not-a-virus:AdWare.NSIS.Agent.iv (Kaspersky), Trojan.NSIS.StartPage.FD, GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan, Adware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 45c53ed14fd209f99f5db3dc46b96647
SHA1: a6241887c9769021c2bfc0b5f1b45e19d719837c
SHA256: ad0e52a4bd536c8c94b81fd465f3988eb4240147e0a9d89ad133711558692cc0
SSDeep: 196608:gIymCtL0EMrymZhgYgWYBA5UMYCseIO0Fob0:gIdC fZNgW00UPveI9o4
Size: 7663040 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2016-07-03 12:59:18
Analyzed on: Windows7 SP1 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
61fda4ee77910796d32333421184d8b6.exe:3812
61fda4ee77910796d32333421184d8b6.exe:3736
ns1AA4.tmp:3528
rundll32.exe:3552
runonce.exe:3556
The Trojan injects its code into the following process(es):
61fda4ee77910796d32333421184d8b6.exe:364
%original file name%.exe:644
iexplore.exe:2836
iexplore.exe:3560
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process 61fda4ee77910796d32333421184d8b6.exe:3812 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Windows\Temp\wjm2BB3.tmp (12588 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\e214f9b15940fe19bca2f6de222d6969 (26 bytes)
C:\Windows\Temp\wjm2A6B.tmp (2500 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\bac58b7a8f1a65ff2c67b1c4575c70a8\nnortn.dll (19567 bytes)
C:\Windows\Temp\Ima24EE.tmp (381 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\441136ae10b200e9992f407b66b2554e (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Local State (8182 bytes)
The Trojan deletes the following file(s):
C:\Windows\Temp\Ima24EE.tmp (0 bytes)
C:\Windows\Temp\wjm2BB3.tmp (0 bytes)
C:\Windows\Temp\wjm2A6B.tmp (0 bytes)
The process 61fda4ee77910796d32333421184d8b6.exe:3736 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Ima1FA0.tmp (381 bytes)
The Trojan deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Ima1FA0.tmp (0 bytes)
The process 61fda4ee77910796d32333421184d8b6.exe:364 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\bac58b7a8f1a65ff2c67b1c4575c70a8\nnortn.dll (5677 bytes)
C:\Windows\Temp\Ima315C.tmp (381 bytes)
The Trojan deletes the following file(s):
C:\Windows\Temp\Ima315C.tmp (0 bytes)
The process ns1AA4.tmp:3528 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe (49 bytes)
The process rundll32.exe:3552 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Windows\System32\drivers\SET42AA.tmp (63 bytes)
The Trojan deletes the following file(s):
C:\Windows\System32\drivers\SET42AA.tmp (0 bytes)
The process runonce.exe:3556 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl (712 bytes)
The process %original file name%.exe:644 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd41BC.tmp (27423 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3471.tmp (78068 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\Social2Search Website.lnk (1 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb\ffdefbf88c95cae97a1671206e9fe39e.ico (3 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb\bc5601ccb5de9f6cb8cd31285eef3bbe.ico (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HIXW7MDT.txt (785 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll (46 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\nsExec.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns41EC.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns1AA4.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\brh.dll (33983 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\Settings.lnk (1 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5138f989434c4f2d9e7cafe3043568d0.inf (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns2E16.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns3019.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\IpConfig.dll (4254 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\441136ae10b200e9992f407b66b2554e (2104 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\uninstall.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyB0A.tmp (10 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\815346a4778321839cef8ab48bf110e2.exe (33078 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\ME0NF2RG.txt (533 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\get_local_output.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\6EV5DN26.txt (785 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\System.dll (23 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns442E.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\PGE7KUCB.txt (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\MoreInfo.dll (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F8.tmp (601 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5138f989434c4f2d9e7cafe3043568d0.cfg (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3460.tmp (601 bytes)
C:\Windows\815346a4778321839cef8ab48bf110e2.exe (2064 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\md5dll.dll (16 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\SignIn with Twitter.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\J6LO7Z4X.txt (277 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\VL3GAPN9.txt (785 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe (20503 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\NSISList.dll (2457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn3665.tmp (906 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\ce1c22c865645f1f8a89a398e374a17f.exe (17572 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F9.tmp (78068 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\SimpleSC.dll (1896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HNAF2IB4.txt (785 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5138f989434c4f2d9e7cafe3043568d0.sys (2453 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\c850ebe35760d7b12fc1318953221f59.exe (19923 bytes)
The Trojan deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3471.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F9.tmp-wal (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF47B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HIXW7MDT.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns1AA4.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns2E16.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns3019.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3471.tmp-shm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyB0A.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3460.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns41EC.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\6EV5DN26.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F9.tmp-shm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\VL3GAPN9.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns442E.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\downloadsLog[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\PGE7KUCB.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\ME0NF2RG.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F8.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\urlsLog[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\J6LO7Z4X.txt (0 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5138f989434c4f2d9e7cafe3043568d0.inf (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn3665.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F9.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3471.tmp-wal (0 bytes)
Registry activity
The process 61fda4ee77910796d32333421184d8b6.exe:3812 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Social2Sea]
"IExplore" = "1"
The process 61fda4ee77910796d32333421184d8b6.exe:3736 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E]
"LocalService" = "137203c2d9703f0751ed94059097703c"
The Trojan deletes the following value(s) in system registry:
[HKCR\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E]
"LocalService"
The process rundll32.exe:3552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\services\5138f989434c4f2d9e7cafe3043568d0]
"Flags" = "241"
[HKLM\System\CurrentControlSet\services\5138f989434c4f2d9e7cafe3043568d0\Instances\5138f989434c4f2d9e7cafe3043568d0 Red Instance]
"Flags" = "0"
"Altitude" = "374050"
[HKLM\System\CurrentControlSet\services\5138f989434c4f2d9e7cafe3043568d0\Instances]
"DefaultInstance" = "5138f989434c4f2d9e7cafe3043568d0 Red Instance"
[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"FSFilter Activity Monitor" = "02 00 00 00 01 00 00 00 02 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalAssocChangedCounter" = "100"
[HKLM\SYSTEM\Setup\SetupapiLogStatus]
"setupapi.app.log" = "4096"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv" = "grpconv -o"
The process runonce.exe:3556 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The Trojan deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"
The process %original file name%.exe:644 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e08f1370640365726bbce4d52a5b9f8a]
"URLInfoAbout" = "http://www.technologieyvonlheureux.com"
[HKCU\Software\WajIEnhance]
"affiliate_id" = "3673"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASAPI32]
"EnableFileTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASMANCS]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e08f1370640365726bbce4d52a5b9f8a]
"DisplayVersion" = "9.70.1.17 (i1.0)"
"Publisher" = "Social2Search"
[HKLM\SOFTWARE\Social2Sea]
"AID" = "3673"
[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASAPI32]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Social2Sea]
"TS" = "1485003051"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]
"WindowClassName" = "DDEMLMom"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e08f1370640365726bbce4d52a5b9f8a]
"DisplayName" = "Social2Search"
[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Social2Sea]
"ts2" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]
"processname" = "iexplore.exe"
[HKLM\SOFTWARE\Social2Sea]
"UID" = "26B7D8D8BD1EF7A71B43728E773D5682"
[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASMANCS]
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\WajIEnhance]
"unique_id" = "26B7D8D8BD1EF7A71B43728E773D5682"
[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASMANCS]
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Social2Sea]
"aid2" = "none"
[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASAPI32]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASMANCS]
"ConsoleTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3E 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASAPI32]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASMANCS]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASAPI32]
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Social2Sea]
"mid" = "c8b3188fe24cd1b1b734e1408fc52bd1"
[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASMANCS]
"EnableConsoleTracing" = "0"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"
Dropped PE files
MD5 | File path |
---|---|
a3ed6f7ea493b9644125d494fbf9a1e6 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\IpConfig.dll |
80e34b7f576b710d100f6e7c0bed0c2e | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\MoreInfo.dll |
2e0785f18f8714393bc4bc1fe170eadf | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\NSISList.dll |
d63975ce28f801f236c4aca5af726961 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\SimpleSC.dll |
c17103ae9072a06da581dec998343fc1 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\System.dll |
dc53b086a6a6752a52679c241e36c9f8 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\brh.dll |
d7a3fa6a6c738b4a3c40d5602af20b08 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll |
97960d7a18662dac9cd80a8c5e3c794b | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\md5dll.dll |
acc2b699edfea5bf5aae45aba3a41e96 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\nsExec.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
Using the driver "%System%\DRIVERS\5138f989434c4f2d9e7cafe3043568d0.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
61fda4ee77910796d32333421184d8b6.exe:3812
61fda4ee77910796d32333421184d8b6.exe:3736
ns1AA4.tmp:3528
rundll32.exe:3552
runonce.exe:3556 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
C:\Windows\Temp\wjm2BB3.tmp (12588 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\e214f9b15940fe19bca2f6de222d6969 (26 bytes)
C:\Windows\Temp\wjm2A6B.tmp (2500 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\bac58b7a8f1a65ff2c67b1c4575c70a8\nnortn.dll (19567 bytes)
C:\Windows\Temp\Ima24EE.tmp (381 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\441136ae10b200e9992f407b66b2554e (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Local State (8182 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Ima1FA0.tmp (381 bytes)
C:\Windows\Temp\Ima315C.tmp (381 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe (49 bytes)
C:\Windows\System32\drivers\SET42AA.tmp (63 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl (712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd41BC.tmp (27423 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3471.tmp (78068 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\Social2Search Website.lnk (1 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb\ffdefbf88c95cae97a1671206e9fe39e.ico (3 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb\bc5601ccb5de9f6cb8cd31285eef3bbe.ico (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HIXW7MDT.txt (785 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll (46 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\nsExec.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns41EC.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns1AA4.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\brh.dll (33983 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\Settings.lnk (1 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5138f989434c4f2d9e7cafe3043568d0.inf (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns2E16.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns3019.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\IpConfig.dll (4254 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\uninstall.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyB0A.tmp (10 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\815346a4778321839cef8ab48bf110e2.exe (33078 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\ME0NF2RG.txt (533 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\get_local_output.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\6EV5DN26.txt (785 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\System.dll (23 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns442E.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\PGE7KUCB.txt (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\MoreInfo.dll (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F8.tmp (601 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5138f989434c4f2d9e7cafe3043568d0.cfg (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3460.tmp (601 bytes)
C:\Windows\815346a4778321839cef8ab48bf110e2.exe (2064 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\md5dll.dll (16 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\SignIn with Twitter.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\J6LO7Z4X.txt (277 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\VL3GAPN9.txt (785 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\NSISList.dll (2457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn3665.tmp (906 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\ce1c22c865645f1f8a89a398e374a17f.exe (17572 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F9.tmp (78068 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\SimpleSC.dll (1896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HNAF2IB4.txt (785 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5138f989434c4f2d9e7cafe3043568d0.sys (2453 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\c850ebe35760d7b12fc1318953221f59.exe (19923 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv" = "grpconv -o" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 26007 | 26112 | 4.51801 | 71cda8c9a2941009b3c3265015e6aa11 |
.rdata | 32768 | 5329 | 5632 | 3.61834 | 3c8542be139276634f1ae80037f7916b |
.data | 40960 | 147680 | 512 | 0.95839 | ddb0a523ddf4ea1cbd012cdf3eca43d7 |
.CRT | 192512 | 4 | 512 | 0.042395 | d3f77067d67c60c6fcc9ec82a676fe03 |
.ndata | 196608 | 3006464 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rsrc | 3203072 | 16128 | 16384 | 4.11199 | 37ebe3534e235c2b5019a15b4dca5e74 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 1
5dbb22d6d18ffbafb825cb7a5665dfbd
Network Activity
URLs
URL | IP |
---|---|
hxxp://www.technologieyvonlheureux.com/installer/getTimestamp | |
hxxp://www.technologieyvonlheureux.com/installer/start?v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/web/log?evt=10001&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/logging?evt=1&pge=0&pr=0&ar=0&dr=0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=1.0&getinstructions=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=2.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=3.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/web/log?evt=10023&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= | |
hxxp://www.technologieyvonlheureux.com/web/log?evt=10035&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= | |
hxxp://www.technologieyvonlheureux.com/webenhancer/config?v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= | |
hxxp://www.technologieyvonlheureux.com/webenhancer/injections?v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= | |
hxxp://www.technologieyvonlheureux.com/web/log?evt=10004&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=4.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=5.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/web/log?evt=10042&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=6.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/downloadsLog?unique_id=26B7D8D8BD1EF7A71B43728E773D5682&affiliate_id=3673 | |
hxxp://www.technologieyvonlheureux.com/installer/urlsLog?unique_id=26B7D8D8BD1EF7A71B43728E773D5682&affiliate_id=3673&br=iexplore | |
hxxp://www.technologieyvonlheureux.com/installer/installedProgramsLogs?unique_id=26B7D8D8BD1EF7A71B43728E773D5682&affiliate_id=3673 | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=7.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=8.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/index.php?firstrun=1&bg=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/webenhancer/update?v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2=&retry_count=0&retry_version=&sc=1&scfr=&ie_status=-2&ch_status=-2&ff_status=-2&avs=0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0 | |
hxxp://www.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0 | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=bea&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=beb&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/finish?v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/web/log?evt=10002&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/web/log?evt=10008&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2=&brw=IE&brw_v=9.0.8112.16421&brw_bitness=32&metro=0 | |
hxxp://www.technologieyvonlheureux.com/index.php?firstrun=1&lp=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.7/jquery.min.js?1.00404.0 | |
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00404.0 | |
hxxp://platform-eb.twitter.com/widgets.js?1.00404.0 | |
hxxp://www.technologieyvonlheureux.com/js/min_general_en.js?1.00404.0 | |
hxxp://www.technologieyvonlheureux.com/js/min_fancybox.js?1.00404.0 | |
hxxp://www.technologieyvonlheureux.com/css/min_bootstrap3_social2search.css?1.00404.0 | |
hxxp://www.technologieyvonlheureux.com/css/min_fancybox.css?1.00404.0 | |
hxxp://www.technologieyvonlheureux.com/css/min_signup.css?1.00404.0 | |
hxxp://www.technologieyvonlheureux.com/css/min_general.css?1.00404.0 | |
hxxp://www.technologieyvonlheureux.com/js/min_signup_page.js?1.00404.0 | |
hxxp://main-social2search.netdna-ssl.com/imgs/app/social2search/login-twitter.png | |
hxxp://e6845.dscb1.akamaiedge.net/crls/secureca.crl | |
hxxp://e8218.dscb1.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDuvO9j30/BC | |
hxxp://googleadapis.l.google.com/css?family=Signika:400,300,600,700 | |
hxxp://main-social2search.netdna-ssl.com/imgs/app/social2search/login-bg-img.png | |
hxxp://stats.l.doubleclick.net/dc.js | |
hxxp://www.technologieyvonlheureux.com/css/webfonts/Lato-Black-webfont.eot? | |
hxxp://www.technologieyvonlheureux.com/css/webfonts/F37F5_0.eot? | |
hxxp://scontent.xx.fbcdn.net/en_US/all.js | |
hxxp://scontent.xx.fbcdn.net/connect/xd_arbiter/r/YGoENyUbMBG.js?version=42 | |
hxxp://clients.l.google.com/GIAG2.crl | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV | |
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= | |
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= | |
hxxp://www.technologieyvonlheureux.com/imgs/social2search/favicon.ico | |
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00404.0 | 216.58.209.74 |
hxxp://fonts.googleapis.com/css?family=Signika:400,300,600,700 | 172.217.20.170 |
hxxp://crl.geotrust.com/crls/secureca.crl | |
hxxp://connect.facebook.net/en_US/all.js | 31.13.92.14 |
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= | 93.184.220.29 |
hxxp://pki.google.com/GIAG2.crl | |
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== | 23.43.139.27 |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV | 172.217.20.206 |
hxxp://platform.twitter.com/widgets.js?1.00404.0 | |
hxxp://staticxx.facebook.com/connect/xd_arbiter/r/YGoENyUbMBG.js?version=42 | 31.13.92.14 |
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js?1.00404.0 | 216.58.209.74 |
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= | 93.184.220.29 |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDuvO9j30/BC | 172.217.20.206 |
hxxp://stats.g.doubleclick.net/dc.js | 64.233.161.154 |
www.facebook.com | 31.13.92.36 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /en_US/all.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: connect.facebook.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: a87874f33d187209c98f623f1775fcf9
ETag: "e5a164f44f1d7cf5b3b7dbfa9cd28f6c"
X-Frame-Options: DENY
Strict-Transport-Security: max-age=15552000; preload
Content-Type: application/x-javascript; charset=utf-8
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
timing-allow-origin: *
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* hXXps://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
Expires: Sat, 21 Jan 2017 13:05:58 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-MD5: nIUpfjZGcM0GSfgF1iy dg==
X-FB-Debug: 1gKX0dE0VeawKhEVMGnDqex9LpuGYpuLsUxIkGGy2s19gb2QrEkAD mLR1eIx0PQI8hmUJZWSXrhQvPvS7HUAg==
Date: Sat, 21 Jan 2017 12:51:29 GMT
Connection: keep-alive
Content-Length: 58406
............i{.H.7..?...3Hjd..."....W...v...{..\..#..$6..g.....RB...9....,R..\##c................?..k.. I.. u...-N..xy~v.;A....'.._'?.._..k..h..w......~.Nk........... q..y0t.Z:vjo"6.;..^...'n..N.....id..,.K.aN#..N<...|.~w.....r..W..k.........v[SG....R.^..{#w...ZmS.-X\cQ..kv...nDq...:r.|e.j..Z..... uV.:..Z:v.7...U..N:..<w/.N...`...Y....0....k,...N.&...wV...V.ya.y5.*...}fM........n.|~...o../..fMt.V..... ...@...$,.....c7u<7Ikv..E..I.....S..........)..aq1.&e.j...c..T..[.k-...^.}......[5....F]..sv.n.f......X._.s..F#....M.....l..........z....6.?J...zvR.4fA2.c....o>t..J9...0ei...^......,..X...Wi..;i.....>.... )[lR.6....N..Y.]u.O..;R.&...T..3.{...<{......-..&G..d_U4....D.2....w.K..cO-^.g...^3...:i4N~..9.W..H.$U'....*....:5".3?i4.._8.......R..@ifE...>..!.....^..{..r.4=#v"...U.TtE.L..i.$t.U...T...h....K.T../..w@.v...}=.....N.kw.*I8.....L..A...&F.w....S....f0v...p!\..=P..S#`.#...A5...-...k.Nj..pG<..8..N...... .....h.^....q-.v.>QN.u....@....Xm.........:.{. 5..j....?..=..S......v....A....R.}.-JZ..vm.....l..#"m..9..;i#..{h.h.=.v..8.<.N. .:...9...C5....;'}....P.-..q.Y.R.<.*..9.v.....j.yw...p.4U....K./....V....|k....).........Z...^........Q..Rt..........<.#._ .B.K..g..q.(].g....#\..c../..k.FN..UG..z.q.0.G..<PvT...8....Y...8.U..6..4..R.....i..8A-[y......q....3.N...}g.. ..5'..D....5.c.N....r-...6..M.cu....f...&F...wV?v...t1 ...?...`..........?V...bNl...,8E..Cg..^.WM.....S.njD.d.N4k...mx....J....<....0...>.I.d....#M.60!......a^..1...K.............3m....w.....F......\.\..c.V.NW.vB..}}..
<<< skipped >>>
GET /installer/progress?section=6.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:01 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=doc1vi0ndrpt225nhd86dm8590; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030615677820; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003061; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w66|WINZO|WINZO; path=/
GET /ajax/libs/jquery/1.7/jquery.min.js?1.00404.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ajax.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Fri, 20 Jan 2017 18:31:00 GMT
Expires: Sat, 20 Jan 2018 18:31:00 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33845
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 66010
......n........8.(..<....PYI...............u.z..9..%@.l.....m.g..r....$..Y.3..u~d.....E.....5......g.K.../f........./e...Y........g{*.& .......,zt.>W.9U.l.f._."......cnQ....#...q...o.)o.;..m..#.x.......ZO..l.X..g.>..j........t..;4gs..a..........Nc7.k..Y}..#.........^e[G...e.Q..3..h..N....U.5....x.8(.V...&......*.....C.7.xHy...]`....N.<v.=.gEy.Z.~\5.r....h..h.!.M.. ...'...C.5.q.n}:...q....e..5...2j..|.6..%...st./wb.^.a.n.........p.d.yG....naVc2. ......`.(..4..........=w...Y.:.Q.:b.h5.t..DG....,H.1.A..#.I.:... ...D-.|...T9.\......S.D5Y.E?..[...6.d.>7.....?...*j.{........}.EUY.......}...?!.E..R'....,.V.(.4....'^7....#.>37f.{....l.....DD.....J.lL...pz.HBR....y.4)..=..E@rr .).q.- '..Ur.....v^B)]b.%.e...E..U....8 ...RT7UV$.....nS~W>..5.0.P....x..=...bo...{.... ..|.m...4...{|>.|.fh.'...!h[..."....|>..FP.~r|.....y.8h.`...E@)..V=.V.G.....d.P...K..2 %..Z..z...h.NAK.. ..].uVa.........r...L... .......n..9....A...!.Ia.:#Z..'...)..c.uW...h ..<\..@.5...;...x},....x..b.....eb...?.h.O.,.h.g.^=.Y...0C[.N.m.`.RJC.vR..Cv......../..o8.y. ....#.....o.c...,.m..mx.8)...{*dk...l...}.;*..J.}e.<"..q...........L.(...f...].B.;|.Y.j.K.;..qD...cc...,&.Ct...WU....c....a...s....9R........g.|4w.f......Z..{..ph.....".MQ..1.....t...q_?.zB..P..(.Tl..3.n...N..u..}|..& .......(..m pwY9.h).......'..`.<...@=..q@E....S>6...kA.$...o....-I.yK...z...*..h.$.6....]J...HF.dG.u.p.. {....#9.u...l......U6....~.8.(&j...F..m..y..i.9Fwz0.1.....$...j....G.Q`..(.z.DF.b.1..7...."|V].-....I..u......a..4..e....... .p4..........qJc
<<< skipped >>>
GET /signup?aid=3673&inline=0&afr=0 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:04 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=u3lgjdopqvssg8icnmp3mi1bu4; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030649603455; expires=Sun, 21-Jan-2018 12:51:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003064; expires=Sun, 21-Jan-2018 12:51:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=0,53,24,44,70,47,57,81,43,49; expires=Sun, 21-Jan-2018 12:51:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Length: 5144
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w67|WINZO|WINZO; path=/
<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xmlns:fb="hXXp://ogp.me/ns/fb#" xml:lang="en" prefix="og: hXXp://ogp.me/ns#">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<base href="hXXp://VVV.technologieyvonlheureux.com" />...<title>Social2Search.com | Download Social2Search for Free</title>..<meta name="title" content="Social2Search.com | Download Social2Search for Free" />....<meta name="description" content="Enhance Your Search Experience With Results From Your Friends! Download Social2Search and get Social Results and Recommendations in Your Regular Search Results | Social2Search.com" />..<meta name="keywords" content="Download Social2Search, Social2Search Download, Install Social2Search, Get Social2Search, Social2Search, Social Search, Social results, Social Search Results, Recommendations from your friends, recommendations, Facebook friends recommendations, Find a Friend's Facebook Post, Find a Tweet" />.......<!-- Google Chrome Web Store Verification -->..<meta name="google-site-verification" content="5KnCIaGgQoFFL2URoeiXrg0xTbPK3qJZLbDJpbIoC9U" />...<link rel="shortcut icon" href="/imgs/social2search/favicon.ico" type="image/x-icon" />..<link href="hXXps://fonts.googleapis.com/css?family=Merriweather:300,400,700,900" rel="stylesheet" type="text/css">..<link href="hXXps://fonts.googleapis.com/css?family=Open Sans:300,400,600,700,800" rel="stylesheet" type="text/css">
<<< skipped >>>
GET /imgs/app/social2search/login-twitter.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: main-social2search.netdna-ssl.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:13 GMT
Content-Type: image/png
Content-Length: 5243
Connection: keep-alive
Last-Modified: Mon, 09 May 2016 20:38:20 GMT
ETag: "147b-5326eca03cb1b"
Server: NetDNA-cache/2.2
X-Cache: HIT
Accept-Ranges: bytes
.PNG........IHDR...6...R........Q....sBIT....|.d....2IDATx...w..T... ....v...c.q;.M.{.&.Y..b(f...v(..e.e...`(...40K.C.R.a)..<.8..S....v.;.s._.t..I.....:=..W.....z..s.=Wb....v.A..... U.J.^....8.I$X....\x..[.%.M.....X%..4.@z........... .'1.6.......KU....i:.~.. ......yl.>.ds.d......u_.A.f...U.......<Uw.v(...w.M.^.r....0..F1..tjF........LV7s..W=.>.e.w...,r..T'..N...t......J...&.\... ...W.i.......@EL.....&$..U...B..)...[.v...O.F..`..&....T...T..).L...!0..................{.kB..a..._<x..G.Yk..)............w/&Q#.b(a.......k..p....7;W..Z..{.[,...`.. .".b..'..^.F...Y..ZkEw..Z&......A..0aB...^...6.f............A$.p.Up...t,UWTd.k.`.. .".....[..(L .....0a.`.. .")...E..q.6..u..wE..;..&..pF..D...i;..).F..1.8....{.X.. .b.I..A....... .........F.........<....bK.. .b8I.Q...l7$....l-4 .t...... .b.I.....,vF.F.D6.P...<8....."n....R..n..0.........!......vv..PR. ..8...........$.m...'.u.\.....xT|..... .,..p.$.w~......"n....V.;....?A.C..F%..!cr....z1.<....B...G.....Y%b...,........c.G.*^[K.F.'.Y..vv.&H..u.....i.....N*j....c....~.2.3KE\76 .. .." ......]=......7...'.c......J..%...\........O{{. .........6.L..Ksp_...$...r..tM<.cr.4t..eu....7.z..{..xd..%...,wLv....xb.0...9%........y.........VI..pO......NC......&.V......V......oC..S..\xD...F.........B..Vk..s..O..AE3(K...........6.T..U.........4..k.$...{g...3....S...R..#E|}$....c. ..zu./1.d....&.M..&.......`......^\:Z.h...3._.8......u]*.m.....,o...&*.sgy...\..9.2.....wGe<.S.zM-....\<6.c...Z......T.K....9>.u....U.......9....dx..DN......-Cc.&..,^..xTbWN..ozsw.K
<<< skipped >>>
GET /imgs/social2search/favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14850030613333128; _wal=1485003071; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; APPSESSID=w52|WINZV|WINZQ
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:40 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Mon, 22 Feb 2016 16:43:57 GMT
ETag: "5a596-52c5e89fe58b7"
Accept-Ranges: bytes
Content-Length: 370070
Connection: close
Content-Type: image/vnd.microsoft.icon
Set-Cookie: APPSESSID=w52|WINZX|WINZQ; path=/
Cache-control: private
............ .h...f... .... .........00.... ..%..v...@@.... .(B...;........ .(...F}........ .( ..n...(....... ..... .........................J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..I ..M1..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J-..........S8..J,..J,..J,..J,..J,..J,..I-.._H%.`I'.J...J,..I ..............K...J,..J,..J,..T8..Q6..........................^G'.........O2..J,..J,..J,..J,..R6..................................nX8.L...J,..J,..M...P/..Q0..............}c?..d>..d>.~d>.............Q0..O/..M-..V3..Y4..Z6...............gB.`8...vU...r.............]:..Y4..V3.._8..a9..tR"..................i?.yS..................~^2.a9.._8..g=..i>..{W#......................a..._)..............c3.i>..g=..nA..pB..rD........................q.wF..............uI..pB..nA..tD..wF..yG................S.{I..}J...l8.............yG..wF..tD..yG..|I...K...S...................................Z..~K..|I..yG..~J...L...M...Z...]...........................]...]...M...L..~J...L...N...O...Q...R...S...W...q-..r/..X...S...R...Q...P...N...L...N...O...Q...S...T...U...V...W...W...V...U...T...S...Q...O...N...O...P...R...T...U...V...W...X...X...W...W...U...T...R...P...O..................................................................(... ...@..... .........................O...K,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..K,..N...K,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..E*..YB#.F ..J,.
<<< skipped >>>
GET /installer/progress?section=bea&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:05 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=smre61vtk1rfcc8a09moc95vn2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030657656588; expires=Sun, 21-Jan-2018 12:51:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003065; expires=Sun, 21-Jan-2018 12:51:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w14|WINZP|WINZP; path=/
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Cache-Control: max-age = 511667
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT
If-None-Match: "57ff143e-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=172800
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2017 12:51:35 GMT
Etag: "5882f020-1d7"
Expires: Sat, 28 Jan 2017 00:51:35 GMT
Last-Modified: Sat, 21 Jan 2017 05:22:40 GMT
Server: ECS (vie/F2D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...20170120220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20170120220000Z....20170127220000Z0...*.H.............O../8(.#h!..1G.n.....t.d.L..WT...0J<.A.O.'...m}Ro..J......[.......E}..p.....q..V.q.J.|%pes@|L....j^%..==.P.|..p..=......`.w.........../A...[H,......!}... ,V..A..U.......T......f.............q...:.........m...U(....0.../..}...C......W.nt......e...7u<8.<..@LHTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=172800..Content-Type: application/ocsp-response..Date: Sat, 21 Jan 2017 12:51:35 GMT..Etag: "5882f020-1d7"..Expires: Sat, 28 Jan 2017 00:51:35 GMT..Last-Modified: Sat, 21 Jan 2017 05:22:40 GMT..Server: ECS (vie/F2D5)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0.......>.i...G...&....cd ...20170120220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20170120220000Z....20170127220000Z0...*.H.............O../8(.#h!..1G.n.....t.d.L..WT...0J<.A.O.'...m}Ro..J......[.......E}..p.....q..V.q.J.|%pes@|L....j^%..==.P.|..p..=......`.w.........../A...[H,......!}... ,V..A..U.......T......f.............q...:.........m...U(....0.../..}...C......W.nt......e...7u<8.<..@L....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=172800
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2017 12:51:40 GMT
Etag: "58830594-1d7"
Expires: Sat, 28 Jan 2017 00:51:40 GMT
Last-Modified: Sat, 21 Jan 2017 06:54:12 GMT
Server: ECS (vie/F385)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20170121062900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....20170121062900Z....20170128054400Z0...*.H.............S3i..T2n.....'m.UI U.........Q..#t..@U}/....dD....]...s.'.>..._i7.b.d.7..^.....{C...6... ...........r.... t. .nE `.y.r.' ..oR.t@L..^u...]8/ .lp....|6H...&.T...2,...{.....G...>....?X.8.e.<:FI\=.12)..S...7#.."..D.dm..-.|....$uh.. W..3.7....G........Y.._~.2..HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=172800..Content-Type: application/ocsp-response..Date: Sat, 21 Jan 2017 12:51:40 GMT..Etag: "58830594-1d7"..Expires: Sat, 28 Jan 2017 00:51:40 GMT..Last-Modified: Sat, 21 Jan 2017 06:54:12 GMT..Server: ECS (vie/F385)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20170121062900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....20170121062900Z....20170128054400Z0...*.H.............S3i..T2n.....'m.UI U.........Q..#t..@U}/....dD....]...s.'.>..._i7.b.d.7..^.....{C...6... ...........r.... t. .nE `.y.r.' ..oR.t@L..^u...]8/ .lp....|6H...&.T...2,...{.....G...>....?X.8.e.<:FI\=.12)..S...7#.."..D.dm..-.|....$uh.. W..3.7....G........Y.._~.2....
<<< skipped >>>
GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1
Cache-Control: max-age = 564348
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1377
content-transfer-encoding: binary
Cache-Control: max-age=420008, public, no-transform, must-revalidate
Last-Modified: Thu, 19 Jan 2017 09:30:28 GMT
Expires: Thu, 26 Jan 2017 09:30:28 GMT
Date: Sat, 21 Jan 2017 12:51:21 GMT
Connection: keep-alive
0..]......V0..R.. .....0.....C0..?0......V.T'S...q..."...zr.*..20170119093028Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U....... ...:.....20170119093028Z....20170126093028Z0...*.H.............&....~.o..h...qC.kZA...=y.......Y..`.t...}..p..kS.. ...W ...<)i.....(.tz....I.r..K$.....?...k..k.p..........c..J..|k..R.|......5[. .......I.?h.'.d...._(S.V...: ...2.....9...h.E'\ue..@.....>m ...z@.^..h.=Lf,.1.M^......#.Z.oW.C...T"....e.....<..^f..4.q..@d.....0...0...0..s............ ...y..^..g0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Global CA0...161208112535Z..171214112535Z02100...U...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H.............0...............S....!....,.t.?....d...M@.._.=.S..,."......Gdv._c..D1..N'E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9.Y....../.....;.......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi.....3.......F.6.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym........0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U...........0...U.......0.0"..U....0...0.1.0...U....TGV-OFF-570...*.H..............md.....yV{......y:5..@l#..5.......o..X....,r}......i..3..o.e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......a.....G..\.'*.b..>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b..K...PO47.J.....{.C\....G..0/.a.Eo.`z.<;IA... #.''.CG..K@7z..7.\_..'.]q.f._.WN....
<<< skipped >>>
GET /installer/progress?section=4.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:50:59 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=r5urr652irhgfuueb4timv7ft6; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030598270598; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003059; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w27|WINZN|WINZN; path=/
GET /css/min_general.css?1.00404.0 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14850030613333128; _wal=1485003070; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; APPSESSID=w52|WINZQ|WINZQ
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:10 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sat, 21 Jan 2017 14:51:10 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1485003070; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 18550
Connection: close
Content-Type: text/css;charset=UTF-8
...........}...H....\0.^H2_..*.......fv...p....J.J.S"[.\..../#_.|..R.={.`["3#_......veq...C...w.6..:....>O.2;.W....x..M......%..g......!.;%.g......B..&Y....T.}..C..>.'o....-o...a\.......,.......tHO_D....%...?'U1z.'.O#.l...i.....&K7..7o....K.....e.^..QQ...k..y;.P{..f.Zb?/...0..pJ/.........y...S ...T%....:.l.]..K...... ..:...o...N.....X......c.....o...f.C.K.[.....p.....p;...e^.>.v*.tX..a2L...0Y.......?...pU...:....~.....~..pM~W..zX..S>...&K..1....a.,I.<.O..a.,.t.J.* .......E5..iB....a..&.*[...1.F..L .|O.n.....*.....T....-.&..45wt..........?o..6=d....ZM.Q..S.v...<..OZg.*..#.F..wLt...].?).\g.2O..... ..$k......mV.Ot..Y.G.".......29$U..5"....|...s.X._*>.<.Tl..iv..n..P..&/...O....S..b.r .....:O.j..].d.S.B......x..{.."...}....>......}.j...S2 X.GL..t.)V..cq.`-. )..S..R.no......}".[:.w.l?z...... .<....&..;hb.eS..P.l.<SN...a......S...1..GG.@.'so.....YEV.w3........].V.Z... a..NW.Yt..tZ...i..%z.7b...%...,...LMz`.m.8.o....T_s.f./~f.*..='."!K.....j....@...t-.S..-..F.@l.Ar....c......f.d.?.]../....Z.P.@..3O[...iyZ.........g.......6Y...........v..G.#TIs.....>..Z....SV./V...,.:.$...G1>.}......O..b. .]..N;}.0 e.a..)$.l.. :..H...&....?..=4.g......N.8k........|.DzOQM`.7..Ou ...k..PPd_.........#_....$.qaX......P..?.>g.9.V..Es....V....Z...l.a:u.X4q0.....T...So.a.t.........;....X..&8......i..'..1......wIY.SJ.....:K....-...!-...C.bY.3z.<..~..~...`........,BN..O....g?.O.V.....7...|.&..l.....K...n..ts..N1.>.8. .( %.4..O,Qi.......Mc`...g`#y...]G.....?..q..$7."...:..M..P.X.L....|.qpH..p$sB...d
<<< skipped >>>
POST /web/log?evt=10042&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Content-Length: 271
Content-Type: application/x-www-form-urlencoded
Host: VVV.technologieyvonlheureux.com
..U..
.k.....i..........,w.E.....5 ...c}.@>...qQ..&.....#\>.....8DSC.........!............e....m.....u......a.r.....C.......&....o.&-....c......C.e..=e.U.k.\L.>.$H.
.ps...g.....e
...
(V.XS...E...;..u)D.9<.uc....6....}...3*...q..T...z.... U9.w......N?-.hM.$.o.=....K
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:00 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=a6jsbpipjeg5o7e89034vfr063; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030601187147; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003060; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=14,37,54,52,43,43,58,92,70,91; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w25|WINZN|WINZN; path=/
GET /web/log?evt=10004&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Host: VVV.technologieyvonlheureux.com
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:50:59 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=7us01iueoepkmikc0d3al38bb7; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030594483288; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003059; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=14,49,68,16,41,100,84,42,92,30; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w28|WINZN|WINZN; path=/
GET /installer/progress?section=1.0&getinstructions=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:50:54 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=thi714ru699bv8nvcea1271pv5; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030548460696; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003054; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w67|WINZM|WINZM; path=/
POST /installer/installedProgramsLogs?unique_id=26B7D8D8BD1EF7A71B43728E773D5682&affiliate_id=3673 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Filename: nsn3665.tmp
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Content-Length: 459
Connection: Keep-Alive
Cache-Control: no-cache
7-Zip 9.20
Adobe Flash Player 23 ActiveX
Social2Search
Google Chrome
Mozilla Firefox 49.0.1 (x86 en-US)
Total Commander (Remove or Repair)
WinPcap 4.1.3
Wireshark 0.99.6a
Microsoft Visual C 2008 Redistributable - x86 9.0.30729.4148
Java(TM) 6 Update 18
Java Auto Updater
ActivePerl 5.16.2 Build 1602
Google Update Helper
Microsoft .NET Framework 4.5
Microsoft PowerPoint Viewer
Microsoft .NET Framework 4.5
Adobe Reader 9.3.4
VMware Tools
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:02 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=d0r8j7p39ku6lfoacf9can2p47; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030625169944; expires=Sun, 21-Jan-2018 12:51:02 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003062; expires=Sun, 21-Jan-2018 12:51:02 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:02 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:02 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w67|WINZO|WINZO; path=/
GET /css/webfonts/Lato-Black-webfont.eot? HTTP/1.1
Accept: */*
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Origin: hXXp://VVV.technologieyvonlheureux.com
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14850030613333128; _wal=1485003071; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; APPSESSID=w52|WINZQ|WINZQ
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:29 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Fri, 05 Feb 2016 20:20:05 GMT
ETag: "8832-52b0b93a91ea2"
Accept-Ranges: bytes
Content-Length: 34866
Connection: close
Content-Type: application/vnd.ms-fontobject
Set-Cookie: APPSESSID=w52|WINZV|WINZQ; path=/
Cache-control: private
2...`.............................LP....J`.@........... ....T.os....................L.a.t.o.....B.l.a.c.k...H.V.e.r.s.i.o.n. .1...0.1.0.;. .W.e.s.t.e.r.n. .c.h.a.r.a.c.t.e.r. .s.e.t.....L.a.t.o. .B.l.a.c.k.................FFTMZps2........GDEF.......(... OS/2...I...H...`cmap.R.i........cvt ...\...|...Ffpgm../........egasp.......,....glyf...2...8..x.head...........6hhea.1.#...@...$hmtx p ....d..."loca.u0`........maxp........... name7.O........ppostlO.....,....prep^..y... ...@.................8.'.....8. ...................................'.........3.......3........................@.`J........tyPL. . ...q.q...... ........%..... .....................................(. .....~............ . . . . " & / _ .!"......... ............ . . . . " & / _ .!".....................j.e.b.`.\.Y.Q."...a ................................................................................................................ !"#$%&'()* ,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a...................................cd.~..hf.i........e.....................b.....xy|}z{.................................................%.......=...............:...J. ...1.R.../.A.4.L.D.........#..........,...K.*PX.JvY..#?... X=YK.*PX}Y ......-.., ... -..,KRXE#Y!-..,i. .@PX!.@Y-..,.. X!#!zX...Y.KRXX...Y.#!.. X.FvYX...YYY.-..,.\Z-..,."..PX. .\\...Y-..,.$..PX.@.\\...Y-..,.. 9/-.., }.. X...Y ..%I# ..&J..PX.e.a ..PX8.!!Y...a ..RX8.!!YY.-..,.. X!...!Y-.., ... -.., /.. \X G#Faj X db8.!!Y.!Y-..,.. 9/ . G.Fa#. .#J..PX#..RX.@8.!Y.#..PX.@e8.!YY-..,.. X=..!!. ..
<<< skipped >>>
GET /dc.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: stats.g.doubleclick.net
Connection: Keep-Alive
Cookie: id=2206a0d5d509001b||t=1476353233|et=730|cs=002213fd48e2d5669ef0404555; IDE=AHWqTUlcWb2mFPnBgaR7YetstmfkXAgGb1NF2XG87DnwqAsvzVoh0uw46Q
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Date: Sat, 21 Jan 2017 12:19:00 GMT
Expires: Sat, 21 Jan 2017 14:19:00 GMT
Last-Modified: Wed, 28 Sep 2016 20:19:01 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 15977
Age: 1948
Cache-Control: public, max-age=7200
...........}kW....w~........pk..f......Z.R..Y.C 8i.pi......b..}.>g..Kl...}4....d....O...-.....`~...E...]7..>..>....Pf.a.yU."HCC...i...T*..b.....'..Olf[.Y.[c6P/.....'n.m'..m.... !_XXll..&..(..E..V=/.u.X..%.w...i..rDoT.....?>z..1`.D...y...y7. \...5ZI...TA..........C...p3..A..x.k.q4.2...?L.k=.v....4.:sB[...l.w.o {.....?Nc....|..........q.........[.n..2..X~.......S.f.]h~....7:.n...m.C#6...........#....y...7.|..f.W.>..wS......)..Q....i......z......D.`...7N....y.C;....`1....x..p.tG.L..=..1r...M..2..)xa...{0!..5...^...7..."..........J8... ...5.O....l...r...|....R...P.0ok.8.Z.2....i|...S.y.od...~..k.>.....0vGr.mI.....0.&&yg.sf2......m.....G=0..B.6..u....A.h.A.0.V.:.-...j..L.....5.E.[...Q.{2imA......T........~. ...0*%.....>......hX...ga1./$......f.#..d,.|www5/XX...c5..D-.....p.h..8D.@./.X,.....&gTV..5..,.x..?.....(.>?6Sy.].`.]...'-"....-...........(.n.@_"p"`.*...T.1.$..t.....o?.."../.kX.)L.....-.....E1M.....@..T.F9.,HP........# ....d...-,.......-.j..BS....9...%.~Sug,...`."...4a..@.p]..yn.i(5.....U.r..$j..0{|.i.5........H}.......A=..&.Vq....4<..*7c.<b.....OQ8X...&..a/a.....aI.j.7.E.:cuV=.P.q..d.....X....#..@.T...q......U.T~.@.C......S.#....Q.....K......A.y._....z|..9...9.zM......%m........m).?4.Q...c.....PTDB&..7.-G....E.....E.7.t.V..G....._..!.....xt..}.......Ev..x..a.{...d.. .q./..OB|..6..{....a^.......@?.......o.....*T.;/Oa.......J..........I.)......J..#..A....FS.....t.H..h...W..|B.~..t.6..........t"<..z..||.......8..B9......x.a....m.V[.=...K!..\.....w."d...=>.B..(K...u.....~.".@b
<<< skipped >>>
GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com
HTTP/1.1 200 OK
Server: Apache
ETag: "18bdbae022ea525c8083bb316812f738:1485001826"
Last-Modified: Sat, 21 Jan 2017 12:30:26 GMT
Date: Sat, 21 Jan 2017 12:51:16 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..170121122300Z..170131122300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H............,..T...<...j]>`...z...8.V.j....2$.. ..j.m...^`.l.9.#.I..`h...Y .].r46.H...et[.......i2-.(...F.D...L....7.......#....Y..A..tT....HTTP/1.1 200 OK..Server: Apache..ETag: "18bdbae022ea525c8083bb316812f738:1485001826"..Last-Modified: Sat, 21 Jan 2017 12:30:26 GMT..Date: Sat, 21 Jan 2017 12:51:16 GMT..Content-Length: 325..Connection: keep-alive..Content-Type: application/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..170121122300Z..170131122300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H............,..T...<...j]>`...z...8.V.j....2$.. ..j.m...^`.l.9.#.I..`h...Y .].r46.H...et[.......i2-.(...F.D...L....7.......#....Y..A..tT......
GET /index.php?firstrun=1&lp=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14850030613333128; _wal=1485003062; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20
HTTP/1.1 302 Found
Date: Sat, 21 Jan 2017 12:51:09 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1485003069; expires=Sun, 21-Jan-2018 12:51:09 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:09 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Location: /signup?aid=3673&inline=0&afr=0
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w52|WINZQ|WINZQ; path=/
GET /css/min_bootstrap3_social2search.css?1.00404.0 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14850030613333128; _wal=1485003070; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; APPSESSID=w52|WINZQ|WINZQ
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:10 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sat, 21 Jan 2017 14:51:11 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1485003071; expires=Sun, 21-Jan-2018 12:51:11 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:11 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 18546
Connection: close
Content-Type: text/css;charset=UTF-8
...........}k..8r._.{bb......T.S..v....O....>.%R%.P..........H$.$....E.;<[...Df..$..}{(/...Nv..(.=6...4y]..&_..oE;i....)..O.....}L.......k..*.v9..Kq|..i...2..M...,o..l...e....:.?.u>.UU...}.f..^..|....8>.....~.7.V.h.....% .S.~{.....kz..j.M...f|...:o..g.ke .cY...h..9....$-....&mr^ .=..../[...*.O...cu...y..o..~..Y..?...........M......M.UY..m.8|J...^.....3c...b.\.s.I.l.l._..-.O.MU3.L6U.V....u..?....7.......I.*....(...[.?.-....O.X..*?..'....8..WV..ER.C..O....v.....Ri.h..........T5...c.36.1.....O...mA.sLmuz.D.F..}Q..DS^R.^.7..../BJ.5S.....]Y}y.".J..#N.x....u__..Z.7.WNiq|y..g..EL..........h.I.mu.VL...dL%.q..N.t;T..i.6..........1.8...s;.N...._l2...d....&.35....>IY._..%.s...2.=H..1...... .XA..b1....~;.?..OcP..\.:%L....t..NO.<e....l..=..#.T.......6.RF]..vk./.Q...s....(D....fR..l!.....).2.<..Z....*..q -.`4.}......t...;B..f......RC!..x>l......L.f.....jJ.../....BU.....{rL..!O..p...y...X.e.d....`C..|[.)_.(...-:g.k."...f.-...V..Oz.....Zg.R.Te....d..Z./.1....Twu...[.[..z......MI....Q.qm.q..._.|.."..j6...8~..l:...t.4.,..P.NU....IZ.}.1.8[@....~..GOh...k..._..E.....#.1..U.e_..Of.B........m[....F.>...3.-...@..~~..;.?6E.M.fb[.'..C....c.....m^..V..^..<~a;.&...d.....sUd..ou.vA.{"w?......^......C.u......y......x?.T.i...8{b`....UV..bX..2.........m....D....m.R..(.........3.>.4....&/..1.k.L.O.!..9bSA...._x<...{..&c.(#(...`..Y..m.......v..Le......i.K..SSo..u.>.....?....^.M...\.u.....M...E. .~.q3......-`..lR............T........mA..>.7..v{?X..2...bg.?}.F.....-&...y,. ?...[.'.|....."..:.v..]..U.iN.6
<<< skipped >>>
GET /imgs/app/social2search/login-bg-img.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: main-social2search.netdna-ssl.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:28 GMT
Content-Type: image/png
Content-Length: 2520039
Connection: keep-alive
Last-Modified: Mon, 09 May 2016 20:48:51 GMT
ETag: "2673e7-5326eef9963af"
Server: NetDNA-cache/2.2
X-Cache: HIT
Accept-Ranges: bytes
.PNG........IHDR.......\...... ......gAMA......a...@.IDATx...k.%.....Wuk$..B.&..L.}..`...0h..k...V.[u.? .w..........{.................Wo.....W.^.~....7o_...|x.._..z..]>...W...........o.^..O^o..........>||....W.....u......7o;............W......z..[.............^........;K....W..|{....Wo..../....O.^}..Y.....~d..O.~{......[....7s..M.{..}0..........2.........?|..............t.f.........b.<6............Wor].7.a...H{...^C....). .....W_.|m...~.R:.. ..V.....s_.}....y...Q....?!>}..d*..L...}E.7.........L......._;~...u......7s|..........g:....X........n..G...]|...L.."K.|yl....G.~..7.....:....,.|..........>..7..c?F...7......h......Gx............M....C.-..>...z. ....|..%x.[.h...E..~..g.q|.......]........1.E........B....../?.......>T........Q.L....g~dN.Py[..70....o.../.._...&..8.^.........i.3}..~.~........9..;...}~.C.26}.g.<.......sb.Y...m./.......g.i.T.....~.........,.^........Q...#...G..en..g.{~..]..a.:......J.O...x......t.........9..5..>4.........X.....s...9......m...GO_C..~...z.%nW..$......?../O.k...g...............=...o..0.....}.N.._....I<{...o.&7......M.a.C........*....O..-.)v%......7..]0..>=..&=6...8,..&c[.N.....l.?{p.....J.......C9@%s...V..o..&Zp...:.'&..En.:c../<D...I.l.|...~......ZG<....7.....k..y.'X..k.7.c...5}.\..g...>..<..O..~1.z.....W..'..Oq.....=...?se0a[.w.S.c#.c.x....;.....k>..,w-~....7..Wc.9b...fS.%*......6y...;..~GQ.E...K.j..N..\..;.%..K.._.....9.......zr<.a.6..~...R93.x:....vv!...dk.9(.$w..{...LP....}.X.g...<~...x.F.7~...!.....ozh.H=..W..g._<....z.%
<<< skipped >>>
GET /installer/progress?section=5.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:00 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=an73sauqrupip1sddmdq5rust3; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030604057344; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003060; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w7|WINZN|WINZN; path=/
GET /GIAG2.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.google.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Date: Sat, 21 Jan 2017 12:03:15 GMT
Expires: Sat, 21 Jan 2017 13:03:15 GMT
Last-Modified: Sat, 21 Jan 2017 02:15:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 541
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 2896
0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170121010002Z..170131010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......r0...*.H.............n...G~Tc....?...R.][..}.$.V...!.B-.6M^>9..fx.e.....}.....,E1G.-.r....w......O......h.UenC...%N...d.2....q.O...."v%.<..}M*...3...Z.L.....3.u....... .._.,{c..n...C.E$...o...5..1%...d...H.....z....<..:.Bj.%.....V..Mt..Bh'.}./`....G.s.3S.s.`D..-b..rR>>\-..q.A.HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Date: Sat, 21 Jan 2017 12:03:15 GMT..Expires: Sat, 21 Jan 2017 13:03:15 GMT..Last-Modified: Sat, 21 Jan 2017 02:15:00 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 541..X-XSS-Protection: 1; mode=block..Cache-Control: public, max-age=3600..Age: 2896..0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170121010002Z..170131010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......r0...*.H.............n...G~Tc....?...R.][..}.$.V...!.B-.6M^>9..fx.e.....}.....,E1G.-.r....w......O......h.UenC...%N...d.2....q.O...."v%.<..}M*...3...Z.L.....3.u....... .._.,{c..n...C.E$...o...5..1%...d...H.....z....<..:.Bj.%.....V..Mt..Bh'.}./`....G.s.3S.s.`D..-b..rR>>\-..q.A...
<<< skipped >>>
POST /installer/downloadsLog?unique_id=26B7D8D8BD1EF7A71B43728E773D5682&affiliate_id=3673 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.technologieyvonlheureux.com
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:01 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=7odome3noebnaapfh35q16t6e5; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030613333128; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003061; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w25|WINZO|WINZO; path=/
GET /widgets.js?1.00404.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: platform.twitter.com
Connection: Keep-Alive
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Cache-Control: max-age = 511667
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT
If-None-Match: "57ff143e-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=172800
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2017 12:51:35 GMT
Etag: "5882f020-1d7"
Expires: Sat, 28 Jan 2017 00:51:35 GMT
Last-Modified: Sat, 21 Jan 2017 05:22:40 GMT
Server: ECS (vie/F2D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...20170120220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20170120220000Z....20170127220000Z0...*.H.............O../8(.#h!..1G.n.....t.d.L..WT...0J<.A.O.'...m}Ro..J......[.......E}..p.....q..V.q.J.|%pes@|L....j^%..==.P.|..p..=......`.w.........../A...[H,......!}... ,V..A..U.......T......f.............q...:.........m...U(....0.../..}...C......W.nt......e...7u<8.<..@LHTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=172800..Content-Type: application/ocsp-response..Date: Sat, 21 Jan 2017 12:51:35 GMT..Etag: "5882f020-1d7"..Expires: Sat, 28 Jan 2017 00:51:35 GMT..Last-Modified: Sat, 21 Jan 2017 05:22:40 GMT..Server: ECS (vie/F2D5)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0.......>.i...G...&....cd ...20170120220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20170120220000Z....20170127220000Z0...*.H.............O../8(.#h!..1G.n.....t.d.L..WT...0J<.A.O.'...m}Ro..J......[.......E}..p.....q..V.q.J.|%pes@|L....j^%..==.P.|..p..=......`.w.........../A...[H,......!}... ,V..A..U.......T......f.............q...:.........m...U(....0.../..}...C......W.nt......e...7u<8.<..@L....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=172800
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2017 12:51:40 GMT
Etag: "58830594-1d7"
Expires: Sat, 28 Jan 2017 00:51:40 GMT
Last-Modified: Sat, 21 Jan 2017 06:54:12 GMT
Server: ECS (vie/F385)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20170121062900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....20170121062900Z....20170128054400Z0...*.H.............S3i..T2n.....'m.UI U.........Q..#t..@U}/....dD....]...s.'.>..._i7.b.d.7..^.....{C...6... ...........r.... t. .nE `.y.r.' ..oR.t@L..^u...]8/ .lp....|6H...&.T...2,...{.....G...>....?X.8.e.<:FI\=.12)..S...7#.."..D.dm..-.|....$uh.. W..3.7....G........Y.._~.2..HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=172800..Content-Type: application/ocsp-response..Date: Sat, 21 Jan 2017 12:51:40 GMT..Etag: "58830594-1d7"..Expires: Sat, 28 Jan 2017 00:51:40 GMT..Last-Modified: Sat, 21 Jan 2017 06:54:12 GMT..Server: ECS (vie/F385)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20170121062900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....20170121062900Z....20170128054400Z0...*.H.............S3i..T2n.....'m.UI U.........Q..#t..@U}/....dD....]...s.'.>..._i7.b.d.7..^.....{C...6... ...........r.... t. .nE `.y.r.' ..oR.t@L..^u...]8/ .lp....|6H...&.T...2,...{.....G...>....?X.8.e.<:FI\=.12)..S...7#.."..D.dm..-.|....$uh.. W..3.7....G........Y.._~.2....
<<< skipped >>>
GET /web/log?evt=10002&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:07 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=20efu0v05fe9tam6i0r5db4qr0; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030672534860; expires=Sun, 21-Jan-2018 12:51:07 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003067; expires=Sun, 21-Jan-2018 12:51:07 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:07 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:07 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w28|WINZP|WINZP; path=/
GET /js/min_fancybox.js?1.00404.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14850030613333128; _wal=1485003070; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; APPSESSID=w52|WINZQ|WINZQ
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:10 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sat, 21 Jan 2017 14:51:10 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1485003070; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8131
Connection: close
Content-Type: application/javascript
...........=ks........1.!...I.....(....%.(..q. ..)H @..d...t..~.u..... ...%.Z..LOwOOO.f.mo...9.q...dh'~8#.]..i..4]...,.......vb..$..>...m......8I...g..,. %~HX?q..=..?...v].%.P...]..F$.N....A./.O........q<<.8&....x.....~.{..B.D....2t.'2.3.%{....g..:....?;K...7..t.'..(.y..........~z... .4!..x.........I...%.J@Hd.x(....L...^.Q<Otr.hI...h..y..S....N...G.^..S.."..}.\zf.tB.(.. *.(t}*%:h..f5g..X..D.........*..'.%v...Q."...OH......I.n.. ...?.b....%.B...t.....@...#. |zn.,.^..b............v.P....2.....u..|:..B{.!K..%,j.l.].g.!...(^.......{.....Y.....#L,.t..>...B..D.M. \p.C..sP.`.......L..Df...hL....?........~...w..g..................hL......|4.99>...?........x.?.....A..............h8..h..w.;....@B............tJx}..vD.qx4..-......3%.nt......>9.....'{.#rxrtx...g.;.......]....d..p...?....&b.&|.i.x.3(.vg...w.....wwt4.........X....p8...E>.y....}.9...............T.......h..Y..7>.....O......v......F...G....R.@..O.....t....xD.7...ztrx<:..`.?....>......>.......}F.(...:..a..G(_*.>.c.....`@..y,..2.?|.7z?......1}....,..8|.h...>.=..GUA.@.%].....;...i$...@%.#.>T...\..#.6..Z.MR.8.8.;AR..:...Qg.0..o..%.9.tf..*...6.$.2....<......y.&.qJ,R....Z6..lZW-.....3........2.qi......7.t.:.....N..."p......../N..J....l..@..X.a..5...r......Q..=....l.i.r...4.DB...8,-..<j...J.F....S.R4m@..t5".lon...9..&h...Z. ..Qe....w.*.*.<...Zi.mu.......!.....aD.... ..V$N...;T...PWHQ6..r....a...:..(..B...HH.bz.........}......ui.........A...C...}?..k..Y....g..RV._..S.gz...1o..;...."z.rXo...m2!f>.Et.n...A.8..R&..x
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2017 00:50:45 GMT
Expires: Sun, 22 Jan 2017 00:50:45 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 302450
0..........0..... .....0......0...0......J......h.v....b..Z./..20170117130230Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..:.M.Du......20170117130230Z....20170124130230Z0...*.H.............u6....0.I..1dJ.^.D.$... ../...`.A.vg^......R..........X.cV.3.........w.o...7....!....G.F...%X.I.._.X.}...]_...>.......R.v(.K....... T..z...;A.H.....=...7k.-.O.9 ...O........J.M..LP]:.".D...`g.=...F.E...P...U..C..b.N......u.t..]2.....V..V..l..p.C...<.y..r.OHTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Wed, 18 Jan 2017 00:50:45 GMT..Expires: Sun, 22 Jan 2017 00:50:45 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 302450..0..........0..... .....0......0...0......J......h.v....b..Z./..20170117130230Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..:.M.Du......20170117130230Z....20170124130230Z0...*.H.............u6....0.I..1dJ.^.D.$... ../...`.A.vg^......R..........X.cV.3.........w.o...7....!....G.F...%X.I.._.X.}...]_...>.......R.v(.K....... T..z...;A.H.....=...7k.-.O.9 ...O........J.M..LP]:.".D...`g.=...F.E...P...U..C..b.N......u.t..]2.....V..V..l..p.C...<.y..r.O..
GET /installer/progress?section=3.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:50:55 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=ce89gj6giu72vo21jlpf7i3u12; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030556520365; expires=Sun, 21-Jan-2018 12:50:55 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003055; expires=Sun, 21-Jan-2018 12:50:55 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:55 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:50:55 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w14|WINZM|WINZM; path=/
GET /installer/progress?section=beb&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:06 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=tkv2ojasf5mbn0lrobnsenmor5; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030666690921; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003066; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w26|WINZP|WINZP; path=/
GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1
Cache-Control: max-age = 564348
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1377
content-transfer-encoding: binary
Cache-Control: max-age=420008, public, no-transform, must-revalidate
Last-Modified: Thu, 19 Jan 2017 09:30:28 GMT
Expires: Thu, 26 Jan 2017 09:30:28 GMT
Date: Sat, 21 Jan 2017 12:51:21 GMT
Connection: keep-alive
0..]......V0..R.. .....0.....C0..?0......V.T'S...q..."...zr.*..20170119093028Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U....... ...:.....20170119093028Z....20170126093028Z0...*.H.............&....~.o..h...qC.kZA...=y.......Y..`.t...}..p..kS.. ...W ...<)i.....(.tz....I.r..K$.....?...k..k.p..........c..J..|k..R.|......5[. .......I.?h.'.d...._(S.V...: ...2.....9...h.E'\ue..@.....>m ...z@.^..h.=Lf,.1.M^......#.Z.oW.C...T"....e.....<..^f..4.q..@d.....0...0...0..s............ ...y..^..g0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Global CA0...161208112535Z..171214112535Z02100...U...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H.............0...............S....!....,.t.?....d...M@.._.=.S..,."......Gdv._c..D1..N'E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9.Y....../.....;.......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi.....3.......F.6.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym........0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U...........0...U.......0.0"..U....0...0.1.0...U....TGV-OFF-570...*.H..............md.....yV{......y:5..@l#..5.......o..X....,r}......i..3..o.e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......a.....G..\.'*.b..>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b..K...PO47.J.....{.C\....G..0/.a.Eo.`z.<;IA... #.''.CG..K@7z..7.\_..'.]q.f._.WN....
<<< skipped >>>
GET /index.php?firstrun=1&bg=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sat, 21 Jan 2017 12:51:03 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=msttqud8ucmpejdke0q2uvi8t7; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030633608937; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003063; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Location: /signup?aid=3673&inline=0&afr=0
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w25|WINZO|WINZO; path=/
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDuvO9j30/BC HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2017 12:13:39 GMT
Expires: Mon, 23 Jan 2017 12:13:39 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 175067
0..........0..... .....0......0...0......J......h.v....b..Z./..20170119070749Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..;.;....B....20170119070749Z....20170126070749Z0...*.H.............Q...Jg.e..N]1.=....Z...u..K...loZ...{.....T. .o....B.0.....F.}.....x.%>l&.l...N...JM...aOa%l6..B....e.R...<u.`Y...0.&i.Pk3._S[w.........-Y.V....v..8..S%...I\..^.......o./1g,...'"....,.,.....|..uk5..Z......N>d. ..NA.{..4z..M..N8j...$nM......>s7...v...|?{.lkHTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Thu, 19 Jan 2017 12:13:39 GMT..Expires: Mon, 23 Jan 2017 12:13:39 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 175067..0..........0..... .....0......0...0......J......h.v....b..Z./..20170119070749Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..;.;....B....20170119070749Z....20170126070749Z0...*.H.............Q...Jg.e..N]1.=....Z...u..K...loZ...{.....T. .o....B.0.....F.}.....x.%>l&.l...N...JM...aOa%l6..B....e.R...<u.`Y...0.&i.Pk3._S[w.........-Y.V....v..8..S%...I\..^.......o./1g,...'"....,.,.....|..uk5..Z......N>d. ..NA.{..4z..M..N8j...$nM......>s7...v...|?{.lk....
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2017 00:50:45 GMT
Expires: Sun, 22 Jan 2017 00:50:45 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 302450
0..........0..... .....0......0...0......J......h.v....b..Z./..20170117130230Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..:.M.Du......20170117130230Z....20170124130230Z0...*.H.............u6....0.I..1dJ.^.D.$... ../...`.A.vg^......R..........X.cV.3.........w.o...7....!....G.F...%X.I.._.X.}...]_...>.......R.v(.K....... T..z...;A.H.....=...7k.-.O.9 ...O........J.M..LP]:.".D...`g.=...F.E...P...U..C..b.N......u.t..]2.....V..V..l..p.C...<.y..r.O....
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2017 00:50:45 GMT
Expires: Sun, 22 Jan 2017 00:50:45 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 302450
0..........0..... .....0......0...0......J......h.v....b..Z./..20170117130230Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..:.M.Du......20170117130230Z....20170124130230Z0...*.H.............u6....0.I..1dJ.^.D.$... ../...`.A.vg^......R..........X.cV.3.........w.o...7....!....G.F...%X.I.._.X.}...]_...>.......R.v(.K....... T..z...;A.H.....=...7k.-.O.9 ...O........J.M..LP]:.".D...`g.=...F.E...P...U..C..b.N......u.t..]2.....V..V..l..p.C...<.y..r.OHTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Wed, 18 Jan 2017 00:50:45 GMT..Expires: Sun, 22 Jan 2017 00:50:45 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 302450..0..........0..... .....0......0...0......J......h.v....b..Z./..20170117130230Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..:.M.Du......20170117130230Z....20170124130230Z0...*.H.............u6....0.I..1dJ.^.D.$... ../...`.A.vg^......R..........X.cV.3.........w.o...7....!....G.F...%X.I.._.X.}...]_...>.......R.v(.K....... T..z...;A.H.....=...7k.-.O.9 ...O........J.M..LP]:.".D...`g.=...F.E...P...U..C..b.N......u.t..]2.....V..V..l..p.C...<.y..r.O..
GET /web/log?evt=10008&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2=&brw=IE&brw_v=9.0.8112.16421&brw_bitness=32&metro=0 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Host: VVV.technologieyvonlheureux.com
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:09 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=0a8dkbin6tqa917kdirj24omb0; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030692571377; expires=Sun, 21-Jan-2018 12:51:09 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003069; expires=Sun, 21-Jan-2018 12:51:09 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:09 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=14,100,57,100,94,64,62,24,79,93; expires=Sun, 21-Jan-2018 12:51:09 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w51|WINZQ|WINZQ; path=/
GET /js/min_signup_page.js?1.00404.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14850030613333128; _wal=1485003070; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; APPSESSID=w52|WINZQ|WINZQ
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:10 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sat, 21 Jan 2017 14:51:10 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1485003070; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 333
Connection: close
Content-Type: application/javascript
.............j.1...-......%ji.T.....>..8...&K2Q...M6...^y....d2...._.......r......h.g_.w..g.R*X..YH....X.-.bH;$..[f.P...;X.kk.....6j..(.V*. N.c..r... ..H..c...XZ.s`E.... `..]J../."cS....C..v.....<.Rc#.....i.?..O..;gBO.....!._..2,.....J...'V.u..W..\<.6.E..........5..>.E...0 .>.;;u.....l.....};>....~5. ..g6...7_q..O...9.\1..o....o.....
GET /installer/logging?evt=1&pge=0&pr=0&ar=0&dr=0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:50:54 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=310r5079bco3bqo9kk8r50g946; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030541345466; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003054; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w16|WINZM|WINZM; path=/
POST /installer/urlsLog?unique_id=26B7D8D8BD1EF7A71B43728E773D5682&affiliate_id=3673&br=iexplore HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.technologieyvonlheureux.com
Content-Length: 406
Cache-Control: no-cache
Cookie: PHPSESSID=7odome3noebnaapfh35q16t6e5; _wau=14850030613333128; _wal=1485003061; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; APPSESSID=w25|WINZO|WINZO
hXXp://go.microsoft.com/fwlink/?LinkId=129791
hXXp://go.microsoft.com/fwlink/?LinkId=129792
hXXp://go.microsoft.com/fwlink/?LinkId=121315
hXXps://ieonline.microsoft.com/#ieslice
hXXps://VVV.mozilla.org/en-US/about/
hXXps://VVV.mozilla.org/en-US/contribute/
hXXps://VVV.mozilla.org/en-US/firefox/customize/
hXXps://VVV.mozilla.org/en-US/firefox/help/
hXXps://VVV.mozilla.org/en-US/firefox/central/
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:02 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1485003062; expires=Sun, 21-Jan-2018 12:51:02 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:02 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:02 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
GET /ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00404.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ajax.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Fri, 20 Jan 2017 18:31:00 GMT
Expires: Sat, 20 Jan 2018 18:31:00 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 90001
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 66010
......n.....{s.F.8.7.)Z\..D.)9.{v.(......_..9.\...$."b...@Q...~k.{fz..a......[...W.LOOwO?._...W...Y.b.?<..._.g.>....'.b]........E...w....m... .V.b8...?..2.... ...*.M........J..2KT..T.... /..o^....L....ze_..........(.O.q..Jz.....W..`...U.g..E8.$.T.!|<8..`Q...U.,..t.W.fy.......i.i.y6[C.."....Fj./K. .?..A..e.f.`. u.8Kt.$.z.....*.$_.f.]5U....2...........t..~....hp;...Ev~p.pp.W.......R.:...Y7:8.|P.'y...B...wC8.Kt.......|....gC..O..y....'.9.........u..._.....g..........`..Q............w..~1....?.>{....!..........G......?....}?.3....'..<..Cl.......5.~..............k.|....@.H`.t:.~x.......>...)..OO.=y......T~~._..>._..W..._...?.x.......?..o......?..p.W.....<{O.......o..5...........!.%...............C........`O...._=}..[._.v.....t.f..4 ......................Q.G\U.....|.,.....t..;......&....P..*.P)\\\@7[.G.....N..Oa_...;.......P.H^.Y=......s./.f..Q@.B.2..M....L.o....lf.s.{..}........RZ.~.X.....A\\/.*.Jlp.W....l.&.TV.5....d.=..08...|U..?/S...@0..*...].fq...p.. UV..3......Tw...P.]0.Ge>[VjG]\....t.... .O.Y...R......vg.....*.p.........D......../......,.Q.d..t...e'....8$oi_.Op.?.A.J.e.._;.....n.....r(g.......#8..|.8........<..u .?}.#.....^\..f.f.0.R.nd;.s...&..}..pD..... ..L3..x.T.V.i:S@'.......v.P3oK*..x~...._NR.,...5.P*..c..VS%...b..F....p..;..........7i^@>!...-...L.J.....,M/...G5....x...%.....Q..........^%..N......|.......jBnN|W.._d.BK.bf..b...,..z.3..i.Y^A.P.t.2..E^MUa..[C.eUh..T[)^.\.q\*...* ..%)a.VS.3P..ML ..|....o....j=S.]..!....w.m-..A......u|...(..........{v...u....W...t...8{*.5^....R
<<< skipped >>>
POST /web/log?evt=10035&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Content-Length: 433
Content-Type: application/x-www-form-urlencoded
Host: VVV.technologieyvonlheureux.com
"Chrome"
"Chrome Media Router"
"Chrome Web Store Payments"
"Gmail"
"Google Docs"
"Google Docs Offline"
"Google Drive"
"YouTube
]
"Firefox"
"Default"
"Multi-process staged rollout"
"Pocket"
"Web Compat
]
"IE"
"Adobe PDF Link Helper"
"Java(tm) Plug-In 2 SSV Helper
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:50:59 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=sft3vk369tiqsl8a4gu00gcqj0; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030596538764; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003059; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=14,88,4,94,2,50,9,12,40,90; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w6|WINZN|WINZN; path=/
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Cache-Control: max-age = 511667
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT
If-None-Match: "57ff143e-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=172800
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2017 12:51:35 GMT
Etag: "5882f020-1d7"
Expires: Sat, 28 Jan 2017 00:51:35 GMT
Last-Modified: Sat, 21 Jan 2017 05:22:40 GMT
Server: ECS (vie/F2D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...20170120220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20170120220000Z....20170127220000Z0...*.H.............O../8(.#h!..1G.n.....t.d.L..WT...0J<.A.O.'...m}Ro..J......[.......E}..p.....q..V.q.J.|%pes@|L....j^%..==.P.|..p..=......`.w.........../A...[H,......!}... ,V..A..U.......T......f.............q...:.........m...U(....0.../..}...C......W.nt......e...7u<8.<..@LHTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=172800..Content-Type: application/ocsp-response..Date: Sat, 21 Jan 2017 12:51:35 GMT..Etag: "5882f020-1d7"..Expires: Sat, 28 Jan 2017 00:51:35 GMT..Last-Modified: Sat, 21 Jan 2017 05:22:40 GMT..Server: ECS (vie/F2D5)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0.......>.i...G...&....cd ...20170120220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20170120220000Z....20170127220000Z0...*.H.............O../8(.#h!..1G.n.....t.d.L..WT...0J<.A.O.'...m}Ro..J......[.......E}..p.....q..V.q.J.|%pes@|L....j^%..==.P.|..p..=......`.w.........../A...[H,......!}... ,V..A..U.......T......f.............q...:.........m...U(....0.../..}...C......W.nt......e...7u<8.<..@L....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=172800
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2017 12:51:40 GMT
Etag: "58830594-1d7"
Expires: Sat, 28 Jan 2017 00:51:40 GMT
Last-Modified: Sat, 21 Jan 2017 06:54:12 GMT
Server: ECS (vie/F385)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20170121062900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....20170121062900Z....20170128054400Z0...*.H.............S3i..T2n.....'m.UI U.........Q..#t..@U}/....dD....]...s.'.>..._i7.b.d.7..^.....{C...6... ...........r.... t. .nE `.y.r.' ..oR.t@L..^u...]8/ .lp....|6H...&.T...2,...{.....G...>....?X.8.e.<:FI\=.12)..S...7#.."..D.dm..-.|....$uh.. W..3.7....G........Y.._~.2..HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=172800..Content-Type: application/ocsp-response..Date: Sat, 21 Jan 2017 12:51:40 GMT..Etag: "58830594-1d7"..Expires: Sat, 28 Jan 2017 00:51:40 GMT..Last-Modified: Sat, 21 Jan 2017 06:54:12 GMT..Server: ECS (vie/F385)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20170121062900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....20170121062900Z....20170128054400Z0...*.H.............S3i..T2n.....'m.UI U.........Q..#t..@U}/....dD....]...s.'.>..._i7.b.d.7..^.....{C...6... ...........r.... t. .nE `.y.r.' ..oR.t@L..^u...]8/ .lp....|6H...&.T...2,...{.....G...>....?X.8.e.<:FI\=.12)..S...7#.."..D.dm..-.|....$uh.. W..3.7....G........Y.._~.2....
<<< skipped >>>
GET /installer/progress?section=2.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:50:54 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=g5b5rs96cgr403fc44g9tuguj5; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030546145644; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003054; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w16|WINZM|WINZM; path=/
GET /installer/getTimestamp HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:50:51 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=3u6vv4f89q8m7a96iua1qj02k0; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030517529299; expires=Sun, 21-Jan-2018 12:50:51 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003051; expires=Sun, 21-Jan-2018 12:50:51 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=0,2,43,9,31,67,3,98,22,15; expires=Sun, 21-Jan-2018 12:50:51 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 10
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w9|WINZL|WINZL; path=/
1485003051..
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDuvO9j30/BC HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 19 Jan 2017 12:13:39 GMT
Expires: Mon, 23 Jan 2017 12:13:39 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 175067
0..........0..... .....0......0...0......J......h.v....b..Z./..20170119070749Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..;.;....B....20170119070749Z....20170126070749Z0...*.H.............Q...Jg.e..N]1.=....Z...u..K...loZ...{.....T. .o....B.0.....F.}.....x.%>l&.l...N...JM...aOa%l6..B....e.R...<u.`Y...0.&i.Pk3._S[w.........-Y.V....v..8..S%...I\..^.......o./1g,...'"....,.,.....|..uk5..Z......N>d. ..NA.{..4z..M..N8j...$nM......>s7...v...|?{.lkHTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Thu, 19 Jan 2017 12:13:39 GMT..Expires: Mon, 23 Jan 2017 12:13:39 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 175067..0..........0..... .....0......0...0......J......h.v....b..Z./..20170119070749Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..;.;....B....20170119070749Z....20170126070749Z0...*.H.............Q...Jg.e..N]1.=....Z...u..K...loZ...{.....T. .o....B.0.....F.}.....x.%>l&.l...N...JM...aOa%l6..B....e.R...<u.`Y...0.&i.Pk3._S[w.........-Y.V....v..8..S%...I\..^.......o./1g,...'"....,.,.....|..uk5..Z......N>d. ..NA.{..4z..M..N8j...$nM......>s7...v...|?{.lk....
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2017 00:50:45 GMT
Expires: Sun, 22 Jan 2017 00:50:45 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 302450
0..........0..... .....0......0...0......J......h.v....b..Z./..20170117130230Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..:.M.Du......20170117130230Z....20170124130230Z0...*.H.............u6....0.I..1dJ.^.D.$... ../...`.A.vg^......R..........X.cV.3.........w.o...7....!....G.F...%X.I.._.X.}...]_...>.......R.v(.K....... T..z...;A.H.....=...7k.-.O.9 ...O........J.M..LP]:.".D...`g.=...F.E...P...U..C..b.N......u.t..]2.....V..V..l..p.C...<.y..r.O....
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2017 00:50:45 GMT
Expires: Sun, 22 Jan 2017 00:50:45 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 302450
0..........0..... .....0......0...0......J......h.v....b..Z./..20170117130230Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..:.M.Du......20170117130230Z....20170124130230Z0...*.H.............u6....0.I..1dJ.^.D.$... ../...`.A.vg^......R..........X.cV.3.........w.o...7....!....G.F...%X.I.._.X.}...]_...>.......R.v(.K....... T..z...;A.H.....=...7k.-.O.9 ...O........J.M..LP]:.".D...`g.=...F.E...P...U..C..b.N......u.t..]2.....V..V..l..p.C...<.y..r.OHTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Wed, 18 Jan 2017 00:50:45 GMT..Expires: Sun, 22 Jan 2017 00:50:45 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 302450..0..........0..... .....0......0...0......J......h.v....b..Z./..20170117130230Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..:.M.Du......20170117130230Z....20170124130230Z0...*.H.............u6....0.I..1dJ.^.D.$... ../...`.A.vg^......R..........X.cV.3.........w.o...7....!....G.F...%X.I.._.X.}...]_...>.......R.v(.K....... T..z...;A.H.....=...7k.-.O.9 ...O........J.M..LP]:.".D...`g.=...F.E...P...U..C..b.N......u.t..]2.....V..V..l..p.C...<.y..r.O..
GET /installer/progress?section=8.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:03 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=dmij8npqi7p2tirs1kfk120rf5; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030631794606; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003063; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w52|WINZO|WINZO; path=/
GET /web/log?evt=10001&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:50:52 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=r3p8qpb3i1qav4h4bqfe2vusm2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030523505971; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003052; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w15|WINZL|WINZL; path=/
GET /css/min_signup.css?1.00404.0 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14850030613333128; _wal=1485003070; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; APPSESSID=w52|WINZQ|WINZQ
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:10 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sat, 21 Jan 2017 14:51:10 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1485003070; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 616
Connection: close
Content-Type: text/css;charset=UTF-8
...........T...0...TQ.D...B......o..d`.w.m..a....Kv...iT^.{|f.93.Y.jR."..........#...&F.K.XES#a..`.......$.../..L(DU..._.G....o-g.. !Q..u..%.*..)..15.......:..B.Q.b...V..8....H.KF1"....dcv.?!S...M.8/T.Y..'.1. .. YD2....L..P.b.H. ..C....d`.B..a/J`[.&.... .D....w....-.....vY..&.....E4........."...Z.]h..4...".....9. .(..DPk...@.(..z...2......q.....w.f.iC....u..P..k.]S&..@.....KD.!A....V.yOe..r0.ct.qx=...v.9#.[r.......Y...8:..9....*.$.........s'...n.HG........\AA....Xs....I..)......3*...X....G.]{....v.F.Y...}....{.........M..N....,P:W.Y.^....r...b....6..#..k.}........)....,Y..R.......}...j.......<.G[..i...^........
GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com
HTTP/1.1 200 OK
Server: Apache
ETag: "18bdbae022ea525c8083bb316812f738:1485001826"
Last-Modified: Sat, 21 Jan 2017 12:30:26 GMT
Date: Sat, 21 Jan 2017 12:51:16 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..170121122300Z..170131122300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H............,..T...<...j]>`...z...8.V.j....2$.. ..j.m...^`.l.9.#.I..`h...Y .].r46.H...et[.......i2-.(...F.D...L....7.......#....Y..A..tT....HTTP/1.1 200 OK..Server: Apache..ETag: "18bdbae022ea525c8083bb316812f738:1485001826"..Last-Modified: Sat, 21 Jan 2017 12:30:26 GMT..Date: Sat, 21 Jan 2017 12:51:16 GMT..Content-Length: 325..Connection: keep-alive..Content-Type: application/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..170121122300Z..170131122300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H............,..T...<...j]>`...z...8.V.j....2$.. ..j.m...^`.l.9.#.I..`h...Y .].r46.H...et[.......i2-.(...F.D...L....7.......#....Y..A..tT......
GET /signup?aid=3673&inline=0&afr=0 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14850030613333128; _wal=1485003069; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; APPSESSID=w52|WINZQ|WINZQ
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:10 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1485003070; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2014
Connection: close
Content-Type: text/html; charset=utf-8
...........X{o.8......X..v..d'..Im.m.Evs..$..^...D.L(R%)........W.l.....9..{8....?On?_.....p.o..<c\.....q..f.`.........pnh<Gt...t"....\...'...0O.....%I.|....m....w.3..p.......'_.:.x'.k...[..C.{.x..uhDy......A.........."h.\...$.p.DJI9..MH!I1.".y...T32....l..`.M.6..N..3.c....!..$.......g..4k b..p%..lLT$i... .g|.yD.gQHT...s")1...z...*.V...-.........<F).....,_.. ...H............#_..N....n.........K.....j...4fl...B....Z>....S...]......1ni,.8...b....qD.B<.$[((..W.i... ..b.vF.vV. .S..}.Q...t2.A..d.n.....b!....|....=. ..?].\..........S.._.}....G......../...r|.[>..'G...b.?.rl....:*4...u...,U.r~P..a...$........f8%..wGm.X.e. H...T....T...#..%8.....HIg.......N..>..9.t.JH]2.&....-5... .?s....P.k..V\{...l]..n=.)v.F....-..d.).)4@M.a..."r..#Q..p~uo.Dh..o .H....Q!....YX.i..._....l......... -.........#%.E...x.iL..2:V.....2....c.Q.2.....A. .x.%..f[P`....V.~A_.u...b..zF.&.....<.......:..p"1...g..M....(.t|...n.r,.Oc......JIx\.20I..5U... ........:.R...^.na.......Mo.%.p<..)..... ...b.].....2.k.Y.p......T.........F.4..<_.........:....sy.~.......*yt..>.^d...[<..xwo....XD.\.z7..........v..........k.4fp..Y...p.c..k......{k....1.vz.7....n...w..v..'.B...]-E.....y2.v~uE.BO..]..$l...e.....n.Z....;z_....S..8.F...0J..0.......y..BMZw..L...H.\7......w.wxt.......6.S..*..Z&sb."...S....K.K"..1..:(2.....)%.....a{Kc.... ........j:.4w..Y`.cn...5.&6._^....A..J....&..0.;. ..4D..w.Y.AMt.^.....l....Q..b.H.h..p..8..a....Z..n.J........R....[...K .C..b.....@..V..HY.}.m...N?t3f.,..E. .r.....8B\hh..........9..y.nQ..~L..../..
<<< skipped >>>
GET /css?family=Signika:400,300,600,700 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Sat, 21 Jan 2017 12:51:28 GMT
Date: Sat, 21 Jan 2017 12:51:28 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
12e..............Mo.@.....bo`R.Z...5.6...=....,..5..........p i....l....i.'!..x...U.1i. x1.........A..h.B...P.#n..Y.z,..@h..x.a..&...(r"F._.I.v..3.y.L..JLb..R9..j.6..9.u}..G=T......r4...z.E..v.<.h...c...(t.0^..G._.)......"\......5Y..G?..3.d{.........y(...\.Y.#<9.fj&.....u.e.?......qZ.Tm*....[.)Y...@.........a.....-..y.....0..
GET /GIAG2.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.google.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Date: Sat, 21 Jan 2017 12:11:47 GMT
Expires: Sat, 21 Jan 2017 13:11:47 GMT
Last-Modified: Sat, 21 Jan 2017 02:15:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 541
X-XSS-Protection: 1; mode=block
Age: 2384
Cache-Control: public, max-age=3600
0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170121010002Z..170131010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......r0...*.H.............n...G~Tc....?...R.][..}.$.V...!.B-.6M^>9..fx.e.....}.....,E1G.-.r....w......O......h.UenC...%N...d.2....q.O...."v%.<..}M*...3...Z.L.....3.u....... .._.,{c..n...C.E$...o...5..1%...d...H.....z....<..:.Bj.%.....V..Mt..Bh'.}./`....G.s.3S.s.`D..-b..rR>>\-..q.A.HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Date: Sat, 21 Jan 2017 12:11:47 GMT..Expires: Sat, 21 Jan 2017 13:11:47 GMT..Last-Modified: Sat, 21 Jan 2017 02:15:00 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 541..X-XSS-Protection: 1; mode=block..Age: 2384..Cache-Control: public, max-age=3600..0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170121010002Z..170131010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......r0...*.H.............n...G~Tc....?...R.][..}.$.V...!.B-.6M^>9..fx.e.....}.....,E1G.-.r....w......O......h.UenC...%N...d.2....q.O...."v%.<..}M*...3...Z.L.....3.u....... .._.,{c..n...C.E$...o...5..1%...d...H.....z....<..:.Bj.%.....V..Mt..Bh'.}./`....G.s.3S.s.`D..-b..rR>>\-..q.A...
<<< skipped >>>
GET /webenhancer/injections?v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Host: VVV.technologieyvonlheureux.com
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:50:59 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=dk2p1905rhcvlk855vg53o3r13; path=/; domain=.technologieyvonlheureux.com
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030598033220; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003059; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=14,59,4,50,44,98,47,64,31,62; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Connection: close
Transfer-Encoding: chunked
Content-Type: application/octet-stream
Set-Cookie: APPSESSID=w1|WINZN|WINZN; path=/
68b6......:`x....do(.V.-..D4c.(....|.t./...o[....J@f...X.B.2*.e.H.%...$.Z.o...A.E...^....dX.$..sMO.....'.........%....K_1.}..$Y.4...*v..RR .>H..V....~...h2..9.K.. @. -e....L...B...D.m..]w'......2..xK=j."V......9.4.T.d"..tL...s.....#v.....P.D.......$j....P.U....4b.#..t..7.....-Z......\...Q.......u)....>N.....t|.{f.GK..................b..r..Q~....z....f..%.....W..}...X...l-k...B..}........T6...P.YD....F:.{.,. S..)vR..HM.7l.;<...Zp.E.O.8Y.6..%c...Z.......2.L.^...].*..*. .e.~&r.......bf[....W~.`.@....k...g.....X....Q.....[5...........},\...H.....V...I8Y.....A..."P'?7..... .....0......`.v.... r........9.q$KS>.].24.)e.?.g.U.....E...C^..=.......H.........)`.7......E}...c.i...~......n..@-G............itd.y...`.......c.C.-o)...x....9......[..6.t.ut.z.S....w...s.u'Y.U.).r..lj. |.........W S..Q..ve~."E. Q..8Ugcs........FN"...........?e.g..@O....d..3......5:C..P.iB*-...3.-E.L..q...q.....9.g.!L<j.......c....E~...<J.S.....M....PN...~F^,.BU.s...&.......*br..9...,.^......J.....\.v..."...b3..Tvd\.......y..5..'..6..(...M....2.2....%.].j..X.gIK..UF.........B8.r.7.D.a..|C....Ql.>..pl.b.....'].E..D.F. ..hR..vtR.t..F5....T...).*%.Y.-X.....=...[.....?....n>.0.......Le".q.....n.l>=..I... a.. .@.. .d....=&.q.$q.{C...K....<y...._o.N.......:....~ ..4K...N.S.b.].b....O..n...;.I..y..{.?.(&..D7...9W...4.......!...F...Fa....L......BPU?1.0.,/%J&9C..[.....G....dn.,.K...R!..;..!...4G ,.S........K....p...l..-..L..6Y.........`=.K....q..g.........BC<........A$.K...Z.pC.....#.....9.fW.C......m....u.\.,F.o ...H...g8.
<<< skipped >>>
GET /webenhancer/update?v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2=&retry_count=0&retry_version=&sc=1&scfr=&ie_status=-2&ch_status=-2&ff_status=-2&avs=0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Host: VVV.technologieyvonlheureux.com
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:03 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=7aah49kd5ss76mbrpqq2gvff27; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030638694841; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003063; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=14,98,74,5,68,74,8,86,53,86; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 99
Connection: close
Content-Type: application/octet-stream
Set-Cookie: APPSESSID=w14|WINZO|WINZO; path=/
....n*..o.a........(.H..../..yf|.5..{amYp.d...r.*...7..c.......m.I.....F{m.3........g....[.A}.P%D.w..
GET /installer/finish?v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:06 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=1bun2kinlgjrtcmgk44bbgkgd0; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030668365967; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003066; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w29|WINZP|WINZP; path=/
GET /css/webfonts/F37F5_0.eot? HTTP/1.1
Accept: */*
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Origin: hXXp://VVV.technologieyvonlheureux.com
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14850030613333128; _wal=1485003071; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; APPSESSID=w52|WINZQ|WINZQ
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:29 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Fri, 05 Feb 2016 20:20:05 GMT
ETag: "1025c-52b0b93a90f02"
Accept-Ranges: bytes
Content-Length: 66140
Connection: close
Content-Type: application/vnd.ms-fontobject
Set-Cookie: APPSESSID=w52|WINZV|WINZQ; path=/
Cache-control: private
\.................................LP................... .....3...........................&....V.e.r.s.i.o.n. .1...0.0.0.;.P.S. .1...1.0.;.h.o.t.c.o.n.v. .1...0...5.7.;.m.a.k.e.o.t.f...l.i.b.2...0...2.1.8.9.5.;.c.o.m...m.y.f.o.n.t.s...u.r.w...c.o.o.p.e.r...b.l.a.c.k.-.d...w.f.k.i.t.2...6.7.t.X......&C.o.o.p.e.r.B.l.a.D................`OS/2g......D...`cmap..u4........cvt .!.....H...6fpgm../........egasp.......@....glyf...... H....head...$.......6hhea...p...X...$hmtx$..#...|...Ploca...........4maxp.:.k....... name..W........@post:.p$........prep.. ...................................................3._.<......................W....................._.........X...K...X...^.~..............................UKWN.@. .....!...... .............. .....................&. .....~...S.a.x.~...... . . . " & 0 : .!"..... ...R.`.x.}...... . . . & 0 9 .!"...................p.H.G.F.E.B.9.3...h...............................................!.....W.^.............................M.......4.(...!.X. .X.!. ...e.....!...C.....X.^.X.<.,.......,.#.....X...X.(.X...X...X...X. .X...X...X...X...,.#.,.....!.X.<...!.........;..........."...............".......s...;...y...t...>...........................4...#.....................{...'...............M.7...y...................B.......d...q.......m...........Z...........................s.......Z...k.........#...........[.....4.(.X.M.X...X...X.........A.........{.........!...........2...!.X.<.............X...X...,.#.................................;...;...;...;...;...;...................
<<< skipped >>>
GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1
Cache-Control: max-age = 564348
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1377
content-transfer-encoding: binary
Cache-Control: max-age=420008, public, no-transform, must-revalidate
Last-Modified: Thu, 19 Jan 2017 09:30:28 GMT
Expires: Thu, 26 Jan 2017 09:30:28 GMT
Date: Sat, 21 Jan 2017 12:51:21 GMT
Connection: keep-alive
0..]......V0..R.. .....0.....C0..?0......V.T'S...q..."...zr.*..20170119093028Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U....... ...:.....20170119093028Z....20170126093028Z0...*.H.............&....~.o..h...qC.kZA...=y.......Y..`.t...}..p..kS.. ...W ...<)i.....(.tz....I.r..K$.....?...k..k.p..........c..J..|k..R.|......5[. .......I.?h.'.d...._(S.V...: ...2.....9...h.E'\ue..@.....>m ...z@.^..h.=Lf,.1.M^......#.Z.oW.C...T"....e.....<..^f..4.q..@d.....0...0...0..s............ ...y..^..g0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Global CA0...161208112535Z..171214112535Z02100...U...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H.............0...............S....!....,.t.?....d...M@.._.=.S..,."......Gdv._c..D1..N'E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9.Y....../.....;.......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi.....3.......F.6.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym........0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U...........0...U.......0.0"..U....0...0.1.0...U....TGV-OFF-570...*.H..............md.....yV{......y:5..@l#..5.......o..X....,r}......i..3..o.e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......a.....G..\.'*.b..>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b..K...PO47.J.....{.C\....G..0/.a.Eo.`z.<;IA... #.''.CG..K@7z..7.\_..'.]q.f._.WN....
<<< skipped >>>
GET /connect/xd_arbiter/r/YGoENyUbMBG.js?version=42 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: staticxx.facebook.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Sat, 20 Jan 2018 19:29:55 GMT
Cache-Control: public,max-age=31536000,immutable
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* hXXps://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';report-uri hXXps://VVV.facebook.com/csp.php
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552000; preload
Vary: Accept-Encoding
Content-Encoding: gzip
X-FB-Debug: 3BZV3Sm6DefOegiKaXKVKL9UKcM I6b5P768T5LK6Iozf1vGLCYwvpdC0IE40gBpsk0msfeS0FuvhqYPI3tvxg==
Date: Sat, 21 Jan 2017 12:51:29 GMT
Connection: keep-alive
Content-Length: 11738
...........}Y..8..{.....[..@.....7 ....m2..n.......&l........[."2....;.Pi.....K.?{.....||eE."....3.\..^...5..$M...,........z...Ny2."./Y.o.....;I..e?.3.,..._-XR...L,;T..~......h..i.....W..-bm......YF7n...T}.p...O...-..JH..cTDY......l..U...c...._X<....f.*.X........5!4..E..........H...3".r(.!)6K.....b....[...<P%.\^...i....?..]...z.Im...r6.G.*N:x.....mg.aP_..'pPo8.[.... ......s.,H.&..p.r.4ah;'.... .cO..L\.....9.......=."]o?sc.L..p/c.*K.......T............wPB:...NP.>..8.R....V..|._].....x..U..~.hM.......Ha.n.~.2.L....b.SIwb...3.,........cb...:._.s".mM.........s..jM!O.7I.n-X...49y.`h.y.....Y....O.f-VyaM.E...........h._^^v.0..h5%.o...i..x...t.f...O1CH.{..u.....NlT!.D.....^..S.......x. E....dz...r........3..9O...B..[./n ..a.A......qX..S.BiD.....-"wAo........<q.......pB.......dV.aV.a..f.Q....0....Z-o...x{o..d.;...Q.....O.n....O&....4h. .l.0.e.%.%;#D..x{...Re.f........mw.b.a......~....4...I'..PE........aA..10.JrPb..k'^.y..'..B...b....Z...k..p...O,A.|8..&.<.......z?.>.N.W...6...6&...K....y\..x@Q.....5P..pd....h a;..)VB*.0B3w..#..&_.\.6.nX...A...k...........s..x?.....v).{Vnl:.#...d.!.s.)..V.......m..._........yzk.....hw..`.r...y....:a......5{a...r..&.fS..P.Y..S..\`L.B....n7....,r:...:#.......].=..o6i%..!..8I.;j..6.e....@....$4..X.T... P...y.jJ..{tQDJ....j1....".].. .M.K.....5^t~.....a..";.F#....@.X...IZ...U#...4k...I.c.,4.F.i....C...5s4..q...6...V ....#..X'..t.....8".. {...:.F.'....8%..|n..p..B...-....,..bYl,.0.....$.x..NcK.-v)e......F.=..u..1..w.............U }.ZLX...5t:..A.).M.C..LDs......t.............
<<< skipped >>>
GET /js/min_general_en.js?1.00404.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14850030613333128; _wal=1485003070; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; APPSESSID=w52|WINZQ|WINZQ
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:10 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sat, 21 Jan 2017 14:51:10 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1485003070; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30573
Connection: close
Content-Type: application/javascript
.............v.8.(.;^...V...2..c"E.u<t.;.IR]U....DJb,..H.q.:.q..>.....$....;..J......=..h4._.Q<...<....V}....h8..w...g.[.....x._.:...2..Y.....U<..&."r^M.u.T..$.3.......,.'.E..'..."N>..7.>9.d.O..*.O.y.N3'......4.%.8r...O..........~..i~;..l..$...?..q.f..b:.6.I.....{:.:..,.A..d0O7?.W.I.'...q.=.....y.L2......T.K..|.n4d...P.%.x......B........'.:s/..A..%C/.v........i.w...}..........dB..E..z..~1......h.~....,......t.Z.vYO../.p..I..J,....D..9`.....JM...~.:.;qwR..j.7......Yg...n.|0.b.n.f.S;K...A.3:.......k..A.,.vq...Z...Fx0..A..8<.xm..J..0.....2M'q8Umn.j~.G'_gZ..,]..q..6._.<...I..q..7L.ZL.d.LcLV?0'.M.~..#.*~-.y5....E.....QI..h..s..`....x:.....f.....a.P#.6;Q}...r...f0.B2.*.{8....Z........U(:Dh....bG@..........<.5.]....|..w..$......@>_..t^Kh..I.......C.......=.._...,...p.76.u..........1A...y.^".F...=jkP....a.....l.\.*...w.Y...H...I...f.. ..-...!.>S.l.}G.....e=Cv....-..8....;..).......yw3..8...mp.e...p0....W.,8...K...K..C2.....O&y<...k...68....8.._..l_...S.>.....=.cH2....#..o. .JNQ......~W........7...^vj.I.."".kI..........^..b. ...Ea.j..kft.~ ../.G..t....|.....n.Db.V.g...p...V5..5.......@nq)......~yX..$..K.5.e6B}.0.l..".....xc......<.0/...,..q...R..H......"..o..L..tQ.M&0....A..c..z..e4p1.1..Al...v.(..$xX........R...b1.^W...8o)...[.N.(......&n.M.o2.\.N...c...G$.3............r...Z(..v..v..}.n.a...?<.%i.../.Y.B?H....D@..q...]..;....x.8Y....4#Z=.`-...4.j...T.@..oA.......;...!..p.\..E\S.F...3....Mt.DZ...v_~.....7...WE....{.q@.`]Y..7F..@.r..H........0.....D0k.....B..0.....y........
<<< skipped >>>
GET /css/min_fancybox.css?1.00404.0 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14850030613333128; _wal=1485003070; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; APPSESSID=w52|WINZQ|WINZQ
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:10 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sat, 21 Jan 2017 14:51:10 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1485003070; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1531
Connection: close
Content-Type: text/css;charset=UTF-8
...........Y.n.6....."..:.l.Y..b.v...>.C..J.l".).t....wH]L...u.....)...3...".<~...1.....\(...aJ7$.k..3....T...&z.N.|3_..X.b.a.....(p....'.J*!.\P....'"S&...&....DyB6.x...t.P.3..r..?.m.^B.vPq..[ib...V........q!..'.fxA..dW......J...@.,.....p..b.Xd.4[...J=..|qy.`4......m?4u..t.Y..qb...... .2!...E.J..M....!..X.5...b....n;$....Ek.=R..|H..V...=Q&^...<..J...O..[.W;..5......]D...q}$L.....3..4O..^... ...~.....^$H..R.3..86` -1W9.`...].1..d...L"........x.F..'.<..$9..CS...`2...J...o..V.pi..}O...5PG:.R.m,....N......e..7.WnM(z.%...6..i6.....v.......A^3B5......!.....xGbA.!.9.*.GL..nV.....Z2..-.Z.,t2..P...>t..W.~.{.z8b.?..4....M`.x.....EX6|_([.Os.,F4.m..g..X........lg2;v.....)..>.Y4.s..Gu.o.....3..K0...I(............w.].i....D..(..9.C...b.......z(.Yd..b......EOT. .....|.....1.-....a.......}.....D...Gz.~5.@L.t......=H......H.{.....~..j!....0.}..j.....^..r....5.'3..c.u.{.........t......T3R...%..l.c........7..:.7I.bR.......k.d{.-L*h.......].&.]..1.UQY.O&.nk7........[G..x........m.5..(..cN..*...r./_..[..N(w.......Jy0RJ.4.....I..>.T.......p.....q......0.CwX..4h..=[y:i.f.....MCbV..l.........GoK.x.h..-..(#j.0.....h..[.."........GT.:,<.....i.I~.c.f=..1..;.}.2p..R..&..X.$...?L`}3.R!..W.K.D.G.Y..v.O..hWJ....>..js........H>]*.....C..t.....O...!*.u.....v.RN.?/.Zi._...0'. .9)..u<...T|...w..rE.>G...;S....$...Zto.r.NZ?..g3...(....^R5*,..H.(f....u.O....G.A(.ik......D.v..D..j/..*..*.a.j..#.{../.....a....sk..6.=.a.$_..ixW.|a..........^.6./...k...Z... .o....-..R..f....f.....N..Z.D.......u..q..Dke...>..:5....
<<< skipped >>>
GET /installer/progress?section=7.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:51:03 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=v8ao9btqcq2eot50l1glpnoli2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030634642140; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003063; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w7|WINZO|WINZO; path=/
GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com
HTTP/1.1 200 OK
Server: Apache
ETag: "18bdbae022ea525c8083bb316812f738:1485001826"
Last-Modified: Sat, 21 Jan 2017 12:30:26 GMT
Date: Sat, 21 Jan 2017 12:51:16 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..170121122300Z..170131122300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H............,..T...<...j]>`...z...8.V.j....2$.. ..j.m...^`.l.9.#.I..`h...Y .].r46.H...et[.......i2-.(...F.D...L....7.......#....Y..A..tT....HTTP/1.1 200 OK..Server: Apache..ETag: "18bdbae022ea525c8083bb316812f738:1485001826"..Last-Modified: Sat, 21 Jan 2017 12:30:26 GMT..Date: Sat, 21 Jan 2017 12:51:16 GMT..Content-Length: 325..Connection: keep-alive..Content-Type: application/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..170121122300Z..170131122300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H............,..T...<...j]>`...z...8.V.j....2$.. ..j.m...^`.l.9.#.I..`h...Y .].r46.H...et[.......i2-.(...F.D...L....7.......#....Y..A..tT......
GET /GIAG2.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.google.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Date: Sat, 21 Jan 2017 12:11:47 GMT
Expires: Sat, 21 Jan 2017 13:11:47 GMT
Last-Modified: Sat, 21 Jan 2017 02:15:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 541
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 2384
0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170121010002Z..170131010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......r0...*.H.............n...G~Tc....?...R.][..}.$.V...!.B-.6M^>9..fx.e.....}.....,E1G.-.r....w......O......h.UenC...%N...d.2....q.O...."v%.<..}M*...3...Z.L.....3.u....... .._.,{c..n...C.E$...o...5..1%...d...H.....z....<..:.Bj.%.....V..Mt..Bh'.}./`....G.s.3S.s.`D..-b..rR>>\-..q.A.HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Date: Sat, 21 Jan 2017 12:11:47 GMT..Expires: Sat, 21 Jan 2017 13:11:47 GMT..Last-Modified: Sat, 21 Jan 2017 02:15:00 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 541..X-XSS-Protection: 1; mode=block..Cache-Control: public, max-age=3600..Age: 2384..0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170121010002Z..170131010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......r0...*.H.............n...G~Tc....?...R.][..}.$.V...!.B-.6M^>9..fx.e.....}.....,E1G.-.r....w......O......h.UenC...%N...d.2....q.O...."v%.<..}M*...3...Z.L.....3.u....... .._.,{c..n...C.E$...o...5..1%...d...H.....z....<..:.Bj.%.....V..Mt..Bh'.}./`....G.s.3S.s.`D..-b..rR>>\-..q.A...
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDuvO9j30/BC HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2017 01:08:38 GMT
Expires: Sun, 22 Jan 2017 01:08:38 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 301368
0..........0..... .....0......0...0......J......h.v....b..Z./..20170117190738Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..;.;....B....20170117190738Z....20170124190738Z0...*.H.............J*...k_p.O....S...a.....!.3..^.R....0.....p..B.._Ob..=?A/.. i^...|V}.f.X.A..p:#.r...2.'.......u..7.......5._...#s.&(.-.....~.|.^\H.'s..o..J...k.....@..|...}..S2.GN....D.....l%>9K.o..-...(....J.. .5X..gc..O..t.$...;..G.S.............t..R..[...g..F1p...?.*J.HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Wed, 18 Jan 2017 01:08:38 GMT..Expires: Sun, 22 Jan 2017 01:08:38 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 301368..0..........0..... .....0......0...0......J......h.v....b..Z./..20170117190738Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..;.;....B....20170117190738Z....20170124190738Z0...*.H.............J*...k_p.O....S...a.....!.3..^.R....0.....p..B.._Ob..=?A/.. i^...|V}.f.X.A..p:#.r...2.'.......u..7.......5._...#s.&(.-.....~.|.^\H.'s..o..J...k.....@..|...}..S2.GN....D.....l%>9K.o..-...(....J.. .5X..gc..O..t.$...;..G.S.............t..R..[...g..F1p...?.*J.....
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 18 Jan 2017 01:14:28 GMT
Expires: Sun, 22 Jan 2017 01:14:28 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Cache-Control: public, max-age=345600
Age: 301027
0..........0..... .....0......0...0......J......h.v....b..Z./..20170117190229Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..:.M.Du......20170117190229Z....20170124190229Z0...*.H.............o.g...1./......c.c.....F..1...........=.e... ..fO..kq.(...bB.U.Z....!.9V.........._N;....9..x.X....h..]..E...."..k##L......@.x?;....#...a.Sv.L]Q..(......~X.6.?...l k.......c^.;l.qa."2.f.='............./g.....,v. bjL..g..H0(....l...i..~p..s.Q '.e.r..=.Y>.4*HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Wed, 18 Jan 2017 01:14:28 GMT..Expires: Sun, 22 Jan 2017 01:14:28 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 301027..0..........0..... .....0......0...0......J......h.v....b..Z./..20170117190229Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..:.M.Du......20170117190229Z....20170124190229Z0...*.H.............o.g...1./......c.c.....F..1...........=.e... ..fO..kq.(...bB.U.Z....!.9V.........._N;....9..x.X....h..]..E...."..k##L......@.x?;....#...a.Sv.L]Q..(......~X.6.?...l k.......c^.;l.qa."2.f.='............./g.....,v. bjL..g..H0(....l...i..~p..s.Q '.e.r..=.Y>.4*..
POST /web/log?evt=10023&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Content-Length: 942
Content-Type: application/x-www-form-urlencoded
Host: VVV.technologieyvonlheureux.com
7-Zip 9.20
Adobe Flash Player 23 ActiveX
Google Chrome
Mozilla Firefox 49.0.1 (x86 en-US)
Total Commander (Remove or Repair)
WinPcap 4.1.3
Wireshark 0.99.6a
Microsoft Visual C 2008 Redistributable - x86 9.0.30729.4148
Java(TM) 6 Update 18
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Java Auto Updater
ActivePerl 5.16.2 Build 1602
Google Update Helper
Microsoft .NET Framework 4.5
Microsoft PowerPoint Viewer
Microsoft .NET Framework 4.5
Adobe Reader 9.3.4
VMware Tools
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:50:59 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=ce2jppkvr924d7akg2nsmuoh24; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030594892821; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003059; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=14,1,46,74,44,86,99,28,65,93; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w6|WINZN|WINZN; path=/
GET /webenhancer/config?v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Host: VVV.technologieyvonlheureux.com
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:50:59 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=2qjec0vjuo3cakolj7sj50qt65; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030594438153; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003059; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=14,14,78,93,93,10,64,2,8,71; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Connection: close
Transfer-Encoding: chunked
Content-Type: application/octet-stream
Set-Cookie: APPSESSID=w5|WINZN|WINZN; path=/
18423......:`x....dbu.8#.}Hj.....1s......^..ie.d[%....p.........4z.b..F!..X(...y...:.hm....eI.sV._i"..R..Xj.Tz.z.....iN..;'..^OF...qB.....!)..bC... .M^|...".C|^....'.p.....Q.I..)0.p .i.@1..u......S....d.,..e.A....Q..J.....E.em......f......GF.=....m...[ ...@....\.AWU.[N..G.n.].. .....R..C!.z/R.h..........*..o.....%. ..U3.,...c......PBC. .......i.?V.......Q.;..x.bo..-.....\.....\...P..G...r.t^..L....\..........v.....h.r.:A.L.S......~.F.d}".....@#..-.......$.r.......dj...K>..]..... 35Q....g.6*.l.........p.n%.H........K.I.%.=....|L-..2 4 ..9L.g..pp..!. -..B...C.D.........-4.w...a....u..N........s..M.b7t... '5...da....H...e#...5;....Y...)A ),..c2.....|Zb.d...O....%....s.9`.L...$.EQ.."i*=........-...r..Z..b.m....)h%...I.HL.S..c..6.,.......pZ:..H)].X..H.b.... y ..0n.y..?....Y.....H..6^.........X.!P}8.....'.....7.y.6......vV.w.....|..A...../....4..j.W...P................).L.F71rI....l\<w....&N?d...l...c<...UB].................&.......l..)>0....@.7.QB._.u6U5.aj.. o.1e..y.j.F.#..\. ...~.$.. ..'...../....(.}...M......G24zKX.O..m.A.I.4..Z........^.3w.....]u-.a.MrF...~..G......c.9.plZ..... x...ef_.(..6*...9..P.r(-.#......X..}...c.......".`v]B..S?s .}G..h.e.E!.....x.9..C2...\.EP....q6.."..R[.R..uZ`.j...aV./&S.....'..1.R..........Q...p..Oc`x.M..x.?`6......t...}...:..;.uC>.s..Oi ...N.k.W.aY.T.......5..._.Q....4.....0b...N. cV. .d.Sd.......W..=....*......o..q..S.....f1V..>]t....W^..*Z..)...T.....j:r......4..vKJ.......&.d.:. ..#x...BG...$...........!eQ.O...xE.M....y..1R8.....m..]s..n.P.z........../ig .....X.[..
<<< skipped >>>
GET /installer/start?v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 21 Jan 2017 12:50:52 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=donp34qcgjqqleteqjtr76jfr7; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14850030522677421; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1485003052; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w25|WINZL|WINZL; path=/
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Cache-Control: max-age = 511667
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT
If-None-Match: "57ff143e-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=172800
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2017 12:51:35 GMT
Etag: "5882f020-1d7"
Expires: Sat, 28 Jan 2017 00:51:35 GMT
Last-Modified: Sat, 21 Jan 2017 05:22:40 GMT
Server: ECS (vie/F2D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...20170120220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20170120220000Z....20170127220000Z0...*.H.............O../8(.#h!..1G.n.....t.d.L..WT...0J<.A.O.'...m}Ro..J......[.......E}..p.....q..V.q.J.|%pes@|L....j^%..==.P.|..p..=......`.w.........../A...[H,......!}... ,V..A..U.......T......f.............q...:.........m...U(....0.../..}...C......W.nt......e...7u<8.<..@LHTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=172800..Content-Type: application/ocsp-response..Date: Sat, 21 Jan 2017 12:51:35 GMT..Etag: "5882f020-1d7"..Expires: Sat, 28 Jan 2017 00:51:35 GMT..Last-Modified: Sat, 21 Jan 2017 05:22:40 GMT..Server: ECS (vie/F2D5)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0.......>.i...G...&....cd ...20170120220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20170120220000Z....20170127220000Z0...*.H.............O../8(.#h!..1G.n.....t.d.L..WT...0J<.A.O.'...m}Ro..J......[.......E}..p.....q..V.q.J.|%pes@|L....j^%..==.P.|..p..=......`.w.........../A...[H,......!}... ,V..A..U.......T......f.............q...:.........m...U(....0.../..}...C......W.nt......e...7u<8.<..@L....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=172800
Content-Type: application/ocsp-response
Date: Sat, 21 Jan 2017 12:51:40 GMT
Etag: "58830594-1d7"
Expires: Sat, 28 Jan 2017 00:51:40 GMT
Last-Modified: Sat, 21 Jan 2017 06:54:12 GMT
Server: ECS (vie/F385)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20170121062900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....20170121062900Z....20170128054400Z0...*.H.............S3i..T2n.....'m.UI U.........Q..#t..@U}/....dD....]...s.'.>..._i7.b.d.7..^.....{C...6... ...........r.... t. .nE `.y.r.' ..oR.t@L..^u...]8/ .lp....|6H...&.T...2,...{.....G...>....?X.8.e.<:FI\=.12)..S...7#.."..D.dm..-.|....$uh.. W..3.7....G........Y.._~.2..HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=172800..Content-Type: application/ocsp-response..Date: Sat, 21 Jan 2017 12:51:40 GMT..Etag: "58830594-1d7"..Expires: Sat, 28 Jan 2017 00:51:40 GMT..Last-Modified: Sat, 21 Jan 2017 06:54:12 GMT..Server: ECS (vie/F385)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20170121062900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....20170121062900Z....20170128054400Z0...*.H.............S3i..T2n.....'m.UI U.........Q..#t..@U}/....dD....]...s.'.>..._i7.b.d.7..^.....{C...6... ...........r.... t. .nE `.y.r.' ..oR.t@L..^u...]8/ .lp....|6H...&.T...2,...{.....G...>....?X.8.e.<:FI\=.12)..S...7#.."..D.dm..-.|....$uh.. W..3.7....G........Y.._~.2....
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_644:
.text
.text
`.rdata
`.rdata
@.data
@.data
@.ndata
@.ndata
.rsrc
.rsrc
uDSSh
uDSSh
verifying installer: %d%%
verifying installer: %d%%
... %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
~nsu.tmp
%u.%u%s%s
%u.%u%s%s
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
RegDeleteKeyExA
RegDeleteKeyExA
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
*?|/":
*?|/":
%s=%s
%s=%s
COMCTL32.dll
COMCTL32.dll
VERSION.dll
VERSION.dll
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegDeleteKeyA
RegDeleteKeyA
RegCloseKey
RegCloseKey
RegEnumKeyA
RegEnumKeyA
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
ADVAPI32.dll
ADVAPI32.dll
SHFileOperationA
SHFileOperationA
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
C:\Users\moti\Documents\GitHub\nsis_L\Release\stubs\stub.pdb
C:\Users\moti\Documents\GitHub\nsis_L\Release\stubs\stub.pdb
sers\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll
sers\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll
02&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
02&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll
4c4f2d9e7cafe3043568d0.inf
4c4f2d9e7cafe3043568d0.inf
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp
360000-389999
360000-389999
.HvV?
.HvV?
Y'l%s
Y'l%s
Signature = "$Windows NT$"
Signature = "$Windows NT$"
ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}
ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}
DriverVer=07/14/2016,10.16.36.381
DriverVer=07/14/2016,10.16.36.381
CatalogFile = pcwtata.cat
CatalogFile = pcwtata.cat
MiniFilter.DriverFiles = 12 ;%windir%\system32\drivers
MiniFilter.DriverFiles = 12 ;%windir%\system32\drivers
OptionDesc = %ServiceDescription%
OptionDesc = %ServiceDescription%
CopyFiles = MiniFilter.DriverFiles
CopyFiles = MiniFilter.DriverFiles
[DefaultInstall.Services]
[DefaultInstall.Services]
AddService = %ServiceName%,,MiniFilter.Service
AddService = %ServiceName%,,MiniFilter.Service
DelFiles = MiniFilter.DriverFiles
DelFiles = MiniFilter.DriverFiles
[DefaultUninstall.Services]
[DefaultUninstall.Services]
DelService = %ServiceName%,0x200 ;Ensure service is stopped before deleting
DelService = %ServiceName%,0x200 ;Ensure service is stopped before deleting
[MiniFilter.Service]
[MiniFilter.Service]
DisplayName = %ServiceName%
DisplayName = %ServiceName%
Description = %ServiceDescription%
Description = %ServiceDescription%
ServiceBinary = %\%DriverName%.sys ;%windir%\system32\drivers\
ServiceBinary = %\%DriverName%.sys ;%windir%\system32\drivers\
AddReg = MiniFilter.AddRegistry
AddReg = MiniFilter.AddRegistry
[MiniFilter.AddRegistry]
[MiniFilter.AddRegistry]
HKR,"Instances","DefaultInstance",0x00000000,ÞfaultInstance%
HKR,"Instances","DefaultInstance",0x00000000,ÞfaultInstance%
HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
[MiniFilter.DriverFiles]
[MiniFilter.DriverFiles]
%DriverName%.sys
%DriverName%.sys
pcwtata.sys = 1,,
pcwtata.sys = 1,,
1 = %DiskId1%,,,
1 = %DiskId1%,,,
Instance1.Name = "pcwtata Red Instance"
Instance1.Name = "pcwtata Red Instance"
Instance1.Altitude = "374050"
Instance1.Altitude = "374050"
Instance1.Flags = 0x0 ; Allow all attachments
Instance1.Flags = 0x0 ; Allow all attachments
KeDelayExecutionThread
KeDelayExecutionThread
ntoskrnl.exe
ntoskrnl.exe
HAL.dll
HAL.dll
233F3T3
233F3T3
7!7*7/7?7
7!7*7/7?7
Thawte Certification1
Thawte Certification1
hXXp://ocsp.thawte.com0
hXXp://ocsp.thawte.com0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
!hXXp://ocsp.globalsign.com/rootr103
!hXXp://ocsp.globalsign.com/rootr103
"hXXp://crl.globalsign.com/root.crl0Y
"hXXp://crl.globalsign.com/root.crl0Y
&hXXps://VVV.globalsign.com/repository/0
&hXXps://VVV.globalsign.com/repository/0
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
technologiemontorgueil.com1#0!
technologiemontorgueil.com1#0!
technologiemontorgueil.com0
technologiemontorgueil.com0
8hXXp://secure.globalsign.com/cacert/gscodesigng3ocsp.crt04
8hXXp://secure.globalsign.com/cacert/gscodesigng3ocsp.crt04
(hXXp://ocsp2.globalsign.com/gscodesigng30V
(hXXp://ocsp2.globalsign.com/gscodesigng30V
-hXXp://crl.globalsign.com/gs/gscodesigng3.crl0
-hXXp://crl.globalsign.com/gs/gscodesigng3.crl0
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
Bc.IS
Bc.IS
ó8$
ó8$
:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll
:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll
c4f2d9e7cafe3043568d0.inf
c4f2d9e7cafe3043568d0.inf
5138f989434c4f2d9e7cafe3043568d0.inf
5138f989434c4f2d9e7cafe3043568d0.inf
65.tmp
65.tmp
5138f989434c4f2d9e7cafe3043568d0.sys
5138f989434c4f2d9e7cafe3043568d0.sys
5138F9~1.SYS
5138F9~1.SYS
\AppData\Local\Temp\nsxF566.tmp\inetc.dll
\AppData\Local\Temp\nsxF566.tmp\inetc.dll
9.3.4
9.3.4
.NET Framework 4 Client Profile (KB2656405)
.NET Framework 4 Client Profile (KB2656405)
89434c4f2d9e7cafe3043568d0.inf
89434c4f2d9e7cafe3043568d0.inf
gram Files\Internet Explorer\iexplore.exe
gram Files\Internet Explorer\iexplore.exe
:\Program Files\Internet Explorer\iexplore.exe
:\Program Files\Internet Explorer\iexplore.exe
ance1.Flags = 0x0 ; Allow all attachments
ance1.Flags = 0x0 ; Allow all attachments
sers\"%CurrentUserName%"\AppData\Local\Temp\nsd41BC.tmp
sers\"%CurrentUserName%"\AppData\Local\Temp\nsd41BC.tmp
nstance1.Flags = 0x0 ; Allow all attachments
nstance1.Flags = 0x0 ; Allow all attachments
c:\%original file name%.exe
c:\%original file name%.exe
%Program Files%\e08f1370640365726bbce4d52a5b9f8a
%Program Files%\e08f1370640365726bbce4d52a5b9f8a
%original file name%.exe
%original file name%.exe
ers\"%CurrentUserName%"\AppData\Local\Temp\nsxF47B.tmp
ers\"%CurrentUserName%"\AppData\Local\Temp\nsxF47B.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
1245574
1245574
2013923853
2013923853
1048712
1048712
1704530
1704530
1311204
1311204
1311336
1311336
1114658
1114658
1485003051
1485003051
%Program Files%\Internet Explorer\iexplore.exe
%Program Files%\Internet Explorer\iexplore.exe
88dcd395-b062-45b3-a6cd-79f37c0eba08
88dcd395-b062-45b3-a6cd-79f37c0eba08
hXXp://VVV.technologieyvonlheureux.com/web/log
hXXp://VVV.technologieyvonlheureux.com/web/log
hXXp://VVV.technologieyvonlheureux.com/web/log?evt=10002&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hXXp://VVV.technologieyvonlheureux.com/web/log?evt=10002&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
IE.HTTP
IE.HTTP
"%Program Files%\Internet Explorer\iexplore.exe" -nohome
"%Program Files%\Internet Explorer\iexplore.exe" -nohome
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyB0A.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyB0A.tmp
BE4208C8-85DF-41E1-9294-305D18C6592E}
BE4208C8-85DF-41E1-9294-305D18C6592E}
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn3665.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn3665.tmp
0728832
0728832
03967CDD-F8BD-4AC9-8369-0D2BD8F246F5}
03967CDD-F8BD-4AC9-8369-0D2BD8F246F5}
-2046754816
-2046754816
-2147410511
-2147410511
5138f989434c4f2d9e7cafe3043568d0.cfg
5138f989434c4f2d9e7cafe3043568d0.cfg
6.1.7600.16385 (win7_rtm.090713-1255)
6.1.7600.16385 (win7_rtm.090713-1255)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs
815346a4778321839cef8ab48bf110e2.exe
815346a4778321839cef8ab48bf110e2.exe
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb
dd4e70c902d1298b7313b2bf0050dd40.ico
dd4e70c902d1298b7313b2bf0050dd40.ico
bc5601ccb5de9f6cb8cd31285eef3bbe.ico
bc5601ccb5de9f6cb8cd31285eef3bbe.ico
ffdefbf88c95cae97a1671206e9fe39e.ico
ffdefbf88c95cae97a1671206e9fe39e.ico
61fda4ee77910796d32333421184d8b6.exe
61fda4ee77910796d32333421184d8b6.exe
3514ea1003608a0c7fb4630ce20fd94c.exe
3514ea1003608a0c7fb4630ce20fd94c.exe
ce1c22c865645f1f8a89a398e374a17f.exe
ce1c22c865645f1f8a89a398e374a17f.exe
fe31ca0af645687ee3c5b1da57895877.exe
fe31ca0af645687ee3c5b1da57895877.exe
c850ebe35760d7b12fc1318953221f59.exe
c850ebe35760d7b12fc1318953221f59.exe
525bac57de7cb6660b9a54b1a6b27dc9.exe
525bac57de7cb6660b9a54b1a6b27dc9.exe
C:\Windows\815346a4778321839cef8ab48bf110e2.exe
C:\Windows\815346a4778321839cef8ab48bf110e2.exe
hXXp://VVV.technologieyvonlheureux.com/index.php?firstrun=1&lp=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hXXp://VVV.technologieyvonlheureux.com/index.php?firstrun=1&lp=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
)-.Yln
)-.Yln
Nullsoft Install System v19-Mar-2012.cvs
Nullsoft Install System v19-Mar-2012.cvs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\uninstall.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\uninstall.lnk
itter.lnk
itter.lnk
6.3.9600.17336
6.3.9600.17336
lacuna.sys
lacuna.sys
lorer\iexplore.exe" -nohome
lorer\iexplore.exe" -nohome
%original file name%.exe_644_rwx_10004000_00001000:
callback%d
callback%d
61fda4ee77910796d32333421184d8b6.exe_3812:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
Failed to get export function address
Failed to get export function address
1.2.8
1.2.8
deflate 1.2.8 Copyright 1995-2013 Jean-loup Gailly and Mark Adler
deflate 1.2.8 Copyright 1995-2013 Jean-loup Gailly and Mark Adler
inflate 1.2.8 Copyright 1995-2013 Mark Adler
inflate 1.2.8 Copyright 1995-2013 Mark Adler
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
Operation not permitted
Operation not permitted
Inappropriate I/O control operation
Inappropriate I/O control operation
Broken pipe
Broken pipe
operator
operator
GetProcessWindowStation
GetProcessWindowStation
NtYieldExecution
NtYieldExecution
NtDelayExecution
NtDelayExecution
.data
.data
D:\jenkins\workspace\stable-1.70\src\Release\wajam.pdb
D:\jenkins\workspace\stable-1.70\src\Release\wajam.pdb
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateNamedPipeW
CreateNamedPipeW
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
RegOpenKeyW
RegOpenKeyW
RegCreateKeyW
RegCreateKeyW
ole32.dll
ole32.dll
%s%s%s
%s%s%s
zcÃ
zcÃ
.?AV?$_Ref_count_del@PAUHKEY__@@V@@@std@@
.?AV?$_Ref_count_del@PAUHKEY__@@V@@@std@@
2$2.252?2
2$2.252?2
6 6$6(6,6064686
6 6$6(6,6064686
:!:':1:<:>
:!:':1:<:>
6 64989
6 64989
.patcher
.patcher
wajam.dll
wajam.dll
kernel32.dll
kernel32.dll
ADVAPI32.DLL
ADVAPI32.DLL
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
ntdll.dll
ntdll.dll
tntdll.dll
tntdll.dll
\BaseNamedObjects\_MMapEvent_0x%x_0x%x
\BaseNamedObjects\_MMapEvent_0x%x_0x%x
pntdll.dll
pntdll.dll
entdll.dll
entdll.dll
\\.\BlackBone
\\.\BlackBone
BlackBoneDrv10.sys
BlackBoneDrv10.sys
BlackBoneDrv81.sys
BlackBoneDrv81.sys
BlackBoneDrv8.sys
BlackBoneDrv8.sys
BlackBoneDrv7.sys
BlackBoneDrv7.sys
BlackBoneDrv.sys
BlackBoneDrv.sys
\??\%s
\??\%s
\\.\pipe\
\\.\pipe\
nntdll.dll
nntdll.dll
Ntdll.dll
Ntdll.dll
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe
9.70.1.17
9.70.1.17
61fda4ee77910796d32333421184d8b6.exe_364:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.reloc
@.reloc
Failed to get export function address
Failed to get export function address
1.2.8
1.2.8
deflate 1.2.8 Copyright 1995-2013 Jean-loup Gailly and Mark Adler
deflate 1.2.8 Copyright 1995-2013 Jean-loup Gailly and Mark Adler
inflate 1.2.8 Copyright 1995-2013 Mark Adler
inflate 1.2.8 Copyright 1995-2013 Mark Adler
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
Operation not permitted
Operation not permitted
Inappropriate I/O control operation
Inappropriate I/O control operation
Broken pipe
Broken pipe
operator
operator
GetProcessWindowStation
GetProcessWindowStation
NtYieldExecution
NtYieldExecution
NtDelayExecution
NtDelayExecution
.data
.data
D:\jenkins\workspace\stable-1.70\src\Release\wajam.pdb
D:\jenkins\workspace\stable-1.70\src\Release\wajam.pdb
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
CreateNamedPipeW
CreateNamedPipeW
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
RegOpenKeyW
RegOpenKeyW
RegCreateKeyW
RegCreateKeyW
ole32.dll
ole32.dll
%s%s%s
%s%s%s
zcÃ
zcÃ
.?AV?$_Ref_count_del@PAUHKEY__@@V@@@std@@
.?AV?$_Ref_count_del@PAUHKEY__@@V@@@std@@
2$2.252?2
2$2.252?2
6 6$6(6,6064686
6 6$6(6,6064686
:!:':1:<:>
:!:':1:<:>
6 64989
6 64989
.patcher
.patcher
wajam.dll
wajam.dll
kernel32.dll
kernel32.dll
ADVAPI32.DLL
ADVAPI32.DLL
mscoree.dll
mscoree.dll
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
ntdll.dll
ntdll.dll
tntdll.dll
tntdll.dll
\BaseNamedObjects\_MMapEvent_0x%x_0x%x
\BaseNamedObjects\_MMapEvent_0x%x_0x%x
pntdll.dll
pntdll.dll
entdll.dll
entdll.dll
\\.\BlackBone
\\.\BlackBone
BlackBoneDrv10.sys
BlackBoneDrv10.sys
BlackBoneDrv81.sys
BlackBoneDrv81.sys
BlackBoneDrv8.sys
BlackBoneDrv8.sys
BlackBoneDrv7.sys
BlackBoneDrv7.sys
BlackBoneDrv.sys
BlackBoneDrv.sys
\??\%s
\??\%s
\\.\pipe\
\\.\pipe\
nntdll.dll
nntdll.dll
Ntdll.dll
Ntdll.dll
c:\program files\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe
c:\program files\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe
9.70.1.17
9.70.1.17
61fda4ee77910796d32333421184d8b6.exe_364_rwx_69AD1000_00002000:
zcÃ
zcÃ
REPORT
REPORT
HPE_CB_url
HPE_CB_url
the on_url callback failed
the on_url callback failed
invalid HTTP version
invalid HTTP version
HPE_INVALID_URL
HPE_INVALID_URL
invalid URL
invalid URL
invalid HTTP status code
invalid HTTP status code
invalid HTTP method
invalid HTTP method
HPE_INVALID_PORT
HPE_INVALID_PORT
invalid port
invalid port
61fda4ee77910796d32333421184d8b6.exe_364_rwx_69AD4000_00001000:
Expected: %s
Expected: %s
Got: %s
Got: %s
1.2.8
1.2.8
61fda4ee77910796d32333421184d8b6.exe_364_rwx_69E52000_0000D000:
c:\program files\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe
c:\program files\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe
Chrome
Chrome
chrome
chrome
Firefox
Firefox
firefox
firefox
Opera
Opera
opera
opera
application/x-www-form-urlencoded
application/x-www-form-urlencoded
Microsoft-Windows-Kernel-General
Microsoft-Windows-Kernel-General
Microsoft-Windows-Kernel-Power
Microsoft-Windows-Kernel-Power
chrome.exe
chrome.exe
chrome.dll
chrome.dll
firefox.exe
firefox.exe
iexplore.exe
iexplore.exe
opera.exe
opera.exe
opera.dll
opera.dll
microsoftedgecp.exe
microsoftedgecp.exe
crossbrowse.exe
crossbrowse.exe
crossbrowse.dll
crossbrowse.dll
bobrowser.exe
bobrowser.exe
browserair.exe
browserair.exe
mybrowser.exe
mybrowser.exe
browser.exe
browser.exe
browser.dll
browser.dll
ucbrowser.exe
ucbrowser.exe
amigo.exe
amigo.exe
torch.exe
torch.exe
SearchProtocolHost.exe_1988:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
ADVAPI32.dll
ADVAPI32.dll
ntdll.DLL
ntdll.DLL
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
TQUERY.DLL
TQUERY.DLL
MSSHooks.dll
MSSHooks.dll
IMM32.dll
IMM32.dll
SHLWAPI.dll
SHLWAPI.dll
SrchCollatorCatalogInfo
SrchCollatorCatalogInfo
SrchDSSLogin
SrchDSSLogin
SrchDSSPortManager
SrchDSSPortManager
SrchPHHttp
SrchPHHttp
SrchIndexerQuery
SrchIndexerQuery
SrchIndexerProperties
SrchIndexerProperties
SrchIndexerPlugin
SrchIndexerPlugin
SrchIndexerClient
SrchIndexerClient
SrchIndexerSchema
SrchIndexerSchema
Msidle.dll
Msidle.dll
Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default
Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default
pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty
pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty
d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx
d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
RegDeleteKeyW
RegDeleteKeyW
RegDeleteKeyExW
RegDeleteKeyExW
8%uiP
8%uiP
Invalid parameter passed to C runtime function.
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
0xx=
0xx=
%s(%d)
%s(%d)
tid="0x%x"
tid="0x%x"
pid="0x%x"
pid="0x%x"
tagname="%s"
tagname="%s"
tagid="0x%x"
tagid="0x%x"
el="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
time="d/d/d d:d:d.d"
logname="%s"
logname="%s"
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
SHELL32.dll
SHELL32.dll
PROPSYS.dll
PROPSYS.dll
ntdll.dll
ntdll.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ReportEventW
ReportEventW
_amsg_exit
_amsg_exit
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
SearchProtocolHost.pdb
SearchProtocolHost.pdb
2 2(20282|2
2 2(20282|2
4%5S5
4%5S5
Software\Microsoft\Windows Search
Software\Microsoft\Windows Search
https
https
kernel32.dll
kernel32.dll
msTracer.dll
msTracer.dll
msfte.dll
msfte.dll
lX-X-X-XX-XXXXXX
lX-X-X-XX-XXXXXX
SOFTWARE\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
tquery.dll
tquery.dll
%s\%s
%s\%s
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
Windows Search Service
Windows Search Service
0xx%p%S%d
0xx%p%S%d
advapi32.dll
advapi32.dll
WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll
WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll
winhttp.dll
winhttp.dll
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
Software\Microsoft\Windows Search\Tracing\EventThrottleState
%S(%d)
%S(%d)
tagname="%S"
tagname="%S"
logname="%S"
logname="%S"
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s.mui
.\%s\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
%s\%s\%s.mui
Microsoft Windows Search Protocol Host
Microsoft Windows Search Protocol Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchProtocolHost.exe
SearchProtocolHost.exe
Windows
Windows
7.00.7601.17610
7.00.7601.17610
SearchFilterHost.exe_2680:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
ADVAPI32.dll
ADVAPI32.dll
ntdll.DLL
ntdll.DLL
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
TQUERY.DLL
TQUERY.DLL
IMM32.dll
IMM32.dll
MSSHooks.dll
MSSHooks.dll
mscoree.dll
mscoree.dll
SHLWAPI.dll
SHLWAPI.dll
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
RegDeleteKeyW
RegDeleteKeyW
RegDeleteKeyExW
RegDeleteKeyExW
8%uiP
8%uiP
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
Invalid parameter passed to C runtime function.
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ReportEventW
ReportEventW
_amsg_exit
_amsg_exit
SearchFilterHost.pdb
SearchFilterHost.pdb
version="5.1.0.0"
version="5.1.0.0"
name="Microsoft.Windows.Search.MSSFH"
name="Microsoft.Windows.Search.MSSFH"
3 3(30383|3
3 3(30383|3
kernel32.dll
kernel32.dll
Software\Microsoft\Windows Search
Software\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
Windows Search Service
Windows Search Service
tquery.dll
tquery.dll
advapi32.dll
advapi32.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
0xx%p%S%d
0xx%p%S%d
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
Software\Microsoft\Windows Search\Tracing\EventThrottleState
0xx=
0xx=
%S(%d)
%S(%d)
tid="0x%x"
tid="0x%x"
pid="0x%x"
pid="0x%x"
tagname="%S"
tagname="%S"
tagid="0x%x"
tagid="0x%x"
el="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
time="d/d/d d:d:d.d"
logname="%S"
logname="%S"
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s.mui
.\%s\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
%s\%s\%s.mui
%s\%s
%s\%s
winhttp.dll
winhttp.dll
Microsoft Windows Search Filter Host
Microsoft Windows Search Filter Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchFilterHost.exe
SearchFilterHost.exe
Windows
Windows
7.00.7601.17610
7.00.7601.17610
iexplore.exe_2836:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
>.uzf
>.uzf
.us;}
.us;}
IEFRAME.dll
IEFRAME.dll
MLANG.dll
MLANG.dll
iertutil.dll
iertutil.dll
urlmon.dll
urlmon.dll
ole32.dll
ole32.dll
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
KERNEL32.dll
KERNEL32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
GetWindowsDirectoryW
GetWindowsDirectoryW
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
UrlApplySchemeW
UrlApplySchemeW
PathIsURLW
PathIsURLW
UrlCanonicalizeW
UrlCanonicalizeW
UrlCreateFromPathW
UrlCreateFromPathW
iexplore.pdb
iexplore.pdb
KEYW
KEYW
KEYWh
KEYWh
KEYWD
KEYWD
.ENNNG.
.ENNNG.
a.ry.v
a.ry.v
l.igM4
l.igM4
?1%SGf
?1%SGf
xh.JW^
xh.JW^
.97777"7" " " !
.97777"7" " " !
3.... ))
3.... ))
8888888888888
8888888888888
8888888888
8888888888
.lPV)
.lPV)
úW1
úW1
.ApX/
.ApX/
H.ZAf
H.ZAf
ð[U
ð[U
%s!FK
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
888777777
Y.hilkRROMLK=C,
Y.hilkRROMLK=C,
..(((($$
..(((($$
3...((((%
3...((((%
3....(.''$
3....(.''$
3.2...((((%
3.2...((((%
33.2....(,'
33.2....(,'
55323222...
55323222...
(%&'00443445?
(%&'00443445?
00.,,,4(
00.,,,4(
000.,,9(
000.,,9(
0020..9(
0020..9(
003200;(
003200;(
(#'( (''''!'!
(#'( (''''!'!
Microsoft.InternetExplorer.Default
Microsoft.InternetExplorer.Default
user32.dll
user32.dll
Kernel32.DLL
Kernel32.DLL
xfire.exe
xfire.exe
wlmail.exe
wlmail.exe
winamp.exe
winamp.exe
waol.exe
waol.exe
sidebar.exe
sidebar.exe
psocdesigner.exe
psocdesigner.exe
np.exe
np.exe
netscape.exe
netscape.exe
netcaptor.exe
netcaptor.exe
neoplanet.exe
neoplanet.exe
msn.exe
msn.exe
mshtmpad.exe
mshtmpad.exe
mshta.exe
mshta.exe
loader42.exe
loader42.exe
infopath.exe
infopath.exe
iexplore.exe
iexplore.exe
iepreview.exe
iepreview.exe
groove.exe
groove.exe
explorer.exe
explorer.exe
dreamweaver.exe
dreamweaver.exe
contribute.exe
contribute.exe
aol.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
"%s" %s
Kernel32.dll
Kernel32.dll
\AppPatch\sysmain.sdb
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
kernel32.dll
{00000000-0000-0000-0000-000000000000}
{00000000-0000-0000-0000-000000000000}
\\?\Volume
\\?\Volume
shell:%s
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Frame_URLEntered
Imaging_CreateWebPagePreview
Imaging_CreateWebPagePreview
WS_ExecuteQuery
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
IEXPLORE.EXE
Windows
Windows
9.00.8112.16421
9.00.8112.16421
iexplore.exe_2836_rwx_69AD1000_00002000:
zcÃ
zcÃ
REPORT
REPORT
HPE_CB_url
HPE_CB_url
the on_url callback failed
the on_url callback failed
invalid HTTP version
invalid HTTP version
HPE_INVALID_URL
HPE_INVALID_URL
invalid URL
invalid URL
invalid HTTP status code
invalid HTTP status code
invalid HTTP method
invalid HTTP method
HPE_INVALID_PORT
HPE_INVALID_PORT
invalid port
invalid port
iexplore.exe_2836_rwx_69AD4000_00001000:
Expected: %s
Expected: %s
Got: %s
Got: %s
1.2.8
1.2.8
iexplore.exe_2836_rwx_69E52000_0000D000:
%Program Files%\Internet Explorer\iexplore.exe
%Program Files%\Internet Explorer\iexplore.exe
Chrome
Chrome
chrome
chrome
Firefox
Firefox
firefox
firefox
Opera
Opera
opera
opera
application/x-www-form-urlencoded
application/x-www-form-urlencoded
supported_browser_versions.%1%.%2%
supported_browser_versions.%1%.%2%
User32.dll
User32.dll
Kernel32.dll
Kernel32.dll
ADVAPI32.dll
ADVAPI32.dll
ntdll.dll
ntdll.dll
Microsoft-Windows-Kernel-General
Microsoft-Windows-Kernel-General
Microsoft-Windows-Kernel-Power
Microsoft-Windows-Kernel-Power
kernel32.dll
kernel32.dll
Psapi.dll
Psapi.dll
psapi.dll
psapi.dll
chrome.exe
chrome.exe
chrome.dll
chrome.dll
firefox.exe
firefox.exe
iexplore.exe
iexplore.exe
opera.exe
opera.exe
opera.dll
opera.dll
microsoftedgecp.exe
microsoftedgecp.exe
crossbrowse.exe
crossbrowse.exe
crossbrowse.dll
crossbrowse.dll
bobrowser.exe
bobrowser.exe
browserair.exe
browserair.exe
mybrowser.exe
mybrowser.exe
browser.exe
browser.exe
browser.dll
browser.dll
ucbrowser.exe
ucbrowser.exe
amigo.exe
amigo.exe
torch.exe
torch.exe
iexplore.exe_3560:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
>.uzf
>.uzf
.us;}
.us;}
IEFRAME.dll
IEFRAME.dll
MLANG.dll
MLANG.dll
iertutil.dll
iertutil.dll
urlmon.dll
urlmon.dll
ole32.dll
ole32.dll
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
KERNEL32.dll
KERNEL32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
GetWindowsDirectoryW
GetWindowsDirectoryW
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
UrlApplySchemeW
UrlApplySchemeW
PathIsURLW
PathIsURLW
UrlCanonicalizeW
UrlCanonicalizeW
UrlCreateFromPathW
UrlCreateFromPathW
iexplore.pdb
iexplore.pdb
KEYW
KEYW
KEYWh
KEYWh
KEYWD
KEYWD
.ENNNG.
.ENNNG.
a.ry.v
a.ry.v
l.igM4
l.igM4
?1%SGf
?1%SGf
xh.JW^
xh.JW^
.97777"7" " " !
.97777"7" " " !
3.... ))
3.... ))
8888888888888
8888888888888
8888888888
8888888888
.lPV)
.lPV)
úW1
úW1
.ApX/
.ApX/
H.ZAf
H.ZAf
ð[U
ð[U
%s!FK
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
888777777
Y.hilkRROMLK=C,
Y.hilkRROMLK=C,
..(((($$
..(((($$
3...((((%
3...((((%
3....(.''$
3....(.''$
3.2...((((%
3.2...((((%
33.2....(,'
33.2....(,'
55323222...
55323222...
(%&'00443445?
(%&'00443445?
00.,,,4(
00.,,,4(
000.,,9(
000.,,9(
0020..9(
0020..9(
003200;(
003200;(
(#'( (''''!'!
(#'( (''''!'!
Microsoft.InternetExplorer.Default
Microsoft.InternetExplorer.Default
user32.dll
user32.dll
Kernel32.DLL
Kernel32.DLL
xfire.exe
xfire.exe
wlmail.exe
wlmail.exe
winamp.exe
winamp.exe
waol.exe
waol.exe
sidebar.exe
sidebar.exe
psocdesigner.exe
psocdesigner.exe
np.exe
np.exe
netscape.exe
netscape.exe
netcaptor.exe
netcaptor.exe
neoplanet.exe
neoplanet.exe
msn.exe
msn.exe
mshtmpad.exe
mshtmpad.exe
mshta.exe
mshta.exe
loader42.exe
loader42.exe
infopath.exe
infopath.exe
iexplore.exe
iexplore.exe
iepreview.exe
iepreview.exe
groove.exe
groove.exe
explorer.exe
explorer.exe
dreamweaver.exe
dreamweaver.exe
contribute.exe
contribute.exe
aol.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
"%s" %s
Kernel32.dll
Kernel32.dll
\AppPatch\sysmain.sdb
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
kernel32.dll
{00000000-0000-0000-0000-000000000000}
{00000000-0000-0000-0000-000000000000}
\\?\Volume
\\?\Volume
shell:%s
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Frame_URLEntered
Imaging_CreateWebPagePreview
Imaging_CreateWebPagePreview
WS_ExecuteQuery
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
IEXPLORE.EXE
Windows
Windows
9.00.8112.16421
9.00.8112.16421
SearchProtocolHost.exe_3636:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
ADVAPI32.dll
ADVAPI32.dll
ntdll.DLL
ntdll.DLL
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
TQUERY.DLL
TQUERY.DLL
MSSHooks.dll
MSSHooks.dll
IMM32.dll
IMM32.dll
SHLWAPI.dll
SHLWAPI.dll
SrchCollatorCatalogInfo
SrchCollatorCatalogInfo
SrchDSSLogin
SrchDSSLogin
SrchDSSPortManager
SrchDSSPortManager
SrchPHHttp
SrchPHHttp
SrchIndexerQuery
SrchIndexerQuery
SrchIndexerProperties
SrchIndexerProperties
SrchIndexerPlugin
SrchIndexerPlugin
SrchIndexerClient
SrchIndexerClient
SrchIndexerSchema
SrchIndexerSchema
Msidle.dll
Msidle.dll
Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default
Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default
pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty
pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty
d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx
d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
RegDeleteKeyW
RegDeleteKeyW
RegDeleteKeyExW
RegDeleteKeyExW
8%uiP
8%uiP
Invalid parameter passed to C runtime function.
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
0xx=
0xx=
%s(%d)
%s(%d)
tid="0x%x"
tid="0x%x"
pid="0x%x"
pid="0x%x"
tagname="%s"
tagname="%s"
tagid="0x%x"
tagid="0x%x"
el="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
time="d/d/d d:d:d.d"
logname="%s"
logname="%s"
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
SHELL32.dll
SHELL32.dll
PROPSYS.dll
PROPSYS.dll
ntdll.dll
ntdll.dll
RegCloseKey
RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyExW
ReportEventW
ReportEventW
_amsg_exit
_amsg_exit
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
SearchProtocolHost.pdb
SearchProtocolHost.pdb
2 2(20282|2
2 2(20282|2
4%5S5
4%5S5
Software\Microsoft\Windows Search
Software\Microsoft\Windows Search
https
https
kernel32.dll
kernel32.dll
msTracer.dll
msTracer.dll
msfte.dll
msfte.dll
lX-X-X-XX-XXXXXX
lX-X-X-XX-XXXXXX
SOFTWARE\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
tquery.dll
tquery.dll
%s\%s
%s\%s
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
Windows Search Service
Windows Search Service
0xx%p%S%d
0xx%p%S%d
advapi32.dll
advapi32.dll
WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll
WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll
winhttp.dll
winhttp.dll
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
Software\Microsoft\Windows Search\Tracing\EventThrottleState
%S(%d)
%S(%d)
tagname="%S"
tagname="%S"
logname="%S"
logname="%S"
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s.mui
.\%s\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
%s\%s\%s.mui
Microsoft Windows Search Protocol Host
Microsoft Windows Search Protocol Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchProtocolHost.exe
SearchProtocolHost.exe
Windows
Windows
7.00.7601.17610
7.00.7601.17610
iexplore.exe_3560_rwx_69AD1000_00002000:
zcÃ
zcÃ
REPORT
REPORT
HPE_CB_url
HPE_CB_url
the on_url callback failed
the on_url callback failed
invalid HTTP version
invalid HTTP version
HPE_INVALID_URL
HPE_INVALID_URL
invalid URL
invalid URL
invalid HTTP status code
invalid HTTP status code
invalid HTTP method
invalid HTTP method
HPE_INVALID_PORT
HPE_INVALID_PORT
invalid port
invalid port
iexplore.exe_3560_rwx_69AD4000_00001000:
Expected: %s
Expected: %s
Got: %s
Got: %s
1.2.8
1.2.8
iexplore.exe_3560_rwx_69E52000_0000D000:
keyword matched
keyword matched
keyword matched (test mode)
keyword matched (test mode)
url_filtering
url_filtering
exclude_keyword
exclude_keyword
exclude_keyword_test
exclude_keyword_test
VVV.technologieyvonlheureux.com
VVV.technologieyvonlheureux.com
base_url
base_url
js_base_url
js_base_url
css_base_url
css_base_url
supported_sites
supported_sites
.jpeg
.jpeg
.json
.json
.mpeg
.mpeg
url_tracking
url_tracking
triggers.stop
triggers.stop
triggers.start.patterns
triggers.start.patterns
triggers.stop.patterns
triggers.stop.patterns
%Program Files%\Internet Explorer\iexplore.exe
%Program Files%\Internet Explorer\iexplore.exe
Chrome
Chrome
chrome
chrome
Firefox
Firefox
firefox
firefox
Opera
Opera
opera
opera
application/x-www-form-urlencoded
application/x-www-form-urlencoded
bi_url
bi_url
bi_settings.events_sampling
bi_settings.events_sampling
supported_browser_versions.%1%.%2%
supported_browser_versions.%1%.%2%
%1%%2$=%3%
%1%%2$=%3%
https
https
%1% %2% HTTP/%3%.%4%
%1% %2% HTTP/%3%.%4%
Global\74A9F3D8-ECFE-41C1-B4C1-B5883408A64C
Global\74A9F3D8-ECFE-41C1-B4C1-B5883408A64C
User32.dll
User32.dll
Kernel32.dll
Kernel32.dll
secur32.dll
secur32.dll
Ws2_32.dll
Ws2_32.dll
ADVAPI32.dll
ADVAPI32.dll
wajam.exe
wajam.exe
ntdll.dll
ntdll.dll
kernel32.dll
kernel32.dll
Microsoft-Windows-Kernel-General
Microsoft-Windows-Kernel-General
Microsoft-Windows-Kernel-Power
Microsoft-Windows-Kernel-Power
settings.json
settings.json
Psapi.dll
Psapi.dll
psapi.dll
psapi.dll
chrome.exe
chrome.exe
chrome.dll
chrome.dll
firefox.exe
firefox.exe
iexplore.exe
iexplore.exe
opera.exe
opera.exe
opera.dll
opera.dll
microsoftedgecp.exe
microsoftedgecp.exe
crossbrowse.exe
crossbrowse.exe
crossbrowse.dll
crossbrowse.dll
bobrowser.exe
bobrowser.exe
browserair.exe
browserair.exe
mybrowser.exe
mybrowser.exe
browser.exe
browser.exe
browser.dll
browser.dll
ucbrowser.exe
ucbrowser.exe
amigo.exe
amigo.exe
torch.exe
torch.exe