MemScan.Application.Bundler.Outbrowse.E_8c52350b19

by malwarelabrobot on July 9th, 2014 in Malware Descriptions.

MemScan:Application.Bundler.Outbrowse.E (AdAware), mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Malware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 8c52350b19ef0711f3b46d02f6a3b6bd
SHA1: a6ed4af21709daf34841ab9358231fb1afd196a2
SHA256: 4bb228d880453110d0ddaef54b0c9bbcb2ed70164295551f84931d566775933a
SSDeep: 24576:Zl484CsoZWCM5PAj7vrhbpODEN6kVYQnon08SFv0:HL4hp rOoN6kVY o0rFs
Size: 943384 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-12-06 00:50:52
Analyzed on: WindowsXP SP3 32-bit


Summary:

Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.

Payload

No specific payload has been found.

Process activity

The MemScan creates the following process(es):

wmic.exe:544

The MemScan injects its code into the following process(es):

setup-stub.exe:1124
f.exe:444
%original file name%.exe:1064
6_Offer_12.exe:1860

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process setup-stub.exe:1124 makes changes in the file system.
The MemScan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\appname.bmp (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\bgintro.bmp (12280 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\particles.bmp (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\pencil.bmp (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\bgplain.bmp (12280 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\clock.bmp (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\nsDialogs.dll (9 bytes)

The MemScan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsvB5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp (0 bytes)

The process f.exe:444 makes changes in the file system.
The MemScan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Q9JK3VWX\DynamicOfferScreen[1].htm (948 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IJT3DEFP\button[1].png (458 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\6_Offer_12.exe (15004 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PreExe_ID_13667.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Q9JK3VWX\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\UDWL4BC1\button_over[1].png (921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IJT3DEFP\Firefox[1].exe (28502 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IJT3DEFP\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IJT3DEFP\BuzzIT2Checker11-6[1].exe (9673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4TOJWX4Z\bodyImg[1].png (5952 bytes)

The MemScan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Q9JK3VWX\DynamicOfferScreen[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\PreExe_ID_13667.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\obhhelper.txt (0 bytes)

The process wmic.exe:544 makes changes in the file system.
The MemScan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\obhhelper.txt (238 bytes)

The MemScan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\obhhelper.txt (0 bytes)

The process %original file name%.exe:1064 makes changes in the file system.
The MemScan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\f.exe (7972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\instructionsCalgk.dat (27433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsrB3.tmp\System.dll (11 bytes)

The MemScan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsrB2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsrB3.tmp (0 bytes)

The process 6_Offer_12.exe:1860 makes changes in the file system.
The MemScan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\7zSB4.tmp\setup-stub.exe (13454 bytes)

The MemScan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\7zSB4.tmp (0 bytes)

Registry activity

The process setup-stub.exe:1124 makes changes in the system registry.
The MemScan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E 83 B7 F6 08 86 3C CB E0 FD 22 28 AF 80 38 0D"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Mozilla]
"FirefoxInstallerTest" = "Write Test"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The MemScan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Mozilla]
"FirefoxInstallerTest"

The process f.exe:444 makes changes in the system registry.
The MemScan creates and/or sets the following values in system registry:

[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\TypeLib]
"(Default)" = "{03771AEF-400D-4A13-B712-25878EC4A3F5}"

[HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\0\win32]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\f.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 12 00 00 00 01 00 00 00 00 00 00 00"

[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}]
"(Default)" = "CBrowserExternal Class"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\Version]
"(Default)" = "1.0"

[HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\HELPDIR]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp"

[HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\TypeLib]
"(Default)" = "{03771AEF-400D-4A13-B712-25878EC4A3F5}"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0]
"(Default)" = "SmartInstallerLib"

[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}]
"(Default)" = "IBrowserExternals"

[HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\LocalServer32]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\f.exe"
"ServerExecutable" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\f.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 76 1C 6E E2 A0 80 45 5D 77 FC E1 87 F9 46 98"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Internet Explorer]
"iexplore.exe" = "Internet Explorer"

[HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\FLAGS]
"(Default)" = "0"

The MemScan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The MemScan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The MemScan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The MemScan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process wmic.exe:544 makes changes in the system registry.
The MemScan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 E4 BC 86 82 B0 75 FD E8 D1 B3 BC BD 6E 15 22"

The process %original file name%.exe:1064 makes changes in the system registry.
The MemScan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 62 19 CF 1A C1 78 2C 2C 94 28 B9 CA 33 CF DD"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process 6_Offer_12.exe:1860 makes changes in the system registry.
The MemScan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7C 1A E7 AC F5 17 7E 4E 08 4A B3 CB 2A 6F 01 A7"

Dropped PE files

MD5 File path
351d83cbc02c48ca0af90afe233fcf79 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\6_Offer_12.exe
c4ba119edd07634350bd6f63c9a9733c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\7zSB4.tmp\setup-stub.exe
c416bcf6a1bfc274c22c243da87c0f33 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\f.exe
959ea64598b9a3e494c00e8fa793be7e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nskB6.tmp\System.dll
f7b92b78f1a00a872c8a38f40afa7d65 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nskB6.tmp\nsDialogs.dll
c17103ae9072a06da581dec998343fc1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsrB3.tmp\System.dll
b8b654dd30c249e00c79f1508a2736e5 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\IJT3DEFP\BuzzIT2Checker11-6[1].exe
351d83cbc02c48ca0af90afe233fcf79 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\IJT3DEFP\Firefox[1].exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: Firefox
Product Version: 3.0
Legal Copyright: Firefox
Legal Trademarks: Firefox
Original Filename:
Internal Name:
File Version:
File Description: Firefox
Comments: setup Installer
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 23628 24064 4.46394 856b32eb77dfd6fb67f21d6543272da5
.rdata 28672 4764 5120 3.4982 dc77f8a1e6985a4361c55642680ddb4f
.data 36864 154712 1024 3.3278 7922d4ce117d7d5b3ac2cffe4b0b5e4f
.ndata 192512 94208 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 286720 3176 3584 2.75375 61886786c758d78857d0529764e4c7bd

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 481
9075f446add5ec41257f58f8dc344511
ea27666125c2bb990dab607f47cf310f
3b5c82330cb8a4c16d41e5b26be76f3a
cd8c8443f373d4fa58a9d7aad6058667
a7abf1354079db1f1fb931a6917c583b
b6db55d4bed46aa90ce58aadc61f0341
4cdf363b3c476b9d413e1a373e4f04b3
c27caef5212c8d8e08a6220166ccfb41
f7e26b1c24e4c19ae3029062960031b9
eda611fe56c3a547f83bf1115db44f9c
6682148233fe4b96c56522254edaf00b
6ba3f80e35469236cad9c07a6f11c2c7
a4d28e59dfea0e3e6b6b5c7edc23b509
83aea5cc733a64256da306f24753c7fe
2a8a39c3d4f095499e6c8886afaf92e3
53ed4f24eac3da19d145ec097315b859
77e2a53a7f224993e6ecf2c726ce980f
caeb50584a473d5d396a257119a035f8
18fb56d3368841860c23187cb164d6de
19eaeb3d4fbaf70a4dc6a8f23db48a84
81fd71f835897ec687159c66c60bbf4f
cb17476bf9aad70500f9700c3b097748
09aa24e5705183b3a4d5a91d43cb5ffa
4b4d87ff4186ff61c2599b65ab616c07
9d16845458af46342e3b805425159325
d6b6d43786584ef4a7e6e9034491dce3

URLs

URL IP
hxxp://smartinstaller.elasticbeanstalk.com/Installer/Flow?pubid=1955&distid=3208&productid=5187&subpubid=-1&campaignid=0&networkid=1&dfb=0&os=5.1&iev=6.0&ffv=&chromev=&macaddress=&netv=&d1=4754&d2=41&d3=-1&d4=-1&d5=-1&ds1=&hb=2&systembit=32&vm=1&version=4.0
hxxp://cdn-ppdownload.outbrowse.netdna-cdn.com/ezdown/Firefox.exe
hxxp://cdn-ppdownload.outbrowse.netdna-cdn.com/Installer/Buzzit2/BuzzIT2Checker11-6.exe
hxxp://smartinstaller.elasticbeanstalk.com/Installer/Track?pubid=1955&distid=3208&productid=5187&subpubid=-1&campaignid=0&networkid=1&reqid=119630363&dfb=0&os=5.1&iev=6.0&ffv=&chromev=&macaddress=&netv=&d1=4754&d2=41&d3=-1&d4=-1&d5=-1&ds1=&hb=2&systembit=32&vm=1&status=0&installedid=5187&offerscreenid=&offerorder=12&downloadduration=5812&installduration=1500
hxxp://smartinstaller.elasticbeanstalk.com//offers/DynamicOfferScreen?offerid=2&distid=3208&leadp=5187&countryid=71&sysbit=32&dfb=0&hb=2&external=0&
hxxp://smartinstaller.elasticbeanstalk.com/Installer/TrackFinish?reqid=119630363&x=y&clickid=-1
hxxp://smartinstaller.elasticbeanstalk.com//offers/DynamicOfferScreen?offerid=4&distid=3208&leadp=5187&countryid=71&sysbit=32&dfb=0&hb=2&external=0&
hxxp://www.postdownload.net/portal/redirect.php?id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&d=ez-download.com&p=Firefox&pid=3
hxxp://thankyoumarketing-2091012402.us-east-1.elb.amazonaws.com/?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7
hxxp://cdn-ppdownload.outbrowse.netdna-cdn.com/offers/images/Theme11/topComp.png
hxxp://cdn-ppdownload.outbrowse.netdna-cdn.com/offers/images/Theme11/topLine.jpg
hxxp://thankyoumarketing-2091012402.us-east-1.elb.amazonaws.com/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica
hxxp://thankyoumarketing-2091012402.us-east-1.elb.amazonaws.com/Content/css/styles.css
hxxp://thankyoumarketing-2091012402.us-east-1.elb.amazonaws.com/Content/js/jquery.js
hxxp://thankyoumarketing-2091012402.us-east-1.elb.amazonaws.com/Content/images/step1_ci.png
hxxp://thankyoumarketing-2091012402.us-east-1.elb.amazonaws.com/Content/images/step2_ci.png
hxxp://pagead46.l.doubleclick.net/tag/js/gpt.js
hxxp://imp.mysecureinstall.com/impression.do?source=&event=typ_view&referrer=&implementation_id=&subid=&user_id=d9028864-802e-4192-a921-e277d744978e&traffic_source=adlogica&offer_id=Thanks&subid2=
hxxp://pagead46.l.doubleclick.net/pagead/conversion.js
hxxp://thankyoumarketing-2091012402.us-east-1.elb.amazonaws.com/Content/images/step3_ci.png
hxxp://ez-download.com/track/typ/?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica
hxxp://pagead46.l.doubleclick.net/gpt/pubads_impl_42.js
hxxp://pagead46.l.doubleclick.net/pagead/conversion/987781636/?random=1404749037310&cv=7&fst=1404749037310&num=1&fmt=2&value=0&label=rj76CLTxtwkQhLSB1wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=0&u_tz=180&u_nplug=0&u_nmime=0&frm=0&url=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica
hxxp://www-googletagmanager.l.google.com/gtm.js?id=GTM-WKFX4D
hxxp://www-googletagmanager.l.google.com/gtm.js?id=GTM-MPGKBQ
hxxp://www-google-analytics.l.google.com/analytics.js
hxxp://pagead46.l.doubleclick.net/pagead/viewthroughconversion/987781636/?random=837084803&cv=7&fst=1404749037310&num=1&fmt=2&value=0&label=rj76CLTxtwkQhLSB1wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=0&u_tz=180&u_nplug=0&u_nmime=0&frm=0&url=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0
hxxp://www.google.com/ads/conversion/987781636/?random=837084803&cv=7&fst=1404749037310&num=1&fmt=2&value=0&label=rj76CLTxtwkQhLSB1wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=0&u_tz=180&u_nplug=0&u_nmime=0&frm=0&url=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&random=1747081475
hxxp://www.google.ca/ads/conversion/987781636/?random=837084803&cv=7&fst=1404749037310&num=1&fmt=2&value=0&label=rj76CLTxtwkQhLSB1wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=0&u_tz=180&u_nplug=0&u_nmime=0&frm=0&url=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&random=1747081475&ipr=y
hxxp://cdn-ppdownload.outbrowse.netdna-cdn.com/offers/images/Theme11/bgImg.jpg
hxxp://stats.l.doubleclick.net/dc.js
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=MEAAAE~&cid=1369164671.1404749039&tid=UA-49707224-1&cd5=thankyou_view&cd6=adlogica&z=586849503
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGCAgE~&jid=898604729&cid=1369164671.1404749039&tid=UA-32857080-1&cd5=Thankyou_View&cd6=adlogica&z=1356334408
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=621401590&cid=1369164671.1404749039&tid=UA-33422952-1&cd5=Thankyou_View&cd6=adlogica&z=38622799
hxxp://stats.l.doubleclick.net/collect?t=dc&aip=1&v=1&_v=j23&tid=UA-33422952-1&cid=1369164671.1404749039&jid=621401590&_u=cGGAgE~&z=2039972
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=2109935691&cid=1369164671.1404749039&tid=UA-49427550-1&cd5=Thankyou_View&cd6=adlogica&z=783293263
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=500314046&cid=1369164671.1404749039&tid=UA-48703717-1&cd5=Thankyou_View&cd6=adlogica&z=1876305443
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=1582698059&cid=1369164671.1404749039&tid=UA-42418605-1&cd5=Thankyou_View&cd6=adlogica&z=232691340
hxxp://stats.l.doubleclick.net/collect?t=dc&aip=1&v=1&_v=j23&tid=UA-42418605-1&cid=1369164671.1404749039&jid=1582698059&_u=cGGAgE~&z=1669174866
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=613852559&cid=1369164671.1404749039&tid=UA-36981064-1&cd5=Thankyou_View&cd6=adlogica&z=1688024065
hxxp://stats.l.doubleclick.net/collect?t=dc&aip=1&v=1&_v=j23&tid=UA-36981064-1&cid=1369164671.1404749039&jid=613852559&_u=cGGAgE~&z=232013805
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=466373184&cid=1369164671.1404749039&tid=UA-42418492-1&cd5=Thankyou_View&cd6=adlogica&z=668415403
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=&cid=1369164671.1404749039&tid=UA-32857080-1&cd5=Thankyou_View&cd6=adlogica&z=590201651
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=&cid=1369164671.1404749039&tid=UA-33422952-1&cd5=Thankyou_View&cd6=adlogica&z=1670386390
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=&cid=1369164671.1404749039&tid=UA-49427550-1&cd5=Thankyou_View&cd6=adlogica&z=531165911
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=&cid=1369164671.1404749039&tid=UA-48703717-1&cd5=Thankyou_View&cd6=adlogica&z=99919223
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=&cid=1369164671.1404749039&tid=UA-42418605-1&cd5=Thankyou_View&cd6=adlogica&z=1140846844
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=&cid=1369164671.1404749039&tid=UA-36981064-1&cd5=Thankyou_View&cd6=adlogica&z=282531938
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=&cid=1369164671.1404749039&tid=UA-42418492-1&cd5=Thankyou_View&cd6=adlogica&z=653913614
hxxp://stats.l.doubleclick.net/__utm.gif?utmwv=5.5.3dc&utms=1&utmn=1217775756&utmhn=thanks.postdownload.net&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Activate Now - Download Complete!&utmhid=1660604829&utmr=-&utmp=/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%253D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&utmht=1404749039950&utmac=UA-27684792-1&utmcc=__utma=255412173.1369164671.1404749039.1404749040.1404749040.1;+__utmz=255412173.1404749040.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=qAAgAABAAAGBAAAAAgAB~
hxxp://stats.l.doubleclick.net/__utm.gif?utmwv=5.5.3dc&utms=2&utmn=763097438&utmhn=thanks.postdownload.net&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Activate Now - Download Complete!&utmhid=1660604829&utmr=-&utmp=/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%253D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&utmht=1404749039982&utmac=UA-35550260-1&utmcc=__utma=255412173.1369164671.1404749039.1404749040.1404749040.1;+__utmz=255412173.1404749040.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAgAABAAAGBAAAAAgAB~
hxxp://stats.l.doubleclick.net/__utm.gif?utmwv=5.5.3dc&utms=3&utmn=2006997073&utmhn=thanks.postdownload.net&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Activate Now - Download Complete!&utmhid=1660604829&utmr=-&utmp=/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%253D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&utmht=1404749040044&utmac=UA-40637929-1&utmcc=__utma=255412173.1369164671.1404749039.1404749040.1404749040.1;+__utmz=255412173.1404749040.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAgAABAAAGBAAAAAgAB~
hxxp://stats.l.doubleclick.net/__utm.gif?utmwv=5.5.3dc&utms=4&utmn=1422011710&utmhn=thanks.postdownload.net&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Activate Now - Download Complete!&utmhid=1660604829&utmr=-&utmp=/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%253D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&utmht=1404749040075&utmac=UA-27684792-1&utmcc=__utma=255412173.1369164671.1404749039.1404749040.1404749040.1;+__utmz=255412173.1404749040.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAgAABAAAGBAAAAAgAB~
hxxp://stats.l.doubleclick.net/__utm.gif?utmwv=5.5.3dc&utms=5&utmn=538826094&utmhn=thanks.postdownload.net&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Activate Now - Download Complete!&utmhid=1660604829&utmr=-&utmp=/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%253D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&utmht=1404749040107&utmac=UA-35550260-1&utmcc=__utma=255412173.1369164671.1404749039.1404749040.1404749040.1;+__utmz=255412173.1404749040.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAgAABAAAGBAAAAAgAB~
hxxp://stats.l.doubleclick.net/__utm.gif?utmwv=5.5.3dc&utms=6&utmn=1340432807&utmhn=thanks.postdownload.net&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Activate Now - Download Complete!&utmhid=1660604829&utmr=-&utmp=/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%253D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&utmht=1404749040138&utmac=UA-40637929-1&utmcc=__utma=255412173.1369164671.1404749039.1404749040.1404749040.1;+__utmz=255412173.1404749040.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAgAABAAAGBAAAAAgAB~
hxxp://cdn-ppdownload.outbrowse.netdna-cdn.com/offers/images/Theme11/bodyImg.png
hxxp://cdn-ppdownload.outbrowse.netdna-cdn.com/offers/images/Theme11/bottomLine.jpg
hxxp://cdn-ppdownload.outbrowse.netdna-cdn.com/offers/images/Theme11/nextCase.jpg
hxxp://cdn-ppdownload.outbrowse.netdna-cdn.com/offers/images/Theme11/button_over.png
hxxp://cdn-ppdownload.outbrowse.netdna-cdn.com/offers/images/Theme11/button.png
hxxp://installer.apps-track.com/Installer/Flow?pubid=1955&distid=3208&productid=5187&subpubid=-1&campaignid=0&networkid=1&dfb=0&os=5.1&iev=6.0&ffv=&chromev=&macaddress=&netv=&d1=4754&d2=41&d3=-1&d4=-1&d5=-1&ds1=&hb=2&systembit=32&vm=1&version=4.0
hxxp://static.revenyou.com/offers/images/Theme11/button_over.png
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=&cid=1369164671.1404749039&tid=UA-33422952-1&cd5=Thankyou_View&cd6=adlogica&z=1670386390
hxxp://static.revenyou.com/offers/images/Theme11/button.png
hxxp://stats.g.doubleclick.net/__utm.gif?utmwv=5.5.3dc&utms=4&utmn=1422011710&utmhn=thanks.postdownload.net&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Activate Now - Download Complete!&utmhid=1660604829&utmr=-&utmp=/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%253D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&utmht=1404749040075&utmac=UA-27684792-1&utmcc=__utma=255412173.1369164671.1404749039.1404749040.1404749040.1;+__utmz=255412173.1404749040.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAgAABAAAGBAAAAAgAB~
hxxp://static.revenyou.com/offers/images/Theme11/topComp.png
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=MEAAAE~&cid=1369164671.1404749039&tid=UA-49707224-1&cd5=thankyou_view&cd6=adlogica&z=586849503
hxxp://www.googletagmanager.com/gtm.js?id=GTM-MPGKBQ 74.125.228.254
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=466373184&cid=1369164671.1404749039&tid=UA-42418492-1&cd5=Thankyou_View&cd6=adlogica&z=668415403
hxxp://stats.g.doubleclick.net/__utm.gif?utmwv=5.5.3dc&utms=1&utmn=1217775756&utmhn=thanks.postdownload.net&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Activate Now - Download Complete!&utmhid=1660604829&utmr=-&utmp=/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%253D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&utmht=1404749039950&utmac=UA-27684792-1&utmcc=__utma=255412173.1369164671.1404749039.1404749040.1404749040.1;+__utmz=255412173.1404749040.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=qAAgAABAAAGBAAAAAgAB~
hxxp://stats.g.doubleclick.net/__utm.gif?utmwv=5.5.3dc&utms=2&utmn=763097438&utmhn=thanks.postdownload.net&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Activate Now - Download Complete!&utmhid=1660604829&utmr=-&utmp=/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%253D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&utmht=1404749039982&utmac=UA-35550260-1&utmcc=__utma=255412173.1369164671.1404749039.1404749040.1404749040.1;+__utmz=255412173.1404749040.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAgAABAAAGBAAAAAgAB~
hxxp://thanks.postdownload.net/Content/css/styles.css
hxxp://cdn.download4desktop.com/ezdown/Firefox.exe
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=&cid=1369164671.1404749039&tid=UA-48703717-1&cd5=Thankyou_View&cd6=adlogica&z=99919223
hxxp://thanks.postdownload.net/Content/images/step1_ci.png
hxxp://cdn.download4desktop.com/Installer/Buzzit2/BuzzIT2Checker11-6.exe
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=&cid=1369164671.1404749039&tid=UA-32857080-1&cd5=Thankyou_View&cd6=adlogica&z=590201651
hxxp://www.googleadservices.com/pagead/conversion/987781636/?random=1404749037310&cv=7&fst=1404749037310&num=1&fmt=2&value=0&label=rj76CLTxtwkQhLSB1wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=0&u_tz=180&u_nplug=0&u_nmime=0&frm=0&url=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica
hxxp://partner.googleadservices.com/gpt/pubads_impl_42.js
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=621401590&cid=1369164671.1404749039&tid=UA-33422952-1&cd5=Thankyou_View&cd6=adlogica&z=38622799
hxxp://www.googletagservices.com/tag/js/gpt.js
hxxp://direct.the-apps-track.com//offers/DynamicOfferScreen?offerid=2&distid=3208&leadp=5187&countryid=71&sysbit=32&dfb=0&hb=2&external=0&
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=2109935691&cid=1369164671.1404749039&tid=UA-49427550-1&cd5=Thankyou_View&cd6=adlogica&z=783293263
hxxp://www.googletagmanager.com/gtm.js?id=GTM-WKFX4D 74.125.228.254
hxxp://thanks.postdownload.net/?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7
hxxp://static.revenyou.com/offers/images/Theme11/bodyImg.png
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=&cid=1369164671.1404749039&tid=UA-49427550-1&cd5=Thankyou_View&cd6=adlogica&z=531165911
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=613852559&cid=1369164671.1404749039&tid=UA-36981064-1&cd5=Thankyou_View&cd6=adlogica&z=1688024065
hxxp://installer.apps-track.com/Installer/Track?pubid=1955&distid=3208&productid=5187&subpubid=-1&campaignid=0&networkid=1&reqid=119630363&dfb=0&os=5.1&iev=6.0&ffv=&chromev=&macaddress=&netv=&d1=4754&d2=41&d3=-1&d4=-1&d5=-1&ds1=&hb=2&systembit=32&vm=1&status=0&installedid=5187&offerscreenid=&offerorder=12&downloadduration=5812&installduration=1500
hxxp://www.ez-download.com/track/typ/?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica
hxxp://stats.g.doubleclick.net/__utm.gif?utmwv=5.5.3dc&utms=3&utmn=2006997073&utmhn=thanks.postdownload.net&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Activate Now - Download Complete!&utmhid=1660604829&utmr=-&utmp=/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%253D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&utmht=1404749040044&utmac=UA-40637929-1&utmcc=__utma=255412173.1369164671.1404749039.1404749040.1404749040.1;+__utmz=255412173.1404749040.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAgAABAAAGBAAAAAgAB~
hxxp://static.revenyou.com/offers/images/Theme11/bgImg.jpg
hxxp://thanks.postdownload.net/Content/images/step2_ci.png
hxxp://static.revenyou.com/offers/images/Theme11/bottomLine.jpg
hxxp://stats.g.doubleclick.net/collect?t=dc&aip=1&v=1&_v=j23&tid=UA-36981064-1&cid=1369164671.1404749039&jid=613852559&_u=cGGAgE~&z=232013805
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=&cid=1369164671.1404749039&tid=UA-36981064-1&cd5=Thankyou_View&cd6=adlogica&z=282531938
hxxp://thanks.postdownload.net/Content/images/step3_ci.png
hxxp://stats.g.doubleclick.net/dc.js
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=&cid=1369164671.1404749039&tid=UA-42418605-1&cd5=Thankyou_View&cd6=adlogica&z=1140846844
hxxp://www.google-analytics.com/analytics.js
hxxp://static.revenyou.com/offers/images/Theme11/topLine.jpg
hxxp://stats.g.doubleclick.net/__utm.gif?utmwv=5.5.3dc&utms=5&utmn=538826094&utmhn=thanks.postdownload.net&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Activate Now - Download Complete!&utmhid=1660604829&utmr=-&utmp=/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%253D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&utmht=1404749040107&utmac=UA-35550260-1&utmcc=__utma=255412173.1369164671.1404749039.1404749040.1404749040.1;+__utmz=255412173.1404749040.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAgAABAAAGBAAAAAgAB~
hxxp://installer.apps-track.com/Installer/TrackFinish?reqid=119630363&x=y&clickid=-1
hxxp://www.googleadservices.com/pagead/conversion.js
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=500314046&cid=1369164671.1404749039&tid=UA-48703717-1&cd5=Thankyou_View&cd6=adlogica&z=1876305443
hxxp://direct.the-apps-track.com//offers/DynamicOfferScreen?offerid=4&distid=3208&leadp=5187&countryid=71&sysbit=32&dfb=0&hb=2&external=0&
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=1582698059&cid=1369164671.1404749039&tid=UA-42418605-1&cd5=Thankyou_View&cd6=adlogica&z=232691340
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGGAgE~&jid=&cid=1369164671.1404749039&tid=UA-42418492-1&cd5=Thankyou_View&cd6=adlogica&z=653913614
hxxp://stats.g.doubleclick.net/__utm.gif?utmwv=5.5.3dc&utms=6&utmn=1340432807&utmhn=thanks.postdownload.net&utmcs=utf-8&utmsr=1024x768&utmvp=1004x599&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=Activate Now - Download Complete!&utmhid=1660604829&utmr=-&utmp=/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%253D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&utmht=1404749040138&utmac=UA-40637929-1&utmcc=__utma=255412173.1369164671.1404749039.1404749040.1404749040.1;+__utmz=255412173.1404749040.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmmt=1&utmu=qAAgAABAAAGBAAAAAgAB~
hxxp://www.google-analytics.com/collect?v=1&_v=j23&a=1660604829&t=pageview&_s=1&dl=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ul=en-us&de=utf-8&dt=Activate Now - Download Complete!&sd=32-bit&sr=1024x768&vp=1004x599&je=0&fl=11.6 r602&_u=cGCAgE~&jid=898604729&cid=1369164671.1404749039&tid=UA-32857080-1&cd5=Thankyou_View&cd6=adlogica&z=1356334408
hxxp://googleads.g.doubleclick.net/pagead/viewthroughconversion/987781636/?random=837084803&cv=7&fst=1404749037310&num=1&fmt=2&value=0&label=rj76CLTxtwkQhLSB1wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=0&u_tz=180&u_nplug=0&u_nmime=0&frm=0&url=http://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8%3D&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0
hxxp://thanks.postdownload.net/Thanks?pd=2&d=ZXotZG93bmxvYWQuY29tL3RyYWNrL3R5cC8=&type=Firefox&ts=1404767172&id=fj9ckn8ajn0a950eq753m9up34k4ach68ufnbpei0fct189all31-034ecb63cc73561e3b76e3f5807004d7&adprovider=adlogica
hxxp://thanks.postdownload.net/Content/js/jquery.js


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile

Traffic

Web Traffic was not found.

The MemScan connects to the servers at the folowing location(s):

Strings from Dumps were not found.


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    wmic.exe:544

  2. Delete the original MemScan file.
  3. Delete or disinfect the following files created/modified by the MemScan:

    %Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\appname.bmp (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\bgintro.bmp (12280 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\particles.bmp (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\System.dll (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\pencil.bmp (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\bgplain.bmp (12280 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\clock.bmp (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nskB6.tmp\nsDialogs.dll (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Q9JK3VWX\DynamicOfferScreen[1].htm (948 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IJT3DEFP\button[1].png (458 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\6_Offer_12.exe (15004 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\PreExe_ID_13667.exe (58 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Q9JK3VWX\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\UDWL4BC1\button_over[1].png (921 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IJT3DEFP\Firefox[1].exe (28502 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IJT3DEFP\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\IJT3DEFP\BuzzIT2Checker11-6[1].exe (9673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4TOJWX4Z\bodyImg[1].png (5952 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\obhhelper.txt (238 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\f.exe (7972 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\instructionsCalgk.dat (27433 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsrB3.tmp\System.dll (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\7zSB4.tmp\setup-stub.exe (13454 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.