Trojan.NSIS.StartPage_45c53ed14f – Adaware

not-a-virus:AdWare.NSIS.Agent.iv (Kaspersky), Trojan.NSIS.StartPage.FD, GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan, Adware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 45c53ed14fd209f99f5db3dc46b96647

SHA1: a6241887c9769021c2bfc0b5f1b45e19d719837c

SHA256: ad0e52a4bd536c8c94b81fd465f3988eb4240147e0a9d89ad133711558692cc0

SSDeep: 196608:gIymCtL0EMrymZhgYgWYBA5UMYCseIO0Fob0:gIdC fZNgW00UPveI9o4

Size: 7663040 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6

Company: no certificate found

Created at: 2016-07-03 12:59:18

Analyzed on: Windows7 SP1 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

61fda4ee77910796d32333421184d8b6.exe:3812
61fda4ee77910796d32333421184d8b6.exe:3736
ns1AA4.tmp:3528
rundll32.exe:3552
runonce.exe:3556

The Trojan injects its code into the following process(es):

61fda4ee77910796d32333421184d8b6.exe:364
%original file name%.exe:644
iexplore.exe:2836
iexplore.exe:3560

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process 61fda4ee77910796d32333421184d8b6.exe:3812 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

C:\Windows\Temp\wjm2BB3.tmp (12588 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\e214f9b15940fe19bca2f6de222d6969 (26 bytes)
C:\Windows\Temp\wjm2A6B.tmp (2500 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\bac58b7a8f1a65ff2c67b1c4575c70a8\nnortn.dll (19567 bytes)
C:\Windows\Temp\Ima24EE.tmp (381 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\441136ae10b200e9992f407b66b2554e (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Local State (8182 bytes)

The Trojan deletes the following file(s):

C:\Windows\Temp\Ima24EE.tmp (0 bytes)
C:\Windows\Temp\wjm2BB3.tmp (0 bytes)
C:\Windows\Temp\wjm2A6B.tmp (0 bytes)

The process 61fda4ee77910796d32333421184d8b6.exe:3736 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Ima1FA0.tmp (381 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Ima1FA0.tmp (0 bytes)

The process 61fda4ee77910796d32333421184d8b6.exe:364 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Program Files%\e08f1370640365726bbce4d52a5b9f8a\bac58b7a8f1a65ff2c67b1c4575c70a8\nnortn.dll (5677 bytes)
C:\Windows\Temp\Ima315C.tmp (381 bytes)

The Trojan deletes the following file(s):

C:\Windows\Temp\Ima315C.tmp (0 bytes)

The process ns1AA4.tmp:3528 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Program Files%\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe (49 bytes)

The process rundll32.exe:3552 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

C:\Windows\System32\drivers\SET42AA.tmp (63 bytes)

The Trojan deletes the following file(s):

C:\Windows\System32\drivers\SET42AA.tmp (0 bytes)

The process runonce.exe:3556 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl (712 bytes)

The process %original file name%.exe:644 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd41BC.tmp (27423 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3471.tmp (78068 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\Social2Search Website.lnk (1 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb\ffdefbf88c95cae97a1671206e9fe39e.ico (3 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb\bc5601ccb5de9f6cb8cd31285eef3bbe.ico (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HIXW7MDT.txt (785 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll (46 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\nsExec.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns41EC.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns1AA4.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\brh.dll (33983 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\Settings.lnk (1 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5138f989434c4f2d9e7cafe3043568d0.inf (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns2E16.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns3019.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\IpConfig.dll (4254 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\441136ae10b200e9992f407b66b2554e (2104 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\uninstall.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyB0A.tmp (10 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\815346a4778321839cef8ab48bf110e2.exe (33078 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\ME0NF2RG.txt (533 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\get_local_output.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\6EV5DN26.txt (785 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\System.dll (23 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns442E.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\PGE7KUCB.txt (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\MoreInfo.dll (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F8.tmp (601 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5138f989434c4f2d9e7cafe3043568d0.cfg (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3460.tmp (601 bytes)
C:\Windows\815346a4778321839cef8ab48bf110e2.exe (2064 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\md5dll.dll (16 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\SignIn with Twitter.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\J6LO7Z4X.txt (277 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\VL3GAPN9.txt (785 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe (20503 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\NSISList.dll (2457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn3665.tmp (906 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\ce1c22c865645f1f8a89a398e374a17f.exe (17572 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F9.tmp (78068 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\SimpleSC.dll (1896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HNAF2IB4.txt (785 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5138f989434c4f2d9e7cafe3043568d0.sys (2453 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\c850ebe35760d7b12fc1318953221f59.exe (19923 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3471.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F9.tmp-wal (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF47B.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HIXW7MDT.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns1AA4.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns2E16.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns3019.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3471.tmp-shm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyB0A.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3460.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns41EC.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\6EV5DN26.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F9.tmp-shm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\VL3GAPN9.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns442E.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\downloadsLog[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\PGE7KUCB.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\ME0NF2RG.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F8.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\urlsLog[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\J6LO7Z4X.txt (0 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5138f989434c4f2d9e7cafe3043568d0.inf (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn3665.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F9.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3471.tmp-wal (0 bytes)

Registry activity

The process 61fda4ee77910796d32333421184d8b6.exe:3812 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Social2Sea]
"IExplore" = "1"

The process 61fda4ee77910796d32333421184d8b6.exe:3736 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCR\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E]
"LocalService" = "137203c2d9703f0751ed94059097703c"

The Trojan deletes the following value(s) in system registry:

[HKCR\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E]
"LocalService"

The process rundll32.exe:3552 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\services\5138f989434c4f2d9e7cafe3043568d0]
"Flags" = "241"

[HKLM\System\CurrentControlSet\services\5138f989434c4f2d9e7cafe3043568d0\Instances\5138f989434c4f2d9e7cafe3043568d0 Red Instance]
"Flags" = "0"

"Altitude" = "374050"

[HKLM\System\CurrentControlSet\services\5138f989434c4f2d9e7cafe3043568d0\Instances]
"DefaultInstance" = "5138f989434c4f2d9e7cafe3043568d0 Red Instance"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"FSFilter Activity Monitor" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalAssocChangedCounter" = "100"

[HKLM\SYSTEM\Setup\SetupapiLogStatus]
"setupapi.app.log" = "4096"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv" = "grpconv -o"

The process runonce.exe:3556 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"

The process %original file name%.exe:644 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e08f1370640365726bbce4d52a5b9f8a]
"URLInfoAbout" = "http://www.technologieyvonlheureux.com"

[HKCU\Software\WajIEnhance]
"affiliate_id" = "3673"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASAPI32]
"EnableFileTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASMANCS]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e08f1370640365726bbce4d52a5b9f8a]
"DisplayVersion" = "9.70.1.17 (i1.0)"
"Publisher" = "Social2Search"

[HKLM\SOFTWARE\Social2Sea]
"AID" = "3673"

[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Social2Sea]
"TS" = "1485003051"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]
"WindowClassName" = "DDEMLMom"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e08f1370640365726bbce4d52a5b9f8a]
"DisplayName" = "Social2Search"

[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Social2Sea]
"ts2" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]
"processname" = "iexplore.exe"

[HKLM\SOFTWARE\Social2Sea]
"UID" = "26B7D8D8BD1EF7A71B43728E773D5682"

[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\WajIEnhance]
"unique_id" = "26B7D8D8BD1EF7A71B43728E773D5682"

[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASMANCS]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Social2Sea]
"aid2" = "none"

[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASAPI32]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3E 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASAPI32]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASMANCS]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASAPI32]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Social2Sea]
"mid" = "c8b3188fe24cd1b1b734e1408fc52bd1"

[HKLM\SOFTWARE\Microsoft\Tracing\45c53ed14fd209f99f5db3dc46b96647_RASMANCS]
"EnableConsoleTracing" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

Dropped PE files

MD5	File path
a3ed6f7ea493b9644125d494fbf9a1e6	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\IpConfig.dll
80e34b7f576b710d100f6e7c0bed0c2e	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\MoreInfo.dll
2e0785f18f8714393bc4bc1fe170eadf	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\NSISList.dll
d63975ce28f801f236c4aca5af726961	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\SimpleSC.dll
c17103ae9072a06da581dec998343fc1	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\System.dll
dc53b086a6a6752a52679c241e36c9f8	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\brh.dll
d7a3fa6a6c738b4a3c40d5602af20b08	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll
97960d7a18662dac9cd80a8c5e3c794b	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\md5dll.dll
acc2b699edfea5bf5aae45aba3a41e96	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\nsExec.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "%System%\DRIVERS\5138f989434c4f2d9e7cafe3043568d0.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.

Propagation

Removals

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Scan a system with an anti-rootkit tool.
Terminate malicious process(es) (How to End a Process With the Task Manager):
61fda4ee77910796d32333421184d8b6.exe:3812
61fda4ee77910796d32333421184d8b6.exe:3736
ns1AA4.tmp:3528
rundll32.exe:3552
runonce.exe:3556
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:
C:\Windows\Temp\wjm2BB3.tmp (12588 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\e214f9b15940fe19bca2f6de222d6969 (26 bytes)
C:\Windows\Temp\wjm2A6B.tmp (2500 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\bac58b7a8f1a65ff2c67b1c4575c70a8\nnortn.dll (19567 bytes)
C:\Windows\Temp\Ima24EE.tmp (381 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\441136ae10b200e9992f407b66b2554e (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Local State (8182 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Ima1FA0.tmp (381 bytes)
C:\Windows\Temp\Ima315C.tmp (381 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe (49 bytes)
C:\Windows\System32\drivers\SET42AA.tmp (63 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl (712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd41BC.tmp (27423 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3471.tmp (78068 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\Social2Search Website.lnk (1 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb\ffdefbf88c95cae97a1671206e9fe39e.ico (3 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb\bc5601ccb5de9f6cb8cd31285eef3bbe.ico (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HIXW7MDT.txt (785 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll (46 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\nsExec.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns41EC.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns1AA4.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\brh.dll (33983 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\Settings.lnk (1 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5138f989434c4f2d9e7cafe3043568d0.inf (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns2E16.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns3019.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\IpConfig.dll (4254 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\uninstall.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyB0A.tmp (10 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\815346a4778321839cef8ab48bf110e2.exe (33078 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\ME0NF2RG.txt (533 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\get_local_output.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\6EV5DN26.txt (785 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\System.dll (23 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\ns442E.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\PGE7KUCB.txt (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\MoreInfo.dll (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F8.tmp (601 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5138f989434c4f2d9e7cafe3043568d0.cfg (19 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\3460.tmp (601 bytes)
C:\Windows\815346a4778321839cef8ab48bf110e2.exe (2064 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\md5dll.dll (16 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\SignIn with Twitter.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\J6LO7Z4X.txt (277 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\VL3GAPN9.txt (785 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\NSISList.dll (2457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn3665.tmp (906 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\ce1c22c865645f1f8a89a398e374a17f.exe (17572 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\32F9.tmp (78068 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\SimpleSC.dll (1896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\HNAF2IB4.txt (785 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5138f989434c4f2d9e7cafe3043568d0.sys (2453 bytes)
%Program Files%\e08f1370640365726bbce4d52a5b9f8a\c850ebe35760d7b12fc1318953221f59.exe (19923 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv" = "grpconv -o"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	26007	26112	4.51801	71cda8c9a2941009b3c3265015e6aa11
.rdata	32768	5329	5632	3.61834	3c8542be139276634f1ae80037f7916b
.data	40960	147680	512	0.95839	ddb0a523ddf4ea1cbd012cdf3eca43d7
.CRT	192512	4	512	0.042395	d3f77067d67c60c6fcc9ec82a676fe03
.ndata	196608	3006464	0	0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	3203072	16128	16384	4.11199	37ebe3534e235c2b5019a15b4dca5e74

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 1
5dbb22d6d18ffbafb825cb7a5665dfbd

Network Activity

URLs

URL	IP
hxxp://www.technologieyvonlheureux.com/installer/getTimestamp
hxxp://www.technologieyvonlheureux.com/installer/start?v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/web/log?evt=10001&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/logging?evt=1&pge=0&pr=0&ar=0&dr=0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/progress?section=1.0&getinstructions=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/progress?section=2.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/progress?section=3.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/web/log?evt=10023&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2=
hxxp://www.technologieyvonlheureux.com/web/log?evt=10035&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2=
hxxp://www.technologieyvonlheureux.com/webenhancer/config?v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2=
hxxp://www.technologieyvonlheureux.com/webenhancer/injections?v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2=
hxxp://www.technologieyvonlheureux.com/web/log?evt=10004&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2=
hxxp://www.technologieyvonlheureux.com/installer/progress?section=4.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/progress?section=5.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/web/log?evt=10042&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2=
hxxp://www.technologieyvonlheureux.com/installer/progress?section=6.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/downloadsLog?unique_id=26B7D8D8BD1EF7A71B43728E773D5682&affiliate_id=3673
hxxp://www.technologieyvonlheureux.com/installer/urlsLog?unique_id=26B7D8D8BD1EF7A71B43728E773D5682&affiliate_id=3673&br=iexplore
hxxp://www.technologieyvonlheureux.com/installer/installedProgramsLogs?unique_id=26B7D8D8BD1EF7A71B43728E773D5682&affiliate_id=3673
hxxp://www.technologieyvonlheureux.com/installer/progress?section=7.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/progress?section=8.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/index.php?firstrun=1&bg=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/webenhancer/update?v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2=&retry_count=0&retry_version=&sc=1&scfr=&ie_status=-2&ch_status=-2&ff_status=-2&avs=0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0
hxxp://www.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
hxxp://www.technologieyvonlheureux.com/installer/progress?section=bea&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/progress?section=beb&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/finish?v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/web/log?evt=10002&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/web/log?evt=10008&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2=&brw=IE&brw_v=9.0.8112.16421&brw_bitness=32&metro=0
hxxp://www.technologieyvonlheureux.com/index.php?firstrun=1&lp=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.7/jquery.min.js?1.00404.0
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00404.0
hxxp://platform-eb.twitter.com/widgets.js?1.00404.0
hxxp://www.technologieyvonlheureux.com/js/min_general_en.js?1.00404.0
hxxp://www.technologieyvonlheureux.com/js/min_fancybox.js?1.00404.0
hxxp://www.technologieyvonlheureux.com/css/min_bootstrap3_social2search.css?1.00404.0
hxxp://www.technologieyvonlheureux.com/css/min_fancybox.css?1.00404.0
hxxp://www.technologieyvonlheureux.com/css/min_signup.css?1.00404.0
hxxp://www.technologieyvonlheureux.com/css/min_general.css?1.00404.0
hxxp://www.technologieyvonlheureux.com/js/min_signup_page.js?1.00404.0
hxxp://main-social2search.netdna-ssl.com/imgs/app/social2search/login-twitter.png
hxxp://e6845.dscb1.akamaiedge.net/crls/secureca.crl
hxxp://e8218.dscb1.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg==
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDuvO9j30/BC
hxxp://googleadapis.l.google.com/css?family=Signika:400,300,600,700
hxxp://main-social2search.netdna-ssl.com/imgs/app/social2search/login-bg-img.png
hxxp://stats.l.doubleclick.net/dc.js
hxxp://www.technologieyvonlheureux.com/css/webfonts/Lato-Black-webfont.eot?
hxxp://www.technologieyvonlheureux.com/css/webfonts/F37F5_0.eot?
hxxp://scontent.xx.fbcdn.net/en_US/all.js
hxxp://scontent.xx.fbcdn.net/connect/xd_arbiter/r/YGoENyUbMBG.js?version=42
hxxp://clients.l.google.com/GIAG2.crl
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8=
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw=
hxxp://www.technologieyvonlheureux.com/imgs/social2search/favicon.ico
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00404.0	216.58.209.74
hxxp://fonts.googleapis.com/css?family=Signika:400,300,600,700	172.217.20.170
hxxp://crl.geotrust.com/crls/secureca.crl
hxxp://connect.facebook.net/en_US/all.js	31.13.92.14
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw=	93.184.220.29
hxxp://pki.google.com/GIAG2.crl
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg==	23.43.139.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV	172.217.20.206
hxxp://platform.twitter.com/widgets.js?1.00404.0
hxxp://staticxx.facebook.com/connect/xd_arbiter/r/YGoENyUbMBG.js?version=42	31.13.92.14
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js?1.00404.0	216.58.209.74
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8=	93.184.220.29
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDuvO9j30/BC	172.217.20.206
hxxp://stats.g.doubleclick.net/dc.js	64.233.161.154
www.facebook.com	31.13.92.36

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /en_US/all.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: connect.facebook.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Access-Control-Expose-Headers: X-FB-Content-MD5

x-fb-content-md5: a87874f33d187209c98f623f1775fcf9

ETag: "e5a164f44f1d7cf5b3b7dbfa9cd28f6c"

X-Frame-Options: DENY

Strict-Transport-Security: max-age=15552000; preload

Content-Type: application/x-javascript; charset=utf-8

X-Content-Type-Options: nosniff

X-XSS-Protection: 0

timing-allow-origin: *

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data: 'self';style-src data: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* hXXps://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;

Cache-Control: public,max-age=1200,stale-while-revalidate=3600

Expires: Sat, 21 Jan 2017 13:05:58 GMT

Vary: Accept-Encoding

Content-Encoding: gzip

Content-MD5: nIUpfjZGcM0GSfgF1iy dg==

X-FB-Debug: 1gKX0dE0VeawKhEVMGnDqex9LpuGYpuLsUxIkGGy2s19gb2QrEkAD mLR1eIx0PQI8hmUJZWSXrhQvPvS7HUAg==

Date: Sat, 21 Jan 2017 12:51:29 GMT

Connection: keep-alive

Content-Length: 58406

............i{.H.7..?...3Hjd..."....W...v...{..\..#..$6..g.....RB...9....,R..\##c................?..k.. I.. u...-N..xy~v.;A....'.._'?.._..k..h..w......~.Nk........... q..y0t.Z:vjo"6.;..^...'n..N.....id..,.K.aN#..N<...|.~w.....r..W..k.........v[SG....R.^..{#w...ZmS.-X\cQ..kv...nDq...:r.|e.j..Z..... uV.:..Z:v.7...U..N:..<w/.N...`...Y....0....k,...N.&...wV...V.ya.y5.*...}fM........n.|~...o../..fMt.V..... ...@...$,.....c7u<7Ikv..E..I.....S..........)..aq1.&e.j...c..T..[.k-...^.}......[5....F]..sv.n.f......X._.s..F#....M.....l..........z....6.?J...zvR.4fA2.c....o>t..J9...0ei...^......,..X...Wi..;i.....>.... )[lR.6....N..Y.]u.O..;R.&...T..3.{...<{......-..&G..d_U4....D.2....w.K..cO-^.g...^3...:i4N~..9.W..H.$U'....*....:5".3?i4.._8.......R..@ifE...>..!.....^..{..r.4=#v"...U.TtE.L..i.$t.U...T...h....K.T../..w@.v...}=.....N.kw.*I8.....L..A...&F.w....S....f0v...p!\..=P..S#`.#...A5...-...k.Nj..pG<..8..N...... .....h.^....q-.v.>QN.u....@....Xm.........:.{. 5..j....?..=..S......v....A....R.}.-JZ..vm.....l..#"m..9..;i#..{h.h.=.v..8.<.N. .:...9...C5....;'}....P.-..q.Y.R.<.*..9.v.....j.yw...p.4U....K./....V....|k....).........Z...^........Q..Rt..........<.#._ .B.K..g..q.(].g....#\..c../..k.FN..UG..z.q.0.G..<PvT...8....Y...8.U..6..4..R.....i..8A-[y......q....3.N...}g.. ..5'..D....5.c.N....r-...6..M.cu....f...&F...wV?v...t1 ...?...`..........?V...bNl...,8E..Cg..^.WM.....S.njD.d.N4k...mx....J....<....0...>.I.d....#M.60!......a^..1...K.............3m....w.....F......\.\..c.V.NW.vB..}}..

<<< skipped >>>

GET /installer/progress?section=6.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:01 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=doc1vi0ndrpt225nhd86dm8590; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030615677820; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003061; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w66|WINZO|WINZO; path=/

GET /ajax/libs/jquery/1.7/jquery.min.js?1.00404.0 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ajax.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Date: Fri, 20 Jan 2017 18:31:00 GMT

Expires: Sat, 20 Jan 2018 18:31:00 GMT

Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 33845

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000

Age: 66010

......n........8.(..<....PYI...............u.z..9..%@.l.....m.g..r....$..Y.3..u~d.....E.....5......g.K.../f........./e...Y........g{*.& .......,zt.>W.9U.l.f._."......cnQ....#...q...o.)o.;..m..#.x.......ZO..l.X..g.>..j........t..;4gs..a..........Nc7.k..Y}..#.........^e[G...e.Q..3..h..N....U.5....x.8(.V...&......*.....C.7.xHy...]`....N.<v.=.gEy.Z.~\5.r....h..h.!.M.. ...'...C.5.q.n}:...q....e..5...2j..|.6..%...st./wb.^.a.n.........p.d.yG....naVc2. ......`.(..4..........=w...Y.:.Q.:b.h5.t..DG....,H.1.A..#.I.:... ...D-.|...T9.\......S.D5Y.E?..[...6.d.>7.....?...*j.{........}.EUY.......}...?!.E..R'....,.V.(.4....'^7....#.>37f.{....l.....DD.....J.lL...pz.HBR....y.4)..=..E@rr .).q.- '..Ur.....v^B)]b.%.e...E..U....8 ...RT7UV$.....nS~W>..5.0.P....x..=...bo...{.... ..|.m...4...{|>.|.fh.'...!h[..."....|>..FP.~r|.....y.8h.`...E@)..V=.V.G.....d.P...K..2 %..Z..z...h.NAK.. ..].uVa.........r...L... .......n..9....A...!.Ia.:#Z..'...)..c.uW...h ..<\..@.5...;...x},....x..b.....eb...?.h.O.,.h.g.^=.Y...0C[.N.m.`.RJC.vR..Cv......../..o8.y. ....#.....o.c...,.m..mx.8)...{*dk...l...}.;*..J.}e.<"..q...........L.(...f...].B.;|.Y.j.K.;..qD...cc...,&.Ct...WU....c....a...s....9R........g.|4w.f......Z..{..ph.....".MQ..1.....t...q_?.zB..P..(.Tl..3.n...N..u..}|..& .......(..m pwY9.h).......'..`.<...@=..q@E....S>6...kA.$...o....-I.yK...z...*..h.$.6....]J...HF.dG.u.p.. {....#9.u...l......U6....~.8.(&j...F..m..y..i.9Fwz0.1.....$...j....G.Q`..(.z.DF.b.1..7...."|V].-....I..u......a..4..e....... .p4..........qJc

<<< skipped >>>

GET /signup?aid=3673&inline=0&afr=0 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:04 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=u3lgjdopqvssg8icnmp3mi1bu4; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030649603455; expires=Sun, 21-Jan-2018 12:51:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003064; expires=Sun, 21-Jan-2018 12:51:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=0,53,24,44,70,47,57,81,43,49; expires=Sun, 21-Jan-2018 12:51:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Vary: Accept-Encoding

Content-Length: 5144

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w67|WINZO|WINZO; path=/

<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xmlns:fb="hXXp://ogp.me/ns/fb#" xml:lang="en" prefix="og: hXXp://ogp.me/ns#">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<base href="hXXp://VVV.technologieyvonlheureux.com" />...<title>Social2Search.com | Download Social2Search for Free</title>..<meta name="title" content="Social2Search.com | Download Social2Search for Free" />....<meta name="description" content="Enhance Your Search Experience With Results From Your Friends! Download Social2Search and get Social Results and Recommendations in Your Regular Search Results | Social2Search.com" />..<meta name="keywords" content="Download Social2Search, Social2Search Download, Install Social2Search, Get Social2Search, Social2Search, Social Search, Social results, Social Search Results, Recommendations from your friends, recommendations, Facebook friends recommendations, Find a Friend's Facebook Post, Find a Tweet" />.........<meta name="google-site-verification" content="5KnCIaGgQoFFL2URoeiXrg0xTbPK3qJZLbDJpbIoC9U" />...<link rel="shortcut icon" href="/imgs/social2search/favicon.ico" type="image/x-icon" />..<link href="hXXps://fonts.googleapis.com/css?family=Merriweather:300,400,700,900" rel="stylesheet" type="text/css">..<link href="hXXps://fonts.googleapis.com/css?family=Open Sans:300,400,600,700,800" rel="stylesheet" type="text/css">

<<< skipped >>>

GET /imgs/app/social2search/login-twitter.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: main-social2search.netdna-ssl.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:13 GMT

Content-Type: image/png

Content-Length: 5243

Connection: keep-alive

Last-Modified: Mon, 09 May 2016 20:38:20 GMT

ETag: "147b-5326eca03cb1b"

Server: NetDNA-cache/2.2

X-Cache: HIT

Accept-Ranges: bytes

.PNG........IHDR...6...R........Q....sBIT....|.d....2IDATx...w..T... ....v...c.q;.M.{.&.Y..b(f...v(..e.e...`(...40K.C.R.a)..<.8..S....v.;.s._.t..I.....:=..W.....z..s.=Wb....v.A..... U.J.^....8.I$X....\x..[.%.M.....X%..4.@z........... .'1.6.......KU....i:.~.. ......yl.>.ds.d......u_.A.f...U.......<Uw.v(...w.M.^.r....0..F1..tjF........LV7s..W=.>.e.w...,r..T'..N...t......J...&.\... ...W.i.......@EL.....&$..U...B..)...[.v...O.F..`..&....T...T..).L...!0..................{.kB..a..._<x..G.Yk..)............w/&Q#.b(a.......k..p....7;W..Z..{.[,...`.. .".b..'..^.F...Y..ZkEw..Z&......A..0aB...^...6.f............A$.p.Up...t,UWTd.k.`.. .".....[..(L .....0a.`.. .")...E..q.6..u..wE..;..&..pF..D...i;..).F..1.8....{.X.. .b.I..A....... .........F.........<....bK.. .b8I.Q...l7$....l-4 .t...... .b.I.....,vF.F.D6.P...<8....."n....R..n..0.........!......vv..PR. ..8...........$.m...'.u.\.....xT|..... .,..p.$.w~......"n....V.;....?A.C..F%..!cr....z1.<....B...G.....Y%b...,........c.G.*^[K.F.'.Y..vv.&H..u.....i.....N*j....c....~.2.3KE\76 .. .." ......]=......7...'.c......J..%...\........O{{. .........6.L..Ksp_...$...r..tM<.cr.4t..eu....7.z..{..xd..%...,wLv....xb.0...9%........y.........VI..pO......NC......&.V......V......oC..S..\xD...F.........B..Vk..s..O..AE3(K...........6.T..U.........4..k.$...{g...3....S...R..#E|}$....c. ..zu./1.d....&.M..&.......`......^\:Z.h...3._.8......u]*.m.....,o...&*.sgy...\..9.2.....wGe<.S.zM-....\<6.c...Z......T.K....9>.u....U.......9....dx..DN......-Cc.&..,^..xTbWN..ozsw.K

<<< skipped >>>

GET /imgs/social2search/favicon.ico HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cookie: _wau=14850030613333128; _wal=1485003071; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; APPSESSID=w52|WINZV|WINZQ

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:40 GMT

Server: Apache/2.4.7 (Ubuntu)

Last-Modified: Mon, 22 Feb 2016 16:43:57 GMT

ETag: "5a596-52c5e89fe58b7"

Accept-Ranges: bytes

Content-Length: 370070

Connection: close

Content-Type: image/vnd.microsoft.icon

Set-Cookie: APPSESSID=w52|WINZX|WINZQ; path=/

Cache-control: private

............ .h...f... .... .........00.... ..%..v...@@.... .(B...;........ .(...F}........ .( ..n...(....... ..... .........................J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..I ..M1..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J-..........S8..J,..J,..J,..J,..J,..J,..I-.._H%.`I'.J...J,..I ..............K...J,..J,..J,..T8..Q6..........................^G'.........O2..J,..J,..J,..J,..R6..................................nX8.L...J,..J,..M...P/..Q0..............}c?..d>..d>.~d>.............Q0..O/..M-..V3..Y4..Z6...............gB.`8...vU...r.............]:..Y4..V3.._8..a9..tR"..................i?.yS..................~^2.a9.._8..g=..i>..{W#......................a..._)..............c3.i>..g=..nA..pB..rD........................q.wF..............uI..pB..nA..tD..wF..yG................S.{I..}J...l8.............yG..wF..tD..yG..|I...K...S...................................Z..~K..|I..yG..~J...L...M...Z...]...........................]...]...M...L..~J...L...N...O...Q...R...S...W...q-..r/..X...S...R...Q...P...N...L...N...O...Q...S...T...U...V...W...W...V...U...T...S...Q...O...N...O...P...R...T...U...V...W...X...X...W...W...U...T...R...P...O..................................................................(... ...@..... .........................O...K,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..K,..N...K,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..E*..YB#.F ..J,.

<<< skipped >>>

GET /installer/progress?section=bea&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:05 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=smre61vtk1rfcc8a09moc95vn2; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030657656588; expires=Sun, 21-Jan-2018 12:51:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003065; expires=Sun, 21-Jan-2018 12:51:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w14|WINZP|WINZP; path=/

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1

Cache-Control: max-age = 511667

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT

If-None-Match: "57ff143e-1d7"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: public, max-age=172800

Content-Type: application/ocsp-response

Date: Sat, 21 Jan 2017 12:51:35 GMT

Etag: "5882f020-1d7"

Expires: Sat, 28 Jan 2017 00:51:35 GMT

Last-Modified: Sat, 21 Jan 2017 05:22:40 GMT

Server: ECS (vie/F2D5)

X-Cache: HIT

Content-Length: 471

0..........0..... .....0......0...0.......>.i...G...&....cd ...20170120220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20170120220000Z....20170127220000Z0...*.H.............O../8(.#h!..1G.n.....t.d.L..WT...0J<.A.O.'...m}Ro..J......[.......E}..p.....q..V.q.J.|%pes@|L....j^%..==.P.|..p..=......`.w.........../A...[H,......!}... ,V..A..U.......T......f.............q...:.........m...U(....0.../..}...C......W.nt......e...7u<8.<..@LHTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=172800..Content-Type: application/ocsp-response..Date: Sat, 21 Jan 2017 12:51:35 GMT..Etag: "5882f020-1d7"..Expires: Sat, 28 Jan 2017 00:51:35 GMT..Last-Modified: Sat, 21 Jan 2017 05:22:40 GMT..Server: ECS (vie/F2D5)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0.......>.i...G...&....cd ...20170120220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20170120220000Z....20170127220000Z0...*.H.............O../8(.#h!..1G.n.....t.d.L..WT...0J<.A.O.'...m}Ro..J......[.......E}..p.....q..V.q.J.|%pes@|L....j^%..==.P.|..p..=......`.w.........../A...[H,......!}... ,V..A..U.......T......f.............q...:.........m...U(....0.../..}...C......W.nt......e...7u<8.<..@L....

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: public, max-age=172800

Content-Type: application/ocsp-response

Date: Sat, 21 Jan 2017 12:51:40 GMT

Etag: "58830594-1d7"

Expires: Sat, 28 Jan 2017 00:51:40 GMT

Last-Modified: Sat, 21 Jan 2017 06:54:12 GMT

Server: ECS (vie/F385)

X-Cache: HIT

Content-Length: 471

0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20170121062900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....20170121062900Z....20170128054400Z0...*.H.............S3i..T2n.....'m.UI U.........Q..#t..@U}/....dD....]...s.'.>..._i7.b.d.7..^.....{C...6... ...........r.... t. .nE `.y.r.' ..oR.t@L..^u...]8/ .lp....|6H...&.T...2,...{.....G...>....?X.8.e.<:FI\=.12)..S...7#.."..D.dm..-.|....$uh.. W..3.7....G........Y.._~.2..HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=172800..Content-Type: application/ocsp-response..Date: Sat, 21 Jan 2017 12:51:40 GMT..Etag: "58830594-1d7"..Expires: Sat, 28 Jan 2017 00:51:40 GMT..Last-Modified: Sat, 21 Jan 2017 06:54:12 GMT..Server: ECS (vie/F385)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20170121062900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....20170121062900Z....20170128054400Z0...*.H.............S3i..T2n.....'m.UI U.........Q..#t..@U}/....dD....]...s.'.>..._i7.b.d.7..^.....{C...6... ...........r.... t. .nE `.y.r.' ..oR.t@L..^u...]8/ .lp....|6H...&.T...2,...{.....G...>....?X.8.e.<:FI\=.12)..S...7#.."..D.dm..-.|....$uh.. W..3.7....G........Y.._~.2....

<<< skipped >>>

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1

Cache-Control: max-age = 564348

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: g.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.10.2

Content-Type: application/ocsp-response

Content-Length: 1377

content-transfer-encoding: binary

Cache-Control: max-age=420008, public, no-transform, must-revalidate

Last-Modified: Thu, 19 Jan 2017 09:30:28 GMT

Expires: Thu, 26 Jan 2017 09:30:28 GMT

Date: Sat, 21 Jan 2017 12:51:21 GMT

Connection: keep-alive

0..]......V0..R.. .....0.....C0..?0......V.T'S...q..."...zr.*..20170119093028Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U....... ...:.....20170119093028Z....20170126093028Z0...*.H.............&....~.o..h...qC.kZA...=y.......Y..`.t...}..p..kS.. ...W ...<)i.....(.tz....I.r..K$.....?...k..k.p..........c..J..|k..R.|......5[. .......I.?h.'.d...._(S.V...: ...2.....9...h.E'\ue..@.....>m ...z@.^..h.=Lf,.1.M^......#.Z.oW.C...T"....e.....<..^f..4.q..@d.....0...0...0..s............ ...y..^..g0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Global CA0...161208112535Z..171214112535Z02100...U...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H.............0...............S....!....,.t.?....d...M@.._.=.S..,."......Gdv._c..D1..N'E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9.Y....../.....;.......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi.....3.......F.6.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym........0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U...........0...U.......0.0"..U....0...0.1.0...U....TGV-OFF-570...*.H..............md.....yV{......y:5..@l#..5.......o..X....,r}......i..3..o.e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......a.....G..\.'*.b..>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b..K...PO47.J.....{.C\....G..0/.a.Eo.`z.<;IA... #.''.CG..K@7z..7.\_..'.]q.f._.WN....

<<< skipped >>>

GET /installer/progress?section=4.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:50:59 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=r5urr652irhgfuueb4timv7ft6; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030598270598; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003059; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w27|WINZN|WINZN; path=/

GET /css/min_general.css?1.00404.0 HTTP/1.1

Accept: text/css

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cookie: _wau=14850030613333128; _wal=1485003070; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; APPSESSID=w52|WINZQ|WINZQ

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:10 GMT

Server: Apache/2.4.7 (Ubuntu)

Expires: Sat, 21 Jan 2017 14:51:10 GMT

Cache-Control: max-age=7200, public

Pragma: cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wal=1485003070; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 18550

Connection: close

Content-Type: text/css;charset=UTF-8

...........}...H....\0.^H2_..*.......fv...p....J.J.S"[.\..../#_.|..R.={.`["3#_......veq...C...w.6..:....>O.2;.W....x..M......%..g......!.;%.g......B..&Y....T.}..C..>.'o....-o...a\.......,.......tHO_D....%...?'U1z.'.O#.l...i.....&K7..7o....K.....e.^..QQ...k..y;.P{..f.Zb?/...0..pJ/.........y...S ...T%....:.l.]..K...... ..:...o...N.....X......c.....o...f.C.K.[.....p.....p;...e^.>.v*.tX..a2L...0Y.......?...pU...:....~.....~..pM~W..zX..S>...&K..1....a.,I.<.O..a.,.t.J.* .......E5..iB....a..&.*[...1.F..L .|O.n.....*.....T....-.&..45wt..........?o..6=d....ZM.Q..S.v...<..OZg.*..#.F..wLt...].?).\g.2O..... ..$k......mV.Ot..Y.G.".......29$U..5"....|...s.X._*>.<.Tl..iv..n..P..&/...O....S..b.r .....:O.j..].d.S.B......x..{.."...}....>......}.j...S2 X.GL..t.)V..cq.`-. )..S..R.no......}".[:.w.l?z...... .<....&..;hb.eS..P.l.<SN...a......S...1..GG.@.'so.....YEV.w3........].V.Z... a..NW.Yt..tZ...i..%z.7b...%...,...LMz`.m.8.o....T_s.f./~f.*..='."!K.....j....@...t-.S..-..F.@l.Ar....c......f.d.?.]../....Z.P.@..3O[...iyZ.........g.......6Y...........v..G.#TIs.....>..Z....SV./V...,.:.$...G1>.}......O..b. .]..N;}.0 e.a..)$.l.. :..H...&....?..=4.g......N.8k........|.DzOQM`.7..Ou ...k..PPd_.........#_....$.qaX......P..?.>g.9.V..Es....V....Z...l.a:u.X4q0.....T...So.a.t.........;....X..&8......i..'..1......wIY.SJ.....:K....-...!-...C.bY.3z.<..~..~...`........,BN..O....g?.O.V.....7...|.&..l.....K...n..ts..N1.>.8. .( %.4..O,Qi.......Mc`...g`#y...]G.....?..q..$7."...:..M..P.X.L....|.qpH..p$sB...d

<<< skipped >>>

POST /web/log?evt=10042&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate, sdch

Connection: close

Content-Length: 271

Content-Type: application/x-www-form-urlencoded

Host: VVV.technologieyvonlheureux.com

..U..

.k.....i..........,w.E.....5 ...c}.@>...qQ..&.....#\>.....8DSC.........!............e....m.....u......a.r.....C.......&....o.&-....c......C.e..=e.U.k.\L.>.$H.

.ps...g.....e

...

(V.XS...E...;..u)D.9<.uc....6....}...3*...q..T...z.... U9.w......N?-.hM.$.o.=....K

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:00 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=a6jsbpipjeg5o7e89034vfr063; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030601187147; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003060; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=14,37,54,52,43,43,58,92,70,91; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w25|WINZN|WINZN; path=/

GET /web/log?evt=10004&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate, sdch

Connection: close

Host: VVV.technologieyvonlheureux.com

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:50:59 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=7us01iueoepkmikc0d3al38bb7; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030594483288; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003059; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=14,49,68,16,41,100,84,42,92,30; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w28|WINZN|WINZN; path=/

GET /installer/progress?section=1.0&getinstructions=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:50:54 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=thi714ru699bv8nvcea1271pv5; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030548460696; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003054; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w67|WINZM|WINZM; path=/

POST /installer/installedProgramsLogs?unique_id=26B7D8D8BD1EF7A71B43728E773D5682&affiliate_id=3673 HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Filename: nsn3665.tmp

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Content-Length: 459

Connection: Keep-Alive

Cache-Control: no-cache

7-Zip 9.20

Adobe Flash Player 23 ActiveX

Social2Search

Google Chrome

Mozilla Firefox 49.0.1 (x86 en-US)

Total Commander (Remove or Repair)

WinPcap 4.1.3

Wireshark 0.99.6a

Microsoft Visual C 2008 Redistributable - x86 9.0.30729.4148

Java(TM) 6 Update 18

Java Auto Updater

ActivePerl 5.16.2 Build 1602

Google Update Helper

Microsoft .NET Framework 4.5

Microsoft PowerPoint Viewer

Microsoft .NET Framework 4.5

Adobe Reader 9.3.4

VMware Tools

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:02 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=d0r8j7p39ku6lfoacf9can2p47; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030625169944; expires=Sun, 21-Jan-2018 12:51:02 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003062; expires=Sun, 21-Jan-2018 12:51:02 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:02 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:02 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w67|WINZO|WINZO; path=/

GET /css/webfonts/Lato-Black-webfont.eot? HTTP/1.1

Accept: */*

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Origin: hXXp://VVV.technologieyvonlheureux.com

Accept-Encoding: gzip, deflate

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:29 GMT

Server: Apache/2.4.7 (Ubuntu)

Last-Modified: Fri, 05 Feb 2016 20:20:05 GMT

ETag: "8832-52b0b93a91ea2"

Accept-Ranges: bytes

Content-Length: 34866

Connection: close

Content-Type: application/vnd.ms-fontobject

Set-Cookie: APPSESSID=w52|WINZV|WINZQ; path=/

Cache-control: private

2...`.............................LP....J`.@........... ....T.os....................L.a.t.o.....B.l.a.c.k...H.V.e.r.s.i.o.n. .1...0.1.0.;. .W.e.s.t.e.r.n. .c.h.a.r.a.c.t.e.r. .s.e.t.....L.a.t.o. .B.l.a.c.k.................FFTMZps2........GDEF.......(... OS/2...I...H...`cmap.R.i........cvt ...\...|...Ffpgm../........egasp.......,....glyf...2...8..x.head...........6hhea.1.#...@...$hmtx p ....d..."loca.u0`........maxp........... name7.O........ppostlO.....,....prep^..y... ...@.................8.'.....8. ...................................'.........3.......3........................@.`J........tyPL. . ...q.q...... ........%..... .....................................(. .....~............ . . . . " & / _ .!"......... ............ . . . . " & / _ .!".....................j.e.b.`.\.Y.Q."...a ................................................................................................................ !"#$%&'()* ,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a...................................cd.~..hf.i........e.....................b.....xy|}z{.................................................%.......=...............:...J. ...1.R.../.A.4.L.D.........#..........,...K.*PX.JvY..#?... X=YK.*PX}Y ......-.., ... -..,KRXE#Y!-..,i. .@PX!.@Y-..,.. X!#!zX...Y.KRXX...Y.#!.. X.FvYX...YYY.-..,.\Z-..,."..PX. .\\...Y-..,.$..PX.@.\\...Y-..,.. 9/-.., }.. X...Y ..%I# ..&J..PX.e.a ..PX8.!!Y...a ..RX8.!!YY.-..,.. X!...!Y-.., ... -.., /.. \X G#Faj X db8.!!Y.!Y-..,.. 9/ . G.Fa#. .#J..PX#..RX.@8.!Y.#..PX.@e8.!YY-..,.. X=..!!. ..

<<< skipped >>>

GET /dc.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: stats.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=2206a0d5d509001b||t=1476353233|et=730|cs=002213fd48e2d5669ef0404555; IDE=AHWqTUlcWb2mFPnBgaR7YetstmfkXAgGb1NF2XG87DnwqAsvzVoh0uw46Q

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload

Date: Sat, 21 Jan 2017 12:19:00 GMT

Expires: Sat, 21 Jan 2017 14:19:00 GMT

Last-Modified: Wed, 28 Sep 2016 20:19:01 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 15977

Age: 1948

Cache-Control: public, max-age=7200

...........}kW....w~........pk..f......Z.R..Y.C 8i.pi......b..}.>g..Kl...}4....d....O...-.....`~...E...]7..>..>....Pf.a.yU."HCC...i...T*..b.....'..Olf[.Y.[c6P/.....'n.m'..m.... !_XXll..&..(..E..V=/.u.X..%.w...i..rDoT.....?>z..1`.D...y...y7. \...5ZI...TA..........C...p3..A..x.k.q4.2...?L.k=.v....4.:sB[...l.w.o {.....?Nc....|..........q.........[.n..2..X~.......S.f.]h~....7:.n...m.C#6...........#....y...7.|..f.W.>..wS......)..Q....i......z......D.`...7N....y.C;....`1....x..p.tG.L..=..1r...M..2..)xa...{0!..5...^...7..."..........J8... ...5.O....l...r...|....R...P.0ok.8.Z.2....i|...S.y.od...~..k.>.....0vGr.mI.....0.&&yg.sf2......m.....G=0..B.6..u....A.h.A.0.V.:.-...j..L.....5.E.[...Q.{2imA......T........~. ...0*%.....>......hX...ga1./$......f.#..d,.|www5/XX...c5..D-.....p.h..8D.@./.X,.....&gTV..5..,.x..?.....(.>?6Sy.].`.]...'-"....-...........(.n.@_"p"`.*...T.1.$..t.....o?.."../.kX.)L.....-.....E1M.....@..T.F9.,HP........# ....d...-,.......-.j..BS....9...%.~Sug,...`."...4a..@.p]..yn.i(5.....U.r..$j..0{|.i.5........H}.......A=..&.Vq....4<..*7c.<b.....OQ8X...&..a/a.....aI.j.7.E.:cuV=.P.q..d.....X....#..@.T...q......U.T~.@.C......S.#....Q.....K......A.y._....z|..9...9.zM......%m........m).?4.Q...c.....PTDB&..7.-G....E.....E.7.t.V..G....._..!.....xt..}.......Ev..x..a.{...d.. .q./..OB|..6..{....a^.......@?.......o.....*T.;/Oa.......J..........I.)......J..#..A....FS.....t.H..h...W..|B.~..t.6..........t"<..z..||.......8..B9......x.a....m.V[.=...K!..\.....w."d...=>.B..(K...u.....~.".@b

<<< skipped >>>

GET /crls/secureca.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT

If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.geotrust.com

HTTP/1.1 200 OK

Server: Apache

ETag: "18bdbae022ea525c8083bb316812f738:1485001826"

Last-Modified: Sat, 21 Jan 2017 12:30:26 GMT

Date: Sat, 21 Jan 2017 12:51:16 GMT

Content-Length: 325

Connection: keep-alive

Content-Type: application/pkix-crl

0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..170121122300Z..170131122300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H............,..T...<...j]>`...z...8.V.j....2$.. ..j.m...^`.l.9.#.I..`h...Y .].r46.H...et[.......i2-.(...F.D...L....7.......#....Y..A..tT....HTTP/1.1 200 OK..Server: Apache..ETag: "18bdbae022ea525c8083bb316812f738:1485001826"..Last-Modified: Sat, 21 Jan 2017 12:30:26 GMT..Date: Sat, 21 Jan 2017 12:51:16 GMT..Content-Length: 325..Connection: keep-alive..Content-Type: application/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..170121122300Z..170131122300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H............,..T...<...j]>`...z...8.V.j....2$.. ..j.m...^`.l.9.#.I..`h...Y .].r46.H...et[.......i2-.(...F.D...L....7.......#....Y..A..tT......

GET /index.php?firstrun=1&lp=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cookie: _wau=14850030613333128; _wal=1485003062; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20

HTTP/1.1 302 Found

Date: Sat, 21 Jan 2017 12:51:09 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wal=1485003069; expires=Sun, 21-Jan-2018 12:51:09 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:09 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Location: /signup?aid=3673&inline=0&afr=0

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w52|WINZQ|WINZQ; path=/

GET /css/min_bootstrap3_social2search.css?1.00404.0 HTTP/1.1

Accept: text/css

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:10 GMT

Server: Apache/2.4.7 (Ubuntu)

Expires: Sat, 21 Jan 2017 14:51:11 GMT

Cache-Control: max-age=7200, public

Pragma: cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wal=1485003071; expires=Sun, 21-Jan-2018 12:51:11 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:11 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 18546

Connection: close

Content-Type: text/css;charset=UTF-8

...........}k..8r._.{bb......T.S..v....O....>.%R%.P..........H$.$....E.;<[...Df..$..}{(/...Nv..(.=6...4y]..&_..oE;i....)..O.....}L.......k..*.v9..Kq|..i...2..M...,o..l...e....:.?.u>.UU...}.f..^..|....8>.....~.7.V.h.....% .S.~{.....kz..j.M...f|...:o..g.ke .cY...h..9....$-....&mr^ .=..../[...*.O...cu...y..o..~..Y..?...........M......M.UY..m.8|J...^.....3c...b.\.s.I.l.l._..-.O.MU3.L6U.V....u..?....7.......I.*....(...[.?.-....O.X..*?..'....8..WV..ER.C..O....v.....Ri.h..........T5...c.36.1.....O...mA.sLmuz.D.F..}Q..DS^R.^.7..../BJ.5S.....]Y}y.".J..#N.x....u__..Z.7.WNiq|y..g..EL..........h.I.mu.VL...dL%.q..N.t;T..i.6..........1.8...s;.N...._l2...d....&.35....>IY._..%.s...2.=H..1...... .XA..b1....~;.?..OcP..\.:%L....t..NO.<e....l..=..#.T.......6.RF]..vk./.Q...s....(D....fR..l!.....).2.<..Z....*..q -.`4.}......t...;B..f......RC!..x>l......L.f.....jJ.../....BU.....{rL..!O..p...y...X.e.d....`C..|[.)_.(...-:g.k."...f.-...V..Oz.....Zg.R.Te....d..Z./.1....Twu...[.[..z......MI....Q.qm.q..._.|.."..j6...8~..l:...t.4.,..P.NU....IZ.}.1.8[@....~..GOh...k..._..E.....#.1..U.e_..Of.B........m[....F.>...3.-...@..~~..;.?6E.M.fb[.'..C....c.....m^..V..^..<~a;.&...d.....sUd..ou.vA.{"w?......^......C.u......y......x?.T.i...8{b`....UV..bX..2.........m....D....m.R..(.........3.>.4....&/..1.k.L.O.!..9bSA...._x<...{..&c.(#(...`..Y..m.......v..Le......i.K..SSo..u.>.....?....^.M...\.u.....M...E. .~.q3......-`..lR............T........mA..>.7..v{?X..2...bg.?}.F.....-&...y,. ?...[.'.|....."..:.v..]..U.iN.6

<<< skipped >>>

GET /imgs/app/social2search/login-bg-img.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: main-social2search.netdna-ssl.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:28 GMT

Content-Type: image/png

Content-Length: 2520039

Connection: keep-alive

Last-Modified: Mon, 09 May 2016 20:48:51 GMT

ETag: "2673e7-5326eef9963af"

Server: NetDNA-cache/2.2

X-Cache: HIT

Accept-Ranges: bytes

.PNG........IHDR.......\...... ......gAMA......a...@.IDATx...k.%.....Wuk$..B.&..L.}..`...0h..k...V.[u.? .w..........{.................Wo.....W.^.~....7o_...|x.._..z..]>...W...........o.^..O^o..........>||....W.....u......7o;............W......z..[.............^........;K....W..|{....Wo..../....O.^}..Y.....~d..O.~{......[....7s..M.{..}0..........2.........?|..............t.f.........b.<6............Wor].7.a...H{...^C....). .....W_.|m...~.R:.. ..V.....s_.}....y...Q....?!>}..d*..L...}E.7.........L......._;~...u......7s|..........g:....X........n..G...]|...L.."K.|yl....G.~..7.....:....,.|..........>..7..c?F...7......h......Gx............M....C.-..>...z. ....|..%x.[.h...E..~..g.q|.......]........1.E........B....../?.......>T........Q.L....g~dN.Py[..70....o.../.._...&..8.^.........i.3}..~.~........9..;...}~.C.26}.g.<.......sb.Y...m./.......g.i.T.....~.........,.^........Q...#...G..en..g.{~..]..a.:......J.O...x......t.........9..5..>4.........X.....s...9......m...GO_C..~...z.%nW..$......?../O.k...g...............=...o..0.....}.N.._....I<{...o.&7......M.a.C........*....O..-.)v%......7..]0..>=..&=6...8,..&c[.N.....l.?{p.....J.......C9@%s...V..o..&Zp...:.'&..En.:c../<D...I.l.|...~......ZG<....7.....k..y.'X..k.7.c...5}.\..g...>..<..O..~1.z.....W..'..Oq.....=...?se0a[.w.S.c#.c.x....;.....k>..,w-~....7..Wc.9b...fS.%*......6y...;..~GQ.E...K.j..N..\..;.%..K.._.....9.......zr<.a.6..~...R93.x:....vv!...dk.9(.$w..{...LP....}.X.g...<~...x.F.7~...!.....ozh.H=..W..g._<....z.%

<<< skipped >>>

GET /installer/progress?section=5.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:00 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=an73sauqrupip1sddmdq5rust3; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030604057344; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003060; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:00 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w7|WINZN|WINZN; path=/

GET /GIAG2.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: pki.google.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Date: Sat, 21 Jan 2017 12:03:15 GMT

Expires: Sat, 21 Jan 2017 13:03:15 GMT

Last-Modified: Sat, 21 Jan 2017 02:15:00 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 541

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 2896

0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170121010002Z..170131010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......r0...*.H.............n...G~Tc....?...R.][..}.$.V...!.B-.6M^>9..fx.e.....}.....,E1G.-.r....w......O......h.UenC...%N...d.2....q.O...."v%.<..}M*...3...Z.L.....3.u....... .._.,{c..n...C.E$...o...5..1%...d...H.....z....<..:.Bj.%.....V..Mt..Bh'.}./`....G.s.3S.s.`D..-b..rR>>\-..q.A.HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Date: Sat, 21 Jan 2017 12:03:15 GMT..Expires: Sat, 21 Jan 2017 13:03:15 GMT..Last-Modified: Sat, 21 Jan 2017 02:15:00 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 541..X-XSS-Protection: 1; mode=block..Cache-Control: public, max-age=3600..Age: 2896..0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170121010002Z..170131010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......r0...*.H.............n...G~Tc....?...R.][..}.$.V...!.B-.6M^>9..fx.e.....}.....,E1G.-.r....w......O......h.UenC...%N...d.2....q.O...."v%.<..}M*...3...Z.L.....3.u....... .._.,{c..n...C.E$...o...5..1%...d...H.....z....<..:.Bj.%.....V..Mt..Bh'.}./`....G.s.3S.s.`D..-b..rR>>\-..q.A...

<<< skipped >>>

POST /installer/downloadsLog?unique_id=26B7D8D8BD1EF7A71B43728E773D5682&affiliate_id=3673 HTTP/1.1

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.technologieyvonlheureux.com

Content-Length: 0

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:01 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=7odome3noebnaapfh35q16t6e5; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030613333128; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003061; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:01 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w25|WINZO|WINZO; path=/

GET /widgets.js?1.00404.0 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: platform.twitter.com

Connection: Keep-Alive

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1

Cache-Control: max-age = 511667

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT

If-None-Match: "57ff143e-1d7"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: public, max-age=172800

Content-Type: application/ocsp-response

Date: Sat, 21 Jan 2017 12:51:35 GMT

Etag: "5882f020-1d7"

Expires: Sat, 28 Jan 2017 00:51:35 GMT

Last-Modified: Sat, 21 Jan 2017 05:22:40 GMT

Server: ECS (vie/F2D5)

X-Cache: HIT

Content-Length: 471

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: public, max-age=172800

Content-Type: application/ocsp-response

Date: Sat, 21 Jan 2017 12:51:40 GMT

Etag: "58830594-1d7"

Expires: Sat, 28 Jan 2017 00:51:40 GMT

Last-Modified: Sat, 21 Jan 2017 06:54:12 GMT

Server: ECS (vie/F385)

X-Cache: HIT

Content-Length: 471

<<< skipped >>>

GET /web/log?evt=10002&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:07 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=20efu0v05fe9tam6i0r5db4qr0; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030672534860; expires=Sun, 21-Jan-2018 12:51:07 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003067; expires=Sun, 21-Jan-2018 12:51:07 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:07 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:07 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w28|WINZP|WINZP; path=/

GET /js/min_fancybox.js?1.00404.0 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:10 GMT

Server: Apache/2.4.7 (Ubuntu)

Expires: Sat, 21 Jan 2017 14:51:10 GMT

Cache-Control: max-age=7200, public

Pragma: cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wal=1485003070; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 8131

Connection: close

Content-Type: application/javascript

...........=ks........1.!...I.....(....%.(..q. ..)H @..d...t..~.u..... ...%.Z..LOwOOO.f.mo...9.q...dh'~8#.]..i..4]...,.......vb..$..>...m......8I...g..,. %~HX?q..=..?...v].%.P...]..F$.N....A./.O........q<<.8&....x.....~.{..B.D....2t.'2.3.%{....g..:....?;K...7..t.'..(.y..........~z... .4!..x.........I...%.J@Hd.x(....L...^.Q<Otr.hI...h..y..S....N...G.^..S.."..}.\zf.tB.(.. *.(t}*%:h..f5g..X..D.........*..'.%v...Q."...OH......I.n.. ...?.b....%.B...t.....@...#. |zn.,.^..b............v.P....2.....u..|:..B{.!K..%,j.l.].g.!...(^.......{.....Y.....#L,.t..>...B..D.M. \p.C..sP.`.......L..Df...hL....?........~...w..g..................hL......|4.99>...?........x.?.....A..............h8..h..w.;....@B............tJx}..vD.qx4..-......3%.nt......>9.....'{.#rxrtx...g.;.......]....d..p...?....&b.&|.i.x.3(.vg...w.....wwt4.........X....p8...E>.y....}.9...............T.......h..Y..7>.....O......v......F...G....R.@..O.....t....xD.7...ztrx<:..`.?....>......>.......}F.(...:..a..G(_*.>.c.....`@..y,..2.?|.7z?......1}....,..8|.h...>.=..GUA.@.%].....;...i$...@%.#.>T...\..#.6..Z.MR.8.8.;AR..:...Qg.0..o..%.9.tf..*...6.$.2....<......y.&.qJ,R....Z6..lZW-.....3........2.qi......7.t.:.....N..."p......../N..J....l..@..X.a..5...r......Q..=....l.i.r...4.DB...8,-..<j...J.F....S.R4m@..t5".lon...9..&h...Z. ..Qe....w.*.*.<...Zi.mu.......!.....aD.... ..V$N...;T...PWHQ6..r....a...:..(..B...HH.bz.........}......ui.........A...C...}?..k..Y....g..RV._..S.gz...1o..;...."z.rXo...m2!f>.Et.n...A.8..R&..x

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Wed, 18 Jan 2017 00:50:45 GMT

Expires: Sun, 22 Jan 2017 00:50:45 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 302450

0..........0..... .....0......0...0......J......h.v....b..Z./..20170117130230Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..:.M.Du......20170117130230Z....20170124130230Z0...*.H.............u6....0.I..1dJ.^.D.$... ../...`.A.vg^......R..........X.cV.3.........w.o...7....!....G.F...%X.I.._.X.}...]_...>.......R.v(.K....... T..z...;A.H.....=...7k.-.O.9 ...O........J.M..LP]:.".D...`g.=...F.E...P...U..C..b.N......u.t..]2.....V..V..l..p.C...<.y..r.OHTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Wed, 18 Jan 2017 00:50:45 GMT..Expires: Sun, 22 Jan 2017 00:50:45 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 302450..0..........0..... .....0......0...0......J......h.v....b..Z./..20170117130230Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..:.M.Du......20170117130230Z....20170124130230Z0...*.H.............u6....0.I..1dJ.^.D.$... ../...`.A.vg^......R..........X.cV.3.........w.o...7....!....G.F...%X.I.._.X.}...]_...>.......R.v(.K....... T..z...;A.H.....=...7k.-.O.9 ...O........J.M..LP]:.".D...`g.=...F.E...P...U..C..b.N......u.t..]2.....V..V..l..p.C...<.y..r.O..

GET /installer/progress?section=3.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:50:55 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=ce89gj6giu72vo21jlpf7i3u12; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030556520365; expires=Sun, 21-Jan-2018 12:50:55 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003055; expires=Sun, 21-Jan-2018 12:50:55 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:55 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:50:55 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w14|WINZM|WINZM; path=/

GET /installer/progress?section=beb&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:06 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=tkv2ojasf5mbn0lrobnsenmor5; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030666690921; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003066; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w26|WINZP|WINZP; path=/

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1

Cache-Control: max-age = 564348

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: g.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.10.2

Content-Type: application/ocsp-response

Content-Length: 1377

content-transfer-encoding: binary

Cache-Control: max-age=420008, public, no-transform, must-revalidate

Last-Modified: Thu, 19 Jan 2017 09:30:28 GMT

Expires: Thu, 26 Jan 2017 09:30:28 GMT

Date: Sat, 21 Jan 2017 12:51:21 GMT

Connection: keep-alive

<<< skipped >>>

GET /index.php?firstrun=1&bg=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 302 Found

Date: Sat, 21 Jan 2017 12:51:03 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=msttqud8ucmpejdke0q2uvi8t7; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030633608937; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003063; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Location: /signup?aid=3673&inline=0&afr=0

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w25|WINZO|WINZO; path=/

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDuvO9j30/BC HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Thu, 19 Jan 2017 12:13:39 GMT

Expires: Mon, 23 Jan 2017 12:13:39 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 175067

0..........0..... .....0......0...0......J......h.v....b..Z./..20170119070749Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..;.;....B....20170119070749Z....20170126070749Z0...*.H.............Q...Jg.e..N]1.=....Z...u..K...loZ...{.....T. .o....B.0.....F.}.....x.%>l&.l...N...JM...aOa%l6..B....e.R...<u.`Y...0.&i.Pk3._S[w.........-Y.V....v..8..S%...I\..^.......o./1g,...'"....,.,.....|..uk5..Z......N>d. ..NA.{..4z..M..N8j...$nM......>s7...v...|?{.lkHTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Thu, 19 Jan 2017 12:13:39 GMT..Expires: Mon, 23 Jan 2017 12:13:39 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 175067..0..........0..... .....0......0...0......J......h.v....b..Z./..20170119070749Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..;.;....B....20170119070749Z....20170126070749Z0...*.H.............Q...Jg.e..N]1.=....Z...u..K...loZ...{.....T. .o....B.0.....F.}.....x.%>l&.l...N...JM...aOa%l6..B....e.R...<u.`Y...0.&i.Pk3._S[w.........-Y.V....v..8..S%...I\..^.......o./1g,...'"....,.,.....|..uk5..Z......N>d. ..NA.{..4z..M..N8j...$nM......>s7...v...|?{.lk....

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Wed, 18 Jan 2017 00:50:45 GMT

Expires: Sun, 22 Jan 2017 00:50:45 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 302450

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Wed, 18 Jan 2017 00:50:45 GMT

Expires: Sun, 22 Jan 2017 00:50:45 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 302450

GET /web/log?evt=10008&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2=&brw=IE&brw_v=9.0.8112.16421&brw_bitness=32&metro=0 HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate, sdch

Connection: close

Host: VVV.technologieyvonlheureux.com

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:09 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=0a8dkbin6tqa917kdirj24omb0; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030692571377; expires=Sun, 21-Jan-2018 12:51:09 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003069; expires=Sun, 21-Jan-2018 12:51:09 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:09 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=14,100,57,100,94,64,62,24,79,93; expires=Sun, 21-Jan-2018 12:51:09 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w51|WINZQ|WINZQ; path=/

GET /js/min_signup_page.js?1.00404.0 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:10 GMT

Server: Apache/2.4.7 (Ubuntu)

Expires: Sat, 21 Jan 2017 14:51:10 GMT

Cache-Control: max-age=7200, public

Pragma: cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wal=1485003070; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 333

Connection: close

Content-Type: application/javascript

.............j.1...-......%ji.T.....>..8...&K2Q...M6...^y....d2...._.......r......h.g_.w..g.R*X..YH....X.-.bH;$..[f.P...;X.kk.....6j..(.V*. N.c..r... ..H..c...XZ.s`E.... `..]J../."cS....C..v.....<.Rc#.....i.?..O..;gBO.....!._..2,.....J...'V.u..W..\<.6.E..........5..>.E...0 .>.;;u.....l.....};>....~5. ..g6...7_q..O...9.\1..o....o.....

GET /installer/logging?evt=1&pge=0&pr=0&ar=0&dr=0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:50:54 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=310r5079bco3bqo9kk8r50g946; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030541345466; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003054; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w16|WINZM|WINZM; path=/

POST /installer/urlsLog?unique_id=26B7D8D8BD1EF7A71B43728E773D5682&affiliate_id=3673&br=iexplore HTTP/1.1

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.technologieyvonlheureux.com

Content-Length: 406

Cache-Control: no-cache

Cookie: PHPSESSID=7odome3noebnaapfh35q16t6e5; _wau=14850030613333128; _wal=1485003061; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; APPSESSID=w25|WINZO|WINZO

hXXp://go.microsoft.com/fwlink/?LinkId=129791

hXXp://go.microsoft.com/fwlink/?LinkId=129792

hXXp://go.microsoft.com/fwlink/?LinkId=121315

hXXps://ieonline.microsoft.com/#ieslice

hXXps://VVV.mozilla.org/en-US/about/

hXXps://VVV.mozilla.org/en-US/contribute/

hXXps://VVV.mozilla.org/en-US/firefox/customize/

hXXps://VVV.mozilla.org/en-US/firefox/help/

hXXps://VVV.mozilla.org/en-US/firefox/central/

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:02 GMT

Server: Apache/2.4.7 (Ubuntu)

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wal=1485003062; expires=Sun, 21-Jan-2018 12:51:02 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:02 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:02 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

GET /ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00404.0 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ajax.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Date: Fri, 20 Jan 2017 18:31:00 GMT

Expires: Sat, 20 Jan 2018 18:31:00 GMT

Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 90001

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000

Age: 66010

......n.....{s.F.8.7.)Z\..D.)9.{v.(......_..9.\...$."b...@Q...~k.{fz..a......[...W.LOOwO?._...W...Y.b.?<..._.g.>....'.b]........E...w....m... .V.b8...?..2.... ...*.M........J..2KT..T.... /..o^....L....ze_..........(.O.q..Jz.....W..`...U.g..E8.$.T.!|<8..`Q...U.,..t.W.fy.......i.i.y6[C.."....Fj./K. .?..A..e.f.`. u.8Kt.$.z.....*.$_.f.]5U....2...........t..~....hp;...Ev~p.pp.W.......R.:...Y7:8.|P.'y...B...wC8.Kt.......|....gC..O..y....'.9.........u..._.....g..........`..Q............w..~1....?.>{....!..........G......?....}?.3....'..<..Cl.......5.~..............k.|....@.H`.t:.~x.......>...)..OO.=y......T~~._..>._..W..._...?.x.......?..o......?..p.W.....<{O.......o..5...........!.%...............C........`O...._=}..[._.v.....t.f..4 ......................Q.G\U.....|.,.....t..;......&....P..*.P)\\\@7[.G.....N..Oa_...;.......P.H^.Y=......s./.f..Q@.B.2..M....L.o....lf.s.{..}........RZ.~.X.....A\\/.*.Jlp.W....l.&.TV.5....d.=..08...|U..?/S...@0..*...].fq...p.. UV..3......Tw...P.]0.Ge>[VjG]\....t.... .O.Y...R......vg.....*.p.........D......../......,.Q.d..t...e'....8$oi_.Op.?.A.J.e.._;.....n.....r(g.......#8..|.8........<..u .?}.#.....^\..f.f.0.R.nd;.s...&..}..pD..... ..L3..x.T.V.i:S@'.......v.P3oK*..x~...._NR.,...5.P*..c..VS%...b..F....p..;..........7i^@>!...-...L.J.....,M/...G5....x...%.....Q..........^%..N......|.......jBnN|W.._d.BK.bf..b...,..z.3..i.Y^A.P.t.2..E^MUa..[C.eUh..T[)^.\.q\*...* ..%)a.VS.3P..ML ..|....o....j=S.]..!....w.m-..A......u|...(..........{v...u....W...t...8{*.5^....R

<<< skipped >>>

POST /web/log?evt=10035&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate, sdch

Connection: close

Content-Length: 433

Content-Type: application/x-www-form-urlencoded

Host: VVV.technologieyvonlheureux.com

"Chrome"

"Chrome Media Router"

"Chrome Web Store Payments"

"Gmail"

"Google Docs"

"Google Docs Offline"

"Google Drive"

"YouTube

]

"Firefox"

"Default"

"Multi-process staged rollout"

"Pocket"

"Web Compat

]

"IE"

"Adobe PDF Link Helper"

"Java(tm) Plug-In 2 SSV Helper

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:50:59 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=sft3vk369tiqsl8a4gu00gcqj0; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030596538764; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003059; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=14,88,4,94,2,50,9,12,40,90; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w6|WINZN|WINZN; path=/

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1

Cache-Control: max-age = 511667

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT

If-None-Match: "57ff143e-1d7"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: public, max-age=172800

Content-Type: application/ocsp-response

Date: Sat, 21 Jan 2017 12:51:35 GMT

Etag: "5882f020-1d7"

Expires: Sat, 28 Jan 2017 00:51:35 GMT

Last-Modified: Sat, 21 Jan 2017 05:22:40 GMT

Server: ECS (vie/F2D5)

X-Cache: HIT

Content-Length: 471

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: public, max-age=172800

Content-Type: application/ocsp-response

Date: Sat, 21 Jan 2017 12:51:40 GMT

Etag: "58830594-1d7"

Expires: Sat, 28 Jan 2017 00:51:40 GMT

Last-Modified: Sat, 21 Jan 2017 06:54:12 GMT

Server: ECS (vie/F385)

X-Cache: HIT

Content-Length: 471

<<< skipped >>>

GET /installer/progress?section=2.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:50:54 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=g5b5rs96cgr403fc44g9tuguj5; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030546145644; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003054; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:50:54 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w16|WINZM|WINZM; path=/

GET /installer/getTimestamp HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:50:51 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=3u6vv4f89q8m7a96iua1qj02k0; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030517529299; expires=Sun, 21-Jan-2018 12:50:51 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003051; expires=Sun, 21-Jan-2018 12:50:51 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=0,2,43,9,31,67,3,98,22,15; expires=Sun, 21-Jan-2018 12:50:51 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 10

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w9|WINZL|WINZL; path=/

1485003051..

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDuvO9j30/BC HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Thu, 19 Jan 2017 12:13:39 GMT

Expires: Mon, 23 Jan 2017 12:13:39 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 175067

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Wed, 18 Jan 2017 00:50:45 GMT

Expires: Sun, 22 Jan 2017 00:50:45 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 302450

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Wed, 18 Jan 2017 00:50:45 GMT

Expires: Sun, 22 Jan 2017 00:50:45 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 302450

GET /installer/progress?section=8.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:03 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=dmij8npqi7p2tirs1kfk120rf5; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030631794606; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003063; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w52|WINZO|WINZO; path=/

GET /web/log?evt=10001&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:50:52 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=r3p8qpb3i1qav4h4bqfe2vusm2; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030523505971; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003052; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w15|WINZL|WINZL; path=/

GET /css/min_signup.css?1.00404.0 HTTP/1.1

Accept: text/css

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:10 GMT

Server: Apache/2.4.7 (Ubuntu)

Expires: Sat, 21 Jan 2017 14:51:10 GMT

Cache-Control: max-age=7200, public

Pragma: cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wal=1485003070; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 616

Connection: close

Content-Type: text/css;charset=UTF-8

...........T...0...TQ.D...B......o..d`.w.m..a....Kv...iT^.{|f.93.Y.jR."..........#...&F.K.XES#a..`.......$.../..L(DU..._.G....o-g.. !Q..u..%.*..)..15.......:..B.Q.b...V..8....H.KF1"....dcv.?!S...M.8/T.Y..'.1. .. YD2....L..P.b.H. ..C....d`.B..a/J`[.&.... .D....w....-.....vY..&.....E4........."...Z.]h..4...".....9. .(..DPk...@.(..z...2......q.....w.f.iC....u..P..k.]S&..@.....KD.!A....V.yOe..r0.ct.qx=...v.9#.[r.......Y...8:..9....*.$.........s'...n.HG........\AA....Xs....I..)......3*...X....G.]{....v.F.Y...}....{.........M..N....,P:W.Y.^....r...b....6..#..k.}........)....,Y..R.......}...j.......<.G[..i...^........

GET /crls/secureca.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT

If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.geotrust.com

HTTP/1.1 200 OK

Server: Apache

ETag: "18bdbae022ea525c8083bb316812f738:1485001826"

Last-Modified: Sat, 21 Jan 2017 12:30:26 GMT

Date: Sat, 21 Jan 2017 12:51:16 GMT

Content-Length: 325

Connection: keep-alive

Content-Type: application/pkix-crl

GET /signup?aid=3673&inline=0&afr=0 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cookie: _wau=14850030613333128; _wal=1485003069; not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; _waab=47,34,40,86,8,4,83,63,59,20; PHPSESSID=4bvh4npophfdvhfm1nqmer7g42; APPSESSID=w52|WINZQ|WINZQ

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:10 GMT

Server: Apache/2.4.7 (Ubuntu)

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wal=1485003070; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 2014

Connection: close

Content-Type: text/html; charset=utf-8

...........X{o.8......X..v..d'..Im.m.Evs..$..^...D.L(R%)........W.l.....9..{8....?On?_.....p.o..<c\.....q..f.`.........pnh<Gt...t"....\...'...0O.....%I.|....m....w.3..p.......'_.:.x'.k...[..C.{.x..uhDy......A.........."h.\...$.p.DJI9..MH!I1.".y...T32....l..`.M.6..N..3.c....!..$.......g..4k b..p%..lLT$i... .g|.yD.gQHT...s")1...z...*.V...-.........<F).....,_.. ...H............#_..N....n.........K.....j...4fl...B....Z>....S...]......1ni,.8...b....qD.B<.$[((..W.i... ..b.vF.vV. .S..}.Q...t2.A..d.n.....b!....|....=. ..?].\..........S.._.}....G......../...r|.[>..'G...b.?.rl....:*4...u...,U.r~P..a...$........f8%..wGm.X.e. H...T....T...#..%8.....HIg.......N..>..9.t.JH]2.&....-5... .?s....P.k..V\{...l]..n=.)v.F....-..d.).)4@M.a..."r..#Q..p~uo.Dh..o .H....Q!....YX.i..._....l......... -.........#%.E...x.iL..2:V.....2....c.Q.2.....A. .x.%..f[P`....V.~A_.u...b..zF.&.....<.......:..p"1...g..M....(.t|...n.r,.Oc......JIx\.20I..5U... ........:.R...^.na.......Mo.%.p<..)..... ...b.].....2.k.Y.p......T.........F.4..<_.........:....sy.~.......*yt..>.^d...[<..xwo....XD.\.z7..........v..........k.4fp..Y...p.c..k......{k....1.vz.7....n...w..v..'.B...]-E.....y2.v~uE.BO..]..$l...e.....n.Z....;z_....S..8.F...0J..0.......y..BMZw..L...H.\7......w.wxt.......6.S..*..Z&sb."...S....K.K"..1..:(2.....)%.....a{Kc.... ........j:.4w..Y`.cn...5.&6._^....A..J....&..0.;. ..4D..w.Y.AMt.^.....l....Q..b.H.h..p..8..a....Z..n.J........R....[...K .C..b.....@..V..HY.}.m...N?t3f.,..E. .r.....8B\hh..........9..y.nQ..~L..../..

<<< skipped >>>

GET /css?family=Signika:400,300,600,700 HTTP/1.1

Accept: text/css

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: fonts.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Expires: Sat, 21 Jan 2017 12:51:28 GMT

Date: Sat, 21 Jan 2017 12:51:28 GMT

Cache-Control: private, max-age=86400

Content-Encoding: gzip

Transfer-Encoding: chunked

Server: ESF

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

12e..............Mo.@.....bo`R.Z...5.6...=....,..5..........p i....l....i.'!..x...U.1i. x1.........A..h.B...P.#n..Y.z,..@h..x.a..&...(r"F._.I.v..3.y.L..JLb..R9..j.6..9.u}..G=T......r4...z.E..v.<.h...c...(t.0^..G._.)......"\......5Y..G?..3.d{.........y(...\.Y.#<9.fj&.....u.e.?......qZ.Tm*....[.)Y...@.........a.....-..y.....0..

GET /GIAG2.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: pki.google.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Date: Sat, 21 Jan 2017 12:11:47 GMT

Expires: Sat, 21 Jan 2017 13:11:47 GMT

Last-Modified: Sat, 21 Jan 2017 02:15:00 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 541

X-XSS-Protection: 1; mode=block

Age: 2384

Cache-Control: public, max-age=3600

0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170121010002Z..170131010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......r0...*.H.............n...G~Tc....?...R.][..}.$.V...!.B-.6M^>9..fx.e.....}.....,E1G.-.r....w......O......h.UenC...%N...d.2....q.O...."v%.<..}M*...3...Z.L.....3.u....... .._.,{c..n...C.E$...o...5..1%...d...H.....z....<..:.Bj.%.....V..Mt..Bh'.}./`....G.s.3S.s.`D..-b..rR>>\-..q.A.HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Date: Sat, 21 Jan 2017 12:11:47 GMT..Expires: Sat, 21 Jan 2017 13:11:47 GMT..Last-Modified: Sat, 21 Jan 2017 02:15:00 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 541..X-XSS-Protection: 1; mode=block..Age: 2384..Cache-Control: public, max-age=3600..0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170121010002Z..170131010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......r0...*.H.............n...G~Tc....?...R.][..}.$.V...!.B-.6M^>9..fx.e.....}.....,E1G.-.r....w......O......h.UenC...%N...d.2....q.O...."v%.<..}M*...3...Z.L.....3.u....... .._.,{c..n...C.E$...o...5..1%...d...H.....z....<..:.Bj.%.....V..Mt..Bh'.}./`....G.s.3S.s.`D..-b..rR>>\-..q.A...

<<< skipped >>>

GET /webenhancer/injections?v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate, sdch

Connection: close

Host: VVV.technologieyvonlheureux.com

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:50:59 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=dk2p1905rhcvlk855vg53o3r13; path=/; domain=.technologieyvonlheureux.com

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Cache-Control: no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030598033220; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003059; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=14,59,4,50,44,98,47,64,31,62; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Connection: close

Transfer-Encoding: chunked

Content-Type: application/octet-stream

Set-Cookie: APPSESSID=w1|WINZN|WINZN; path=/

68b6......:`x....do(.V.-..D4c.(....|.t./...o[....J@f...X.B.2*.e.H.%...$.Z.o...A.E...^....dX.$..sMO.....'.........%....K_1.}..$Y.4...*v..RR .>H..V....~...h2..9.K.. @. -e....L...B...D.m..]w'......2..xK=j."V......9.4.T.d"..tL...s.....#v.....P.D.......$j....P.U....4b.#..t..7.....-Z......\...Q.......u)....>N.....t|.{f.GK..................b..r..Q~....z....f..%.....W..}...X...l-k...B..}........T6...P.YD....F:.{.,. S..)vR..HM.7l.;<...Zp.E.O.8Y.6..%c...Z.......2.L.^...].*..*. .e.~&r.......bf[....W~.`.@....k...g.....X....Q.....[5...........},\...H.....V...I8Y.....A..."P'?7..... .....0......`.v.... r........9.q$KS>.].24.)e.?.g.U.....E...C^..=.......H.........)`.7......E}...c.i...~......n..@-G............itd.y...`.......c.C.-o)...x....9......[..6.t.ut.z.S....w...s.u'Y.U.).r..lj. |.........W S..Q..ve~."E. Q..8Ugcs........FN"...........?e.g..@O....d..3......5:C..P.iB*-...3.-E.L..q...q.....9.g.!L<j.......c....E~...<J.S.....M....PN...~F^,.BU.s...&.......*br..9...,.^......J.....\.v..."...b3..Tvd\.......y..5..'..6..(...M....2.2....%.].j..X.gIK..UF.........B8.r.7.D.a..|C....Ql.>..pl.b.....'].E..D.F. ..hR..vtR.t..F5....T...).*%.Y.-X.....=...[.....?....n>.0.......Le".q.....n.l>=..I... a.. .@.. .d....=&.q.$q.{C...K....<y...._o.N.......:....~ ..4K...N.S.b.].b....O..n...;.I..y..{.?.(&..D7...9W...4.......!...F...Fa....L......BPU?1.0.,/%J&9C..[.....G....dn.,.K...R!..;..!...4G ,.S........K....p...l..-..L..6Y.........`=.K....q..g.........BC<........A$.K...Z.pC.....#.....9.fW.C......m....u.\.,F.o ...H...g8.

<<< skipped >>>

GET /webenhancer/update?v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2=&retry_count=0&retry_version=&sc=1&scfr=&ie_status=-2&ch_status=-2&ff_status=-2&avs=0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0 HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate, sdch

Connection: close

Host: VVV.technologieyvonlheureux.com

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:03 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=7aah49kd5ss76mbrpqq2gvff27; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030638694841; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003063; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=14,98,74,5,68,74,8,86,53,86; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 99

Connection: close

Content-Type: application/octet-stream

Set-Cookie: APPSESSID=w14|WINZO|WINZO; path=/

....n*..o.a........(.H..../..yf|.5..{amYp.d...r.*...7..c.......m.I.....F{m.3........g....[.A}.P%D.w..

GET /installer/finish?v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:06 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=1bun2kinlgjrtcmgk44bbgkgd0; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030668365967; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003066; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:06 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w29|WINZP|WINZP; path=/

GET /css/webfonts/F37F5_0.eot? HTTP/1.1

Accept: */*

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Origin: hXXp://VVV.technologieyvonlheureux.com

Accept-Encoding: gzip, deflate

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:29 GMT

Server: Apache/2.4.7 (Ubuntu)

Last-Modified: Fri, 05 Feb 2016 20:20:05 GMT

ETag: "1025c-52b0b93a90f02"

Accept-Ranges: bytes

Content-Length: 66140

Connection: close

Content-Type: application/vnd.ms-fontobject

Set-Cookie: APPSESSID=w52|WINZV|WINZQ; path=/

Cache-control: private

\.................................LP................... .....3...........................&....V.e.r.s.i.o.n. .1...0.0.0.;.P.S. .1...1.0.;.h.o.t.c.o.n.v. .1...0...5.7.;.m.a.k.e.o.t.f...l.i.b.2...0...2.1.8.9.5.;.c.o.m...m.y.f.o.n.t.s...u.r.w...c.o.o.p.e.r...b.l.a.c.k.-.d...w.f.k.i.t.2...6.7.t.X......&C.o.o.p.e.r.B.l.a.D................`OS/2g......D...`cmap..u4........cvt .!.....H...6fpgm../........egasp.......@....glyf...... H....head...$.......6hhea...p...X...$hmtx$..#...|...Ploca...........4maxp.:.k....... name..W........@post:.p$........prep.. ...................................................3._.<......................W....................._.........X...K...X...^.~..............................UKWN.@. .....!...... .............. .....................&. .....~...S.a.x.~...... . . . " & 0 : .!"..... ...R.`.x.}...... . . . & 0 9 .!"...................p.H.G.F.E.B.9.3...h...............................................!.....W.^.............................M.......4.(...!.X. .X.!. ...e.....!...C.....X.^.X.<.,.......,.#.....X...X.(.X...X...X...X. .X...X...X...X...,.#.,.....!.X.<...!.........;..........."...............".......s...;...y...t...>...........................4...#.....................{...'...............M.7...y...................B.......d...q.......m...........Z...........................s.......Z...k.........#...........[.....4.(.X.M.X...X...X.........A.........{.........!...........2...!.X.<.............X...X...,.#.................................;...;...;...;...;...;...................

<<< skipped >>>

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1

Cache-Control: max-age = 564348

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT

User-Agent: Microsoft-CryptoAPI/6.1

Host: g.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.10.2

Content-Type: application/ocsp-response

Content-Length: 1377

content-transfer-encoding: binary

Cache-Control: max-age=420008, public, no-transform, must-revalidate

Last-Modified: Thu, 19 Jan 2017 09:30:28 GMT

Expires: Thu, 26 Jan 2017 09:30:28 GMT

Date: Sat, 21 Jan 2017 12:51:21 GMT

Connection: keep-alive

<<< skipped >>>

GET /connect/xd_arbiter/r/YGoENyUbMBG.js?version=42 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: staticxx.facebook.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Expires: Sat, 20 Jan 2018 19:29:55 GMT

Cache-Control: public,max-age=31536000,immutable

X-XSS-Protection: 0

Content-Type: text/html; charset=utf-8

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=15552000; preload

Vary: Accept-Encoding

Content-Encoding: gzip

X-FB-Debug: 3BZV3Sm6DefOegiKaXKVKL9UKcM I6b5P768T5LK6Iozf1vGLCYwvpdC0IE40gBpsk0msfeS0FuvhqYPI3tvxg==

Date: Sat, 21 Jan 2017 12:51:29 GMT

Connection: keep-alive

Content-Length: 11738

...........}Y..8..{.....[..@.....7 ....m2..n.......&l........[."2....;.Pi.....K.?{.....||eE."....3.\..^...5..$M...,........z...Ny2."./Y.o.....;I..e?.3.,..._-XR...L,;T..~......h..i.....W..-bm......YF7n...T}.p...O...-..JH..cTDY......l..U...c...._X<....f.*.X........5!4..E..........H...3".r(.!)6K.....b....[...<P%.\^...i....?..]...z.Im...r6.G.*N:x.....mg.aP_..'pPo8.[.... ......s.,H.&..p.r.4ah;'.... .cO..L\.....9.......=."]o?sc.L..p/c.*K.......T............wPB:...NP.>..8.R....V..|._].....x..U..~.hM.......Ha.n.~.2.L....b.SIwb...3.,........cb...:._.s".mM.........s..jM!O.7I.n-X...49y.`h.y.....Y....O.f-VyaM.E...........h._^^v.0..h5%.o...i..x...t.f...O1CH.{..u.....NlT!.D.....^..S.......x. E....dz...r........3..9O...B..[./n ..a.A......qX..S.BiD.....-"wAo........<q.......pB.......dV.aV.a..f.Q....0....Z-o...x{o..d.;...Q.....O.n....O&....4h. .l.0.e.%.%;#D..x{...Re.f........mw.b.a......~....4...I'..PE........aA..10.JrPb..k'^.y..'..B...b....Z...k..p...O,A.|8..&.<.......z?.>.N.W...6...6&...K....y\..x@Q.....5P..pd....h a;..)VB*.0B3w..#..&_.\.6.nX...A...k...........s..x?.....v).{Vnl:.#...d.!.s.)..V.......m..._........yzk.....hw..`.r...y....:a......5{a...r..&.fS..P.Y..S..\`L.B....n7....,r:...:#.......].=..o6i%..!..8I.;j..6.e....@....$4..X.T... P...y.jJ..{tQDJ....j1....".].. .M.K.....5^t~.....a..";.F#....@.X...IZ...U#...4k...I.c.,4.F.i....C...5s4..q...6...V ....#..X'..t.....8".. {...:.F.'....8%..|n..p..B...-....,..bYl,.0.....$.x..NcK.-v)e......F.=..u..1..w.............U }.ZLX...5t:..A.).M.C..LDs......t.............

<<< skipped >>>

GET /js/min_general_en.js?1.00404.0 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:10 GMT

Server: Apache/2.4.7 (Ubuntu)

Expires: Sat, 21 Jan 2017 14:51:10 GMT

Cache-Control: max-age=7200, public

Pragma: cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wal=1485003070; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 30573

Connection: close

Content-Type: application/javascript

.............v.8.(.;^...V...2..c"E.u<t.;.IR]U....DJb,..H.q.:.q..>.....$....;..J......=..h4._.Q<...<....V}....h8..w...g.[.....x._.:...2..Y.....U<..&."r^M.u.T..$.3.......,.'.E..'..."N>..7.>9.d.O..*.O.y.N3'......4.%.8r...O..........~..i~;..l..$...?..q.f..b:.6.I.....{:.:..,.A..d0O7?.W.I.'...q.=.....y.L2......T.K..|.n4d...P.%.x......B........'.:s/..A..%C/.v........i.w...}..........dB..E..z..~1......h.~....,......t.Z.vYO../.p..I..J,....D..9`.....JM...~.:.;qwR..j.7......Yg...n.|0.b.n.f.S;K...A.3:.......k..A.,.vq...Z...Fx0..A..8<.xm..J..0.....2M'q8Umn.j~.G'_gZ..,]..q..6._.<...I..q..7L.ZL.d.LcLV?0'.M.~..#.*~-.y5....E.....QI..h..s..`....x:.....f.....a.P#.6;Q}...r...f0.B2.*.{8....Z........U(:Dh....bG@..........<.5.]....|..w..$......@>_..t^Kh..I.......C.......=.._...,...p.76.u..........1A...y.^".F...=jkP....a.....l.\.*...w.Y...H...I...f.. ..-...!.>S.l.}G.....e=Cv....-..8....;..).......yw3..8...mp.e...p0....W.,8...K...K..C2.....O&y<...k...68....8.._..l_...S.>.....=.cH2....#..o. .JNQ......~W........7...^vj.I.."".kI..........^..b. ...Ea.j..kft.~ ../.G..t....|.....n.Db.V.g...p...V5..5.......@nq)......~yX..$..K.5.e6B}.0.l..".....xc......<.0/...,..q...R..H......"..o..L..tQ.M&0....A..c..z..e4p1.1..Al...v.(..$xX........R...b1.^W...8o)...[.N.(......&n.M.o2.\.N...c...G$.3............r...Z(..v..v..}.n.a...?<.%i.../.Y.B?H....D@..q...]..;....x.8Y....4#Z=.`-...4.j...T.@..oA.......;...!..p.\..E\S.F...3....Mt.DZ...v_~.....7...WE....{.q@.`]Y..7F..@.r..H........0.....D0k.....B..0.....y........

<<< skipped >>>

GET /css/min_fancybox.css?1.00404.0 HTTP/1.1

Accept: text/css

Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:10 GMT

Server: Apache/2.4.7 (Ubuntu)

Expires: Sat, 21 Jan 2017 14:51:10 GMT

Cache-Control: max-age=7200, public

Pragma: cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wal=1485003070; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:10 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 1531

Connection: close

Content-Type: text/css;charset=UTF-8

...........Y.n.6....."..:.l.Y..b.v...>.C..J.l".).t....wH]L...u.....)...3...".<~...1.....\(...aJ7$.k..3....T...&z.N.|3_..X.b.a.....(p....'.J*!.\P....'"S&...&....DyB6.x...t.P.3..r..?.m.^B.vPq..[ib...V........q!..'.fxA..dW......J...@.,.....p..b.Xd.4[...J=..|qy.`4......m?4u..t.Y..qb...... .2!...E.J..M....!..X.5...b....n;$....Ek.=R..|H..V...=Q&^...<..J...O..[.W;..5......]D...q}$L.....3..4O..^... ...~.....^$H..R.3..86` -1W9.`...].1..d...L"........x.F..'.<..$9..CS...`2...J...o..V.pi..}O...5PG:.R.m,....N......e..7.WnM(z.%...6..i6.....v.......A^3B5......!.....xGbA.!.9.*.GL..nV.....Z2..-.Z.,t2..P...>t..W.~.{.z8b.?..4....M`.x.....EX6|_([.Os.,F4.m..g..X........lg2;v.....)..>.Y4.s..Gu.o.....3..K0...I(............w.].i....D..(..9.C...b.......z(.Yd..b......EOT. .....|.....1.-....a.......}.....D...Gz.~5.@L.t......=H......H.{.....~..j!....0.}..j.....^..r....5.'3..c.u.{.........t......T3R...%..l.c........7..:.7I.bR.......k.d{.-L*h.......].&.]..1.UQY.O&.nk7........[G..x........m.5..(..cN..*...r./_..[..N(w.......Jy0RJ.4.....I..>.T.......p.....q......0.CwX..4h..=[y:i.f.....MCbV..l.........GoK.x.h..-..(#j.0.....h..[.."........GT.:,<.....i.I~.c.f=..1..;.}.2p..R..&..X.$...?L`}3.R!..W.K.D.G.Y..v.O..hWJ....>..js........H>]*.....C..t.....O...!*.u.....v.RN.?/.Zi._...0'. .9)..u<...T|...w..rE.>G...;S....$...Zto.r.NZ?..g3...(....^R5*,..H.(f....u.O....G.A(.ik......D.v..D..j/..*..*.a.j..#.{../.....a....sk..6.=.a.$_..ixW.|a..........^.6./...k...Z... .o....-..R..f....f.....N..Z.D.......u..q..Dke...>..:5....

<<< skipped >>>

GET /installer/progress?section=7.0&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:51:03 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=v8ao9btqcq2eot50l1glpnoli2; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030634642140; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003063; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:51:03 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w7|WINZO|WINZO; path=/

GET /crls/secureca.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT

If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.geotrust.com

HTTP/1.1 200 OK

Server: Apache

ETag: "18bdbae022ea525c8083bb316812f738:1485001826"

Last-Modified: Sat, 21 Jan 2017 12:30:26 GMT

Date: Sat, 21 Jan 2017 12:51:16 GMT

Content-Length: 325

Connection: keep-alive

Content-Type: application/pkix-crl

GET /GIAG2.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: pki.google.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Date: Sat, 21 Jan 2017 12:11:47 GMT

Expires: Sat, 21 Jan 2017 13:11:47 GMT

Last-Modified: Sat, 21 Jan 2017 02:15:00 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 541

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 2384

0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170121010002Z..170131010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......r0...*.H.............n...G~Tc....?...R.][..}.$.V...!.B-.6M^>9..fx.e.....}.....,E1G.-.r....w......O......h.UenC...%N...d.2....q.O...."v%.<..}M*...3...Z.L.....3.u....... .._.,{c..n...C.E$...o...5..1%...d...H.....z....<..:.Bj.%.....V..Mt..Bh'.}./`....G.s.3S.s.`D..-b..rR>>\-..q.A.HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Date: Sat, 21 Jan 2017 12:11:47 GMT..Expires: Sat, 21 Jan 2017 13:11:47 GMT..Last-Modified: Sat, 21 Jan 2017 02:15:00 GMT..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 541..X-XSS-Protection: 1; mode=block..Cache-Control: public, max-age=3600..Age: 2384..0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U....Google Internet Authority G2..170121010002Z..170131010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z./0...U.......r0...*.H.............n...G~Tc....?...R.][..}.$.V...!.B-.6M^>9..fx.e.....}.....,E1G.-.r....w......O......h.UenC...%N...d.2....q.O...."v%.<..}M*...3...Z.L.....3.u....... .._.,{c..n...C.E$...o...5..1%...d...H.....z....<..:.Bj.%.....V..Mt..Bh'.}./`....G.s.3S.s.`D..-b..rR>>\-..q.A...

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDuvO9j30/BC HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Wed, 18 Jan 2017 01:08:38 GMT

Expires: Sun, 22 Jan 2017 01:08:38 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 301368

0..........0..... .....0......0...0......J......h.v....b..Z./..20170117190738Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..;.;....B....20170117190738Z....20170124190738Z0...*.H.............J*...k_p.O....S...a.....!.3..^.R....0.....p..B.._Ob..=?A/.. i^...|V}.f.X.A..p:#.r...2.'.......u..7.......5._...#s.&(.-.....~.|.^\H.'s..o..J...k.....@..|...}..S2.GN....D.....l%>9K.o..-...(....J.. .5X..gc..O..t.$...;..G.S.............t..R..[...g..F1p...?.*J.HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Wed, 18 Jan 2017 01:08:38 GMT..Expires: Sun, 22 Jan 2017 01:08:38 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 301368..0..........0..... .....0......0...0......J......h.v....b..Z./..20170117190738Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..;.;....B....20170117190738Z....20170124190738Z0...*.H.............J*...k_p.O....S...a.....!.3..^.R....0.....p..B.._Ob..=?A/.. i^...|V}.f.X.A..p:#.r...2.'.......u..7.......5._...#s.&(.-.....~.|.^\H.'s..o..J...k.....@..|...}..S2.GN....D.....l%>9K.o..-...(....J.. .5X..gc..O..t.$...;..G.S.............t..R..[...g..F1p...?.*J.....

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDrYTYdEdbSV HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Wed, 18 Jan 2017 01:14:28 GMT

Expires: Sun, 22 Jan 2017 01:14:28 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Cache-Control: public, max-age=345600

Age: 301027

0..........0..... .....0......0...0......J......h.v....b..Z./..20170117190229Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..:.M.Du......20170117190229Z....20170124190229Z0...*.H.............o.g...1./......c.c.....F..1...........=.e... ..fO..kq.(...bB.U.Z....!.9V.........._N;....9..x.X....h..]..E...."..k##L......@.x?;....#...a.Sv.L]Q..(......~X.6.?...l k.......c^.;l.qa."2.f.='............./g.....,v. bjL..g..H0(....l...i..~p..s.Q '.e.r..=.Y>.4*HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Wed, 18 Jan 2017 01:14:28 GMT..Expires: Sun, 22 Jan 2017 01:14:28 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Cache-Control: public, max-age=345600..Age: 301027..0..........0..... .....0......0...0......J......h.v....b..Z./..20170117190229Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..:.M.Du......20170117190229Z....20170124190229Z0...*.H.............o.g...1./......c.c.....F..1...........=.e... ..fO..kq.(...bB.U.Z....!.9V.........._N;....9..x.X....h..]..E...."..k##L......@.x?;....#...a.Sv.L]Q..(......~X.6.?...l k.......c^.;l.qa."2.f.='............./g.....,v. bjL..g..H0(....l...i..~p..s.Q '.e.r..=.Y>.4*..

POST /web/log?evt=10023&v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate, sdch

Connection: close

Content-Length: 942

Content-Type: application/x-www-form-urlencoded

Host: VVV.technologieyvonlheureux.com

7-Zip 9.20

Adobe Flash Player 23 ActiveX

Google Chrome

Mozilla Firefox 49.0.1 (x86 en-US)

Total Commander (Remove or Repair)

WinPcap 4.1.3

Wireshark 0.99.6a

Microsoft Visual C 2008 Redistributable - x86 9.0.30729.4148

Java(TM) 6 Update 18

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Java Auto Updater

ActivePerl 5.16.2 Build 1602

Google Update Helper

Microsoft .NET Framework 4.5

Microsoft PowerPoint Viewer

Microsoft .NET Framework 4.5

Adobe Reader 9.3.4

VMware Tools

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:50:59 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=ce2jppkvr924d7akg2nsmuoh24; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030594892821; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003059; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=14,1,46,74,44,86,99,28,65,93; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w6|WINZN|WINZN; path=/

GET /webenhancer/config?v=d9.70.1.17&os_mj=6&os_mn=1&os_bitness=32&mid=c8b3188fe24cd1b1b734e1408fc52bd1&uid=26B7D8D8BD1EF7A71B43728E773D5682&aid=3673&aid2=none&ts=1485003051&ts2= HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate, sdch

Connection: close

Host: VVV.technologieyvonlheureux.com

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:50:59 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=2qjec0vjuo3cakolj7sj50qt65; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030594438153; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003059; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=14,14,78,93,93,10,64,2,8,71; expires=Sun, 21-Jan-2018 12:50:59 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Connection: close

Transfer-Encoding: chunked

Content-Type: application/octet-stream

Set-Cookie: APPSESSID=w5|WINZN|WINZN; path=/

18423......:`x....dbu.8#.}Hj.....1s......^..ie.d[%....p.........4z.b..F!..X(...y...:.hm....eI.sV._i"..R..Xj.Tz.z.....iN..;'..^OF...qB.....!)..bC... .M^|...".C|^....'.p.....Q.I..)0.p .i.@1..u......S....d.,..e.A....Q..J.....E.em......f......GF.=....m...[ ...@....\.AWU.[N..G.n.].. .....R..C!.z/R.h..........*..o.....%. ..U3.,...c......PBC. .......i.?V.......Q.;..x.bo..-.....\.....\...P..G...r.t^..L....\..........v.....h.r.:A.L.S......~.F.d}".....@#..-.......$.r.......dj...K>..]..... 35Q....g.6*.l.........p.n%.H........K.I.%.=....|L-..2 4 ..9L.g..pp..!. -..B...C.D.........-4.w...a....u..N........s..M.b7t... '5...da....H...e#...5;....Y...)A ),..c2.....|Zb.d...O....%....s.9`.L...$.EQ.."i*=........-...r..Z..b.m....)h%...I.HL.S..c..6.,.......pZ:..H)].X..H.b.... y ..0n.y..?....Y.....H..6^.........X.!P}8.....'.....7.y.6......vV.w.....|..A...../....4..j.W...P................).L.F71rI....l\<w....&N?d...l...c<...UB].................&.......l..)>0....@.7.QB._.u6U5.aj.. o.1e..y.j.F.#..\. ...~.$.. ..'...../....(.}...M......G24zKX.O..m.A.I.4..Z........^.3w.....]u-.a.MrF...~..G......c.9.plZ..... x...ef_.(..6*...9..P.r(-.#......X..}...c.......".`v]B..S?s .}G..h.e.E!.....x.9..C2...\.EP....q6.."..R[.R..uZ`.j...aV./&S.....'..1.R..........Q...p..Oc`x.M..x.?`6......t...}...:..;.uC>.s..Oi ...N.k.W.aY.T.......5..._.Q....4.....0b...N. cV. .d.Sd.......W..=....*......o..q..S.....f1V..>]t....W^..*Z..)...T.....j:r......4..vKJ.......&.d.:. ..#x...BG...$...........!eQ.O...xE.M....y..1R8.....m..]s..n.P.z........../ig .....X.[..

<<< skipped >>>

GET /installer/start?v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.technologieyvonlheureux.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Date: Sat, 21 Jan 2017 12:50:52 GMT

Server: Apache/2.4.7 (Ubuntu)

Set-Cookie: PHPSESSID=donp34qcgjqqleteqjtr76jfr7; path=/; domain=.technologieyvonlheureux.com

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Pragma: no-cache

P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Set-Cookie: _wau=14850030522677421; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _wal=1485003052; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: not_logged_unique_id=26B7D8D8BD1EF7A71B43728E773D5682; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Set-Cookie: _waab=47,34,40,86,8,4,83,63,59,20; expires=Sun, 21-Jan-2018 12:50:52 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Set-Cookie: APPSESSID=w25|WINZL|WINZL; path=/

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1

Cache-Control: max-age = 511667

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT

If-None-Match: "57ff143e-1d7"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: public, max-age=172800

Content-Type: application/ocsp-response

Date: Sat, 21 Jan 2017 12:51:35 GMT

Etag: "5882f020-1d7"

Expires: Sat, 28 Jan 2017 00:51:35 GMT

Last-Modified: Sat, 21 Jan 2017 05:22:40 GMT

Server: ECS (vie/F2D5)

X-Cache: HIT

Content-Length: 471

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: public, max-age=172800

Content-Type: application/ocsp-response

Date: Sat, 21 Jan 2017 12:51:40 GMT

Etag: "58830594-1d7"

Expires: Sat, 28 Jan 2017 00:51:40 GMT

Last-Modified: Sat, 21 Jan 2017 06:54:12 GMT

Server: ECS (vie/F385)

X-Cache: HIT

Content-Length: 471

<<< skipped >>>

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

%original file name%.exe_644:

.text

`.rdata

@.data

@.ndata

.rsrc

uDSSh

verifying installer: %d%%

... %d%%

hXXp://nsis.sf.net/NSIS_Error

~nsu.tmp

%u.%u%s%s

.DEFAULT\Control Panel\International

RegDeleteKeyExA

Software\Microsoft\Windows\CurrentVersion

*?|/":

%s=%s

COMCTL32.dll

VERSION.dll

GetWindowsDirectoryA

KERNEL32.dll

ExitWindowsEx

USER32.dll

GDI32.dll

RegDeleteKeyA

RegCloseKey

RegEnumKeyA

RegOpenKeyExA

RegCreateKeyExA

ADVAPI32.dll

SHFileOperationA

ShellExecuteA

SHELL32.dll

ole32.dll

C:\Users\moti\Documents\GitHub\nsis_L\Release\stubs\stub.pdb

sers\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll

02&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll

4c4f2d9e7cafe3043568d0.inf

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp

360000-389999

.HvV?

Y'l%s

Signature = "$Windows NT$"

ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}

DriverVer=07/14/2016,10.16.36.381

CatalogFile = pcwtata.cat

MiniFilter.DriverFiles = 12 ;%windir%\system32\drivers

OptionDesc = %ServiceDescription%

CopyFiles = MiniFilter.DriverFiles

[DefaultInstall.Services]

AddService = %ServiceName%,,MiniFilter.Service

DelFiles = MiniFilter.DriverFiles

[DefaultUninstall.Services]

DelService = %ServiceName%,0x200 ;Ensure service is stopped before deleting

[MiniFilter.Service]

DisplayName = %ServiceName%

Description = %ServiceDescription%

ServiceBinary = %\%DriverName%.sys ;%windir%\system32\drivers\

AddReg = MiniFilter.AddRegistry

[MiniFilter.AddRegistry]

HKR,"Instances","DefaultInstance",0x00000000,ÃžfaultInstance%

HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%

HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%

[MiniFilter.DriverFiles]

%DriverName%.sys

pcwtata.sys = 1,,

1 = %DiskId1%,,,

Instance1.Name = "pcwtata Red Instance"

Instance1.Altitude = "374050"

Instance1.Flags = 0x0 ; Allow all attachments

KeDelayExecutionThread

ntoskrnl.exe

HAL.dll

233F3T3

7!7*7/7?7

Thawte Certification1

hXXp://ocsp.thawte.com0

.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0

!hXXp://ocsp.globalsign.com/rootr103

"hXXp://crl.globalsign.com/root.crl0Y

&hXXps://VVV.globalsign.com/repository/0

hXXp://ts-ocsp.ws.symantec.com07

hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0

hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(

technologiemontorgueil.com1#0!

technologiemontorgueil.com0

8hXXp://secure.globalsign.com/cacert/gscodesigng3ocsp.crt04

(hXXp://ocsp2.globalsign.com/gscodesigng30V

-hXXp://crl.globalsign.com/gs/gscodesigng3.crl0

DhXXp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0

Bc.IS

Ã³8$

:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsxF566.tmp\inetc.dll

c4f2d9e7cafe3043568d0.inf

5138f989434c4f2d9e7cafe3043568d0.inf

65.tmp

5138f989434c4f2d9e7cafe3043568d0.sys

5138F9~1.SYS

\AppData\Local\Temp\nsxF566.tmp\inetc.dll

9.3.4

.NET Framework 4 Client Profile (KB2656405)

89434c4f2d9e7cafe3043568d0.inf

gram Files\Internet Explorer\iexplore.exe

:\Program Files\Internet Explorer\iexplore.exe

ance1.Flags = 0x0 ; Allow all attachments

sers\"%CurrentUserName%"\AppData\Local\Temp\nsd41BC.tmp

nstance1.Flags = 0x0 ; Allow all attachments

c:\%original file name%.exe

%Program Files%\e08f1370640365726bbce4d52a5b9f8a

%original file name%.exe

ers\"%CurrentUserName%"\AppData\Local\Temp\nsxF47B.tmp

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\

1245574

2013923853

1048712

1704530

1311204

1311336

1114658

1485003051

%Program Files%\Internet Explorer\iexplore.exe

88dcd395-b062-45b3-a6cd-79f37c0eba08

hXXp://VVV.technologieyvonlheureux.com/web/log

hXXp://VVV.technologieyvonlheureux.com/web/log?evt=10002&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6

IE.HTTP

"%Program Files%\Internet Explorer\iexplore.exe" -nohome

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsyB0A.tmp

BE4208C8-85DF-41E1-9294-305D18C6592E}

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn3665.tmp

0728832

03967CDD-F8BD-4AC9-8369-0D2BD8F246F5}

-2046754816

-2147410511

5138f989434c4f2d9e7cafe3043568d0.cfg

6.1.7600.16385 (win7_rtm.090713-1255)

C:\ProgramData\Microsoft\Windows\Start Menu\Programs

815346a4778321839cef8ab48bf110e2.exe

%Program Files%\e08f1370640365726bbce4d52a5b9f8a\5fc72d63d5eb71c8dff05712551a63cb

dd4e70c902d1298b7313b2bf0050dd40.ico

bc5601ccb5de9f6cb8cd31285eef3bbe.ico

ffdefbf88c95cae97a1671206e9fe39e.ico

61fda4ee77910796d32333421184d8b6.exe

3514ea1003608a0c7fb4630ce20fd94c.exe

ce1c22c865645f1f8a89a398e374a17f.exe

fe31ca0af645687ee3c5b1da57895877.exe

c850ebe35760d7b12fc1318953221f59.exe

525bac57de7cb6660b9a54b1a6b27dc9.exe

C:\Windows\815346a4778321839cef8ab48bf110e2.exe

hXXp://VVV.technologieyvonlheureux.com/index.php?firstrun=1&lp=1&v=d9.70.1.17&tv=1.0-10000&unique_id=26B7D8D8BD1EF7A71B43728E773D5682&mid=c8b3188fe24cd1b1b734e1408fc52bd1&aid=3673&aid2=none&ts=1485003051&ts2=&brw=iexplore&mi=1&ma=6

)-.Yln

Nullsoft Install System v19-Mar-2012.cvs

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social2Sea\uninstall.lnk

itter.lnk

6.3.9600.17336

lacuna.sys

lorer\iexplore.exe" -nohome

%original file name%.exe_644_rwx_10004000_00001000:

callback%d

61fda4ee77910796d32333421184d8b6.exe_3812:

.text

`.rdata

@.data

.rsrc

@.reloc

Failed to get export function address

1.2.8

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

Operation not permitted

Inappropriate I/O control operation

Broken pipe

operator

GetProcessWindowStation

NtYieldExecution

NtDelayExecution

.data

D:\jenkins\workspace\stable-1.70\src\Release\wajam.pdb

KERNEL32.dll

USER32.dll

RegOpenKeyExW

RegCloseKey

ADVAPI32.dll

SHDeleteKeyW

SHLWAPI.dll

GetWindowsDirectoryW

CreateNamedPipeW

GetProcessHeap

GetCPInfo

RegOpenKeyW

RegCreateKeyW

ole32.dll

%s%s%s

zcÃ

.?AV?$_Ref_count_del@PAUHKEY__@@V@@@std@@

2$2.252?2

6 6$6(6,6064686

:!:':1:<:>

6 64989

.patcher

wajam.dll

kernel32.dll

ADVAPI32.DLL

mscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

USER32.DLL

ntdll.dll

tntdll.dll

\BaseNamedObjects\_MMapEvent_0x%x_0x%x

pntdll.dll

entdll.dll

\\.\BlackBone

BlackBoneDrv10.sys

BlackBoneDrv81.sys

BlackBoneDrv8.sys

BlackBoneDrv7.sys

BlackBoneDrv.sys

\??\%s

\\.\pipe\

nntdll.dll

Ntdll.dll

%Program Files%\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe

9.70.1.17

61fda4ee77910796d32333421184d8b6.exe_364:

.text

`.rdata

@.data

.rsrc

@.reloc

Failed to get export function address

1.2.8

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

Operation not permitted

Inappropriate I/O control operation

Broken pipe

operator

GetProcessWindowStation

NtYieldExecution

NtDelayExecution

.data

D:\jenkins\workspace\stable-1.70\src\Release\wajam.pdb

KERNEL32.dll

USER32.dll

RegOpenKeyExW

RegCloseKey

ADVAPI32.dll

SHDeleteKeyW

SHLWAPI.dll

GetWindowsDirectoryW

CreateNamedPipeW

GetProcessHeap

GetCPInfo

RegOpenKeyW

RegCreateKeyW

ole32.dll

%s%s%s

zcÃ

.?AV?$_Ref_count_del@PAUHKEY__@@V@@@std@@

2$2.252?2

6 6$6(6,6064686

:!:':1:<:>

6 64989

.patcher

wajam.dll

kernel32.dll

ADVAPI32.DLL

mscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

USER32.DLL

ntdll.dll

tntdll.dll

\BaseNamedObjects\_MMapEvent_0x%x_0x%x

pntdll.dll

entdll.dll

\\.\BlackBone

BlackBoneDrv10.sys

BlackBoneDrv81.sys

BlackBoneDrv8.sys

BlackBoneDrv7.sys

BlackBoneDrv.sys

\??\%s

\\.\pipe\

nntdll.dll

Ntdll.dll

c:\program files\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe

9.70.1.17

61fda4ee77910796d32333421184d8b6.exe_364_rwx_69AD1000_00002000:

zcÃ

REPORT

HPE_CB_url

the on_url callback failed

invalid HTTP version

HPE_INVALID_URL

invalid URL

invalid HTTP status code

invalid HTTP method

HPE_INVALID_PORT

invalid port

61fda4ee77910796d32333421184d8b6.exe_364_rwx_69AD4000_00001000:

Expected: %s

Got: %s

1.2.8

61fda4ee77910796d32333421184d8b6.exe_364_rwx_69E52000_0000D000:

c:\program files\e08f1370640365726bbce4d52a5b9f8a\61fda4ee77910796d32333421184d8b6.exe

Chrome

chrome

Firefox

firefox

Opera

opera

application/x-www-form-urlencoded

Microsoft-Windows-Kernel-General

Microsoft-Windows-Kernel-Power

chrome.exe

chrome.dll

firefox.exe

iexplore.exe

opera.exe

opera.dll

microsoftedgecp.exe

crossbrowse.exe

crossbrowse.dll

bobrowser.exe

browserair.exe

mybrowser.exe

browser.exe

browser.dll

ucbrowser.exe

amigo.exe

torch.exe

SearchProtocolHost.exe_1988:

.text

`.data

.rsrc

@.reloc

ADVAPI32.dll

ntdll.DLL

KERNEL32.dll

msvcrt.dll

USER32.dll

ole32.dll

OLEAUT32.dll

TQUERY.DLL

MSSHooks.dll

IMM32.dll

SHLWAPI.dll

SrchCollatorCatalogInfo

SrchDSSLogin

SrchDSSPortManager

SrchPHHttp

SrchIndexerQuery

SrchIndexerProperties

SrchIndexerPlugin

SrchIndexerClient

SrchIndexerSchema

Msidle.dll

Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default

pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty

d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

RegDeleteKeyW

RegDeleteKeyExW

8%uiP

Invalid parameter passed to C runtime function.

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

-d-d-d-d-d-d-d-%d

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

0xx=

%s(%d)

tid="0x%x"

pid="0x%x"

tagname="%s"

tagid="0x%x"

el="0x%x"

time="d/d/d d:d:d.d"

logname="%s"

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

SHELL32.dll

PROPSYS.dll

ntdll.dll

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

ReportEventW

_amsg_exit

MsgWaitForMultipleObjects

SearchProtocolHost.pdb

2 2(20282|2

4%5S5

Software\Microsoft\Windows Search

https

kernel32.dll

msTracer.dll

msfte.dll

lX-X-X-XX-XXXXXX

SOFTWARE\Microsoft\Windows Search

tquery.dll

%s\%s

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Windows Search Service

0xx%p%S%d

advapi32.dll

WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll

winhttp.dll

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleState

%S(%d)

tagname="%S"

logname="%S"

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

.\%s.mui

.\%s\%s.mui

%s\%s.mui

%s\%s\%s.mui

Microsoft Windows Search Protocol Host

7.00.7601.17610 (win7sp1_gdr.110503-1502)

SearchProtocolHost.exe

Windows

7.00.7601.17610

SearchFilterHost.exe_2680:

.text

`.data

.rsrc

@.reloc

ADVAPI32.dll

ntdll.DLL

KERNEL32.dll

msvcrt.dll

USER32.dll

ole32.dll

OLEAUT32.dll

TQUERY.DLL

IMM32.dll

MSSHooks.dll

mscoree.dll

SHLWAPI.dll

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

RegDeleteKeyW

RegDeleteKeyExW

8%uiP

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

Invalid parameter passed to C runtime function.

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

-d-d-d-d-d-d-d-%d

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

ReportEventW

_amsg_exit

SearchFilterHost.pdb

version="5.1.0.0"

name="Microsoft.Windows.Search.MSSFH"

3 3(30383|3

kernel32.dll

Software\Microsoft\Windows Search

SOFTWARE\Microsoft\Windows Search

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Windows Search Service

tquery.dll

advapi32.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

0xx%p%S%d

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleState

0xx=

%S(%d)

tid="0x%x"

pid="0x%x"

tagname="%S"

tagid="0x%x"

el="0x%x"

time="d/d/d d:d:d.d"

logname="%S"

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

.\%s.mui

.\%s\%s.mui

%s\%s.mui

%s\%s\%s.mui

%s\%s

winhttp.dll

Microsoft Windows Search Filter Host

7.00.7601.17610 (win7sp1_gdr.110503-1502)

SearchFilterHost.exe

Windows

7.00.7601.17610

iexplore.exe_2836:

.text

`.data

.rsrc

@.reloc

>.uzf

.us;}

IEFRAME.dll

MLANG.dll

iertutil.dll

urlmon.dll

ole32.dll

SHELL32.dll

SHLWAPI.dll

msvcrt.dll

USER32.dll

KERNEL32.dll

ADVAPI32.dll

RegOpenKeyExW

RegCloseKey

GetWindowsDirectoryW

_amsg_exit

_wcmdln

UrlApplySchemeW

PathIsURLW

UrlCanonicalizeW

UrlCreateFromPathW

iexplore.pdb

KEYW

KEYWh

KEYWD

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

ÃºW1

.ApX/

H.ZAf

Ã°[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

user32.dll

Kernel32.DLL

xfire.exe

wlmail.exe

winamp.exe

waol.exe

sidebar.exe

psocdesigner.exe

np.exe

netscape.exe

netcaptor.exe

neoplanet.exe

msn.exe

mshtmpad.exe

mshta.exe

loader42.exe

infopath.exe

iexplore.exe

iepreview.exe

groove.exe

explorer.exe

dreamweaver.exe

contribute.exe

aol.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

DShell32.dll

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

"%s" %s

Kernel32.dll

\AppPatch\sysmain.sdb

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106320

kernel32.dll

{00000000-0000-0000-0000-000000000000}

\\?\Volume

shell:%s

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

IEXPLORE.EXE

Windows

9.00.8112.16421

iexplore.exe_2836_rwx_69AD1000_00002000:

zcÃ

REPORT

HPE_CB_url

the on_url callback failed

invalid HTTP version

HPE_INVALID_URL

invalid URL

invalid HTTP status code

invalid HTTP method

HPE_INVALID_PORT

invalid port

iexplore.exe_2836_rwx_69AD4000_00001000:

Expected: %s

Got: %s

1.2.8

iexplore.exe_2836_rwx_69E52000_0000D000:

%Program Files%\Internet Explorer\iexplore.exe

Chrome

chrome

Firefox

firefox

Opera

opera

application/x-www-form-urlencoded

supported_browser_versions.%1%.%2%

User32.dll

Kernel32.dll

ADVAPI32.dll

ntdll.dll

Microsoft-Windows-Kernel-General

Microsoft-Windows-Kernel-Power

kernel32.dll

Psapi.dll

psapi.dll

chrome.exe

chrome.dll

firefox.exe

iexplore.exe

opera.exe

opera.dll

microsoftedgecp.exe

crossbrowse.exe

crossbrowse.dll

bobrowser.exe

browserair.exe

mybrowser.exe

browser.exe

browser.dll

ucbrowser.exe

amigo.exe

torch.exe

iexplore.exe_3560:

.text

`.data

.rsrc

@.reloc

>.uzf

.us;}

IEFRAME.dll

MLANG.dll

iertutil.dll

urlmon.dll

ole32.dll

SHELL32.dll

SHLWAPI.dll

msvcrt.dll

USER32.dll

KERNEL32.dll

ADVAPI32.dll

RegOpenKeyExW

RegCloseKey

GetWindowsDirectoryW

_amsg_exit

_wcmdln

UrlApplySchemeW

PathIsURLW

UrlCanonicalizeW

UrlCreateFromPathW

iexplore.pdb

KEYW

KEYWh

KEYWD

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

ÃºW1

.ApX/

H.ZAf

Ã°[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

user32.dll

Kernel32.DLL

xfire.exe

wlmail.exe

winamp.exe

waol.exe

sidebar.exe

psocdesigner.exe

np.exe

netscape.exe

netcaptor.exe

neoplanet.exe

msn.exe

mshtmpad.exe

mshta.exe

loader42.exe

infopath.exe

iexplore.exe

iepreview.exe

groove.exe

explorer.exe

dreamweaver.exe

contribute.exe

aol.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

DShell32.dll

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

"%s" %s

Kernel32.dll

\AppPatch\sysmain.sdb

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106320

kernel32.dll

{00000000-0000-0000-0000-000000000000}

\\?\Volume

shell:%s

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

IEXPLORE.EXE

Windows

9.00.8112.16421

SearchProtocolHost.exe_3636:

.text

`.data

.rsrc

@.reloc

ADVAPI32.dll

ntdll.DLL

KERNEL32.dll

msvcrt.dll

USER32.dll

ole32.dll

OLEAUT32.dll

TQUERY.DLL

MSSHooks.dll

IMM32.dll

SHLWAPI.dll

SrchCollatorCatalogInfo

SrchDSSLogin

SrchDSSPortManager

SrchPHHttp

SrchIndexerQuery

SrchIndexerProperties

SrchIndexerPlugin

SrchIndexerClient

SrchIndexerSchema

Msidle.dll

Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default

pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty

d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx

d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp

d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx

RegDeleteKeyW

RegDeleteKeyExW

8%uiP

Invalid parameter passed to C runtime function.

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp

-d-d-d-d-d-d-d-%d

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h

0xx=

%s(%d)

tid="0x%x"

pid="0x%x"

tagname="%s"

tagid="0x%x"

el="0x%x"

time="d/d/d d:d:d.d"

logname="%s"

d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx

SHELL32.dll

PROPSYS.dll

ntdll.dll

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegQueryInfoKeyW

RegEnumKeyExW

ReportEventW

_amsg_exit

MsgWaitForMultipleObjects

SearchProtocolHost.pdb

2 2(20282|2

4%5S5

Software\Microsoft\Windows Search

https

kernel32.dll

msTracer.dll

msfte.dll

lX-X-X-XX-XXXXXX

SOFTWARE\Microsoft\Windows Search

tquery.dll

%s\%s

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Windows Search Service

0xx%p%S%d

advapi32.dll

WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll

winhttp.dll

Software\Microsoft\Windows Search\Tracing

Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported

Software\Microsoft\Windows Search\Tracing\EventThrottleState

%S(%d)

tagname="%S"

logname="%S"

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}

.\%s.mui

.\%s\%s.mui

%s\%s.mui

%s\%s\%s.mui

Microsoft Windows Search Protocol Host

7.00.7601.17610 (win7sp1_gdr.110503-1502)

SearchProtocolHost.exe

Windows

7.00.7601.17610

iexplore.exe_3560_rwx_69AD1000_00002000:

zcÃ

REPORT

HPE_CB_url

the on_url callback failed

invalid HTTP version

HPE_INVALID_URL

invalid URL

invalid HTTP status code

invalid HTTP method

HPE_INVALID_PORT

invalid port

iexplore.exe_3560_rwx_69AD4000_00001000:

Expected: %s

Got: %s

1.2.8

iexplore.exe_3560_rwx_69E52000_0000D000:

keyword matched

keyword matched (test mode)

url_filtering

exclude_keyword

exclude_keyword_test

VVV.technologieyvonlheureux.com

base_url

js_base_url

css_base_url

supported_sites

.jpeg

.json

.mpeg

url_tracking

triggers.stop

triggers.start.patterns

triggers.stop.patterns

%Program Files%\Internet Explorer\iexplore.exe

Chrome

chrome

Firefox

firefox

Opera

opera

application/x-www-form-urlencoded

bi_url

bi_settings.events_sampling

supported_browser_versions.%1%.%2%

%1%%2$=%3%

https

%1% %2% HTTP/%3%.%4%

Global\74A9F3D8-ECFE-41C1-B4C1-B5883408A64C

User32.dll

Kernel32.dll

secur32.dll

Ws2_32.dll

ADVAPI32.dll

wajam.exe

ntdll.dll

kernel32.dll

Microsoft-Windows-Kernel-General

Microsoft-Windows-Kernel-Power

settings.json

Psapi.dll

psapi.dll

chrome.exe

chrome.dll

firefox.exe

iexplore.exe

opera.exe

opera.dll

microsoftedgecp.exe

crossbrowse.exe

crossbrowse.dll

bobrowser.exe

browserair.exe

mybrowser.exe

browser.exe

browser.dll

ucbrowser.exe

amigo.exe

torch.exe