-url
windows8-search
allow-http-screen-capture
app-list-start-page-url
apps-checkout-url
apps-gallery-download-url
apps-gallery-url
apps-gallery-update-url
certificate-transparency-log
disable-extensions-http-throttling
disable-password-manager-reauthentication
disable-quic-https
disable-quic-port-selection
disable-web-resources
enable-auth-negotiate-port
enable-autologin
enable-http2-draft-04
enable-web-based-signin
enable-metrics-reporting-for-testing
enable-npn-http
enable-quic-https
enable-quic-port-selection
enable-save-password-bubble
enable-sdch-over-https
enable-user-controlled-alternate-protocol-ports
enable-websocket-over-spdy
explicitly-allowed-ports
extensions-not-webstore
google-base-url
google-search-domain-check-url
ignore-urlfetcher-cert-requests
install-from-webstore
limited-install-from-webstore
CHROME_VERSION
>CHROME_PRE_READ_EXPERIMENT
CHROME_SAFE_MODE
2676A9A2-D919-4FEE-9187-152100393AB2
35.0.1916.153
CHROME_HEADLESS
CHROME_LOG_FILE
CHROME_METRO_CONNECTED
CHROMEOS_SESSION_LOG_DIR
CHROME_CRASHED
CHROME_RESTART
chrome.googleechotest.com
http://pipelining.googleechotest.com/
cloud_print.user_settings.printers
cloud_print.submit_enabled
cloud_print.user_settings
net.max_connections_per_proxy
profile.managed_default_content_settings.cookies
profile.managed_default_content_settings.images
profile.managed_default_content_settings.javascript
profile.managed_default_content_settings.plugins
profile.managed_default_content_settings.popups
profile.managed_default_content_settings.geolocation
profile.managed_default_content_settings.notifications
profile.managed_default_content_settings.media_stream
profile.managed_cookies_allowed_for_urls
profile.managed_cookies_blocked_for_urls
profile.managed_cookies_sessiononly_for_urls
profile.managed_images_allowed_for_urls
profile.managed_images_blocked_for_urls
profile.managed_javascript_allowed_for_urls
profile.managed_javascript_blocked_for_urls
profile.managed_plugins_allowed_for_urls
profile.managed_plugins_blocked_for_urls
profile.managed_popups_allowed_for_urls
profile.managed_popups_blocked_for_urls
profile.managed_notifications_allowed_for_urls
profile.managed_notifications_blocked_for_urls
profile.managed_auto_select_certificate_for_urls
hardware.audio_capture_enabled
hardware.audio_capture_allowed_urls
hardware.video_capture_enabled
hardware.video_capture_allowed_urls
hotword.search_enabled_2
hotword.opt_in_popup_times_shown
hotword.audio_logging_enabled
browser.clear_lso_data_enabled
browser.pepper_flash_settings_enabled
browser.disk_cache_dir
browser.disk_cache_size
browser.media_cache_size
cros.system.releaseChannel
feedback.performance_tracing_enabled
background_contents.registered
browser.shown_autolaunch_infobar
auth.schemes
auth.disable_negotiate_cname_lookup
auth.enable_negotiate_port
auth.server_whitelist
auth.negotiate_delegate_whitelist
auth.gssapi_library_name
auth.spdyproxy.origin
auth.allow_cross_origin_prompt
async_dns.enabled
http_received_content_length
http_original_content_length
custom_handlers.registered_protocol_handlers
custom_handlers.ignored_protocol_handlers
custom_handlers.enabled
background_mode.enabled
hardware_acceleration_mode.enabled
policy.device_refresh_rate
message_center.showed_first_run_balloon
recovery_component.version
component_updater.state
browser.attempted_to_enable_autoupdate
media_galleries.gallery_id
media_galleries.remembered_galleries
media_galleries.last_scan_time
shelf_chrome_icon_index
gesture.fling_velocity_cap
gesture.long_press_time_in_seconds
gesture.max_distance_between_taps_for_double_tap
gesture.max_distance_for_two_finger_tap_in_pixels
gesture.max_seconds_between_double_click
gesture.max_separation_for_gesture_touches_in_pixels
gesture.max_swipe_deviation_ratio
gesture.max_touch_down_duration_in_seconds_for_click
gesture.max_touch_move_in_pixels_for_click
gesture.min_distance_for_pinch_scroll_in_pixels
gesture.min_flick_speed_squared
gesture.min_pinch_update_distance_in_pixels
gesture.min_rail_break_velocity
gesture.min_scroll_delta_squared
gesture.min_swipe_speed
gesture.min_touch_down_duration_in_seconds_for_click
gesture.points_buffered_for_velocity
gesture.rail_break_proportion
gesture.rail_start_proportion
gesture.scroll_prediction_seconds
gesture.semi_long_press_time_in_seconds
gesture.show_press_delay_in_ms
gesture.tab_scrub_activation_delay_in_ms
gesture.fling_acceleration_curve_coefficient_0
gesture.fling_acceleration_curve_coefficient_1
gesture.fling_acceleration_curve_coefficient_2
gesture.fling_acceleration_curve_coefficient_3
flingcurve.touchpad_alpha
flingcurve.touchpad_beta
flingcurve.touchpad_gamma
flingcurve.touchscreen_alpha
flingcurve.touchscreen_beta
flingcurve.touchscreen_gamma
gesture.fling_max_cancel_to_down_time_in_ms
gesture.fling_max_tap_gap_time_in_ms
overscroll.horizontal_threshold_complete
overscroll.vertical_threshold_complete
overscroll.minimum_threshold_start
overscroll.minimum_threshold_start_touchpad
overscroll.vertical_threshold_start
overscroll.horizontal_resist_threshold
overscroll.vertical_resist_threshold
network_profile.warnings_left
network_profile.last_warning_time
app_list.profile
app_list.show_on_relaunch
app_list.last_launch_ping
app_list.launch_count
app_list.last_app_launch_ping
app_list.app_launch_count
apps.app_launcher.has_been_enabled
app_list.how_enabled
app_list.when_enabled
apps.app_launcher.should_show_apps_page
apps.app_launcher.shortcut_version
app_launcher.show_promo
apps.app_launch_for_metro_restart
apps.app_launch_for_metro_restart_profile
apps.shortcuts_have_been_created
module_conflict.bubble_shown
settings.privacy.drm_salt
settings.privacy.drm_enabled
profile.extensions.activity_log.num_consumers_active
profile.extensions.activity_log.watchdog_extension_active
profile.preference_hashes
profile.network_time_mapping
proxy.quick_check_enabled
profile.managed.manual_hosts
profile.managed.manual_urls
profile.managed.custodian_email
profile.managed.custodian_name
profile.managed.shared_settings
profile.icon_version
session.restore_on_startup
session.restore_on_startup_migrated
profile.exited_cleanly
profile.exit_type
session.startup_urls
session.urls_to_restore_on_startup
session.startup_urls_migration_time
profile.ephemeral_mode
intl.app_locale
intl.charset_default
intl.accept_languages
intl.static_encodings
bookmark_bar.show_on_all_tabs
bookmark_bar.show_apps_shortcut
bookmark_editor.expanded_nodes
webkit.webprefs.fonts.standard.Zyyy
webkit.webprefs.fonts.fixed.Zyyy
webkit.webprefs.fonts.serif.Zyyy
webkit.webprefs.fonts.sansserif.Zyyy
webkit.webprefs.fonts.cursive.Zyyy
webkit.webprefs.fonts.fantasy.Zyyy
webkit.webprefs.fonts.pictograph.Zyyy
webkit.webprefs.fonts.standard
webkit.webprefs.fonts.fixed
webkit.webprefs.fonts.serif
webkit.webprefs.fonts.sansserif
webkit.webprefs.fonts.cursive
webkit.webprefs.fonts.fantasy
webkit.webprefs.fonts.pictograph
webkit.webprefs.fonts.standard.Arab
webkit.webprefs.fonts.fixed.Arab
webkit.webprefs.fonts.serif.Arab
webkit.webprefs.fonts.sansserif.Arab
webkit.webprefs.fonts.standard.Cyrl
webkit.webprefs.fonts.fixed.Cyrl
webkit.webprefs.fonts.serif.Cyrl
webkit.webprefs.fonts.sansserif.Cyrl
webkit.webprefs.fonts.standard.Grek
webkit.webprefs.fonts.fixed.Grek
webkit.webprefs.fonts.serif.Grek
webkit.webprefs.fonts.sansserif.Grek
webkit.webprefs.fonts.standard.Jpan
webkit.webprefs.fonts.fixed.Jpan
webkit.webprefs.fonts.serif.Jpan
webkit.webprefs.fonts.sansserif.Jpan
webkit.webprefs.fonts.standard.Hang
webkit.webprefs.fonts.fixed.Hang
webkit.webprefs.fonts.serif.Hang
webkit.webprefs.fonts.sansserif.Hang
webkit.webprefs.fonts.cursive.Hang
webkit.webprefs.fonts.standard.Hans
webkit.webprefs.fonts.fixed.Hans
webkit.webprefs.fonts.serif.Hans
webkit.webprefs.fonts.sansserif.Hans
webkit.webprefs.fonts.standard.Hant
webkit.webprefs.fonts.fixed.Hant
webkit.webprefs.fonts.serif.Hant
webkit.webprefs.fonts.sansserif.Hant
webkit.webprefs.default_font_size
webkit.webprefs.default_fixed_font_size
webkit.webprefs.minimum_font_size
webkit.webprefs.minimum_logical_font_size
webkit.webprefs.javascript_enabled
webkit.webprefs.web_security_enabled
webkit.webprefs.javascript_can_open_windows_automatically
webkit.webprefs.loads_images_automatically
webkit.webprefs.plugins_enabled
webkit.webprefs.dom_paste_enabled
webkit.webprefs.shrinks_standalone_images_to_fit
webkit.webprefs.inspector_settings
webkit.webprefs.uses_universal_detector
webkit.webprefs.text_areas_are_resizable
webkit.webprefs.java_enabled
webkit.webprefs.tabs_to_links
webkit.webprefs.allow_displaying_insecure_content
webkit.webprefs.allow_running_insecure_content
autologin.enabled
reverse_autologin.enabled
reverse_autologin.rejected_email_list
safebrowsing.enabled
safebrowsing.download_feedback_enabled
safebrowsing.reporting_enabled
safebrowsing.proceed_anyway_disabled
incognito.mode_availability
search.suggest_enabled
browser.confirm_to_quit
security.cookie_behavior
default_search_provider.synced_guid
default_search_provider.enabled
default_search_provider.search_url
default_search_provider.suggest_url
default_search_provider.instant_url
default_search_provider.image_url
default_search_provider.new_tab_url
default_search_provider.search_url_post_params
default_search_provider.suggest_url_post_params
default_search_provider.instant_url_post_params
default_search_provider.image_url_post_params
default_search_provider.icon_url
default_search_provider.encodings
default_search_provider.name
default_search_provider.keyword
default_search_provider.id
default_search_provider.prepopulate_id
default_search_provider.alternate_urls
default_search_provider.search_terms_replacement_key
download.prompt_for_download
alternate_error_pages.enabled
dns_prefetching.startup_list
dns_prefetching.host_referral_list
spdy.disabled
net.http_server_properties
spdy.servers
spdy.alternate_protocol
protocol.disabled_schemes
instant_ui.zero_suggest_url_prefix
local_state.multiple_profile_prefs_version
dns_prefetching.enabled
hide_web_store_icon
browser.show_home_button
profile.recently_selected_encodings
browser.clear_data.browsing_history
browser.clear_data.download_history
browser.clear_data.cache
browser.clear_data.cookies
browser.clear_data.passwords
browser.clear_data.form_data
browser.clear_data.hosted_apps_data
browser.clear_data.content_licenses
browser.enable_spellchecking
browser.speechinput_censor_results
browser.speechinput_tray_notification_shown_contexts
browser.enabled_labs_experiments
browser.enable_autospellcorrect
history.saving_disabled
history.deleting_enabled
settings.force_safesearch
browser.clear_data.time_period
browser.last_clear_browsing_data_time
extensions.theme.pack
extensions.theme.id
extensions.theme.images
extensions.theme.colors
extensions.theme.tints
extensions.theme.properties
extensions.ui.developer_mode
extensions.commands
plugins.last_internal_directory
plugins.plugins_list
plugins.plugins_disabled
plugins.plugins_disabled_exceptions
plugins.plugins_enabled
plugins.migrated_to_pepper_flash
plugins.removed_old_component_pepper_flash_settings
plugins.show_details
plugins.allow_outdated
plugins.always_authorize
plugins.metadata
plugins.resource_cache_update
browser.check_default_browser
browser.suppress_switch_to_metro_mode_on_set_default
browser.default_browser_setting_enabled
browser.custom_chrome_frame
browser.desktop_notification_position
profile.default_content_settings
profile.content_settings.clear_on_exit_migrated
profile.content_settings.pref_version
profile.content_settings.pattern_pairs
profile.content_settings.whitelist_version
profile.content_settings.plugin_whitelist
profile.block_third_party_cookies
profile.clear_site_data_on_exit
profile.default_zoom_level
profile.per_host_zoom_levels
autofill.data_model_default
autofill.pay_without_wallet
autofill.wallet_location_disclosure
autofill.save_data
autofill.wallet_shipping_same_as_billing
autofill.generated_card_bubble_times_shown
autofill.rac_dialog_defaults
bookmarks.editing_enabled
import_bookmarks
import_history
import_home_page
import_search_engine
import_saved_passwords
profile.avatar_index
profile.name
profile.is_managed
profile.managed_user_id
profile.gaia_info_update_time
profile.gaia_info_picture_url
profile.avatar_bubble_tutorial_shown
profile.user_manager_tutorial_shown
printing.enabled
printing.print_preview_disabled
profile.managed.default_filtering_behavior
profile.managed_user_creation_allowed
profile.managed_users
message_center.disabled_extension_ids
message_center.disabled_system_component_ids
message_center.enabled_sync_notifier_ids
synced_notification.enabled_remote_services
synced_notification.initialized_remote_services
synced_notification.first_run
message_center.welcome_notification_dismissed
message_center.welcome_notification_dismissed_local
message_center.welcome_notification_previously_popped_up
message_center.welcome_notification_expiration_timestamp
fullscreen.allowed
local_discovery.notifications_enabled
prefs.preference_reset_time
profile.reset_prompt_memento
gcm.channel_enabled
easy_unlock.enabled
easy_unlock.show_tutorial
easy_unlock.pairing
ssl.rev_checking.enabled
ssl.rev_checking.required_for_local_anchors
ssl.version_min
ssl.version_max
ssl.cipher_suites.blacklist
ssl.origin_bound_certs.enabled
ssl.ssl_record_splitting.disabled
user_experience_metrics.client_id2
user_experience_metrics.session_id
user_experience_metrics.low_entropy_source2
user_experience_metrics.permuted_entropy_cache
user_experience_metrics.client_id
user_experience_metrics.low_entropy_source
user_experience_metrics.reporting_enabled
user_experience_metrics.client_id_timestamp
user_experience_metrics.machine_id
user_experience_metrics.reset_metrics_ids
user_experience_metrics.initial_logs_as_protobufs
user_experience_metrics.ongoing_logs_as_protobufs
profile.last_used
profile.last_active_profiles
profile.profiles_created
profile.info_cache
profile.created_by_version
user_experience_metrics.stability.execution_phase
user_experience_metrics.stability.exited_cleanly
user_experience_metrics.stability.stats_version
user_experience_metrics.stability.stats_buildtime
user_experience_metrics.stability.session_end_completed
user_experience_metrics.stability.launch_count
user_experience_metrics.stability.crash_count
user_experience_metrics.stability.incomplete_session_end_count
user_experience_metrics.stability.page_load_count
user_experience_metrics.stability.saved_system_profile
user_experience_metrics.stability.saved_system_profile_hash
user_experience_metrics.stability.renderer_crash_count
user_experience_metrics.stability.launch_time_sec
user_experience_metrics.stability.extension_renderer_crash_count
user_experience_metrics.stability.last_timestamp_sec
user_experience_metrics.stability.renderer_hang_count
user_experience_metrics.stability.child_process_crash_count
user_experience_metrics.stability.other_user_crash_count
user_experience_metrics.stability.kernel_crash_count
user_experience_metrics.stability.system_unclean_shutdowns
user_experience_metrics.stability.breakpad_registration_ok
user_experience_metrics.stability.breakpad_registration_fail
user_experience_metrics.stability.debugger_present
user_experience_metrics.stability.debugger_not_present
user_experience_metrics.stability.plugin_stats2
uninstall_metrics.installation_date2
uninstall_metrics.page_load_count
uninstall_metrics.launch_count
uninstall_metrics.uptime_sec
uninstall_metrics.last_launch_time_sec
uninstall_metrics.last_observed_running_time_sec
browser.suppress_default_browser_prompt_for_version
browser.window_placement
task_manager.window_placement
keyword_editor.window_placement
preferences.window_placement
renderer.memory_cache.size
download.default_directory
download.extensions_to_open
download.directory_upgrade
savefile.default_directory
savefile.type
select_file_dialogs.allowed
filebrowser.tasks.default_by_mime_type
filebrowser.tasks.default_by_suffix
selectfile.last_directory
browser.hung_plugin_detect_freq
browser.plugin_message_response_timeout
spellcheck.dictionary
spellcheck.use_spelling_service
protocol_handler.excluded_schemes
safe_browsing.client_key
safe_browsing.wrapped_key
options_window.last_tab_index
content_settings_window.last_tab_index
certificate_manager_window.last_tab_index
browser.last_known_google_url
browser.last_prompted_google_url
browser.last_redirect_origin
shutdown.type
shutdown.num_processes
shutdown.num_processes_slow
restart.last.session.on.shutdown
was.restarted
relaunch.mode
extensions.disabled
plugins.disable_plugin_finder
ntp.app_page_names
ntp.collapsed_foreign_sessions
ntp.collapsed_recently_closed_tabs
ntp.collapsed_snapshot_document
ntp.collapsed_sync_promo
ntp.date_resource_server
ntp.most_visited_blacklist
ntp.promo_desktop_session_found
ntp.promo_resource_cache_update
ntp.shown_bookmarks_folder
ntp.shown_page
ntp.tips_resource_server
ntp.webstore_enabled
devtools.adb_key
devtools.disabled
devtools.discover_usb_devices
devtools.edited_files
devtools.file_system_paths
devtools.open_docked
devtools.port_forwarding_enabled
devtools.port_forwarding_default_set
devtools.port_forwarding_config
google.services.username_pattern
google.services.password_hash
invalidator.client_id
invalidator.invalidation_state
invalidator.saved_invalidations
invalidation_service.use_gcm_channel
sync_promo.startup_count
sync_promo.user_skipped
sync_promo.show_on_first_run_allowed
sync_promo.show_ntp_bubble
browser.web_app.create_on_desktop
browser.web_app.create_in_apps_menu
browser.web_app.create_in_quick_launch_bar
geolocation.access_token
googlegeolocationaccess.enabled
media.default_audio_capture_device
media.default_video_capture_Device
media.device_id_salt
remote_access.host_firewall_traversal
remote_access.host_require_two_factor
remote_access.host_domain
remote_access.host_talkgadget_prefix
remote_access.host_require_curtain
remote_access.host_allow_client_pairing
remote_access.host_allow_gnubby_auth
printing.print_preview_sticky_settings
cloud_print.service_url
cloud_print.signin_url
cloud_print.dialog_size.width
cloud_print.dialog_size.height
cloud_print.signin_dialog_size.width
cloud_print.signin_dialog_size.height
cloud_print.enabled
cloud_print.proxy_id
cloud_print.auth_token
cloud_print.xmpp_auth_token
cloud_print.email
cloud_print.print_system_settings
cloud_print.enable_job_poll
cloud_print.robot_refresh_token
cloud_print.robot_email
cloud_print.user_settings.connectNewPrinters
cloud_print.xmpp_ping_enabled
cloud_print.xmpp_ping_timeout_sec
SHELL32.dll
ole32.dll
OLEAUT32.dll
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
GetProcessWindowStation
operator
%s-%Iu
\uX
full-memory-crash-report
ERROR_REPORT
: Bad boy, the buffer passed to placement new is not aligned!
c:\b\build\slave\win\build\src\base\lazy_instance.h
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
user32.dll
0123456789
.thunks
.syzygy
Unsupported encoding. JSON must be UTF-8.
Dictionary keys must be quoted.
Line: %i, column: %i, %s
C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb
chrome.exe
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
chrome_elf.dll
VERSION.dll
WINMM.dll
SHLWAPI.dll
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ADVAPI32.dll
GetAsyncKeyState
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
USERENV.dll
WTSAPI32.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
#$(   ....6/6////. )
2(  ..////6//6
( /.///6////
(//.//6///.`
  55;;/?
  55;;>;>/
K%u!Xp
)^%x>
@DQSSSSSQLLHHGG?332200--'
BDRSSSSQLLPHH??332000-7.
6%%%%#%###!!
122200.- *('%
35955220.- ('$
79::995420.-*(&
<<=;;23.
|(==7:89?
ÞDDDCA)
: :$:(:,:0:4:8:<:@:
3#3(3.3{3
4%4.444>4
5#5)5/5:5@5
;>;~<&=">
>"?)?6?[?
= =?=_=~=
1 1$1(1,1014181
< <(<0<8<@<\<
0 0$0(0,0
SOFTWARE\Google\Chrome\Profile
registering_chrome
uninstalling_chrome_frame
echrmstp.exe
app_host.exe
chrome.dll
chrome_child.dll
npchrome_frame.dll
chrome_frame_helper.dll
chrome_frame_helper.exe
ChromeFrameHelperWindowClass
chrome_launcher.exe
metro_driver.dll
new_chrome.exe
old_chrome.exe
delegate_execute.exe
nacl64.exe
setup.exe
InstallerSuccessLaunchCmdLine
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
-chrome
-chromeframe
{8A69D345-D564-463C-AFF1-A69D9E530F96}
{430FD4D0-B729-4F61-AA34-91526481799D}
GoogleUpdateSetup.exe
CFEndTempOptOutCmd
CFOptInCmd
CFOptOutCmd
CFTempOptOutCmd
UninstallCmdLine
WebAccessible
{8A69D345-D564-463c-AFF1-A69D9E530F96}
ChromeHTML
Chrome HTML Document
{5C65F4B0-3651-4514-B207-D10CB699B14B}
http://www.google.com/support/chrome/bin/request.py?hl=$1&contact_type=uninstall
%d.%d.%d
Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}
BGoogle Chrome App Launcher
ChromeAppList
tSoftware\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
BGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Uninstall Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
error %u
hunspecified-crash-key
ntdll.dll
SOFTWARE\Policies\Google\Chrome
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
pipe\
Ckernel32.dll
kernelbase.dll
ekernel32.dll
ALPC Port
xkernel32.dll
xntdll.dll
wow_helper.exe"
${windows}
Chrome_StatusTrayWindow
Reported Crashes.txt
testing_interface.dll
Certificate Revocation Lists
cld2_data.bin
Custom Dictionary.txt
Login Data
Origin Bound Certs
Cached Theme.pak
Web Applications
pepflashplayer.dll
CHROME_METRO_NAV_SEARCH_REQUEST
CHROME_METRO_GET_CURRENT_TAB_INFO
Software\Google\Chrome\Metro
Software\Google\Chrome\BrowserCrashDumpAttempts
Dmscoree.dll
IADVAPI32.DLL
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
Chrome_MessageWindow
sSoftware\Microsoft\Windows\CurrentVersion\Run
ISoftware\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32
Chrome_MessagePumpWindow_%p
Ndebug.log
.\debug.log
debug_message.exe
\StringFileInfo\xx\%ls
%Program Files%\Google\Chrome\Application\chrome.exe
chrome_exe

chrome.exe_1528_rwx_05B0A000_00078000:


webk

chrome.exe_484:


.text
`.rdata
@.data
.rsrc
@.reloc
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
c:\b\build\slave\win\build\src\chrome\app\client_util.cc
%d-pct-default
%d-pct-control
%d-pct
No valid Chrome version found
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
blacklist-webgl
disable-webgl
disable-webkit-media-source
disable-web-security
enable-experimental-web-platform-features
enable-experimental-websocket
enable-html-imports
enable-privileged-webgl-extensions
enable-tcp-fastopen
enable-viewport
enable-viewport-meta
enable-vtune-support
enable-web-animations-svg
enable-webgl-draft-extensions
enable-web-midi
ignore-certificate-errors
remote-debugging-port
renderer-cmd-prefix
testing-fixed-http-port
testing-fixed-https-port
utility-cmd-prefix
webgl-command-buffer-size-kb
zygote-cmd-prefix
disable-webrtc-hw-decoding
disable-webrtc-encryption
disable-webrtc-hw-encoding
enable-webrtc-aec-recordings
enable-webrtc-tcp-server-socket
enable-webrtc-hw-vp8-encoding
disable-webaudio
1.3.21.115
%s-x-x
Chrome
0.0.0.0-devel
%s-%x
url-chunk
subresource_url
c:\b\build\slave\win\build\src\ui\gfx\win\dpi.cc
enable-webkit-text-subpixel-positioning
high-dpi-support
CHROME_MAIN_TIME
c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
auto-launch-chrome
chrome
chrome-frame
chrome-sxs
do-not-launch-chrome
make-chrome-default
new-setup-exe
register-chrome-browser
register-chrome-browser-suffix
register-dev-chrome
register-url-protocol
rename-chrome-exe
remove-chrome-registration
update-setup-exe
toast-results-key
c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc
Cannot initialize AppCommands from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
iexplore.exe
googlechrome
googlechromeapphost
googlechromeframe
Cannot initialize an AppCommand from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc
c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc
CHROME_BREAKPAD_PIPE_NAME
c:\b\build\slave\win\build\src\components\breakpad\app\breakpad_win.cc
NTDLL.DLL
SuppressChromeFrameTurndownPrompt
TermsOfServiceURL
URLBlacklist
URLWhitelist
VideoCaptureAllowedUrls
VirtualKeyboardEnabled
AudioCaptureAllowedUrls
AutoSelectCertificateForUrls
ChromeFrameContentTypes
ChromeFrameRendererSettings
ChromeOsLockOnIdleSuspend
ChromeOsMultiProfileUserBehavior
ChromeOsReleaseChannel
ChromeOsReleaseChannelDelegated
CloudPrintProxyEnabled
CloudPrintSubmitEnabled
ContentPackManualBehaviorURLs
CookiesAllowedForUrls
CookiesBlockedForUrls
CookiesSessionOnlyForUrls
DefaultSearchProviderAlternateURLs
DefaultSearchProviderIconURL
DefaultSearchProviderImageURL
DefaultSearchProviderImageURLPostParams
DefaultSearchProviderInstantURL
DefaultSearchProviderInstantURLPostParams
DefaultSearchProviderKeyword
DefaultSearchProviderNewTabURL
DefaultSearchProviderSearchTermsReplacementKey
DefaultSearchProviderSearchURL
DefaultSearchProviderSearchURLPostParams
DefaultSearchProviderSuggestURL
DefaultSearchProviderSuggestURLPostParams
DeviceAllowRedeemChromeOsRegistrationOffers
DeviceLocalAccountAutoLoginBailoutEnabled
DeviceLocalAccountAutoLoginDelay
DeviceLocalAccountAutoLoginId
DeviceLoginScreenDefaultHighContrastEnabled
DeviceLoginScreenDefaultLargeCursorEnabled
DeviceLoginScreenDefaultScreenMagnifierType
DeviceLoginScreenDefaultSpokenFeedbackEnabled
DeviceLoginScreenDefaultVirtualKeyboardEnabled
DeviceLoginScreenPowerManagement
DeviceLoginScreenSaverId
DeviceLoginScreenSaverTimeout
DeviceMetricsReportingEnabled
DeviceStartUpUrls
DeviceUpdateHttpDownloadsEnabled
EnableAuthNegotiatePort
EnableOriginBoundCerts
EnableWebBasedSignin
EnterpriseWebStoreName
EnterpriseWebStoreURL
HideWebStoreIcon
HideWebStorePromo
ImagesAllowedForUrls
ImagesBlockedForUrls
ImportBookmarks
ImportHistory
ImportHomepage
ImportSavedPasswords
ImportSearchEngine
JavaScriptAllowedForUrls
JavaScriptBlockedForUrls
KeyboardDefaultToFunctionKeys
MetricsReportingEnabled
NotificationsAllowedForUrls
NotificationsBlockedForUrls
PasswordManagerAllowShowPasswords
PasswordManagerEnabled
PluginsAllowedForUrls
PluginsBlockedForUrls
PopupsAllowedForUrls
PopupsBlockedForUrls
ProxyBypassList
ProxyPacUrl
RemoteAccessHostAllowClientPairing
RemoteAccessHostAllowGnubbyAuth
RemoteAccessHostDomain
RemoteAccessHostFirewallTraversal
RemoteAccessHostRequireCurtain
RemoteAccessHostRequireTwoFactor
RemoteAccessHostTalkGadgetPrefix
RenderInChromeFrameList
ReportDeviceActivityTimes
ReportDeviceBootMode
ReportDeviceLocation
ReportDeviceNetworkInterfaces
ReportDeviceUsers
ReportDeviceVersionInfo
RestoreOnStartupURLs
kernel32.dll
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
pack-extension-key
promo-server-url
proxy-bypass-list
proxy-pac-url
safebrowsing-url-prefix
safebrowsing-download-feedback-url
spelling-service-feedback-url
sync-invalidate-xmpp-login
sync-notification-host-port
sync-url
sync-try-ssltcp-first-for-xmpp
enable-syncfs-directory-operation
try-chrome-again
variations-server-url
winhttp-proxy-resolver
plugins-metadata-server-url
windows8-search
allow-http-screen-capture
app-list-start-page-url
apps-checkout-url
apps-gallery-download-url
apps-gallery-url
apps-gallery-update-url
certificate-transparency-log
disable-extensions-http-throttling
disable-password-manager-reauthentication
disable-quic-https
disable-quic-port-selection
disable-web-resources
enable-auth-negotiate-port
enable-autologin
enable-http2-draft-04
enable-web-based-signin
enable-metrics-reporting-for-testing
enable-npn-http
enable-quic-https
enable-quic-port-selection
enable-save-password-bubble
enable-sdch-over-https
enable-user-controlled-alternate-protocol-ports
enable-websocket-over-spdy
explicitly-allowed-ports
extensions-not-webstore
google-base-url
google-search-domain-check-url
ignore-urlfetcher-cert-requests
install-from-webstore
limited-install-from-webstore
CHROME_VERSION
>CHROME_PRE_READ_EXPERIMENT
CHROME_SAFE_MODE
2676A9A2-D919-4FEE-9187-152100393AB2
35.0.1916.153
CHROME_HEADLESS
CHROME_LOG_FILE
CHROME_METRO_CONNECTED
CHROMEOS_SESSION_LOG_DIR
CHROME_CRASHED
CHROME_RESTART
chrome.googleechotest.com
http://pipelining.googleechotest.com/
cloud_print.user_settings.printers
cloud_print.submit_enabled
cloud_print.user_settings
net.max_connections_per_proxy
profile.managed_default_content_settings.cookies
profile.managed_default_content_settings.images
profile.managed_default_content_settings.javascript
profile.managed_default_content_settings.plugins
profile.managed_default_content_settings.popups
profile.managed_default_content_settings.geolocation
profile.managed_default_content_settings.notifications
profile.managed_default_content_settings.media_stream
profile.managed_cookies_allowed_for_urls
profile.managed_cookies_blocked_for_urls
profile.managed_cookies_sessiononly_for_urls
profile.managed_images_allowed_for_urls
profile.managed_images_blocked_for_urls
profile.managed_javascript_allowed_for_urls
profile.managed_javascript_blocked_for_urls
profile.managed_plugins_allowed_for_urls
profile.managed_plugins_blocked_for_urls
profile.managed_popups_allowed_for_urls
profile.managed_popups_blocked_for_urls
profile.managed_notifications_allowed_for_urls
profile.managed_notifications_blocked_for_urls
profile.managed_auto_select_certificate_for_urls
hardware.audio_capture_enabled
hardware.audio_capture_allowed_urls
hardware.video_capture_enabled
hardware.video_capture_allowed_urls
hotword.search_enabled_2
hotword.opt_in_popup_times_shown
hotword.audio_logging_enabled
browser.clear_lso_data_enabled
browser.pepper_flash_settings_enabled
browser.disk_cache_dir
browser.disk_cache_size
browser.media_cache_size
cros.system.releaseChannel
feedback.performance_tracing_enabled
background_contents.registered
browser.shown_autolaunch_infobar
auth.schemes
auth.disable_negotiate_cname_lookup
auth.enable_negotiate_port
auth.server_whitelist
auth.negotiate_delegate_whitelist
auth.gssapi_library_name
auth.spdyproxy.origin
auth.allow_cross_origin_prompt
async_dns.enabled
http_received_content_length
http_original_content_length
custom_handlers.registered_protocol_handlers
custom_handlers.ignored_protocol_handlers
custom_handlers.enabled
background_mode.enabled
hardware_acceleration_mode.enabled
policy.device_refresh_rate
message_center.showed_first_run_balloon
recovery_component.version
component_updater.state
browser.attempted_to_enable_autoupdate
media_galleries.gallery_id
media_galleries.remembered_galleries
media_galleries.last_scan_time
shelf_chrome_icon_index
gesture.fling_velocity_cap
gesture.long_press_time_in_seconds
gesture.max_distance_between_taps_for_double_tap
gesture.max_distance_for_two_finger_tap_in_pixels
gesture.max_seconds_between_double_click
gesture.max_separation_for_gesture_touches_in_pixels
gesture.max_swipe_deviation_ratio
gesture.max_touch_down_duration_in_seconds_for_click
gesture.max_touch_move_in_pixels_for_click
gesture.min_distance_for_pinch_scroll_in_pixels
gesture.min_flick_speed_squared
gesture.min_pinch_update_distance_in_pixels
gesture.min_rail_break_velocity
gesture.min_scroll_delta_squared
gesture.min_swipe_speed
gesture.min_touch_down_duration_in_seconds_for_click
gesture.points_buffered_for_velocity
gesture.rail_break_proportion
gesture.rail_start_proportion
gesture.scroll_prediction_seconds
gesture.semi_long_press_time_in_seconds
gesture.show_press_delay_in_ms
gesture.tab_scrub_activation_delay_in_ms
gesture.fling_acceleration_curve_coefficient_0
gesture.fling_acceleration_curve_coefficient_1
gesture.fling_acceleration_curve_coefficient_2
gesture.fling_acceleration_curve_coefficient_3
flingcurve.touchpad_alpha
flingcurve.touchpad_beta
flingcurve.touchpad_gamma
flingcurve.touchscreen_alpha
flingcurve.touchscreen_beta
flingcurve.touchscreen_gamma
gesture.fling_max_cancel_to_down_time_in_ms
gesture.fling_max_tap_gap_time_in_ms
overscroll.horizontal_threshold_complete
overscroll.vertical_threshold_complete
overscroll.minimum_threshold_start
overscroll.minimum_threshold_start_touchpad
overscroll.vertical_threshold_start
overscroll.horizontal_resist_threshold
overscroll.vertical_resist_threshold
network_profile.warnings_left
network_profile.last_warning_time
app_list.profile
app_list.show_on_relaunch
app_list.last_launch_ping
app_list.launch_count
app_list.last_app_launch_ping
app_list.app_launch_count
apps.app_launcher.has_been_enabled
app_list.how_enabled
app_list.when_enabled
apps.app_launcher.should_show_apps_page
apps.app_launcher.shortcut_version
app_launcher.show_promo
apps.app_launch_for_metro_restart
apps.app_launch_for_metro_restart_profile
apps.shortcuts_have_been_created
module_conflict.bubble_shown
settings.privacy.drm_salt
settings.privacy.drm_enabled
profile.extensions.activity_log.num_consumers_active
profile.extensions.activity_log.watchdog_extension_active
profile.preference_hashes
profile.network_time_mapping
proxy.quick_check_enabled
profile.managed.manual_hosts
profile.managed.manual_urls
profile.managed.custodian_email
profile.managed.custodian_name
profile.managed.shared_settings
profile.icon_version
session.restore_on_startup
session.restore_on_startup_migrated
profile.exited_cleanly
profile.exit_type
session.startup_urls
session.urls_to_restore_on_startup
session.startup_urls_migration_time
profile.ephemeral_mode
intl.app_locale
intl.charset_default
intl.accept_languages
intl.static_encodings
bookmark_bar.show_on_all_tabs
bookmark_bar.show_apps_shortcut
bookmark_editor.expanded_nodes
webkit.webprefs.fonts.standard.Zyyy
webkit.webprefs.fonts.fixed.Zyyy
webkit.webprefs.fonts.serif.Zyyy
webkit.webprefs.fonts.sansserif.Zyyy
webkit.webprefs.fonts.cursive.Zyyy
webkit.webprefs.fonts.fantasy.Zyyy
webkit.webprefs.fonts.pictograph.Zyyy
webkit.webprefs.fonts.standard
webkit.webprefs.fonts.fixed
webkit.webprefs.fonts.serif
webkit.webprefs.fonts.sansserif
webkit.webprefs.fonts.cursive
webkit.webprefs.fonts.fantasy
webkit.webprefs.fonts.pictograph
webkit.webprefs.fonts.standard.Arab
webkit.webprefs.fonts.fixed.Arab
webkit.webprefs.fonts.serif.Arab
webkit.webprefs.fonts.sansserif.Arab
webkit.webprefs.fonts.standard.Cyrl
webkit.webprefs.fonts.fixed.Cyrl
webkit.webprefs.fonts.serif.Cyrl
webkit.webprefs.fonts.sansserif.Cyrl
webkit.webprefs.fonts.standard.Grek
webkit.webprefs.fonts.fixed.Grek
webkit.webprefs.fonts.serif.Grek
webkit.webprefs.fonts.sansserif.Grek
webkit.webprefs.fonts.standard.Jpan
webkit.webprefs.fonts.fixed.Jpan
webkit.webprefs.fonts.serif.Jpan
webkit.webprefs.fonts.sansserif.Jpan
webkit.webprefs.fonts.standard.Hang
webkit.webprefs.fonts.fixed.Hang
webkit.webprefs.fonts.serif.Hang
webkit.webprefs.fonts.sansserif.Hang
webkit.webprefs.fonts.cursive.Hang
webkit.webprefs.fonts.standard.Hans
webkit.webprefs.fonts.fixed.Hans
webkit.webprefs.fonts.serif.Hans
webkit.webprefs.fonts.sansserif.Hans
webkit.webprefs.fonts.standard.Hant
webkit.webprefs.fonts.fixed.Hant
webkit.webprefs.fonts.serif.Hant
webkit.webprefs.fonts.sansserif.Hant
webkit.webprefs.default_font_size
webkit.webprefs.default_fixed_font_size
webkit.webprefs.minimum_font_size
webkit.webprefs.minimum_logical_font_size
webkit.webprefs.javascript_enabled
webkit.webprefs.web_security_enabled
webkit.webprefs.javascript_can_open_windows_automatically
webkit.webprefs.loads_images_automatically
webkit.webprefs.plugins_enabled
webkit.webprefs.dom_paste_enabled
webkit.webprefs.shrinks_standalone_images_to_fit
webkit.webprefs.inspector_settings
webkit.webprefs.uses_universal_detector
webkit.webprefs.text_areas_are_resizable
webkit.webprefs.java_enabled
webkit.webprefs.tabs_to_links
webkit.webprefs.allow_displaying_insecure_content
webkit.webprefs.allow_running_insecure_content
autologin.enabled
reverse_autologin.enabled
reverse_autologin.rejected_email_list
safebrowsing.enabled
safebrowsing.download_feedback_enabled
safebrowsing.reporting_enabled
safebrowsing.proceed_anyway_disabled
incognito.mode_availability
search.suggest_enabled
browser.confirm_to_quit
security.cookie_behavior
default_search_provider.synced_guid
default_search_provider.enabled
default_search_provider.search_url
default_search_provider.suggest_url
default_search_provider.instant_url
default_search_provider.image_url
default_search_provider.new_tab_url
default_search_provider.search_url_post_params
default_search_provider.suggest_url_post_params
default_search_provider.instant_url_post_params
default_search_provider.image_url_post_params
default_search_provider.icon_url
default_search_provider.encodings
default_search_provider.name
default_search_provider.keyword
default_search_provider.id
default_search_provider.prepopulate_id
default_search_provider.alternate_urls
default_search_provider.search_terms_replacement_key
download.prompt_for_download
alternate_error_pages.enabled
dns_prefetching.startup_list
dns_prefetching.host_referral_list
spdy.disabled
net.http_server_properties
spdy.servers
spdy.alternate_protocol
protocol.disabled_schemes
instant_ui.zero_suggest_url_prefix
local_state.multiple_profile_prefs_version
dns_prefetching.enabled
hide_web_store_icon
browser.show_home_button
profile.recently_selected_encodings
browser.clear_data.browsing_history
browser.clear_data.download_history
browser.clear_data.cache
browser.clear_data.cookies
browser.clear_data.passwords
browser.clear_data.form_data
browser.clear_data.hosted_apps_data
browser.clear_data.content_licenses
browser.enable_spellchecking
browser.speechinput_censor_results
browser.speechinput_tray_notification_shown_contexts
browser.enabled_labs_experiments
browser.enable_autospellcorrect
history.saving_disabled
history.deleting_enabled
settings.force_safesearch
browser.clear_data.time_period
browser.last_clear_browsing_data_time
extensions.theme.pack
extensions.theme.id
extensions.theme.images
extensions.theme.colors
extensions.theme.tints
extensions.theme.properties
extensions.ui.developer_mode
extensions.commands
plugins.last_internal_directory
plugins.plugins_list
plugins.plugins_disabled
plugins.plugins_disabled_exceptions
plugins.plugins_enabled
plugins.migrated_to_pepper_flash
plugins.removed_old_component_pepper_flash_settings
plugins.show_details
plugins.allow_outdated
plugins.always_authorize
plugins.metadata
plugins.resource_cache_update
browser.check_default_browser
browser.suppress_switch_to_metro_mode_on_set_default
browser.default_browser_setting_enabled
browser.custom_chrome_frame
browser.desktop_notification_position
profile.default_content_settings
profile.content_settings.clear_on_exit_migrated
profile.content_settings.pref_version
profile.content_settings.pattern_pairs
profile.content_settings.whitelist_version
profile.content_settings.plugin_whitelist
profile.block_third_party_cookies
profile.clear_site_data_on_exit
profile.default_zoom_level
profile.per_host_zoom_levels
autofill.data_model_default
autofill.pay_without_wallet
autofill.wallet_location_disclosure
autofill.save_data
autofill.wallet_shipping_same_as_billing
autofill.generated_card_bubble_times_shown
autofill.rac_dialog_defaults
bookmarks.editing_enabled
import_bookmarks
import_history
import_home_page
import_search_engine
import_saved_passwords
profile.avatar_index
profile.name
profile.is_managed
profile.managed_user_id
profile.gaia_info_update_time
profile.gaia_info_picture_url
profile.avatar_bubble_tutorial_shown
profile.user_manager_tutorial_shown
printing.enabled
printing.print_preview_disabled
profile.managed.default_filtering_behavior
profile.managed_user_creation_allowed
profile.managed_users
message_center.disabled_extension_ids
message_center.disabled_system_component_ids
message_center.enabled_sync_notifier_ids
synced_notification.enabled_remote_services
synced_notification.initialized_remote_services
synced_notification.first_run
message_center.welcome_notification_dismissed
message_center.welcome_notification_dismissed_local
message_center.welcome_notification_previously_popped_up
message_center.welcome_notification_expiration_timestamp
fullscreen.allowed
local_discovery.notifications_enabled
prefs.preference_reset_time
profile.reset_prompt_memento
gcm.channel_enabled
easy_unlock.enabled
easy_unlock.show_tutorial
easy_unlock.pairing
ssl.rev_checking.enabled
ssl.rev_checking.required_for_local_anchors
ssl.version_min
ssl.version_max
ssl.cipher_suites.blacklist
ssl.origin_bound_certs.enabled
ssl.ssl_record_splitting.disabled
user_experience_metrics.client_id2
user_experience_metrics.session_id
user_experience_metrics.low_entropy_source2
user_experience_metrics.permuted_entropy_cache
user_experience_metrics.client_id
user_experience_metrics.low_entropy_source
user_experience_metrics.reporting_enabled
user_experience_metrics.client_id_timestamp
user_experience_metrics.machine_id
user_experience_metrics.reset_metrics_ids
user_experience_metrics.initial_logs_as_protobufs
user_experience_metrics.ongoing_logs_as_protobufs
profile.last_used
profile.last_active_profiles
profile.profiles_created
profile.info_cache
profile.created_by_version
user_experience_metrics.stability.execution_phase
user_experience_metrics.stability.exited_cleanly
user_experience_metrics.stability.stats_version
user_experience_metrics.stability.stats_buildtime
user_experience_metrics.stability.session_end_completed
user_experience_metrics.stability.launch_count
user_experience_metrics.stability.crash_count
user_experience_metrics.stability.incomplete_session_end_count
user_experience_metrics.stability.page_load_count
user_experience_metrics.stability.saved_system_profile
user_experience_metrics.stability.saved_system_profile_hash
user_experience_metrics.stability.renderer_crash_count
user_experience_metrics.stability.launch_time_sec
user_experience_metrics.stability.extension_renderer_crash_count
user_experience_metrics.stability.last_timestamp_sec
user_experience_metrics.stability.renderer_hang_count
user_experience_metrics.stability.child_process_crash_count
user_experience_metrics.stability.other_user_crash_count
user_experience_metrics.stability.kernel_crash_count
user_experience_metrics.stability.system_unclean_shutdowns
user_experience_metrics.stability.breakpad_registration_ok
user_experience_metrics.stability.breakpad_registration_fail
user_experience_metrics.stability.debugger_present
user_experience_metrics.stability.debugger_not_present
user_experience_metrics.stability.plugin_stats2
uninstall_metrics.installation_date2
uninstall_metrics.page_load_count
uninstall_metrics.launch_count
uninstall_metrics.uptime_sec
uninstall_metrics.last_launch_time_sec
uninstall_metrics.last_observed_running_time_sec
browser.suppress_default_browser_prompt_for_version
browser.window_placement
task_manager.window_placement
keyword_editor.window_placement
preferences.window_placement
renderer.memory_cache.size
download.default_directory
download.extensions_to_open
download.directory_upgrade
savefile.default_directory
savefile.type
select_file_dialogs.allowed
filebrowser.tasks.default_by_mime_type
filebrowser.tasks.default_by_suffix
selectfile.last_directory
browser.hung_plugin_detect_freq
browser.plugin_message_response_timeout
spellcheck.dictionary
spellcheck.use_spelling_service
protocol_handler.excluded_schemes
safe_browsing.client_key
safe_browsing.wrapped_key
options_window.last_tab_index
content_settings_window.last_tab_index
certificate_manager_window.last_tab_index
browser.last_known_google_url
browser.last_prompted_google_url
browser.last_redirect_origin
shutdown.type
shutdown.num_processes
shutdown.num_processes_slow
restart.last.session.on.shutdown
was.restarted
relaunch.mode
extensions.disabled
plugins.disable_plugin_finder
ntp.app_page_names
ntp.collapsed_foreign_sessions
ntp.collapsed_recently_closed_tabs
ntp.collapsed_snapshot_document
ntp.collapsed_sync_promo
ntp.date_resource_server
ntp.most_visited_blacklist
ntp.promo_desktop_session_found
ntp.promo_resource_cache_update
ntp.shown_bookmarks_folder
ntp.shown_page
ntp.tips_resource_server
ntp.webstore_enabled
devtools.adb_key
devtools.disabled
devtools.discover_usb_devices
devtools.edited_files
devtools.file_system_paths
devtools.open_docked
devtools.port_forwarding_enabled
devtools.port_forwarding_default_set
devtools.port_forwarding_config
google.services.username_pattern
google.services.password_hash
invalidator.client_id
invalidator.invalidation_state
invalidator.saved_invalidations
invalidation_service.use_gcm_channel
sync_promo.startup_count
sync_promo.user_skipped
sync_promo.show_on_first_run_allowed
sync_promo.show_ntp_bubble
browser.web_app.create_on_desktop
browser.web_app.create_in_apps_menu
browser.web_app.create_in_quick_launch_bar
geolocation.access_token
googlegeolocationaccess.enabled
media.default_audio_capture_device
media.default_video_capture_Device
media.device_id_salt
remote_access.host_firewall_traversal
remote_access.host_require_two_factor
remote_access.host_domain
remote_access.host_talkgadget_prefix
remote_access.host_require_curtain
remote_access.host_allow_client_pairing
remote_access.host_allow_gnubby_auth
printing.print_preview_sticky_settings
cloud_print.service_url
cloud_print.signin_url
cloud_print.dialog_size.width
cloud_print.dialog_size.height
cloud_print.signin_dialog_size.width
cloud_print.signin_dialog_size.height
cloud_print.enabled
cloud_print.proxy_id
cloud_print.auth_token
cloud_print.xmpp_auth_token
cloud_print.email
cloud_print.print_system_settings
cloud_print.enable_job_poll
cloud_print.robot_refresh_token
cloud_print.robot_email
cloud_print.user_settings.connectNewPrinters
cloud_print.xmpp_ping_enabled
cloud_print.xmpp_ping_timeout_sec
SHELL32.dll
ole32.dll
OLEAUT32.dll
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
GetProcessWindowStation
operator
%s-%Iu
\uX
full-memory-crash-report
ERROR_REPORT
: Bad boy, the buffer passed to placement new is not aligned!
c:\b\build\slave\win\build\src\base\lazy_instance.h
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
user32.dll
0123456789
.thunks
.syzygy
Unsupported encoding. JSON must be UTF-8.
Dictionary keys must be quoted.
Line: %i, column: %i, %s
C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb
chrome.exe
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
chrome_elf.dll
VERSION.dll
WINMM.dll
SHLWAPI.dll
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ADVAPI32.dll
GetAsyncKeyState
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
USERENV.dll
WTSAPI32.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
#$(   ....6/6////. )
2(  ..////6//6
( /.///6////
(//.//6///.`
  55;;/?
  55;;>;>/
K%u!Xp
)^%x>
@DQSSSSSQLLHHGG?332200--'
BDRSSSSQLLPHH??332000-7.
6%%%%#%###!!
122200.- *('%
35955220.- ('$
79::995420.-*(&
<<=;;23.
|(==7:89?
ÞDDDCA)
: :$:(:,:0:4:8:<:@:
3#3(3.3{3
4%4.444>4
5#5)5/5:5@5
;>;~<&=">
>"?)?6?[?
= =?=_=~=
1 1$1(1,1014181
< <(<0<8<@<\<
0 0$0(0,0
SOFTWARE\Google\Chrome\Profile
registering_chrome
uninstalling_chrome_frame
echrmstp.exe
app_host.exe
chrome.dll
chrome_child.dll
npchrome_frame.dll
chrome_frame_helper.dll
chrome_frame_helper.exe
ChromeFrameHelperWindowClass
chrome_launcher.exe
metro_driver.dll
new_chrome.exe
old_chrome.exe
delegate_execute.exe
nacl64.exe
setup.exe
InstallerSuccessLaunchCmdLine
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
-chrome
-chromeframe
{8A69D345-D564-463C-AFF1-A69D9E530F96}
{430FD4D0-B729-4F61-AA34-91526481799D}
GoogleUpdateSetup.exe
CFEndTempOptOutCmd
CFOptInCmd
CFOptOutCmd
CFTempOptOutCmd
UninstallCmdLine
WebAccessible
{8A69D345-D564-463c-AFF1-A69D9E530F96}
ChromeHTML
Chrome HTML Document
{5C65F4B0-3651-4514-B207-D10CB699B14B}
http://www.google.com/support/chrome/bin/request.py?hl=$1&contact_type=uninstall
%d.%d.%d
Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}
BGoogle Chrome App Launcher
ChromeAppList
tSoftware\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
BGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Uninstall Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
error %u
hunspecified-crash-key
ntdll.dll
SOFTWARE\Policies\Google\Chrome
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
pipe\
Ckernel32.dll
kernelbase.dll
ekernel32.dll
ALPC Port
xkernel32.dll
xntdll.dll
wow_helper.exe"
${windows}
Chrome_StatusTrayWindow
Reported Crashes.txt
testing_interface.dll
Certificate Revocation Lists
cld2_data.bin
Custom Dictionary.txt
Login Data
Origin Bound Certs
Cached Theme.pak
Web Applications
pepflashplayer.dll
CHROME_METRO_NAV_SEARCH_REQUEST
CHROME_METRO_GET_CURRENT_TAB_INFO
Software\Google\Chrome\Metro
Software\Google\Chrome\BrowserCrashDumpAttempts
Dmscoree.dll
IADVAPI32.DLL
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
Chrome_MessageWindow
sSoftware\Microsoft\Windows\CurrentVersion\Run
ISoftware\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32
Chrome_MessagePumpWindow_%p
Ndebug.log
.\debug.log
debug_message.exe
\StringFileInfo\xx\%ls
%Program Files%\Google\Chrome\Application\chrome.exe
chrome_exe

chrome.exe_484_rwx_2EE0A000_00078000:


.RPRPjf
.RPRPjb
.RPRPj\
.RPRPjX
.RPRPjd
.RPRPj`

chrome.exe_2756:


.text
`.rdata
@.data
.rsrc
@.reloc
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
c:\b\build\slave\win\build\src\chrome\app\client_util.cc
%d-pct-default
%d-pct-control
%d-pct
No valid Chrome version found
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
blacklist-webgl
disable-webgl
disable-webkit-media-source
disable-web-security
enable-experimental-web-platform-features
enable-experimental-websocket
enable-html-imports
enable-privileged-webgl-extensions
enable-tcp-fastopen
enable-viewport
enable-viewport-meta
enable-vtune-support
enable-web-animations-svg
enable-webgl-draft-extensions
enable-web-midi
ignore-certificate-errors
remote-debugging-port
renderer-cmd-prefix
testing-fixed-http-port
testing-fixed-https-port
utility-cmd-prefix
webgl-command-buffer-size-kb
zygote-cmd-prefix
disable-webrtc-hw-decoding
disable-webrtc-encryption
disable-webrtc-hw-encoding
enable-webrtc-aec-recordings
enable-webrtc-tcp-server-socket
enable-webrtc-hw-vp8-encoding
disable-webaudio
1.3.21.115
%s-x-x
Chrome
0.0.0.0-devel
%s-%x
url-chunk
subresource_url
c:\b\build\slave\win\build\src\ui\gfx\win\dpi.cc
enable-webkit-text-subpixel-positioning
high-dpi-support
CHROME_MAIN_TIME
c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
auto-launch-chrome
chrome
chrome-frame
chrome-sxs
do-not-launch-chrome
make-chrome-default
new-setup-exe
register-chrome-browser
register-chrome-browser-suffix
register-dev-chrome
register-url-protocol
rename-chrome-exe
remove-chrome-registration
update-setup-exe
toast-results-key
c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc
Cannot initialize AppCommands from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
iexplore.exe
googlechrome
googlechromeapphost
googlechromeframe
Cannot initialize an AppCommand from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc
c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc
CHROME_BREAKPAD_PIPE_NAME
c:\b\build\slave\win\build\src\components\breakpad\app\breakpad_win.cc
NTDLL.DLL
SuppressChromeFrameTurndownPrompt
TermsOfServiceURL
URLBlacklist
URLWhitelist
VideoCaptureAllowedUrls
VirtualKeyboardEnabled
AudioCaptureAllowedUrls
AutoSelectCertificateForUrls
ChromeFrameContentTypes
ChromeFrameRendererSettings
ChromeOsLockOnIdleSuspend
ChromeOsMultiProfileUserBehavior
ChromeOsReleaseChannel
ChromeOsReleaseChannelDelegated
CloudPrintProxyEnabled
CloudPrintSubmitEnabled
ContentPackManualBehaviorURLs
CookiesAllowedForUrls
CookiesBlockedForUrls
CookiesSessionOnlyForUrls
DefaultSearchProviderAlternateURLs
DefaultSearchProviderIconURL
DefaultSearchProviderImageURL
DefaultSearchProviderImageURLPostParams
DefaultSearchProviderInstantURL
DefaultSearchProviderInstantURLPostParams
DefaultSearchProviderKeyword
DefaultSearchProviderNewTabURL
DefaultSearchProviderSearchTermsReplacementKey
DefaultSearchProviderSearchURL
DefaultSearchProviderSearchURLPostParams
DefaultSearchProviderSuggestURL
DefaultSearchProviderSuggestURLPostParams
DeviceAllowRedeemChromeOsRegistrationOffers
DeviceLocalAccountAutoLoginBailoutEnabled
DeviceLocalAccountAutoLoginDelay
DeviceLocalAccountAutoLoginId
DeviceLoginScreenDefaultHighContrastEnabled
DeviceLoginScreenDefaultLargeCursorEnabled
DeviceLoginScreenDefaultScreenMagnifierType
DeviceLoginScreenDefaultSpokenFeedbackEnabled
DeviceLoginScreenDefaultVirtualKeyboardEnabled
DeviceLoginScreenPowerManagement
DeviceLoginScreenSaverId
DeviceLoginScreenSaverTimeout
DeviceMetricsReportingEnabled
DeviceStartUpUrls
DeviceUpdateHttpDownloadsEnabled
EnableAuthNegotiatePort
EnableOriginBoundCerts
EnableWebBasedSignin
EnterpriseWebStoreName
EnterpriseWebStoreURL
HideWebStoreIcon
HideWebStorePromo
ImagesAllowedForUrls
ImagesBlockedForUrls
ImportBookmarks
ImportHistory
ImportHomepage
ImportSavedPasswords
ImportSearchEngine
JavaScriptAllowedForUrls
JavaScriptBlockedForUrls
KeyboardDefaultToFunctionKeys
MetricsReportingEnabled
NotificationsAllowedForUrls
NotificationsBlockedForUrls
PasswordManagerAllowShowPasswords
PasswordManagerEnabled
PluginsAllowedForUrls
PluginsBlockedForUrls
PopupsAllowedForUrls
PopupsBlockedForUrls
ProxyBypassList
ProxyPacUrl
RemoteAccessHostAllowClientPairing
RemoteAccessHostAllowGnubbyAuth
RemoteAccessHostDomain
RemoteAccessHostFirewallTraversal
RemoteAccessHostRequireCurtain
RemoteAccessHostRequireTwoFactor
RemoteAccessHostTalkGadgetPrefix
RenderInChromeFrameList
ReportDeviceActivityTimes
ReportDeviceBootMode
ReportDeviceLocation
ReportDeviceNetworkInterfaces
ReportDeviceUsers
ReportDeviceVersionInfo
RestoreOnStartupURLs
kernel32.dll
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
pack-extension-key
promo-server-url
proxy-bypass-list
proxy-pac-url
safebrowsing-url-prefix
safebrowsing-download-feedback-url
spelling-service-feedback-url
sync-invalidate-xmpp-login
sync-notification-host-port
sync-url
sync-try-ssltcp-first-for-xmpp
enable-syncfs-directory-operation
try-chrome-again
variations-server-url
winhttp-proxy-resolver
plugins-metadata-server-url
windows8-search
allow-http-screen-capture
app-list-start-page-url
apps-checkout-url
apps-gallery-download-url
apps-gallery-url
apps-gallery-update-url
certificate-transparency-log
disable-extensions-http-throttling
disable-password-manager-reauthentication
disable-quic-https
disable-quic-port-selection
disable-web-resources
enable-auth-negotiate-port
enable-autologin
enable-http2-draft-04
enable-web-based-signin
enable-metrics-reporting-for-testing
enable-npn-http
enable-quic-https
enable-quic-port-selection
enable-save-password-bubble
enable-sdch-over-https
enable-user-controlled-alternate-protocol-ports
enable-websocket-over-spdy
explicitly-allowed-ports
extensions-not-webstore
google-base-url
google-search-domain-check-url
ignore-urlfetcher-cert-requests
install-from-webstore
limited-install-from-webstore
CHROME_VERSION
>CHROME_PRE_READ_EXPERIMENT
CHROME_SAFE_MODE
2676A9A2-D919-4FEE-9187-152100393AB2
35.0.1916.153
CHROME_HEADLESS
CHROME_LOG_FILE
CHROME_METRO_CONNECTED
CHROMEOS_SESSION_LOG_DIR
CHROME_CRASHED
CHROME_RESTART
chrome.googleechotest.com
http://pipelining.googleechotest.com/
cloud_print.user_settings.printers
cloud_print.submit_enabled
cloud_print.user_settings
net.max_connections_per_proxy
profile.managed_default_content_settings.cookies
profile.managed_default_content_settings.images
profile.managed_default_content_settings.javascript
profile.managed_default_content_settings.plugins
profile.managed_default_content_settings.popups
profile.managed_default_content_settings.geolocation
profile.managed_default_content_settings.notifications
profile.managed_default_content_settings.media_stream
profile.managed_cookies_allowed_for_urls
profile.managed_cookies_blocked_for_urls
profile.managed_cookies_sessiononly_for_urls
profile.managed_images_allowed_for_urls
profile.managed_images_blocked_for_urls
profile.managed_javascript_allowed_for_urls
profile.managed_javascript_blocked_for_urls
profile.managed_plugins_allowed_for_urls
profile.managed_plugins_blocked_for_urls
profile.managed_popups_allowed_for_urls
profile.managed_popups_blocked_for_urls
profile.managed_notifications_allowed_for_urls
profile.managed_notifications_blocked_for_urls
profile.managed_auto_select_certificate_for_urls
hardware.audio_capture_enabled
hardware.audio_capture_allowed_urls
hardware.video_capture_enabled
hardware.video_capture_allowed_urls
hotword.search_enabled_2
hotword.opt_in_popup_times_shown
hotword.audio_logging_enabled
browser.clear_lso_data_enabled
browser.pepper_flash_settings_enabled
browser.disk_cache_dir
browser.disk_cache_size
browser.media_cache_size
cros.system.releaseChannel
feedback.performance_tracing_enabled
background_contents.registered
browser.shown_autolaunch_infobar
auth.schemes
auth.disable_negotiate_cname_lookup
auth.enable_negotiate_port
auth.server_whitelist
auth.negotiate_delegate_whitelist
auth.gssapi_library_name
auth.spdyproxy.origin
auth.allow_cross_origin_prompt
async_dns.enabled
http_received_content_length
http_original_content_length
custom_handlers.registered_protocol_handlers
custom_handlers.ignored_protocol_handlers
custom_handlers.enabled
background_mode.enabled
hardware_acceleration_mode.enabled
policy.device_refresh_rate
message_center.showed_first_run_balloon
recovery_component.version
component_updater.state
browser.attempted_to_enable_autoupdate
media_galleries.gallery_id
media_galleries.remembered_galleries
media_galleries.last_scan_time
shelf_chrome_icon_index
gesture.fling_velocity_cap
gesture.long_press_time_in_seconds
gesture.max_distance_between_taps_for_double_tap
gesture.max_distance_for_two_finger_tap_in_pixels
gesture.max_seconds_between_double_click
gesture.max_separation_for_gesture_touches_in_pixels
gesture.max_swipe_deviation_ratio
gesture.max_touch_down_duration_in_seconds_for_click
gesture.max_touch_move_in_pixels_for_click
gesture.min_distance_for_pinch_scroll_in_pixels
gesture.min_flick_speed_squared
gesture.min_pinch_update_distance_in_pixels
gesture.min_rail_break_velocity
gesture.min_scroll_delta_squared
gesture.min_swipe_speed
gesture.min_touch_down_duration_in_seconds_for_click
gesture.points_buffered_for_velocity
gesture.rail_break_proportion
gesture.rail_start_proportion
gesture.scroll_prediction_seconds
gesture.semi_long_press_time_in_seconds
gesture.show_press_delay_in_ms
gesture.tab_scrub_activation_delay_in_ms
gesture.fling_acceleration_curve_coefficient_0
gesture.fling_acceleration_curve_coefficient_1
gesture.fling_acceleration_curve_coefficient_2
gesture.fling_acceleration_curve_coefficient_3
flingcurve.touchpad_alpha
flingcurve.touchpad_beta
flingcurve.touchpad_gamma
flingcurve.touchscreen_alpha
flingcurve.touchscreen_beta
flingcurve.touchscreen_gamma
gesture.fling_max_cancel_to_down_time_in_ms
gesture.fling_max_tap_gap_time_in_ms
overscroll.horizontal_threshold_complete
overscroll.vertical_threshold_complete
overscroll.minimum_threshold_start
overscroll.minimum_threshold_start_touchpad
overscroll.vertical_threshold_start
overscroll.horizontal_resist_threshold
overscroll.vertical_resist_threshold
network_profile.warnings_left
network_profile.last_warning_time
app_list.profile
app_list.show_on_relaunch
app_list.last_launch_ping
app_list.launch_count
app_list.last_app_launch_ping
app_list.app_launch_count
apps.app_launcher.has_been_enabled
app_list.how_enabled
app_list.when_enabled
apps.app_launcher.should_show_apps_page
apps.app_launcher.shortcut_version
app_launcher.show_promo
apps.app_launch_for_metro_restart
apps.app_launch_for_metro_restart_profile
apps.shortcuts_have_been_created
module_conflict.bubble_shown
settings.privacy.drm_salt
settings.privacy.drm_enabled
profile.extensions.activity_log.num_consumers_active
profile.extensions.activity_log.watchdog_extension_active
profile.preference_hashes
profile.network_time_mapping
proxy.quick_check_enabled
profile.managed.manual_hosts
profile.managed.manual_urls
profile.managed.custodian_email
profile.managed.custodian_name
profile.managed.shared_settings
profile.icon_version
session.restore_on_startup
session.restore_on_startup_migrated
profile.exited_cleanly
profile.exit_type
session.startup_urls
session.urls_to_restore_on_startup
session.startup_urls_migration_time
profile.ephemeral_mode
intl.app_locale
intl.charset_default
intl.accept_languages
intl.static_encodings
bookmark_bar.show_on_all_tabs
bookmark_bar.show_apps_shortcut
bookmark_editor.expanded_nodes
webkit.webprefs.fonts.standard.Zyyy
webkit.webprefs.fonts.fixed.Zyyy
webkit.webprefs.fonts.serif.Zyyy
webkit.webprefs.fonts.sansserif.Zyyy
webkit.webprefs.fonts.cursive.Zyyy
webkit.webprefs.fonts.fantasy.Zyyy
webkit.webprefs.fonts.pictograph.Zyyy
webkit.webprefs.fonts.standard
webkit.webprefs.fonts.fixed
webkit.webprefs.fonts.serif
webkit.webprefs.fonts.sansserif
webkit.webprefs.fonts.cursive
webkit.webprefs.fonts.fantasy
webkit.webprefs.fonts.pictograph
webkit.webprefs.fonts.standard.Arab
webkit.webprefs.fonts.fixed.Arab
webkit.webprefs.fonts.serif.Arab
webkit.webprefs.fonts.sansserif.Arab
webkit.webprefs.fonts.standard.Cyrl
webkit.webprefs.fonts.fixed.Cyrl
webkit.webprefs.fonts.serif.Cyrl
webkit.webprefs.fonts.sansserif.Cyrl
webkit.webprefs.fonts.standard.Grek
webkit.webprefs.fonts.fixed.Grek
webkit.webprefs.fonts.serif.Grek
webkit.webprefs.fonts.sansserif.Grek
webkit.webprefs.fonts.standard.Jpan
webkit.webprefs.fonts.fixed.Jpan
webkit.webprefs.fonts.serif.Jpan
webkit.webprefs.fonts.sansserif.Jpan
webkit.webprefs.fonts.standard.Hang
webkit.webprefs.fonts.fixed.Hang
webkit.webprefs.fonts.serif.Hang
webkit.webprefs.fonts.sansserif.Hang
webkit.webprefs.fonts.cursive.Hang
webkit.webprefs.fonts.standard.Hans
webkit.webprefs.fonts.fixed.Hans
webkit.webprefs.fonts.serif.Hans
webkit.webprefs.fonts.sansserif.Hans
webkit.webprefs.fonts.standard.Hant
webkit.webprefs.fonts.fixed.Hant
webkit.webprefs.fonts.serif.Hant
webkit.webprefs.fonts.sansserif.Hant
webkit.webprefs.default_font_size
webkit.webprefs.default_fixed_font_size
webkit.webprefs.minimum_font_size
webkit.webprefs.minimum_logical_font_size
webkit.webprefs.javascript_enabled
webkit.webprefs.web_security_enabled
webkit.webprefs.javascript_can_open_windows_automatically
webkit.webprefs.loads_images_automatically
webkit.webprefs.plugins_enabled
webkit.webprefs.dom_paste_enabled
webkit.webprefs.shrinks_standalone_images_to_fit
webkit.webprefs.inspector_settings
webkit.webprefs.uses_universal_detector
webkit.webprefs.text_areas_are_resizable
webkit.webprefs.java_enabled
webkit.webprefs.tabs_to_links
webkit.webprefs.allow_displaying_insecure_content
webkit.webprefs.allow_running_insecure_content
autologin.enabled
reverse_autologin.enabled
reverse_autologin.rejected_email_list
safebrowsing.enabled
safebrowsing.download_feedback_enabled
safebrowsing.reporting_enabled
safebrowsing.proceed_anyway_disabled
incognito.mode_availability
search.suggest_enabled
browser.confirm_to_quit
security.cookie_behavior
default_search_provider.synced_guid
default_search_provider.enabled
default_search_provider.search_url
default_search_provider.suggest_url
default_search_provider.instant_url
default_search_provider.image_url
default_search_provider.new_tab_url
default_search_provider.search_url_post_params
default_search_provider.suggest_url_post_params
default_search_provider.instant_url_post_params
default_search_provider.image_url_post_params
default_search_provider.icon_url
default_search_provider.encodings
default_search_provider.name
default_search_provider.keyword
default_search_provider.id
default_search_provider.prepopulate_id
default_search_provider.alternate_urls
default_search_provider.search_terms_replacement_key
download.prompt_for_download
alternate_error_pages.enabled
dns_prefetching.startup_list
dns_prefetching.host_referral_list
spdy.disabled
net.http_server_properties
spdy.servers
spdy.alternate_protocol
protocol.disabled_schemes
instant_ui.zero_suggest_url_prefix
local_state.multiple_profile_prefs_version
dns_prefetching.enabled
hide_web_store_icon
browser.show_home_button
profile.recently_selected_encodings
browser.clear_data.browsing_history
browser.clear_data.download_history
browser.clear_data.cache
browser.clear_data.cookies
browser.clear_data.passwords
browser.clear_data.form_data
browser.clear_data.hosted_apps_data
browser.clear_data.content_licenses
browser.enable_spellchecking
browser.speechinput_censor_results
browser.speechinput_tray_notification_shown_contexts
browser.enabled_labs_experiments
browser.enable_autospellcorrect
history.saving_disabled
history.deleting_enabled
settings.force_safesearch
browser.clear_data.time_period
browser.last_clear_browsing_data_time
extensions.theme.pack
extensions.theme.id
extensions.theme.images
extensions.theme.colors
extensions.theme.tints
extensions.theme.properties
extensions.ui.developer_mode
extensions.commands
plugins.last_internal_directory
plugins.plugins_list
plugins.plugins_disabled
plugins.plugins_disabled_exceptions
plugins.plugins_enabled
plugins.migrated_to_pepper_flash
plugins.removed_old_component_pepper_flash_settings
plugins.show_details
plugins.allow_outdated
plugins.always_authorize
plugins.metadata
plugins.resource_cache_update
browser.check_default_browser
browser.suppress_switch_to_metro_mode_on_set_default
browser.default_browser_setting_enabled
browser.custom_chrome_frame
browser.desktop_notification_position
profile.default_content_settings
profile.content_settings.clear_on_exit_migrated
profile.content_settings.pref_version
profile.content_settings.pattern_pairs
profile.content_settings.whitelist_version
profile.content_settings.plugin_whitelist
profile.block_third_party_cookies
profile.clear_site_data_on_exit
profile.default_zoom_level
profile.per_host_zoom_levels
autofill.data_model_default
autofill.pay_without_wallet
autofill.wallet_location_disclosure
autofill.save_data
autofill.wallet_shipping_same_as_billing
autofill.generated_card_bubble_times_shown
autofill.rac_dialog_defaults
bookmarks.editing_enabled
import_bookmarks
import_history
import_home_page
import_search_engine
import_saved_passwords
profile.avatar_index
profile.name
profile.is_managed
profile.managed_user_id
profile.gaia_info_update_time
profile.gaia_info_picture_url
profile.avatar_bubble_tutorial_shown
profile.user_manager_tutorial_shown
printing.enabled
printing.print_preview_disabled
profile.managed.default_filtering_behavior
profile.managed_user_creation_allowed
profile.managed_users
message_center.disabled_extension_ids
message_center.disabled_system_component_ids
message_center.enabled_sync_notifier_ids
synced_notification.enabled_remote_services
synced_notification.initialized_remote_services
synced_notification.first_run
message_center.welcome_notification_dismissed
message_center.welcome_notification_dismissed_local
message_center.welcome_notification_previously_popped_up
message_center.welcome_notification_expiration_timestamp
fullscreen.allowed
local_discovery.notifications_enabled
prefs.preference_reset_time
profile.reset_prompt_memento
gcm.channel_enabled
easy_unlock.enabled
easy_unlock.show_tutorial
easy_unlock.pairing
ssl.rev_checking.enabled
ssl.rev_checking.required_for_local_anchors
ssl.version_min
ssl.version_max
ssl.cipher_suites.blacklist
ssl.origin_bound_certs.enabled
ssl.ssl_record_splitting.disabled
user_experience_metrics.client_id2
user_experience_metrics.session_id
user_experience_metrics.low_entropy_source2
user_experience_metrics.permuted_entropy_cache
user_experience_metrics.client_id
user_experience_metrics.low_entropy_source
user_experience_metrics.reporting_enabled
user_experience_metrics.client_id_timestamp
user_experience_metrics.machine_id
user_experience_metrics.reset_metrics_ids
user_experience_metrics.initial_logs_as_protobufs
user_experience_metrics.ongoing_logs_as_protobufs
profile.last_used
profile.last_active_profiles
profile.profiles_created
profile.info_cache
profile.created_by_version
user_experience_metrics.stability.execution_phase
user_experience_metrics.stability.exited_cleanly
user_experience_metrics.stability.stats_version
user_experience_metrics.stability.stats_buildtime
user_experience_metrics.stability.session_end_completed
user_experience_metrics.stability.launch_count
user_experience_metrics.stability.crash_count
user_experience_metrics.stability.incomplete_session_end_count
user_experience_metrics.stability.page_load_count
user_experience_metrics.stability.saved_system_profile
user_experience_metrics.stability.saved_system_profile_hash
user_experience_metrics.stability.renderer_crash_count
user_experience_metrics.stability.launch_time_sec
user_experience_metrics.stability.extension_renderer_crash_count
user_experience_metrics.stability.last_timestamp_sec
user_experience_metrics.stability.renderer_hang_count
user_experience_metrics.stability.child_process_crash_count
user_experience_metrics.stability.other_user_crash_count
user_experience_metrics.stability.kernel_crash_count
user_experience_metrics.stability.system_unclean_shutdowns
user_experience_metrics.stability.breakpad_registration_ok
user_experience_metrics.stability.breakpad_registration_fail
user_experience_metrics.stability.debugger_present
user_experience_metrics.stability.debugger_not_present
user_experience_metrics.stability.plugin_stats2
uninstall_metrics.installation_date2
uninstall_metrics.page_load_count
uninstall_metrics.launch_count
uninstall_metrics.uptime_sec
uninstall_metrics.last_launch_time_sec
uninstall_metrics.last_observed_running_time_sec
browser.suppress_default_browser_prompt_for_version
browser.window_placement
task_manager.window_placement
keyword_editor.window_placement
preferences.window_placement
renderer.memory_cache.size
download.default_directory
download.extensions_to_open
download.directory_upgrade
savefile.default_directory
savefile.type
select_file_dialogs.allowed
filebrowser.tasks.default_by_mime_type
filebrowser.tasks.default_by_suffix
selectfile.last_directory
browser.hung_plugin_detect_freq
browser.plugin_message_response_timeout
spellcheck.dictionary
spellcheck.use_spelling_service
protocol_handler.excluded_schemes
safe_browsing.client_key
safe_browsing.wrapped_key
options_window.last_tab_index
content_settings_window.last_tab_index
certificate_manager_window.last_tab_index
browser.last_known_google_url
browser.last_prompted_google_url
browser.last_redirect_origin
shutdown.type
shutdown.num_processes
shutdown.num_processes_slow
restart.last.session.on.shutdown
was.restarted
relaunch.mode
extensions.disabled
plugins.disable_plugin_finder
ntp.app_page_names
ntp.collapsed_foreign_sessions
ntp.collapsed_recently_closed_tabs
ntp.collapsed_snapshot_document
ntp.collapsed_sync_promo
ntp.date_resource_server
ntp.most_visited_blacklist
ntp.promo_desktop_session_found
ntp.promo_resource_cache_update
ntp.shown_bookmarks_folder
ntp.shown_page
ntp.tips_resource_server
ntp.webstore_enabled
devtools.adb_key
devtools.disabled
devtools.discover_usb_devices
devtools.edited_files
devtools.file_system_paths
devtools.open_docked
devtools.port_forwarding_enabled
devtools.port_forwarding_default_set
devtools.port_forwarding_config
google.services.username_pattern
google.services.password_hash
invalidator.client_id
invalidator.invalidation_state
invalidator.saved_invalidations
invalidation_service.use_gcm_channel
sync_promo.startup_count
sync_promo.user_skipped
sync_promo.show_on_first_run_allowed
sync_promo.show_ntp_bubble
browser.web_app.create_on_desktop
browser.web_app.create_in_apps_menu
browser.web_app.create_in_quick_launch_bar
geolocation.access_token
googlegeolocationaccess.enabled
media.default_audio_capture_device
media.default_video_capture_Device
media.device_id_salt
remote_access.host_firewall_traversal
remote_access.host_require_two_factor
remote_access.host_domain
remote_access.host_talkgadget_prefix
remote_access.host_require_curtain
remote_access.host_allow_client_pairing
remote_access.host_allow_gnubby_auth
printing.print_preview_sticky_settings
cloud_print.service_url
cloud_print.signin_url
cloud_print.dialog_size.width
cloud_print.dialog_size.height
cloud_print.signin_dialog_size.width
cloud_print.signin_dialog_size.height
cloud_print.enabled
cloud_print.proxy_id
cloud_print.auth_token
cloud_print.xmpp_auth_token
cloud_print.email
cloud_print.print_system_settings
cloud_print.enable_job_poll
cloud_print.robot_refresh_token
cloud_print.robot_email
cloud_print.user_settings.connectNewPrinters
cloud_print.xmpp_ping_enabled
cloud_print.xmpp_ping_timeout_sec
SHELL32.dll
ole32.dll
OLEAUT32.dll
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
GetProcessWindowStation
operator
%s-%Iu
\uX
full-memory-crash-report
ERROR_REPORT
: Bad boy, the buffer passed to placement new is not aligned!
c:\b\build\slave\win\build\src\base\lazy_instance.h
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
user32.dll
0123456789
.thunks
.syzygy
Unsupported encoding. JSON must be UTF-8.
Dictionary keys must be quoted.
Line: %i, column: %i, %s
C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb
chrome.exe
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
chrome_elf.dll
VERSION.dll
WINMM.dll
SHLWAPI.dll
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ADVAPI32.dll
GetAsyncKeyState
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
USERENV.dll
WTSAPI32.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
#$(   ....6/6////. )
2(  ..////6//6
( /.///6////
(//.//6///.`
  55;;/?
  55;;>;>/
K%u!Xp
)^%x>
@DQSSSSSQLLHHGG?332200--'
BDRSSSSQLLPHH??332000-7.
6%%%%#%###!!
122200.- *('%
35955220.- ('$
79::995420.-*(&
<<=;;23.
|(==7:89?
ÞDDDCA)
: :$:(:,:0:4:8:<:@:
3#3(3.3{3
4%4.444>4
5#5)5/5:5@5
;>;~<&=">
>"?)?6?[?
= =?=_=~=
1 1$1(1,1014181
< <(<0<8<@<\<
0 0$0(0,0
SOFTWARE\Google\Chrome\Profile
registering_chrome
uninstalling_chrome_frame
echrmstp.exe
app_host.exe
chrome.dll
chrome_child.dll
npchrome_frame.dll
chrome_frame_helper.dll
chrome_frame_helper.exe
ChromeFrameHelperWindowClass
chrome_launcher.exe
metro_driver.dll
new_chrome.exe
old_chrome.exe
delegate_execute.exe
nacl64.exe
setup.exe
InstallerSuccessLaunchCmdLine
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
-chrome
-chromeframe
{8A69D345-D564-463C-AFF1-A69D9E530F96}
{430FD4D0-B729-4F61-AA34-91526481799D}
GoogleUpdateSetup.exe
CFEndTempOptOutCmd
CFOptInCmd
CFOptOutCmd
CFTempOptOutCmd
UninstallCmdLine
WebAccessible
{8A69D345-D564-463c-AFF1-A69D9E530F96}
ChromeHTML
Chrome HTML Document
{5C65F4B0-3651-4514-B207-D10CB699B14B}
http://www.google.com/support/chrome/bin/request.py?hl=$1&contact_type=uninstall
%d.%d.%d
Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}
BGoogle Chrome App Launcher
ChromeAppList
tSoftware\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
BGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Uninstall Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
error %u
hunspecified-crash-key
ntdll.dll
SOFTWARE\Policies\Google\Chrome
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
pipe\
Ckernel32.dll
kernelbase.dll
ekernel32.dll
ALPC Port
xkernel32.dll
xntdll.dll
wow_helper.exe"
${windows}
Chrome_StatusTrayWindow
Reported Crashes.txt
testing_interface.dll
Certificate Revocation Lists
cld2_data.bin
Custom Dictionary.txt
Login Data
Origin Bound Certs
Cached Theme.pak
Web Applications
pepflashplayer.dll
CHROME_METRO_NAV_SEARCH_REQUEST
CHROME_METRO_GET_CURRENT_TAB_INFO
Software\Google\Chrome\Metro
Software\Google\Chrome\BrowserCrashDumpAttempts
Dmscoree.dll
IADVAPI32.DLL
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
Chrome_MessageWindow
sSoftware\Microsoft\Windows\CurrentVersion\Run
ISoftware\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32
Chrome_MessagePumpWindow_%p
Ndebug.log
.\debug.log
debug_message.exe
\StringFileInfo\xx\%ls
%Program Files%\Google\Chrome\Application\chrome.exe
chrome_exe

chrome.exe_3268:


.text
`.rdata
@.data
.rsrc
@.reloc
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
c:\b\build\slave\win\build\src\chrome\app\client_util.cc
%d-pct-default
%d-pct-control
%d-pct
No valid Chrome version found
Failed to load Chrome DLL from
ChromeMain
RelaunchChromeBrowserWithNewCommandLineIfNeeded
Could not find exported function
blacklist-webgl
disable-webgl
disable-webkit-media-source
disable-web-security
enable-experimental-web-platform-features
enable-experimental-websocket
enable-html-imports
enable-privileged-webgl-extensions
enable-tcp-fastopen
enable-viewport
enable-viewport-meta
enable-vtune-support
enable-web-animations-svg
enable-webgl-draft-extensions
enable-web-midi
ignore-certificate-errors
remote-debugging-port
renderer-cmd-prefix
testing-fixed-http-port
testing-fixed-https-port
utility-cmd-prefix
webgl-command-buffer-size-kb
zygote-cmd-prefix
disable-webrtc-hw-decoding
disable-webrtc-encryption
disable-webrtc-hw-encoding
enable-webrtc-aec-recordings
enable-webrtc-tcp-server-socket
enable-webrtc-hw-vp8-encoding
disable-webaudio
1.3.21.115
%s-x-x
Chrome
0.0.0.0-devel
%s-%x
url-chunk
subresource_url
c:\b\build\slave\win\build\src\ui\gfx\win\dpi.cc
enable-webkit-text-subpixel-positioning
high-dpi-support
CHROME_MAIN_TIME
c:\b\build\slave\win\build\src\chrome\installer\util\google_update_settings.cc
Failed to write to application's ClientState key
Removed incremental installer failure key; switching to channel:
Removed multi-install failure key; switching to channel:
auto-launch-chrome
chrome
chrome-frame
chrome-sxs
do-not-launch-chrome
make-chrome-default
new-setup-exe
register-chrome-browser
register-chrome-browser-suffix
register-dev-chrome
register-url-protocol
rename-chrome-exe
remove-chrome-registration
update-setup-exe
toast-results-key
c:\b\build\slave\win\build\src\chrome\installer\util\channel_info.cc
Cannot initialize AppCommands from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
iexplore.exe
googlechrome
googlechromeapphost
googlechromeframe
Cannot initialize an AppCommand from an invalid key.
c:\b\build\slave\win\build\src\chrome\installer\util\app_command.cc
c:\b\build\slave\win\build\src\chrome\installer\util\language_selector.cc
CHROME_BREAKPAD_PIPE_NAME
c:\b\build\slave\win\build\src\components\breakpad\app\breakpad_win.cc
NTDLL.DLL
SuppressChromeFrameTurndownPrompt
TermsOfServiceURL
URLBlacklist
URLWhitelist
VideoCaptureAllowedUrls
VirtualKeyboardEnabled
AudioCaptureAllowedUrls
AutoSelectCertificateForUrls
ChromeFrameContentTypes
ChromeFrameRendererSettings
ChromeOsLockOnIdleSuspend
ChromeOsMultiProfileUserBehavior
ChromeOsReleaseChannel
ChromeOsReleaseChannelDelegated
CloudPrintProxyEnabled
CloudPrintSubmitEnabled
ContentPackManualBehaviorURLs
CookiesAllowedForUrls
CookiesBlockedForUrls
CookiesSessionOnlyForUrls
DefaultSearchProviderAlternateURLs
DefaultSearchProviderIconURL
DefaultSearchProviderImageURL
DefaultSearchProviderImageURLPostParams
DefaultSearchProviderInstantURL
DefaultSearchProviderInstantURLPostParams
DefaultSearchProviderKeyword
DefaultSearchProviderNewTabURL
DefaultSearchProviderSearchTermsReplacementKey
DefaultSearchProviderSearchURL
DefaultSearchProviderSearchURLPostParams
DefaultSearchProviderSuggestURL
DefaultSearchProviderSuggestURLPostParams
DeviceAllowRedeemChromeOsRegistrationOffers
DeviceLocalAccountAutoLoginBailoutEnabled
DeviceLocalAccountAutoLoginDelay
DeviceLocalAccountAutoLoginId
DeviceLoginScreenDefaultHighContrastEnabled
DeviceLoginScreenDefaultLargeCursorEnabled
DeviceLoginScreenDefaultScreenMagnifierType
DeviceLoginScreenDefaultSpokenFeedbackEnabled
DeviceLoginScreenDefaultVirtualKeyboardEnabled
DeviceLoginScreenPowerManagement
DeviceLoginScreenSaverId
DeviceLoginScreenSaverTimeout
DeviceMetricsReportingEnabled
DeviceStartUpUrls
DeviceUpdateHttpDownloadsEnabled
EnableAuthNegotiatePort
EnableOriginBoundCerts
EnableWebBasedSignin
EnterpriseWebStoreName
EnterpriseWebStoreURL
HideWebStoreIcon
HideWebStorePromo
ImagesAllowedForUrls
ImagesBlockedForUrls
ImportBookmarks
ImportHistory
ImportHomepage
ImportSavedPasswords
ImportSearchEngine
JavaScriptAllowedForUrls
JavaScriptBlockedForUrls
KeyboardDefaultToFunctionKeys
MetricsReportingEnabled
NotificationsAllowedForUrls
NotificationsBlockedForUrls
PasswordManagerAllowShowPasswords
PasswordManagerEnabled
PluginsAllowedForUrls
PluginsBlockedForUrls
PopupsAllowedForUrls
PopupsBlockedForUrls
ProxyBypassList
ProxyPacUrl
RemoteAccessHostAllowClientPairing
RemoteAccessHostAllowGnubbyAuth
RemoteAccessHostDomain
RemoteAccessHostFirewallTraversal
RemoteAccessHostRequireCurtain
RemoteAccessHostRequireTwoFactor
RemoteAccessHostTalkGadgetPrefix
RenderInChromeFrameList
ReportDeviceActivityTimes
ReportDeviceBootMode
ReportDeviceLocation
ReportDeviceNetworkInterfaces
ReportDeviceUsers
ReportDeviceVersionInfo
RestoreOnStartupURLs
kernel32.dll
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
pack-extension-key
promo-server-url
proxy-bypass-list
proxy-pac-url
safebrowsing-url-prefix
safebrowsing-download-feedback-url
spelling-service-feedback-url
sync-invalidate-xmpp-login
sync-notification-host-port
sync-url
sync-try-ssltcp-first-for-xmpp
enable-syncfs-directory-operation
try-chrome-again
variations-server-url
winhttp-proxy-resolver
plugins-metadata-server-url
windows8-search
allow-http-screen-capture
app-list-start-page-url
apps-checkout-url
apps-gallery-download-url
apps-gallery-url
apps-gallery-update-url
certificate-transparency-log
disable-extensions-http-throttling
disable-password-manager-reauthentication
disable-quic-https
disable-quic-port-selection
disable-web-resources
enable-auth-negotiate-port
enable-autologin
enable-http2-draft-04
enable-web-based-signin
enable-metrics-reporting-for-testing
enable-npn-http
enable-quic-https
enable-quic-port-selection
enable-save-password-bubble
enable-sdch-over-https
enable-user-controlled-alternate-protocol-ports
enable-websocket-over-spdy
explicitly-allowed-ports
extensions-not-webstore
google-base-url
google-search-domain-check-url
ignore-urlfetcher-cert-requests
install-from-webstore
limited-install-from-webstore
CHROME_VERSION
>CHROME_PRE_READ_EXPERIMENT
CHROME_SAFE_MODE
2676A9A2-D919-4FEE-9187-152100393AB2
35.0.1916.153
CHROME_HEADLESS
CHROME_LOG_FILE
CHROME_METRO_CONNECTED
CHROMEOS_SESSION_LOG_DIR
CHROME_CRASHED
CHROME_RESTART
chrome.googleechotest.com
http://pipelining.googleechotest.com/
cloud_print.user_settings.printers
cloud_print.submit_enabled
cloud_print.user_settings
net.max_connections_per_proxy
profile.managed_default_content_settings.cookies
profile.managed_default_content_settings.images
profile.managed_default_content_settings.javascript
profile.managed_default_content_settings.plugins
profile.managed_default_content_settings.popups
profile.managed_default_content_settings.geolocation
profile.managed_default_content_settings.notifications
profile.managed_default_content_settings.media_stream
profile.managed_cookies_allowed_for_urls
profile.managed_cookies_blocked_for_urls
profile.managed_cookies_sessiononly_for_urls
profile.managed_images_allowed_for_urls
profile.managed_images_blocked_for_urls
profile.managed_javascript_allowed_for_urls
profile.managed_javascript_blocked_for_urls
profile.managed_plugins_allowed_for_urls
profile.managed_plugins_blocked_for_urls
profile.managed_popups_allowed_for_urls
profile.managed_popups_blocked_for_urls
profile.managed_notifications_allowed_for_urls
profile.managed_notifications_blocked_for_urls
profile.managed_auto_select_certificate_for_urls
hardware.audio_capture_enabled
hardware.audio_capture_allowed_urls
hardware.video_capture_enabled
hardware.video_capture_allowed_urls
hotword.search_enabled_2
hotword.opt_in_popup_times_shown
hotword.audio_logging_enabled
browser.clear_lso_data_enabled
browser.pepper_flash_settings_enabled
browser.disk_cache_dir
browser.disk_cache_size
browser.media_cache_size
cros.system.releaseChannel
feedback.performance_tracing_enabled
background_contents.registered
browser.shown_autolaunch_infobar
auth.schemes
auth.disable_negotiate_cname_lookup
auth.enable_negotiate_port
auth.server_whitelist
auth.negotiate_delegate_whitelist
auth.gssapi_library_name
auth.spdyproxy.origin
auth.allow_cross_origin_prompt
async_dns.enabled
http_received_content_length
http_original_content_length
custom_handlers.registered_protocol_handlers
custom_handlers.ignored_protocol_handlers
custom_handlers.enabled
background_mode.enabled
hardware_acceleration_mode.enabled
policy.device_refresh_rate
message_center.showed_first_run_balloon
recovery_component.version
component_updater.state
browser.attempted_to_enable_autoupdate
media_galleries.gallery_id
media_galleries.remembered_galleries
media_galleries.last_scan_time
shelf_chrome_icon_index
gesture.fling_velocity_cap
gesture.long_press_time_in_seconds
gesture.max_distance_between_taps_for_double_tap
gesture.max_distance_for_two_finger_tap_in_pixels
gesture.max_seconds_between_double_click
gesture.max_separation_for_gesture_touches_in_pixels
gesture.max_swipe_deviation_ratio
gesture.max_touch_down_duration_in_seconds_for_click
gesture.max_touch_move_in_pixels_for_click
gesture.min_distance_for_pinch_scroll_in_pixels
gesture.min_flick_speed_squared
gesture.min_pinch_update_distance_in_pixels
gesture.min_rail_break_velocity
gesture.min_scroll_delta_squared
gesture.min_swipe_speed
gesture.min_touch_down_duration_in_seconds_for_click
gesture.points_buffered_for_velocity
gesture.rail_break_proportion
gesture.rail_start_proportion
gesture.scroll_prediction_seconds
gesture.semi_long_press_time_in_seconds
gesture.show_press_delay_in_ms
gesture.tab_scrub_activation_delay_in_ms
gesture.fling_acceleration_curve_coefficient_0
gesture.fling_acceleration_curve_coefficient_1
gesture.fling_acceleration_curve_coefficient_2
gesture.fling_acceleration_curve_coefficient_3
flingcurve.touchpad_alpha
flingcurve.touchpad_beta
flingcurve.touchpad_gamma
flingcurve.touchscreen_alpha
flingcurve.touchscreen_beta
flingcurve.touchscreen_gamma
gesture.fling_max_cancel_to_down_time_in_ms
gesture.fling_max_tap_gap_time_in_ms
overscroll.horizontal_threshold_complete
overscroll.vertical_threshold_complete
overscroll.minimum_threshold_start
overscroll.minimum_threshold_start_touchpad
overscroll.vertical_threshold_start
overscroll.horizontal_resist_threshold
overscroll.vertical_resist_threshold
network_profile.warnings_left
network_profile.last_warning_time
app_list.profile
app_list.show_on_relaunch
app_list.last_launch_ping
app_list.launch_count
app_list.last_app_launch_ping
app_list.app_launch_count
apps.app_launcher.has_been_enabled
app_list.how_enabled
app_list.when_enabled
apps.app_launcher.should_show_apps_page
apps.app_launcher.shortcut_version
app_launcher.show_promo
apps.app_launch_for_metro_restart
apps.app_launch_for_metro_restart_profile
apps.shortcuts_have_been_created
module_conflict.bubble_shown
settings.privacy.drm_salt
settings.privacy.drm_enabled
profile.extensions.activity_log.num_consumers_active
profile.extensions.activity_log.watchdog_extension_active
profile.preference_hashes
profile.network_time_mapping
proxy.quick_check_enabled
profile.managed.manual_hosts
profile.managed.manual_urls
profile.managed.custodian_email
profile.managed.custodian_name
profile.managed.shared_settings
profile.icon_version
session.restore_on_startup
session.restore_on_startup_migrated
profile.exited_cleanly
profile.exit_type
session.startup_urls
session.urls_to_restore_on_startup
session.startup_urls_migration_time
profile.ephemeral_mode
intl.app_locale
intl.charset_default
intl.accept_languages
intl.static_encodings
bookmark_bar.show_on_all_tabs
bookmark_bar.show_apps_shortcut
bookmark_editor.expanded_nodes
webkit.webprefs.fonts.standard.Zyyy
webkit.webprefs.fonts.fixed.Zyyy
webkit.webprefs.fonts.serif.Zyyy
webkit.webprefs.fonts.sansserif.Zyyy
webkit.webprefs.fonts.cursive.Zyyy
webkit.webprefs.fonts.fantasy.Zyyy
webkit.webprefs.fonts.pictograph.Zyyy
webkit.webprefs.fonts.standard
webkit.webprefs.fonts.fixed
webkit.webprefs.fonts.serif
webkit.webprefs.fonts.sansserif
webkit.webprefs.fonts.cursive
webkit.webprefs.fonts.fantasy
webkit.webprefs.fonts.pictograph
webkit.webprefs.fonts.standard.Arab
webkit.webprefs.fonts.fixed.Arab
webkit.webprefs.fonts.serif.Arab
webkit.webprefs.fonts.sansserif.Arab
webkit.webprefs.fonts.standard.Cyrl
webkit.webprefs.fonts.fixed.Cyrl
webkit.webprefs.fonts.serif.Cyrl
webkit.webprefs.fonts.sansserif.Cyrl
webkit.webprefs.fonts.standard.Grek
webkit.webprefs.fonts.fixed.Grek
webkit.webprefs.fonts.serif.Grek
webkit.webprefs.fonts.sansserif.Grek
webkit.webprefs.fonts.standard.Jpan
webkit.webprefs.fonts.fixed.Jpan
webkit.webprefs.fonts.serif.Jpan
webkit.webprefs.fonts.sansserif.Jpan
webkit.webprefs.fonts.standard.Hang
webkit.webprefs.fonts.fixed.Hang
webkit.webprefs.fonts.serif.Hang
webkit.webprefs.fonts.sansserif.Hang
webkit.webprefs.fonts.cursive.Hang
webkit.webprefs.fonts.standard.Hans
webkit.webprefs.fonts.fixed.Hans
webkit.webprefs.fonts.serif.Hans
webkit.webprefs.fonts.sansserif.Hans
webkit.webprefs.fonts.standard.Hant
webkit.webprefs.fonts.fixed.Hant
webkit.webprefs.fonts.serif.Hant
webkit.webprefs.fonts.sansserif.Hant
webkit.webprefs.default_font_size
webkit.webprefs.default_fixed_font_size
webkit.webprefs.minimum_font_size
webkit.webprefs.minimum_logical_font_size
webkit.webprefs.javascript_enabled
webkit.webprefs.web_security_enabled
webkit.webprefs.javascript_can_open_windows_automatically
webkit.webprefs.loads_images_automatically
webkit.webprefs.plugins_enabled
webkit.webprefs.dom_paste_enabled
webkit.webprefs.shrinks_standalone_images_to_fit
webkit.webprefs.inspector_settings
webkit.webprefs.uses_universal_detector
webkit.webprefs.text_areas_are_resizable
webkit.webprefs.java_enabled
webkit.webprefs.tabs_to_links
webkit.webprefs.allow_displaying_insecure_content
webkit.webprefs.allow_running_insecure_content
autologin.enabled
reverse_autologin.enabled
reverse_autologin.rejected_email_list
safebrowsing.enabled
safebrowsing.download_feedback_enabled
safebrowsing.reporting_enabled
safebrowsing.proceed_anyway_disabled
incognito.mode_availability
search.suggest_enabled
browser.confirm_to_quit
security.cookie_behavior
default_search_provider.synced_guid
default_search_provider.enabled
default_search_provider.search_url
default_search_provider.suggest_url
default_search_provider.instant_url
default_search_provider.image_url
default_search_provider.new_tab_url
default_search_provider.search_url_post_params
default_search_provider.suggest_url_post_params
default_search_provider.instant_url_post_params
default_search_provider.image_url_post_params
default_search_provider.icon_url
default_search_provider.encodings
default_search_provider.name
default_search_provider.keyword
default_search_provider.id
default_search_provider.prepopulate_id
default_search_provider.alternate_urls
default_search_provider.search_terms_replacement_key
download.prompt_for_download
alternate_error_pages.enabled
dns_prefetching.startup_list
dns_prefetching.host_referral_list
spdy.disabled
net.http_server_properties
spdy.servers
spdy.alternate_protocol
protocol.disabled_schemes
instant_ui.zero_suggest_url_prefix
local_state.multiple_profile_prefs_version
dns_prefetching.enabled
hide_web_store_icon
browser.show_home_button
profile.recently_selected_encodings
browser.clear_data.browsing_history
browser.clear_data.download_history
browser.clear_data.cache
browser.clear_data.cookies
browser.clear_data.passwords
browser.clear_data.form_data
browser.clear_data.hosted_apps_data
browser.clear_data.content_licenses
browser.enable_spellchecking
browser.speechinput_censor_results
browser.speechinput_tray_notification_shown_contexts
browser.enabled_labs_experiments
browser.enable_autospellcorrect
history.saving_disabled
history.deleting_enabled
settings.force_safesearch
browser.clear_data.time_period
browser.last_clear_browsing_data_time
extensions.theme.pack
extensions.theme.id
extensions.theme.images
extensions.theme.colors
extensions.theme.tints
extensions.theme.properties
extensions.ui.developer_mode
extensions.commands
plugins.last_internal_directory
plugins.plugins_list
plugins.plugins_disabled
plugins.plugins_disabled_exceptions
plugins.plugins_enabled
plugins.migrated_to_pepper_flash
plugins.removed_old_component_pepper_flash_settings
plugins.show_details
plugins.allow_outdated
plugins.always_authorize
plugins.metadata
plugins.resource_cache_update
browser.check_default_browser
browser.suppress_switch_to_metro_mode_on_set_default
browser.default_browser_setting_enabled
browser.custom_chrome_frame
browser.desktop_notification_position
profile.default_content_settings
profile.content_settings.clear_on_exit_migrated
profile.content_settings.pref_version
profile.content_settings.pattern_pairs
profile.content_settings.whitelist_version
profile.content_settings.plugin_whitelist
profile.block_third_party_cookies
profile.clear_site_data_on_exit
profile.default_zoom_level
profile.per_host_zoom_levels
autofill.data_model_default
autofill.pay_without_wallet
autofill.wallet_location_disclosure
autofill.save_data
autofill.wallet_shipping_same_as_billing
autofill.generated_card_bubble_times_shown
autofill.rac_dialog_defaults
bookmarks.editing_enabled
import_bookmarks
import_history
import_home_page
import_search_engine
import_saved_passwords
profile.avatar_index
profile.name
profile.is_managed
profile.managed_user_id
profile.gaia_info_update_time
profile.gaia_info_picture_url
profile.avatar_bubble_tutorial_shown
profile.user_manager_tutorial_shown
printing.enabled
printing.print_preview_disabled
profile.managed.default_filtering_behavior
profile.managed_user_creation_allowed
profile.managed_users
message_center.disabled_extension_ids
message_center.disabled_system_component_ids
message_center.enabled_sync_notifier_ids
synced_notification.enabled_remote_services
synced_notification.initialized_remote_services
synced_notification.first_run
message_center.welcome_notification_dismissed
message_center.welcome_notification_dismissed_local
message_center.welcome_notification_previously_popped_up
message_center.welcome_notification_expiration_timestamp
fullscreen.allowed
local_discovery.notifications_enabled
prefs.preference_reset_time
profile.reset_prompt_memento
gcm.channel_enabled
easy_unlock.enabled
easy_unlock.show_tutorial
easy_unlock.pairing
ssl.rev_checking.enabled
ssl.rev_checking.required_for_local_anchors
ssl.version_min
ssl.version_max
ssl.cipher_suites.blacklist
ssl.origin_bound_certs.enabled
ssl.ssl_record_splitting.disabled
user_experience_metrics.client_id2
user_experience_metrics.session_id
user_experience_metrics.low_entropy_source2
user_experience_metrics.permuted_entropy_cache
user_experience_metrics.client_id
user_experience_metrics.low_entropy_source
user_experience_metrics.reporting_enabled
user_experience_metrics.client_id_timestamp
user_experience_metrics.machine_id
user_experience_metrics.reset_metrics_ids
user_experience_metrics.initial_logs_as_protobufs
user_experience_metrics.ongoing_logs_as_protobufs
profile.last_used
profile.last_active_profiles
profile.profiles_created
profile.info_cache
profile.created_by_version
user_experience_metrics.stability.execution_phase
user_experience_metrics.stability.exited_cleanly
user_experience_metrics.stability.stats_version
user_experience_metrics.stability.stats_buildtime
user_experience_metrics.stability.session_end_completed
user_experience_metrics.stability.launch_count
user_experience_metrics.stability.crash_count
user_experience_metrics.stability.incomplete_session_end_count
user_experience_metrics.stability.page_load_count
user_experience_metrics.stability.saved_system_profile
user_experience_metrics.stability.saved_system_profile_hash
user_experience_metrics.stability.renderer_crash_count
user_experience_metrics.stability.launch_time_sec
user_experience_metrics.stability.extension_renderer_crash_count
user_experience_metrics.stability.last_timestamp_sec
user_experience_metrics.stability.renderer_hang_count
user_experience_metrics.stability.child_process_crash_count
user_experience_metrics.stability.other_user_crash_count
user_experience_metrics.stability.kernel_crash_count
user_experience_metrics.stability.system_unclean_shutdowns
user_experience_metrics.stability.breakpad_registration_ok
user_experience_metrics.stability.breakpad_registration_fail
user_experience_metrics.stability.debugger_present
user_experience_metrics.stability.debugger_not_present
user_experience_metrics.stability.plugin_stats2
uninstall_metrics.installation_date2
uninstall_metrics.page_load_count
uninstall_metrics.launch_count
uninstall_metrics.uptime_sec
uninstall_metrics.last_launch_time_sec
uninstall_metrics.last_observed_running_time_sec
browser.suppress_default_browser_prompt_for_version
browser.window_placement
task_manager.window_placement
keyword_editor.window_placement
preferences.window_placement
renderer.memory_cache.size
download.default_directory
download.extensions_to_open
download.directory_upgrade
savefile.default_directory
savefile.type
select_file_dialogs.allowed
filebrowser.tasks.default_by_mime_type
filebrowser.tasks.default_by_suffix
selectfile.last_directory
browser.hung_plugin_detect_freq
browser.plugin_message_response_timeout
spellcheck.dictionary
spellcheck.use_spelling_service
protocol_handler.excluded_schemes
safe_browsing.client_key
safe_browsing.wrapped_key
options_window.last_tab_index
content_settings_window.last_tab_index
certificate_manager_window.last_tab_index
browser.last_known_google_url
browser.last_prompted_google_url
browser.last_redirect_origin
shutdown.type
shutdown.num_processes
shutdown.num_processes_slow
restart.last.session.on.shutdown
was.restarted
relaunch.mode
extensions.disabled
plugins.disable_plugin_finder
ntp.app_page_names
ntp.collapsed_foreign_sessions
ntp.collapsed_recently_closed_tabs
ntp.collapsed_snapshot_document
ntp.collapsed_sync_promo
ntp.date_resource_server
ntp.most_visited_blacklist
ntp.promo_desktop_session_found
ntp.promo_resource_cache_update
ntp.shown_bookmarks_folder
ntp.shown_page
ntp.tips_resource_server
ntp.webstore_enabled
devtools.adb_key
devtools.disabled
devtools.discover_usb_devices
devtools.edited_files
devtools.file_system_paths
devtools.open_docked
devtools.port_forwarding_enabled
devtools.port_forwarding_default_set
devtools.port_forwarding_config
google.services.username_pattern
google.services.password_hash
invalidator.client_id
invalidator.invalidation_state
invalidator.saved_invalidations
invalidation_service.use_gcm_channel
sync_promo.startup_count
sync_promo.user_skipped
sync_promo.show_on_first_run_allowed
sync_promo.show_ntp_bubble
browser.web_app.create_on_desktop
browser.web_app.create_in_apps_menu
browser.web_app.create_in_quick_launch_bar
geolocation.access_token
googlegeolocationaccess.enabled
media.default_audio_capture_device
media.default_video_capture_Device
media.device_id_salt
remote_access.host_firewall_traversal
remote_access.host_require_two_factor
remote_access.host_domain
remote_access.host_talkgadget_prefix
remote_access.host_require_curtain
remote_access.host_allow_client_pairing
remote_access.host_allow_gnubby_auth
printing.print_preview_sticky_settings
cloud_print.service_url
cloud_print.signin_url
cloud_print.dialog_size.width
cloud_print.dialog_size.height
cloud_print.signin_dialog_size.width
cloud_print.signin_dialog_size.height
cloud_print.enabled
cloud_print.proxy_id
cloud_print.auth_token
cloud_print.xmpp_auth_token
cloud_print.email
cloud_print.print_system_settings
cloud_print.enable_job_poll
cloud_print.robot_refresh_token
cloud_print.robot_email
cloud_print.user_settings.connectNewPrinters
cloud_print.xmpp_ping_enabled
cloud_print.xmpp_ping_timeout_sec
SHELL32.dll
ole32.dll
OLEAUT32.dll
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
GetProcessWindowStation
operator
%s-%Iu
\uX
full-memory-crash-report
ERROR_REPORT
: Bad boy, the buffer passed to placement new is not aligned!
c:\b\build\slave\win\build\src\base\lazy_instance.h
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
PlatformFile.UnknownErrors.Windows
user32.dll
0123456789
.thunks
.syzygy
Unsupported encoding. JSON must be UTF-8.
Dictionary keys must be quoted.
Line: %i, column: %i, %s
C:\b\build\slave\win\build\src\out\Release\initialexe\chrome.exe.pdb
chrome.exe
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
SignalChromeElf
chrome_elf.dll
VERSION.dll
WINMM.dll
SHLWAPI.dll
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ADVAPI32.dll
GetAsyncKeyState
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
USER32.dll
USERENV.dll
WTSAPI32.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
#$(   ....6/6////. )
2(  ..////6//6
( /.///6////
(//.//6///.`
  55;;/?
  55;;>;>/
K%u!Xp
)^%x>
@DQSSSSSQLLHHGG?332200--'
BDRSSSSQLLPHH??332000-7.
6%%%%#%###!!
122200.- *('%
35955220.- ('$
79::995420.-*(&
<<=;;23.
|(==7:89?
ÞDDDCA)
: :$:(:,:0:4:8:<:@:
3#3(3.3{3
4%4.444>4
5#5)5/5:5@5
;>;~<&=">
>"?)?6?[?
= =?=_=~=
1 1$1(1,1014181
< <(<0<8<@<\<
0 0$0(0,0
SOFTWARE\Google\Chrome\Profile
registering_chrome
uninstalling_chrome_frame
echrmstp.exe
app_host.exe
chrome.dll
chrome_child.dll
npchrome_frame.dll
chrome_frame_helper.dll
chrome_frame_helper.exe
ChromeFrameHelperWindowClass
chrome_launcher.exe
metro_driver.dll
new_chrome.exe
old_chrome.exe
delegate_execute.exe
nacl64.exe
setup.exe
InstallerSuccessLaunchCmdLine
{4ea16ac7-fd5a-47c3-875b-dbf4a2008c20}
ChromeCanary
ChromeSSHTM
Chrome Canary HTML Document
{1BEAC3E3-B852-44F4-B468-8906C062422E}
BGoogle Chrome Canary
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium
-chrome
-chromeframe
{8A69D345-D564-463C-AFF1-A69D9E530F96}
{430FD4D0-B729-4F61-AA34-91526481799D}
GoogleUpdateSetup.exe
CFEndTempOptOutCmd
CFOptInCmd
CFOptOutCmd
CFTempOptOutCmd
UninstallCmdLine
WebAccessible
{8A69D345-D564-463c-AFF1-A69D9E530F96}
ChromeHTML
Chrome HTML Document
{5C65F4B0-3651-4514-B207-D10CB699B14B}
http://www.google.com/support/chrome/bin/request.py?hl=$1&contact_type=uninstall
%d.%d.%d
Google Chrome
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}
BGoogle Chrome App Launcher
ChromeAppList
tSoftware\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome App Launcher
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
BGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Uninstall Chrome Frame
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
Google Chrome binaries
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
error %u
hunspecified-crash-key
ntdll.dll
SOFTWARE\Policies\Google\Chrome
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
pipe\
Ckernel32.dll
kernelbase.dll
ekernel32.dll
ALPC Port
xkernel32.dll
xntdll.dll
wow_helper.exe"
${windows}
Chrome_StatusTrayWindow
Reported Crashes.txt
testing_interface.dll
Certificate Revocation Lists
cld2_data.bin
Custom Dictionary.txt
Login Data
Origin Bound Certs
Cached Theme.pak
Web Applications
pepflashplayer.dll
CHROME_METRO_NAV_SEARCH_REQUEST
CHROME_METRO_GET_CURRENT_TAB_INFO
Software\Google\Chrome\Metro
Software\Google\Chrome\BrowserCrashDumpAttempts
Dmscoree.dll
IADVAPI32.DLL
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
dbghelp.dll
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
Chrome_MessageWindow
sSoftware\Microsoft\Windows\CurrentVersion\Run
ISoftware\Classes\CLSID\{054AAE20-4BEA-4347-8A35-64A533254A9D}\LocalServer32
Chrome_MessagePumpWindow_%p
Ndebug.log
.\debug.log
debug_message.exe
\StringFileInfo\xx\%ls
%Program Files%\Google\Chrome\Application\chrome.exe
chrome_exe

UPDATER.EXE_3056:


.text
`.rdata
@.data
.rsrc
@.reloc
xSSSh
FTPjKS
FtPj;S
C.PjRV
SHELL32.dll
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
portuguese-brazilian
operator
GetProcessWindowStation
advapi32.dll
PSAPI.DLL
T8SqlTakeDefaultSearch
C:\code\p4\david.paxson_dp6127437787DT\Developers\David.Paxson\ChromeSearch\Build.TT\Release.x86\Updater.pdb
ShellExecuteW
SetProcessShutdownParameters
KERNEL32.dll
MsgWaitForMultipleObjects
EnumWindows
USER32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
SHLWAPI.dll
NETAPI32.dll
GetCPInfo
zcÁ
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
0 0)000@0]0
8 8$8(8,8084888
? ?$?(?5?
4 4$4(4,4
2 2$2(2,2024282
mscoree.dll
nKERNEL32.DLL
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
chrome.exe
\Web Data
T8SQL.DLL
SQLITE3.DLL
UPDATER.EXE
Software\Microsoft\Windows\CurrentVersion\RunOnce
9E6F91D8-0FD3-4AA5-B8D3-1DB2F6A94973
..\..\..
gadvapi32.dll
\Google\Chrome\User Data\
T8Sql.dll
@ChromeExtensionsDirectory
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\gch30.tmp\UPDATER.EXE
Chrome Search Updater
1.0.0.7
Updater.exe

iexplore.exe_2052_rwx_06673000_00002000:


ComSpec=%System%\cmd.exe
OS=Windows_NT
Path=C:\Perl\site\bin;C:\Perl\bin;%System%;%WinDir%;%WinDir%\System32\Wbem;c:\Program Files\Wireshark;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
SystemRoot=%WinDir%
windir=%WinDir%
2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7
2,5,14,85
http://ak.imgfarm.com/images/nocache/vicinio/installers/210720343.YYA.3/267246-140605124901-YYA.3/CursorManiaSetup.exe
WARE\Mozilla\Mozilla Firefox
NoRemove Windows
NoRemove {5957d8d4-6ff0-43fb-b50b-49079fe61659} = s ''
NoRemove MozillaPlugins
ForceRemove '@ei.CursorMania_7l.com/Plugin'
val Path = s '%ModuleDir%\NP7lEISB.dll'
val vendor = s 'FULLCOMPANYNAME_DDE0BB24-8F8C-44e9-B962-8289B302DEF9'
val version = s '1.1.0.0'
#.cursormania.com
\Program Files\CursorMania_7lEI\Installr\1.bin
\Program Files\CursorMania_7lEI\Installr\1.bin\7lEZSETP.dll

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

{8D12E9E7-52C6-4306-997F-81BC3953D8CE}.exe:2428
AppIntegrator.exe:3788
AppIntegrator.exe:2988
chrome.exe:2120
chrome.exe:492
chrome.exe:3796
chrome.exe:2996
chrome.exe:4032
chrome.exe:3972
chrome.exe:3704
chrome.exe:208
chrome.exe:3268
chrome.exe:2260
chrome.exe:3896
chrome.exe:4028
TPIManagerConsole.exe:2000
%original file name%.exe:2704
7lbarsvc.exe:2964
7lbarsvc.exe:2504
7lbarsvc.exe:2932
7lsrchmn.exe:732
mscorsvw.exe:1580
00000ae4T8SETUP.EXE:1088
CursorManiaSetup.exe:2788
{0059BF96-494D-4635-B0DE-1CF697754AD6}.exe:2688
rundll32.exe:3704
rundll32.exe:2856
7lHighIn.exe:2308
msfeedssync.exe:2080
7lbrmon.exe:1916
irsetup.exe:2992
irsetup.exe:1740
UPDATER.EXE:3056
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\lua5.1.dll (325 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\README (180 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\databases\Databases.db-journal (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist_new (9008 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data (30524 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\33.tmp (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_WHVktB7wAtDwyTp (136 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist_new (2888 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000019.log (551 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG (475 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000017 (369 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG (479 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_2 (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_3 (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_0 (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\data_1 (208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2D.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001 (41 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000002 (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000028 (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000027 (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000026 (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000025 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000024 (63 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000023 (41 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000022 (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000021 (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000020 (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gchljcfaonjffjifnjlcalnhgdmjckhg_0.localstorage (6365 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG (479 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000018.ldb (349 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon19on.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\Cookies (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_AdBp4tDOrhQ3tYd (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\QuotaManager-journal (5102 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\2E.tmp (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\gchljcfaonjffjifnjlcalnhgdmjckhg_64242.crx:Zone.Identifier (26 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\2B.tmp (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links (900 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000019.log (476 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\34.tmp (676 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal (15509 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons (6076 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000015.log (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gchljcfaonjffjifnjlcalnhgdmjckhg_0.localstorage-journal (9630 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon128.png (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2F.tmp (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000017.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000013 (127 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites-journal (11700 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000002.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\32.tmp (805 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\31.tmp (128 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_fQJ7zFXlNHPzTn8 (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\WEB DATA-JOURNAL (29470 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cursormania.dl.tb.ask.com_0.localstorage (443 bytes)
%Documents and Settings%\%current user%\My Documents\Downloads\gchljcfaonjffjifnjlcalnhgdmjckhg_64242.crx:Zone.Identifier (26 bytes)
%Documents and Settings%\%current user%\My Documents\Downloads\gchljcfaonjffjifnjlcalnhgdmjckhg_64242 (1).crx (69561 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000013.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_DHQLILmbDehLCgV (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set (3804 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_g8OTJEeeI5yT1kh (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing IP Blacklist_new (296 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session (10985 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom_new (558935 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies (736 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist_new (34048 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts (2316 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal (15992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\manifest.json (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal (17886 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000017.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon48.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\GPUCache\index (736 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal (4332 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_cursormania.dl.tb.ask.com_0.localstorage-journal (5106 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000017 (422 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\TOP SITES (4272 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\000018.ldb (353 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Storage\ext\chrome-signin\def\Cookies-journal (6393 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal (4533 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\35.tmp (805 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2A.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_huY0p4rphp9S5AD (1074 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_3 (3576 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_2 (10392 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_1 (126544 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\data_0 (377020 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download_new (254176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon16.png (834 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal (9778 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\2C.tmp (723 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\000003.log (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\radio\radio-widget.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\js\__utm.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\html\menuframe.html (956 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\radio\js\radio-custom.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\exePackageManager.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedscript\html\embedScriptTemplate.html (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\radio\background\RadioWidget.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\defaultSearchModalInjector.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\radio\css\toolbar-item.css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\weather\weatherButton.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\js\underscore-1.3.1.min.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\defaultSearchModal.html (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\tvf_btn_ok.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedhtml\js\embedHtmlUI.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\js\query-string.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\config.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\contentScript.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\contentScript.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\topapps\css\widget.css (610 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\api\window\widgetWindow.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\shared\unifiedLogging.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\reservespacefortoolbar.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\shared\universalConsole.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\js\newtabfork.js (841 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221335932.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\api\window\hiddenWidgetWindow.html (557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\search_button.png (844 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\radio\css\radio-widget.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\common\list-interaction.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221335957.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\tvf_restart_icon.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\images\right_arrow.png (963 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\common\set.js (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\globalBlacklistManager.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\exeManager.js (789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\jquery-1.7.1.min.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\plugins\7lChromePlugIn.dll (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\messaging.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\rss\rssWidget.html (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\adapter\widget-adapter.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\weather\css\weatherButton.css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\scriptInjector.js (819 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\weather\background\weatherButton.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\search\html\searchSuggestions.css (889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\common\jquery-1.7.1.min.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\list-interaction.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\radio\js\radio-parser.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\adapter\adapterUtil.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\flare\background\FlareWidget.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widget-context-1.0.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\flare\icons\Thumbs.db (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\radio\js\radio-widget.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\radio\radioWrapper\radioWrapper.html (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedscript\html\innerEmbedScriptTemplate.html (996 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\tvf_logo.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\PartnerId.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221336014.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\background\updateSearchPromptBg.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\searchContext.js (758 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\common\common.js (251 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\RadioPlayerSprite.png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\search\html\searchSuggestions.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\toolbar.html (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\shared\utils.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\topapps\widget.html (727 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\08_buttons2.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\js\jquery-1.7.1.min.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\blacklistService.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\uninstall\background\uninstallButton.js (716 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\resource.xml (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221335934.png (769 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\resource.json (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\dynamic.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\options.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221336046.png (264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\rss\js\rss-widget-custom.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\html\supertab.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\buildVars.js (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\tvf_restart_alert_icon.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\07_buttons2.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\underscore-1.3.1.min.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedscript\js\embedScriptUI.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedscript\background\embedScriptWidget.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\radio\js\radio-widget-ui.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\options.js (684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\URILoaderContentScript.js (271 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\underscore-1.5.2.min.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\rss\js\rss-widget-parse.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedhtml\background\embedHtmlWidget.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\background\updateSearch.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\thirdparty\background\thirdPartyWidget.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedhtml\html\innerEmbedHtmlTemplate.html (420 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\generic\background\GenericWidget.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\newTabInfo.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\wrench.png (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\widgetWindowManager.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\DECODED_IMAGES (77 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\alert\background\alertButton.js (584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\api\background\ApiBasedWidget.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\background\menuButton.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\eventListening.js (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\README.txt (227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\navRedirector.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\weather\js\weather.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\qunit.css (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\search\html\searchSuggestions.html (811 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\IDR_WEBSTORE_ICON.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\css\supertab.css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\api\window\hiddenWidgetWindowInit.js (353 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\toolbar.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\testWidget.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\topapps\js\widget.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\js\reporting.js (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\rss\background\RssWidget.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\initWidgetWindow.js (802 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\icon19disabled.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\updateSearchPromptFg.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\enableDetect.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\set.js (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\search\background\searchBox.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\superFrame.js (745 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\js\unifiedLogging.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\common\underscore-1.3.1.min.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\js\srchsugg.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\testWidget.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\radio\radioWrapper\radioWrapper.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221770541.png (645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\embedhtml\html\embedHtmlTemplate.html (531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\api\window\widgetWindow.html (788 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\mutation_summary.js (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\toolbarUI.html (876 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\toolbarUI.css (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\chromeUtils.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\shared\rsvp-latest.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\tvf_icon_guide.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\Widget.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\moviereviews\html\movieReviews.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\extension_toolbar_api.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\rss\js\rss-widget.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\down_arrow.png (959 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\global.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221335983.png (936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\common\eventListening.js (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\link\background\linkButton.js (697 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\tb_icon_search_disappearing_ask.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\api\window\hiddenWidgetWindow.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\toolbarPreinit.js (113 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\defaultSearchModalInjector.css (522 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\abstractbutton\background\abstractButton.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\magnifying_glass.png (234 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\reservespaceifenabled.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\paramReplacer.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\plugins\SearchControl.dll (59304 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\defaultSearch\foreground\tvf_btn_ok2.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\toolbarCookieParser.js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\js\menuframe.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\toolbarUI.js (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\jquery.js (15336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\moviereviews\background\MovieReviewsWidget.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\moviereviews\js\movieReviews.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\IDR_PRODUCT_LOGO_16.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\focusManager.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\flare\icons\Icon_Flare_pink.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\search\html\searchSuggestionsInit.js (548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\messageEventListener.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\readLocalStorage.js (339 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\icons\arrowSprite.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\topapps\js\topapps-config.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\qunit.js (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\mutation_summary-min.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\unifiedLogging.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\underscore-1.3.1.min.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\js\common.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\radio\foreground\button.js (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\flare\icons\Icon_Flare_blue.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\moviereviews\css\movieReviews.css (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\js\widgetFactory.js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\widget-api\widgets\test\invalid.json (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\images\221336063.png (398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\images\right_arrow_white.png (962 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\common\components\menu\css\menuframe.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\plugins\Verify.dll (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\supertab\js\supertab.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\plugins\EXEManager.dll (31256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_428_17373\CRX_INSTALL\components\api\background\widget-api-impl.js (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gch30.tmp\T8SQL.DLL (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\E9UY92VW\manifest[1].json (1187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gch30.tmp\searchupdater (1752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AAE8OMVS\manifest.json[3].sig (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gchljcfaonjffjifnjlcalnhgdmjckhg\8.27.3.62908_0\plugins\searchupdater (84 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gch30.tmp\SQLITE3.DLL (1770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gch30.tmp\UPDATER.EXE (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\NLJ2BW4Z\macromedia.com\support\flashplayer\sys\settings.sxx (3058 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\D4F348B882DF3F205ECCB6243795CB3A (200 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\{0059BF96-494D-4635-B0DE-1CF697754AD6}.exe (602400 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\{8D12E9E7-52C6-4306-997F-81BC3953D8CE}.exe (599075 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\D4F348B882DF3F205ECCB6243795CB3A (554 bytes)
%Program Files%\CursorMania_7lEI\Installr\1.bin\NP7lEISb.dll (1568 bytes)
%Program Files%\CursorMania_7lEI\Installr\1.bin\7lEZSETP.dl_ (300 bytes)
%Program Files%\CursorMania_7lEI\Installr\1.bin\7lEIPlug.dl_ (45 bytes)
%Program Files%\CursorMania_7lEI\Installr\1.bin\NP7lEISb.dl_ (40 bytes)
%Program Files%\CursorMania_7lEI\Installr\1.bin\7lEZSETP.dll (14400 bytes)
%Program Files%\CursorMania_7lEI\Installr\1.bin\7lEIPlug.dll (2104 bytes)
%Program Files%\CursorMania_7l\bar\IE9Mesg\COMMON.T8S (1727 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lbrmon.exe (61 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lieovr.dll (73 bytes)
%Program Files%\CursorMania_7l\bar\gen1\COMMON.T8S (1 bytes)
%Documents and Settings%\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\INSTALL.RDF (2 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lreghk.dll (75 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lskin.dll (202 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\DPNMNGR.DLL (289 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lSrcAs.dll (139 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\ASSISTMONITOR.DLL (303 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\CrExtP7l.exe (7972 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\T8EPMSUP.DLL (77 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lbprtct.dll (115 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lskplay.exe (55 bytes)
%Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat (220 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lidle.dll (61 bytes)
%System%\config\SYSTEM.LOG (9033 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (2616 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\T8EXTEX.DLL (98 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lhttpct.dll (144 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML (491 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\EXEMANAGER.DLL (1767 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\ASSISTMONITOR64.DLL (1633 bytes)
%System%\config\SOFTWARE.LOG (60644 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lauxstb64.dll (65 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lfeedmg.dll (139 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\NP7lStub.dll (48 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lbarsvc.exe (88 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lregiet.dll (83 bytes)
%Documents and Settings%\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG (1560 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7ldatact.dll (160 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\TPIMANAGERCONSOLE.EXE (78 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\AppIntegrator64.exe (1766 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\CHROME.MANIFEST (1 bytes)
%System%\config\system (5721 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7ldlghk64.dll (119 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\APPINTEGRATOR.EXE (1702 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lbrstub.dll (63 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\CREXT.DLL (7386 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lSrchMn.exe (55 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL (15 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lregfft.dll (81 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lscript.dll (100 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\T8TICKER.DLL (168 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lbrstub64.dll (74 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lhighin.exe (12 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\chrome\7lffxtbr.jar (1829 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\T8HTML.DLL (188 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\BOOTSTRAP.JS (20 bytes)
%Documents and Settings%\%current user%\NTUSER.DAT.LOG (13376 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\T8RES.DLL (196 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7ltpinst.dll (179 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lradio.dll (210 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7ldlghk.dll (101 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\LOGO.BMP (10 bytes)
C:\$Directory (200 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE (206 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lPlugin.dll (108 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\AppIntegratorStub64.dll (290 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lbar.dll (6313 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\VERIFY.DLL (66 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL (17 bytes)
%System%\config\software (50252 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\installKeys.js (216 bytes)
%Program Files%\CursorMania_7l\bar\Settings\s_pid.dat (34 bytes)
%Program Files%\CursorMania_7l\bar\Message\COMMON.T8S (103 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lhkstub.dll (59 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lmlbtn.dll (96 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lsrchmr.dll (83 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\T8EXTPEX.DLL (104 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\FF-NativeMessagingDispatcher.dll (250 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lauxstb.dll (55 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lbrmon64.exe (71 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\APPINTEGRATORSTUB.DLL (250 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lmedint.exe (12 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\UNIFIEDLOGGING.DLL (316 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\Hpg64.dll (1719 bytes)
%Program Files%\CursorMania_7l\bar\1.bin\7lhtmlmu.dll (202 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\permissions.sqlite (25600 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-malware-shavar.sbstore (6722 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-malware-shavar-1.cache (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_7RJmlxTg9VdwBhs (540 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\D236B74794790D9923905972356B8BEC (224 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\downloads.json.tmp (602 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\install.rdf (1 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\healthreport.sqlite-wal (35472 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\sessionCheckpoints.json.tmp (143 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\permissions.sqlite-journal (28800 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-malware-simple-1.cache (80 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\plugins\EXEManager.dll (4752 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\searchplugins\ask-web-search-1.xml (341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AAE8OMVS\manifest.json[1].sig (753 bytes)
%Documents and Settings%\%current user%\My Documents\Downloads\CursorManiaSetup.exe.part (16756 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\_CACHE_001_ (46456 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\search.json.tmp (59 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\pluginreg.dat.tmp (13774 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-malware-shavar-1.sbstore (24808 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-phish-simple.pset (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X33TH0UP\manifest.json[2].sig (753 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\addons.json.tmp (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\2\BE\7B900d01 (8474 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-malware-shavar.pset (8958 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\storage\persistent\moz-safe-about home\idb\818200132aebmoouht.sqlite-journal (10155 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\prefs-1.js (1464 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-malware-simple.pset (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WJYHCPG4\manifest.json[2].sig (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-phish-simple.cache (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\3\38\2B5F5d01 (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\_CACHE_002_ (10112 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\F\95\9139Cd01 (895 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\chrome\7lffxtbr.jar (3696 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-phish-shavar.cache (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\7\4D\57E2Fd01 (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\startupCache\startupCache.4.little (70866 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\META-INF\manifest.mf (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-phish-shavar-1.cache (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\thumbnails\c9fd8f26c8cc1671f79c62083c1a164f.png.tmp (149 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\E\93\D9D5Ed02 (8099 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\F\F5\E7112d01 (28041 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\E\AA\FDAD8d01 (523 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions.json.tmp (4 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\cert8.db (4924 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\plugins\Verify.dll (1568 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\_CACHE_003_ (13963 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\A\CD\D40D7d01 (4023 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-malware-simple.sbstore (464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AAE8OMVS\manifest[1].json (1187 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-malware-shavar.cache (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\C\CC\85BDFd01 (51988 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-phish-simple-1.sbstore (412 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-phish-simple-1.cache (80 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\META-INF\zigbert.rsa (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\pR3lOtCs.exe.part (18485 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\install_no_bootstrap.rdf (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_vyXSGeMQOGYhd1o (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\3\83\A81A8d01 (5458 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-malware-simple-1.sbstore (412 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\localstore-1.rdf (5 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\cookies.sqlite (57888 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\B\83\D8E62d01 (1731 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\META-INF\zigbert.sf (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\E9UY92VW\manifest.json[2].sig (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\_CACHE_MAP_ (280 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\sessionstore.js.tmp (4 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\7lffxtbr@CursorMania_7l.com\install_old.rdf (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WJYHCPG4\manifest.json[1].sig (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-malware-simple.cache (88 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp-rnc.xpi (253766 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\D236B74794790D9923905972356B8BEC (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X33TH0UP\manifest.json[3].sig (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-phish-shavar.pset (6767 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\cookies.sqlite-wal (357600 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\_CACHE_CLEAN_ (30 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\compatibility.ini (361 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\E\A3\A440Ad01 (845 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\test-phish-simple.sbstore (464 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-phish-shavar.sbstore (2562 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\AAE8OMVS\manifest.json[2].sig (753 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\CursorMania_7l\119C6B41-CF2E-4DFF-A692-17BCF08918F4.sqlite (3241 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\places.sqlite (91458 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\F\D1\B7589d01 (242125 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\search-metadata.json.tmp (279 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\E9UY92VW\manifest.json[1].sig (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\3\05\14225d01 (595 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\CursorMania_7l\119C6B41-CF2E-4DFF-A692-17BCF08918F4.sqlite-journal (528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\X33TH0UP\manifest.json[1].sig (753 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\bootstrap.js (20 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\chrome.manifest (332 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing\goog-phish-shavar-1.sbstore (19553 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\Cache\B\89\1E7A7d01 (747 bytes)
%Documents and Settings%\%current user%\My Documents\Downloads\CursorManiaSetup.exe:Zone.Identifier (26 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\webapps\webapps.json.tmp (2 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\places.sqlite-wal (130768 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\webappsstore.sqlite-wal (2668 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\safebrowsing-to_delete (8 bytes)
%Documents and Settings%\%current user%\Application Data\Mozilla\Firefox\Profiles\rsxjpslc.default\extensions\staged\7lffxtbr@CursorMania_7l.com\plugins\NativeMessagingDispatcher.dll (4376 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00000ae4T8SETUP.EXE (212337 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\00000ae4T8SETUP.EX_ (42363 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\C3E814D1CB223AFCD58214D14C3B7EAB (341 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (129 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
%Program Files%\CursorMania_7lEI\Installr\Cache\00137D90.exe (663471 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB (220 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA (208 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8BD11C4A2318EC8E5A82462092971DEA (477 bytes)
%Program Files%\CursorMania_7lEI\Installr\Cache\files.ini (2149 bytes)
%Program Files%\CursorMania_7lEI\Installr\setups\CursorManiaSetup.exe (2968443 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WJYHCPG4\ie8[1].txt (644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WJYHCPG4\rss[2].xml (6219 bytes)
%WinDir%\Tasks\User_Feed_Synchronization-{414D0F7C-B684-437B-B53E-8AB5AE32E070}.job (416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\SuggestedSites.dat (31071 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms (2168 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms (10700 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms (4452 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms (4452 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\Internet Explorer Suggested Sites~.feed-ms (1080 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WJYHCPG4\rss[1].xml (6637 bytes)
%Program Files%\CursorMania\Uninstall\uni29.tmp (9189 bytes)
%Program Files%\CursorMania\Uninstall\uninstall.dat (2104 bytes)
%Program Files%\CursorMania\Uninstall\uninstall.xml (1357 bytes)
%Program Files%\CursorMania\uninstall.exe (9213 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\_ir_sf_temp_0\irsetup.dat (1137 bytes)
%Program Files%\CursorMania\CursorMania.exe (4437 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CursorMania Setup Log.txt (853 bytes)
%Program Files%\CursorMania\lua5.1.dll (2902 bytes)
%Program Files%\PopularScreensavers\p5PSSavr.scr (39 bytes)
%Program Files%\PopularScreensavers\p5Plugin.dll (60 bytes)
%Program Files%\PopularScreensavers\p5svc.exe (35 bytes)
%Program Files%\PopularScreensavers\uninstall.exe (9213 bytes)
%Program Files%\PopularScreensavers\p5BkgErr.jpg (2192 bytes)
%Program Files%\PopularScreensavers\p5wphook.dll (31 bytes)
%Program Files%\PopularScreensavers\p5ScrCtr.dll (3997 bytes)
%Program Files%\PopularScreensavers\Uninstall\uninstall.xml (828 bytes)
%Program Files%\PopularScreensavers\p5MedInt.exe (23 bytes)
%Program Files%\PopularScreensavers\lua5.1.dll (2902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Popular Screensavers Setup Log.txt (320 bytes)
%Program Files%\PopularScreensavers\p5wallpp.dat (305 bytes)
%System%\p5PSSavr.scr (39 bytes)
%Program Files%\PopularScreensavers\p5Html.dll (1137 bytes)
%Program Files%\PopularScreensavers\p5cjpeg.dll (2079 bytes)
%Program Files%\PopularScreensavers\Uninstall\uni28.tmp (9314 bytes)
%Program Files%\PopularScreensavers\p5spacer.wmv (5 bytes)
%Program Files%\PopularScreensavers\Uninstall\uninstall.dat (2104 bytes)
%Program Files%\PopularScreensavers\NPp5Stub.dll (31 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorMania Search Scope Monitor" = "C:\PROGRA~1\CURSOR~2\bar\1.bin\7lsrchmn.exe /m=2 /w /h"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorMania Home Page Guard 32 bit" = "C:\PROGRA~1\CURSOR~2\bar\1.bin\AppIntegrator.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorMania_7l Browser Plugin Loader" = "C:\PROGRA~1\CURSOR~2\bar\1.bin\7lbrmon.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"gchljcfaonjffjifnjlcalnhgdmjckhg Upgrader" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\gch30.tmp\UPDATER.EXE"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12

No thanks, continue to lavasoft.com

close x

Discover the new adaware antivirus 12

Our best antivirus yet