not-a-virus:AdWare.NSIS.Agent.iv (Kaspersky), Adware.GenericKD.3646019 (B) (Emsisoft), Adware.GenericKD.3648311 (AdAware), Trojan.NSIS.StartPage.FD, GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan, Adware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: f583b9474f00606f6768782433fa8505
SHA1: 5f4685f74ed9dccca2535ebfd14f55ab7f22efef
SHA256: 6cd1e04dcc4a3bfaac4c4df6d3814ad681e267ba3f73fa70ee08ec1b21956da6
SSDeep: 196608:AamgeGAEF2ekeT0joHE/o4jW/hEdSCurwmWOKXyeELkbFgenZvrrMh:Aamvyceg4E/o46hp OIy/Le5rK
Size: 10335050 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2016-10-26 12:52:23
Analyzed on: Windows7 SP1 32-bit
Summary: Adware. Delivers advertising content in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions. Users may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program or are frustrated by its effects on system performance.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Adware creates the following process(es):
nsC8ED.tmp:2264
61fda4ee77910796d32333421184d8b6.exe:1524
The Adware injects its code into the following process(es):
%original file name%.exe:2472
61fda4ee77910796d32333421184d8b6.exe:656
61fda4ee77910796d32333421184d8b6.exe:2552
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:2472 makes changes in the file system.
The Adware creates and/or writes to the following file(s):
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\ce1c22c865645f1f8a89a398e374a17f.exe (13304 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe (11110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsEE3A.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\MoreInfo.dll (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\SimpleSC.dll (1896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\OQFJK3FB.txt (803 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsE9D6.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7Q30U04Y.txt (803 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\441136ae10b200e9992f407b66b2554e (2104 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Social2Search Website.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\682AIKA9.txt (543 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsExec.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\md5dll.dll (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\IpConfig.dll (4254 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss92DE.tmp (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\NSISList.dll (2457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\QIHBCSNO.txt (803 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb\bc5601ccb5de9f6cb8cd31285eef3bbe.ico (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F9C1.tmp (601 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\X15I46EM.txt (803 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0ITTGDW2.txt (99 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\815346a4778321839cef8ab48bf110e2.exe (40364 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\c850ebe35760d7b12fc1318953221f59.exe (19514 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\FA20.tmp (78068 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb\ffdefbf88c95cae97a1671206e9fe39e.ico (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F500.tmp (78068 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Settings.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll (46 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TGQ7LZCB.txt (283 bytes)
C:\Windows\815346a4778321839cef8ab48bf110e2.exe (70672 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsC8ED.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\get_local_output.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F491.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiFCFE.tmp (906 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Uninstall Social2Search\uninstall.lnk (2 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\SignIn with Twitter.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\brh.dll (22456 bytes)
The Adware deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsEE3A.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F500.tmp-shm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPS1JHSL\urlsLog[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\OQFJK3FB.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsE9D6.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\682AIKA9.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F9C1.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\FA20.tmp-shm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss92DE.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\QIHBCSNO.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPS1JHSL\downloadsLog[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\X15I46EM.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0ITTGDW2.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F500.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TGQ7LZCB.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\FA20.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F500.tmp-wal (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd5EB3.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsC8ED.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\FA20.tmp-wal (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F491.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiFCFE.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp (0 bytes)
The process nsC8ED.tmp:2264 makes changes in the file system.
The Adware creates and/or writes to the following file(s):
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe (458 bytes)
The process 61fda4ee77910796d32333421184d8b6.exe:1524 makes changes in the file system.
The Adware creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ImaCC82.tmp (381 bytes)
The Adware deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ImaCC82.tmp (0 bytes)
The process 61fda4ee77910796d32333421184d8b6.exe:656 makes changes in the file system.
The Adware creates and/or writes to the following file(s):
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\dc6d02d096c74fb10e2d25b209aafe9b\qqytbxfm.dll (1 bytes)
C:\Windows\Temp\ImaD47E.tmp (381 bytes)
C:\Windows\Temp\wjmE091.tmp (11964 bytes)
C:\Windows\Temp\wjmDE10.tmp (2500 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\e214f9b15940fe19bca2f6de222d6969 (28 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\441136ae10b200e9992f407b66b2554e (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Local State (8063 bytes)
The Adware deletes the following file(s):
C:\Windows\Temp\wjmE091.tmp (0 bytes)
C:\Windows\Temp\wjmDE10.tmp (0 bytes)
C:\Windows\Temp\ImaD47E.tmp (0 bytes)
The process 61fda4ee77910796d32333421184d8b6.exe:2552 makes changes in the file system.
The Adware creates and/or writes to the following file(s):
C:\Windows\Temp\ImaE61A.tmp (381 bytes)
The Adware deletes the following file(s):
C:\Windows\Temp\ImaE61A.tmp (0 bytes)
Registry activity
The process %original file name%.exe:2472 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASAPI32]
"FileDirectory" = "%windir%\tracing"
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Socia2Sear]
"ts2" = ""
[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASAPI32]
"MaxFileSize" = "1048576"
[HKCU\Software\WajIEnhance]
"affiliate_id" = "3673"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\be105bbb97d93cef6c0d6cf170a32291]
"DisplayVersion" = "9.75.1.48 (i1.0)"
[HKLM\SOFTWARE\Socia2Sear]
"aid2" = "none"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASMANCS]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\be105bbb97d93cef6c0d6cf170a32291]
"DisplayName" = "Social2Search"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
"WpadLastNetwork" = "{24C5EDBC-2851-452A-B521-5DA992F6C1B5}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]
"WindowClassName" = "DDEMLMom"
"processname" = "iexplore.exe"
[HKLM\SOFTWARE\Socia2Sear]
"UID" = "47936C0FEA50B790BD59E50713FEF01C"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{24C5EDBC-2851-452A-B521-5DA992F6C1B5}]
"WpadDecision" = "3"
"WpadDecisionTime" = "C0 D7 09 6D 26 38 D2 01"
[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASMANCS]
"EnableFileTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASAPI32]
"EnableConsoleTracing" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings" = "46 00 00 00 09 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\be105bbb97d93cef6c0d6cf170a32291]
"URLInfoAbout" = "http://www.technologieyvonlheureux.com"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e1-da-d8]
"WpadDecision" = "3"
"WpadDecisionReason" = "1"
[HKCU\Software\WajIEnhance]
"unique_id" = "47936C0FEA50B790BD59E50713FEF01C"
[HKLM\SOFTWARE\Socia2Sear]
"AID" = "3673"
[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASMANCS]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASAPI32]
"EnableFileTracing" = "0"
"ConsoleTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 36 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Socia2Sear]
"TS" = "1478434084"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{24C5EDBC-2851-452A-B521-5DA992F6C1B5}]
"WpadNetworkName" = "Network 2"
"WpadDecisionReason" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASMANCS]
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Socia2Sear]
"mid" = "9c331592e812c97b86f3693753f893e6"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e1-da-d8]
"WpadDecisionTime" = "C0 D7 09 6D 26 38 D2 01"
[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASMANCS]
"ConsoleTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\be105bbb97d93cef6c0d6cf170a32291]
"Publisher" = "Social2Search"
[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASMANCS]
"FileDirectory" = "%windir%\tracing"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Adware deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"
The process 61fda4ee77910796d32333421184d8b6.exe:1524 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:
[HKCR\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E]
"LocalService" = "0323361c87c4374d1b9678cf26352f9d"
The Adware deletes the following value(s) in system registry:
[HKCR\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E]
"LocalService"
The process 61fda4ee77910796d32333421184d8b6.exe:656 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Socia2Sear]
"IExplore" = "1"
Dropped PE files
MD5 | File path |
---|---|
b628b65f1e107eda3fc281dc1b6e159e | c:\Program Files\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe |
8341cef98f8ad18d6bec0373705b7955 | c:\Program Files\be105bbb97d93cef6c0d6cf170a32291\815346a4778321839cef8ab48bf110e2.exe |
4fec221eb7addc22a2acc68da554f377 | c:\Program Files\be105bbb97d93cef6c0d6cf170a32291\dc6d02d096c74fb10e2d25b209aafe9b\qqytbxfm.dll |
a3ed6f7ea493b9644125d494fbf9a1e6 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\IpConfig.dll |
80e34b7f576b710d100f6e7c0bed0c2e | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\MoreInfo.dll |
2e0785f18f8714393bc4bc1fe170eadf | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\NSISList.dll |
d63975ce28f801f236c4aca5af726961 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\SimpleSC.dll |
c17103ae9072a06da581dec998343fc1 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\System.dll |
6bdb7d00a9766c9fd0a067ccf0e03961 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\brh.dll |
d7a3fa6a6c738b4a3c40d5602af20b08 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll |
97960d7a18662dac9cd80a8c5e3c794b | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\md5dll.dll |
acc2b699edfea5bf5aae45aba3a41e96 | c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsExec.dll |
2eb862dca5d4e59759a3348b2c19b5b6 | c:\Windows\815346a4778321839cef8ab48bf110e2.exe |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
nsC8ED.tmp:2264
61fda4ee77910796d32333421184d8b6.exe:1524 - Delete the original Adware file.
- Delete or disinfect the following files created/modified by the Adware:
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\ce1c22c865645f1f8a89a398e374a17f.exe (13304 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe (11110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsEE3A.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\MoreInfo.dll (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\SimpleSC.dll (1896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\OQFJK3FB.txt (803 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsE9D6.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7Q30U04Y.txt (803 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\441136ae10b200e9992f407b66b2554e (2104 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Social2Search Website.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\682AIKA9.txt (543 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsExec.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\md5dll.dll (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\IpConfig.dll (4254 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss92DE.tmp (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\NSISList.dll (2457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\QIHBCSNO.txt (803 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb\bc5601ccb5de9f6cb8cd31285eef3bbe.ico (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F9C1.tmp (601 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\X15I46EM.txt (803 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0ITTGDW2.txt (99 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\815346a4778321839cef8ab48bf110e2.exe (40364 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\c850ebe35760d7b12fc1318953221f59.exe (19514 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\FA20.tmp (78068 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb\ffdefbf88c95cae97a1671206e9fe39e.ico (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F500.tmp (78068 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Settings.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll (46 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TGQ7LZCB.txt (283 bytes)
C:\Windows\815346a4778321839cef8ab48bf110e2.exe (70672 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsC8ED.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\get_local_output.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F491.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiFCFE.tmp (906 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Uninstall Social2Search\uninstall.lnk (2 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\SignIn with Twitter.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\brh.dll (22456 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ImaCC82.tmp (381 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\dc6d02d096c74fb10e2d25b209aafe9b\qqytbxfm.dll (1 bytes)
C:\Windows\Temp\ImaD47E.tmp (381 bytes)
C:\Windows\Temp\wjmE091.tmp (11964 bytes)
C:\Windows\Temp\wjmDE10.tmp (2500 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\e214f9b15940fe19bca2f6de222d6969 (28 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Local State (8063 bytes)
C:\Windows\Temp\ImaE61A.tmp (381 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 34204 | 34304 | 4.40433 | f8d2a37891617b4484d193e89fa938e0 |
.rdata | 40960 | 4632 | 5120 | 3.46186 | 305338a83ba78cc3d317b03c418f77d8 |
.data | 49152 | 150520 | 5120 | 3.54223 | 10e030d6c33374df83208e6631bff2fd |
.CRT | 200704 | 4 | 512 | 0.042395 | f250c6e48e7e5b84656c9aed51a409a2 |
.ndata | 204800 | 7921664 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rsrc | 8126464 | 16128 | 16384 | 4.10581 | e360b9bfc072f570471f33d8fe5d5f48 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 16
bee9380f542d20959e724a93843af8dd
6c2cf5c4cb6fcc0a46cd61c677bdedf3
b38101212f32a69c4b851a4442d3bef1
0d9058da7215fd6b720556e58f6edf77
a6046d368ba8b10cb7f1b9f294ceaa4c
6048afcdaadb43724a4acca52c410caf
522cc11c45b6b2da2bbbd00085ae975e
820f73ddc1fab785c57c55696b07d8c2
a7564a7e5c34382d298316646d8c3cb3
93e1502902c20da7cb537043312d7155
73238098ade6bfd393f594b25da38f47
744167ff24274fea6e73b748cb152c59
e7437f43e286b6ecd1ffb6c92b75c633
77554c8c8d95c7e19ef9ca1169613b91
2e9a33c9062d98f88e2de6a32c6a3110
2e29e77b4d131520ea76e1c8c9dd554d
Network Activity
URLs
URL | IP |
---|---|
hxxp://www.technologieyvonlheureux.com/installer/getTimestamp | |
hxxp://www.technologieyvonlheureux.com/installer/start?v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/web/log?evt=10001&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/logging?evt=1&pge=0&pr=0&ar=0&dr=0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=1.0&getinstructions=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=2.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=3.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/web/log?evt=10023&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= | |
hxxp://www.technologieyvonlheureux.com/web/log?evt=10035&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= | |
hxxp://www.technologieyvonlheureux.com/webenhancer/injections?v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= | |
hxxp://www.technologieyvonlheureux.com/webenhancer/config?v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= | |
hxxp://www.technologieyvonlheureux.com/web/log?evt=10004&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=4.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/web/log?evt=10042&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=5.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/webenhancer/update?v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2=&retry_count=0&retry_version=&sc=1&scfr=&ie_status=-2&ch_status=-2&ff_status=-2&avs=0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0 | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=6.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/downloadsLog?unique_id=47936C0FEA50B790BD59E50713FEF01C&affiliate_id=3673 | |
hxxp://www.technologieyvonlheureux.com/installer/urlsLog?unique_id=47936C0FEA50B790BD59E50713FEF01C&affiliate_id=3673&br=iexplore | |
hxxp://www.technologieyvonlheureux.com/installer/installedProgramsLogs?unique_id=47936C0FEA50B790BD59E50713FEF01C&affiliate_id=3673 | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=7.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/installer/progress?section=8.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/index.php?firstrun=1&bg=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0 | |
hxxp://www.technologieyvonlheureux.com/installer/finish?v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/web/log?evt=10002&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://www.technologieyvonlheureux.com/index.php?firstrun=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 | |
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00401.0 | |
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.7/jquery.min.js?1.00401.0 | |
hxxp://platform-eb.twitter.com/widgets.js?1.00401.0 | |
hxxp://www.technologieyvonlheureux.com/js/min_general_en.js?1.00401.0 | |
hxxp://www.technologieyvonlheureux.com/js/min_fancybox.js?1.00401.0 | |
hxxp://www.technologieyvonlheureux.com/css/min_bootstrap3_social2search.css?1.00401.0 | |
hxxp://www.technologieyvonlheureux.com/css/min_fancybox.css?1.00401.0 | |
hxxp://www.technologieyvonlheureux.com/css/min_signup.css?1.00401.0 | |
hxxp://main-social2search.netdna-ssl.com/imgs/app/social2search/login-twitter.png | |
hxxp://www.technologieyvonlheureux.com/css/min_general.css?1.00401.0 | |
hxxp://www.technologieyvonlheureux.com/js/min_signup_page.js?1.00401.0 | |
hxxp://e6845.dscb1.akamaiedge.net/crls/secureca.crl | |
hxxp://e8218.dscb1.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== | |
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCB2zJf1Xylv2 | |
hxxp://googleadapis.l.google.com/css?family=Signika:400,300,600,700 | |
hxxp://stats.l.doubleclick.net/dc.js | |
hxxp://www.technologieyvonlheureux.com/css/webfonts/Lato-Black-webfont.eot? | |
hxxp://www.technologieyvonlheureux.com/css/webfonts/F37F5_0.eot? | |
hxxp://main-social2search.netdna-ssl.com/imgs/app/social2search/login-bg-img.png | |
hxxp://scontent.xx.fbcdn.net/en_US/all.js | |
hxxp://scontent.xx.fbcdn.net/connect/xd_arbiter/r/fTmIQU3LxvB.js?version=42 | |
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= | |
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEA7LCTmysQFUuJVwx7Irekc= | |
hxxp://www.technologieyvonlheureux.com/imgs/social2search/favicon.ico | |
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCB2zJf1Xylv2 | 173.194.44.67 |
hxxp://fonts.googleapis.com/css?family=Signika:400,300,600,700 | 173.194.222.95 |
hxxp://connect.facebook.net/en_US/all.js | |
hxxp://staticxx.facebook.com/connect/xd_arbiter/r/fTmIQU3LxvB.js?version=42 | |
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js?1.00401.0 | 64.233.165.95 |
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= | 93.184.220.29 |
hxxp://platform.twitter.com/widgets.js?1.00401.0 | |
hxxp://crl.geotrust.com/crls/secureca.crl | |
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== | 23.43.139.27 |
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00401.0 | 64.233.165.95 |
hxxp://stats.g.doubleclick.net/dc.js | 173.194.222.155 |
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEA7LCTmysQFUuJVwx7Irekc= | 93.184.220.29 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCB2zJf1Xylv2 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 02 Nov 2016 20:45:11 GMT
Expires: Sun, 06 Nov 2016 20:45:11 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 314612
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..20161102130147Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....%.W.[.....20161102130147Z....20161109130147Z0...*.H...............]W...@b.E.o.}...\T!.^...'..%.d4.......a.D.....,.i...'......{P....}..?k1....g......&k.......49O.p...VO....u...^.Q.b........._.r.q-MS...`<.^...r*..[...v;.A$<..P...O..f$.....LmfP.........8|=.{(..n.1 bD.... 89;...$iQ]\...\)e.........Q......hn.\..o|e....^!T7.HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Wed, 02 Nov 2016 20:45:11 GMT..Expires: Sun, 06 Nov 2016 20:45:11 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Age: 314612..Cache-Control: public, max-age=345600..0..........0..... .....0......0...0......J......h.v....b..Z./..20161102130147Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....%.W.[.....20161102130147Z....20161109130147Z0...*.H...............]W...@b.E.o.}...\T!.^...'..%.d4.......a.D.....,.i...'......{P....}..?k1....g......&k.......49O.p...VO....u...^.Q.b........._.r.q-MS...`<.^...r*..[...v;.A$<..P...O..f$.....LmfP.........8|=.{(..n.1 bD.... 89;...$iQ]\...\)e.........Q......hn.\..o|e....^!T7...
GET /web/log?evt=10001&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:05 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=a4sl3us21dqoar8bgqfou12de5; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340857514934; expires=Mon, 06-Nov-2017 12:08:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434085; expires=Mon, 06-Nov-2017 12:08:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w13|WB8dK|WB8dK; path=/
GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com
HTTP/1.1 200 OK
Server: Apache
ETag: "422ad394b282092665011bc408d8ad5e:1478433628"
Last-Modified: Sun, 06 Nov 2016 12:00:28 GMT
Date: Sun, 06 Nov 2016 12:08:42 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..161106114300Z..161116114300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H............X.Hb5b...*s0.!..J9.w9.t....!.....x....wlU...c@gf.r@.~.)8W%..........3.*_./..N7Y]6t..:....4.1Rh6...p....%.E.p......../....0../...HTTP/1.1 200 OK..Server: Apache..ETag: "422ad394b282092665011bc408d8ad5e:1478433628"..Last-Modified: Sun, 06 Nov 2016 12:00:28 GMT..Date: Sun, 06 Nov 2016 12:08:42 GMT..Content-Length: 325..Connection: keep-alive..Content-Type: application/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..161106114300Z..161116114300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H............X.Hb5b...*s0.!..J9.w9.t....!.....x....wlU...c@gf.r@.~.)8W%..........3.*_./..N7Y]6t..:....4.1Rh6...p....%.E.p......../....0../.....
GET /index.php?firstrun=1&bg=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Sun, 06 Nov 2016 12:08:29 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=5vu5bai044r1utlhfcrf402gl0; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341092622323; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434109; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:30 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Location: /signup?aid=3673&inline=0&afr=0
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w67|WB8dQ|WB8dQ; path=/
GET /webenhancer/injections?v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Host: VVV.technologieyvonlheureux.com
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:19 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=hhftotsi9gsqu5105r3o210ud0; path=/; domain=.technologieyvonlheureux.com
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340998259899; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434099; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=39,90,74,82,12,39,61,65,64,29; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Connection: close
Transfer-Encoding: chunked
Content-Type: application/octet-stream
Set-Cookie: APPSESSID=w12|WB8dN|WB8dN; path=/
6f16......:`x....d4-.%!.J....SJ...-3%....H%:9.[.M....a;'.5.].m..o..gm....L.f(Wn.{.Ro.aJ.3_...8P.D.2....^..e.(Q.....B..QC...]...2P...!sb.L&..l..v]...R.........oz...w.A..F.#..P.!..>......y(...O....v2a...*'.<.0.1.~U>'.E.>....a....X...7.w..r..A.[..%..u....8........j.|A..........e....;G.~............Q<..7DK\...q...\.~..Q..F...D.....BRW6'. p..K.....D..D)h1..80..x.>Bx.........'.............du_..D/.TT..i.9.ic......a.../..k..4..$.@j........T...Mj....-..x.>.=.Zd.Y...z*.(:...WE..N.LZe....r...BD.3.}R.H..db1...s..g..?....P[............`.q?.q. t...Z........i.[..0%P..i.W.......{c.R...'...tZ)J2..g.X....(..W....Fz -.)..Yo.;8..=.......^..u..........Om.I....D...V...4.I.HV.?fDvn~....z...FK...At.Q............(ON3..-.I.5..=..x.<&S"..?t.|1..E........Ok..S$.a...[.......Uw~..-...!.|a....\B.......A..1..w.J.-aU..S.;....Y'.j......!Y...$.x..........4:...,S..mJ..[...._\...G.p....9..(lz.\.)*:...|......r.......4..l.{.7%..7...P6...k4.L...'g...........{.pH7W..3Y5{....oF...v.._.,x.^..b.T...^......%k..tR....9..K....\XX_.....[....z.y..'w.,.....>`.d...QO7[<!....Q.g0.4-........y)....5...Z.X..o.].c.M(S.o._.3......4a:.a...9..#c....Z5..:$....n...q.H..;^..#"....<.g..,`.>)'"M.d..R........*"..........D..Q..d...jN.q\y......0....^...9p.....9......a.Q.S.....i^..B...I..3Q|.if.J}..W..%..r.*..k ._..[P..d...ZXj.......*...c..B.9C.rx.|._..n.>..v`...iT.....F....].O..>..)..9?.VP5.....g.......h. ........8.T.h2.:....B6@..`...`~0.........%.t1.G%.f..."G...eS..{.v`S.......KQ@....O..S_.6..[d......6g.%....._s....JC.x../..K..A'UF...
<<< skipped >>>
GET /web/log?evt=10004&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Host: VVV.technologieyvonlheureux.com
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:20 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=ehinbuiir4prret4ssopvj7es6; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341001639678; expires=Mon, 06-Nov-2017 12:08:20 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434100; expires=Mon, 06-Nov-2017 12:08:20 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:20 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=39,22,25,75,63,83,89,63,76,61; expires=Mon, 06-Nov-2017 12:08:20 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w17|WB8dN|WB8dN; path=/
GET /imgs/app/social2search/login-twitter.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: main-social2search.netdna-ssl.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:41 GMT
Content-Type: image/png
Content-Length: 5243
Connection: keep-alive
Last-Modified: Mon, 09 May 2016 20:37:45 GMT
ETag: "147b-5326ec7ebd36c"
Accept-Ranges: bytes
Set-Cookie: APPSESSID=w5|WB8dT|WB8dT; path=/
Cache-control: private
Server: NetDNA-cache/2.2
X-Cache: EXPIRED
.PNG........IHDR...6...R........Q....sBIT....|.d....2IDATx...w..T... ....v...c.q;.M.{.&.Y..b(f...v(..e.e...`(...40K.C.R.a)..<.8..S....v.;.s._.t..I.....:=..W.....z..s.=Wb....v.A..... U.J.^....8.I$X....\x..[.%.M.....X%..4.@z........... .'1.6.......KU....i:.~.. ......yl.>.ds.d......u_.A.f...U.......<Uw.v(...w.M.^.r....0..F1..tjF........LV7s..W=.>.e.w...,r..T'..N...t......J...&.\... ...W.i.......@EL.....&$..U...B..)...[.v...O.F..`..&....T...T..).L...!0..................{.kB..a..._<x..G.Yk..)............w/&Q#.b(a.......k..p....7;W..Z..{.[,...`.. .".b..'..^.F...Y..ZkEw..Z&......A..0aB...^...6.f............A$.p.Up...t,UWTd.k.`.. .".....[..(L .....0a.`.. .")...E..q.6..u..wE..;..&..pF..D...i;..).F..1.8....{.X.. .b.I..A....... .........F.........<....bK.. .b8I.Q...l7$....l-4 .t...... .b.I.....,vF.F.D6.P...<8....."n....R..n..0.........!......vv..PR. ..8...........$.m...'.u.\.....xT|..... .,..p.$.w~......"n....V.;....?A.C..F%..!cr....z1.<....B...G.....Y%b...,........c.G.*^[K.F.'.Y..vv.&H..u.....i.....N*j....c....~.2.3KE\76 .. .." ......]=......7...'.c......J..%...\........O{{. .........6.L..Ksp_...$...r..tM<.cr.4t..eu....7.z..{..xd..%...,wLv....xb.0...9%........y.........VI..pO......NC......&.V......V......oC..S..\xD...F.........B..Vk..s..O..AE3(K...........6.T..U.........4..k.$...{g...3....S...R..#E|}$....c. ..zu./1.d....&.M..&.......`......^\:Z.h...3._.8......u]*.m.....,o...&*.sgy...\..9.2.....wGe<.S.zM-....\<6.c...Z......T.K....9>.u....U.......9....dx..DN......-Cc.&..,^..xTbWN..ozsw.K
<<< skipped >>>
POST /web/log?evt=10042&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Content-Length: 277
Content-Type: application/x-www-form-urlencoded
Host: VVV.technologieyvonlheureux.com
..U..
.k.....i..........,w.E.....5 ...c}.@>...qQ..&.....#\>.....8DSC.........!............e....m.....u......a.r.....C.......&....o.&-....c......C.e..=e.U.k.\L.>.$H.
.ps...g.....e
...
(V.XS...E...;..u)D.9<.uc....6....}...3*...q..T...z.... U9.w......N?-.hM.$.o.=...._4>..qI
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:21 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=7q1ukpgiccdju7q7ekqfo5ffr2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341018943668; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434101; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=39,59,15,84,54,9,2,38,24,27; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w1|WB8dO|WB8dO; path=/
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCB2zJf1Xylv2 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 02 Nov 2016 19:55:20 GMT
Expires: Sun, 06 Nov 2016 19:55:20 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 317603
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..20161102070147Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....%.W.[.....20161102070147Z....20161109070147Z0...*.H.............V....R4F..k.g.......^.......E_I.........h...I.@...E...dT.8.`...y..c...|..8s~..7.`W......".......WH..w..r.V......5.An.g~.#...d..Y&.DT3.!|.q..:.\\.u.....a...gw.z...H..5..(..0...O.2....w....H...x.V.........>.A.u ....z....fko.....X..8M....H..f>.;j./.o... .`.T.HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Wed, 02 Nov 2016 19:55:20 GMT..Expires: Sun, 06 Nov 2016 19:55:20 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Age: 317603..Cache-Control: public, max-age=345600..0..........0..... .....0......0...0......J......h.v....b..Z./..20161102070147Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....%.W.[.....20161102070147Z....20161109070147Z0...*.H.............V....R4F..k.g.......^.......E_I.........h...I.@...E...dT.8.`...y..c...|..8s~..7.`W......".......WH..w..r.V......5.An.g~.#...d..Y&.DT3.!|.q..:.\\.u.....a...gw.z...H..5..(..0...O.2....w....H...x.V.........>.A.u ....z....fko.....X..8M....H..f>.;j./.o... .`.T...
GET /installer/progress?section=2.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:13 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=jlsgq50hs57bg9pfqdn4qbm7l1; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340939525590; expires=Mon, 06-Nov-2017 12:08:13 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434093; expires=Mon, 06-Nov-2017 12:08:13 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:13 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:13 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w32|WB8dM|WB8dM; path=/
GET /widgets.js?1.00401.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: platform.twitter.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Last-Modified: Tue, 01 Nov 2016 23:44:43 GMT
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Etag: "fbfd77ed3a7a01d7ce6ff7ca0baa7a4d gzip"
Content-Encoding: gzip
Content-Length: 32775
Accept-Ranges: bytes
Date: Sun, 06 Nov 2016 12:08:41 GMT
Via: 1.1 varnish
Age: 1080
Connection: keep-alive
X-Served-By: cache-tw-fra1-cr1-3-TWFRA1
X-Cache: HIT
X-Timer: S1478434121.386304,VS0,VE0
Vary: Accept-Encoding,Host
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
............k{.F.0.....0Y..[...m.....L4...J....=.............OU....(..d..'y.......u..."..$.\..{.ssS........9.z7.H.xs..~....w......A.......2..b.(y...g.w...@..fp~^.TU..i?.n...W....4.c......|r=..{O.......Uyw.w...w.L..$;..^-.......</.r|...$.W..|..-Y......7F...Za.(LS7Q-........Z.1.?,..,.'.....@O.`9L#/\....-.!.......b....../.}.../.XrR.mnF.......yz.F.........{I....$<.r..^.X....j....U2.\O.6[.).....5 .\..n.......'PAQ(.x'vc..ArR........u.....,....`K.<-....`G...<Z.......)...w.....p.]........X^....V\.v.2*.y.x.|..(p*....%.........(y.8.j......m..~..<.E...qxqp..@.]....<....g...w-?...bE...I..^....z.."..x...P.Q.....K...........EU...v|G....."....;.....}...").|....<L..=..*..4..............W^..8}.e.........$:x.................3.|x..EO.............>.Q.tg..$..a..........~4......)......d..p...y/..6=..^.Eq..`............g...dvwv.......>.2..2|.>}.wG{;...~L..>....=.w.D....`4}...._..x7zJ........'.......C.......`|.........tX...g...$...[.)..p .QP.......y.oo.......bL....(.m;..Co........9....y...{....v<V..=....}R?G....b......w....w....yo.cs,.....>.0..P.2p..3.....c.].m..K..~1.........p`.?...}_....n.w.....!.......v.|E..a)....5.s.Ma.4&8.y..q........,../....b .^......8..c......../......x.^r8.....v.....,>.........,...QB.......".L2.>(..z%...<.E.L......TR~.........E..uT[..Y...5YH<U..UR....Cb...Q.J-[.....GU.A..:..............p.@....S.......*,e...9.t.I....Z..&E......?.oz.._..:.9.....co....$..%....h.z..'.)._........MWU....F^og8...._-..........Y.U.r..X.i......./..i.YU$....../...Ub....?>..x......-..{
<<< skipped >>>
GET /index.php?firstrun=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434107; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34
HTTP/1.1 302 Found
Date: Sun, 06 Nov 2016 12:08:40 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=rlivefmasanafnoloud4mvv1v1; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434120; expires=Mon, 06-Nov-2017 12:08:40 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:40 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:40 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:40 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Location: /signup?aid=3673&inline=0&afr=0
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w20|WB8dS|WB8dS; path=/
GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1
Cache-Control: max-age = 564348
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1362
content-transfer-encoding: binary
Cache-Control: max-age=593013, public, no-transform, must-revalidate
Last-Modified: Sun, 6 Nov 2016 08:48:44 GMT
Expires: Sun, 13 Nov 2016 08:48:44 GMT
Date: Sun, 06 Nov 2016 12:08:43 GMT
Connection: keep-alive
0..N......G0..C.. .....0.....40..00.......j.#.p.e$.\ps.*.. .j..20161106084844Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U....... ...:.....20161106084844Z....20161113084844Z0...*.H....................?....@~...r[...0}..r.lg..........Y.....9F3.DOzk..}.B..'.....)......e"J~].G.a.......1.g.' .......w..f,.J.D...#..E....=6{....!9....t!.T.y....2NT.9.h.S.......N...f...... .a.....5X......10....L..@.Q.A.1....mq.@.....b...D...K...v,AiX..1....5F=..X.....2U.....0...0..|0..d........:.0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Global CA0...151203170230Z..161214170230Z02100...U...'GeoTrust Global CA TGV OCSP Responder 40.."0...*.H.............0.........[.c.#zj......RME.....,......(..U......!-.l..R..E.~..%."./8mv..D...*...Rx........mw.~2..Q5T\.H...Wk*..a.z.$._..T......;T.S.r(._*.G....^.P.!.3..t.......s......P....C._.g.b.oK...EV..>...>.|.o.~quo.............v4..Tt....Q.]A.Y......... w.E..=.%.n7.......{" *C........0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U...........0...U.......0.0 ..U....0...0.1.0...U....TGV-C-670...*.H...............aEc<..'R......]C.ri.Zm.....|..B.$..76..h....l...Xbxua...C.X.S....~K..A..._.T@$.....9(.... ......\.*.....5.b.x...[QM.._9P.=..l...gf..L.?..3 ......Z....._...20R;...x.......C..0....l.G.A..5TS>d.U......w.(\....v..9.z7.....J..;..'...u.Y...BB.@.2u.e..eW..J.U....
<<< skipped >>>
POST /web/log?evt=10035&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Content-Length: 433
Content-Type: application/x-www-form-urlencoded
Host: VVV.technologieyvonlheureux.com
"Chrome"
"Chrome Media Router"
"Chrome Web Store Payments"
"Gmail"
"Google Docs"
"Google Docs Offline"
"Google Drive"
"YouTube
]
"Firefox"
"Default"
"Multi-process staged rollout"
"Pocket"
"Web Compat
]
"IE"
"Adobe PDF Link Helper"
"Java(tm) Plug-In 2 SSV Helper
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:19 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=gomt8vjejoqp9n1h5e9uhto307; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340994137684; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434099; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=39,19,47,57,68,42,33,68,41,41; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w14|WB8dN|WB8dN; path=/
GET /installer/progress?section=3.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:14 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=idkkn56hjfddpc56i58dv2c426; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340943821025; expires=Mon, 06-Nov-2017 12:08:14 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434094; expires=Mon, 06-Nov-2017 12:08:14 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:14 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:14 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w51|WB8dM|WB8dM; path=/
GET /installer/progress?section=5.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:22 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=ic3uqmv1992pb0bb9janpuicg5; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341027425325; expires=Mon, 06-Nov-2017 12:08:22 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434102; expires=Mon, 06-Nov-2017 12:08:22 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:22 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:22 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w66|WB8dO|WB8dO; path=/
GET /css?family=Signika:400,300,600,700 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Sun, 06 Nov 2016 12:08:44 GMT
Date: Sun, 06 Nov 2016 12:08:44 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
12e..............Mo.@.....bo`R.Z...5.6...=....,..5..........p i....l....i.'!..x...U.1i. x1.........A..h.B...P.#n..Y.z,..@h..x.a..&...(r"F._.I.v..3.y.L..JLb..R9..j.6..9.u}..G=T......r4...z.E..v.<.h...c...(t.0^..G._.)......"\......5Y..G?..3.d{.........y(...\.Y.#<9.fj&.....u.e.?......qZ.Tm*....[.)Y...@.........a.....-..y.....0..HTTP/1.1 200 OK..Content-Type: text/css; charset=utf-8..Access-Control-Allow-Origin: *..Timing-Allow-Origin: *..Expires: Sun, 06 Nov 2016 12:08:44 GMT..Date: Sun, 06 Nov 2016 12:08:44 GMT..Cache-Control: private, max-age=86400..Content-Encoding: gzip..Transfer-Encoding: chunked..Server: ESF..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..12e..............Mo.@.....bo`R.Z...5.6...=....,..5..........p i....l....i.'!..x...U.1i. x1.........A..h.B...P.#n..Y.z,..@h..x.a..&...(r"F._.I.v..3.y.L..JLb..R9..j.6..9.u}..G=T......r4...z.E..v.<.h...c...(t.0^..G._.)......"\......5Y..G?..3.d{.........y(...\.Y.#<9.fj&.....u.e.?......qZ.Tm*....[.)Y...@.........a.....-..y.....0..
GET /js/min_fancybox.js?1.00401.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:41 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sun, 06 Nov 2016 14:08:41 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434121; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8131
Connection: close
Content-Type: application/javascript
Set-Cookie: APPSESSID=w20|WB8dT|WB8dS; path=/
Cache-control: private
...........=ks........1.!...I.....(....%.(..q. ..)H @..d...t..~.u..... ...%.Z..LOwOOO.f.mo...9.q...dh'~8#.]..i..4]...,.......vb..$..>...m......8I...g..,. %~HX?q..=..?...v].%.P...]..F$.N....A./.O........q<<.8&....x.....~.{..B.D....2t.'2.3.%{....g..:....?;K...7..t.'..(.y..........~z... .4!..x.........I...%.J@Hd.x(....L...^.Q<Otr.hI...h..y..S....N...G.^..S.."..}.\zf.tB.(.. *.(t}*%:h..f5g..X..D.........*..'.%v...Q."...OH......I.n.. ...?.b....%.B...t.....@...#. |zn.,.^..b............v.P....2.....u..|:..B{.!K..%,j.l.].g.!...(^.......{.....Y.....#L,.t..>...B..D.M. \p.C..sP.`.......L..Df...hL....?........~...w..g..................hL......|4.99>...?........x.?.....A..............h8..h..w.;....@B............tJx}..vD.qx4..-......3%.nt......>9.....'{.#rxrtx...g.;.......]....d..p...?....&b.&|.i.x.3(.vg...w.....wwt4.........X....p8...E>.y....}.9...............T.......h..Y..7>.....O......v......F...G....R.@..O.....t....xD.7...ztrx<:..`.?....>......>.......}F.(...:..a..G(_*.>.c.....`@..y,..2.?|.7z?......1}....,..8|.h...>.=..GUA.@.%].....;...i$...@%.#.>T...\..#.6..Z.MR.8.8.;AR..:...Qg.0..o..%.9.tf..*...6.$.2....<......y.&.qJ,R....Z6..lZW-.....3........2.qi......7.t.:.....N..."p......../N..J....l..@..X.a..5...r......Q..=....l.i.r...4.DB...8,-..<j...J.F....S.R4m@..t5".lon...9..&h...Z. ..Qe....w.*.*.<...Zi.mu.......!.....aD.... ..V$N...;T...PWHQ6..r....a...:..(..B...HH.bz.........}......ui.........A...C...}?..k..Y....g..RV._..S.gz...1o..;...."z.rXo...m2!f>.Et.n...A.8..R&..x
<<< skipped >>>
GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com
HTTP/1.1 200 OK
Server: Apache
ETag: "422ad394b282092665011bc408d8ad5e:1478433628"
Last-Modified: Sun, 06 Nov 2016 12:00:28 GMT
Date: Sun, 06 Nov 2016 12:08:42 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..161106114300Z..161116114300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H............X.Hb5b...*s0.!..J9.w9.t....!.....x....wlU...c@gf.r@.~.)8W%..........3.*_./..N7Y]6t..:....4.1Rh6...p....%.E.p......../....0../...HTTP/1.1 200 OK..Server: Apache..ETag: "422ad394b282092665011bc408d8ad5e:1478433628"..Last-Modified: Sun, 06 Nov 2016 12:00:28 GMT..Date: Sun, 06 Nov 2016 12:08:42 GMT..Content-Length: 325..Connection: keep-alive..Content-Type: application/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..161106114300Z..161116114300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H............X.Hb5b...*s0.!..J9.w9.t....!.....x....wlU...c@gf.r@.~.)8W%..........3.*_./..N7Y]6t..:....4.1Rh6...p....%.E.p......../....0../.....
GET /installer/logging?evt=1&pge=0&pr=0&ar=0&dr=0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:12 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=l03nh5jjfj1900d9hjf5ro0mu1; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340926478105; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434092; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w2|WB8dL|WB8dL; path=/
GET /installer/progress?section=1.0&getinstructions=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:12 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=5jebfbutnmp140nudcmfb89o93; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340921913994; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434092; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w9|WB8dL|WB8dL; path=/
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Cache-Control: max-age = 511667
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT
If-None-Match: "57ff143e-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=499258
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581eb58e-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:46:06 GMT
Server: ECS (vie/F2D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...20161105210000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20161105210000Z....20161112210000Z0...*.H.............:u.....)(........'....@WHh.B..6Ex.!K^..}H.1..r..0.Ds.6[..[.j.....M.{q,.>p.v...'Q........c.9|Z..j2..!.,z.. ..yG.L..k3.I...Y..p.7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O..$.aS.:]~*..KxP.2,0..D....M.#N......aF...CZ*..xt/.....B..{...~i.yeA..;..{..EMoB>...W8..HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=499258..Content-Type: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT..Etag: "581eb58e-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Modified: Sun, 06 Nov 2016 04:46:06 GMT..Server: ECS (vie/F2D5)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0.......>.i...G...&....cd ...20161105210000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20161105210000Z....20161112210000Z0...*.H.............:u.....)(........'....@WHh.B..6Ex.!K^..}H.1..r..0.Ds.6[..[.j.....M.{q,.>p.v...'Q........c.9|Z..j2..!.,z.. ..yG.L..k3.I...Y..p.7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O..$.aS.:]~*..KxP.2,0..D....M.#N......aF...CZ*..xt/.....B..{...~i.yeA..;..{..EMoB>...W8......
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEA7LCTmysQFUuJVwx7Irekc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=496111
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581ead2c-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:10:20 GMT
Server: ECS (vie/F2BA)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20161106033900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;.....9...T..p.. zG....20161106033900Z....20161113025400Z0...*.H..............0<.F...PlF....ly@?...r5..J.bYwT.F.|.)... ..-D..9%. #.k..9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G),sR. k.x..1.o..?...a.r.........)....`.... .P......6.....E..i%N.j...lw.j.l:..`C..#R..`8.....BQud...@...1...J.mT..6..I.@..C?....4$.. q...|...7.5...w..a...y.HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=496111..Content-Type: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT..Etag: "581ead2c-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Modified: Sun, 06 Nov 2016 04:10:20 GMT..Server: ECS (vie/F2BA)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20161106033900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;.....9...T..p.. zG....20161106033900Z....20161113025400Z0...*.H..............0<.F...PlF....ly@?...r5..J.bYwT.F.|.)... ..-D..9%. #.k..9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G),sR. k.x..1.o..?...a.r.........)....`.... .P......6.....E..i%N.j...lw.j.l:..`C..#R..`8.....BQud...@...1...J.mT..6..I.@..C?....4$.. q...|...7.5...w..a...y...
<<< skipped >>>
GET /installer/progress?section=6.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:25 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=j99nudh0f6ad5nu1vm3urtpme2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341055624630; expires=Mon, 06-Nov-2017 12:08:25 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434105; expires=Mon, 06-Nov-2017 12:08:25 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:25 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:25 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w22|WB8dP|WB8dP; path=/
POST /installer/downloadsLog?unique_id=47936C0FEA50B790BD59E50713FEF01C&affiliate_id=3673 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.technologieyvonlheureux.com
Content-Length: 0
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:26 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=vo7vi6ivng3trr1iuu5r10pui5; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341069875129; expires=Mon, 06-Nov-2017 12:08:26 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434106; expires=Mon, 06-Nov-2017 12:08:26 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:26 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:26 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w8|WB8dP|WB8dP; path=/
GET /webenhancer/update?v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2=&retry_count=0&retry_version=&sc=1&scfr=&ie_status=-2&ch_status=-2&ff_status=-2&avs=0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Host: VVV.technologieyvonlheureux.com
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:24 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=tqj3dbb2pk62tph7d960m9dar4; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341043367090; expires=Mon, 06-Nov-2017 12:08:24 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434104; expires=Mon, 06-Nov-2017 12:08:24 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:24 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=39,12,47,39,82,74,94,16,62,69; expires=Mon, 06-Nov-2017 12:08:24 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 99
Connection: close
Content-Type: application/octet-stream
Set-Cookie: APPSESSID=w28|WB8dO|WB8dO; path=/
....n*..o.a........%.."........YI.U......?..B..(.Z..sIe. ,9...........Yf....T......t......z...:.i....
GET /css/min_bootstrap3_social2search.css?1.00401.0 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:41 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sun, 06 Nov 2016 14:08:42 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434122; expires=Mon, 06-Nov-2017 12:08:42 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:42 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 18546
Connection: close
Content-Type: text/css;charset=UTF-8
Set-Cookie: APPSESSID=w20|WB8dT|WB8dS; path=/
Cache-control: private
...........}k..8r._.{bb......T.S..v....O....>.%R%.P..........H$.$....E.;<[...Df..$..}{(/...Nv..(.=6...4y]..&_..oE;i....)..O.....}L.......k..*.v9..Kq|..i...2..M...,o..l...e....:.?.u>.UU...}.f..^..|....8>.....~.7.V.h.....% .S.~{.....kz..j.M...f|...:o..g.ke .cY...h..9....$-....&mr^ .=..../[...*.O...cu...y..o..~..Y..?...........M......M.UY..m.8|J...^.....3c...b.\.s.I.l.l._..-.O.MU3.L6U.V....u..?....7.......I.*....(...[.?.-....O.X..*?..'....8..WV..ER.C..O....v.....Ri.h..........T5...c.36.1.....O...mA.sLmuz.D.F..}Q..DS^R.^.7..../BJ.5S.....]Y}y.".J..#N.x....u__..Z.7.WNiq|y..g..EL..........h.I.mu.VL...dL%.q..N.t;T..i.6..........1.8...s;.N...._l2...d....&.35....>IY._..%.s...2.=H..1...... .XA..b1....~;.?..OcP..\.:%L....t..NO.<e....l..=..#.T.......6.RF]..vk./.Q...s....(D....fR..l!.....).2.<..Z....*..q -.`4.}......t...;B..f......RC!..x>l......L.f.....jJ.../....BU.....{rL..!O..p...y...X.e.d....`C..|[.)_.(...-:g.k."...f.-...V..Oz.....Zg.R.Te....d..Z./.1....Twu...[.[..z......MI....Q.qm.q..._.|.."..j6...8~..l:...t.4.,..P.NU....IZ.}.1.8[@....~..GOh...k..._..E.....#.1..U.e_..Of.B........m[....F.>...3.-...@..~~..;.?6E.M.fb[.'..C....c.....m^..V..^..<~a;.&...d.....sUd..ou.vA.{"w?......^......C.u......y......x?.T.i...8{b`....UV..bX..2.........m....D....m.R..(.........3.>.4....&/..1.k.L.O.!..9bSA...._x<...{..&c.(#(...`..Y..m.......v..Le......i.K..SSo..u.>.....?....^.M...\.u.....M...E. .~.q3......-`..lR............T........mA..>.7..v{?X..2...bg.?}.F.....-&...y,. ?...[.'.|....."..:.v..]..U.iN.6
<<< skipped >>>
GET /js/min_general_en.js?1.00401.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:41 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sun, 06 Nov 2016 14:08:41 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434121; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30573
Connection: close
Content-Type: application/javascript
Set-Cookie: APPSESSID=w20|WB8dT|WB8dS; path=/
Cache-control: private
.............v.8.(.;^...V...2..c"E.u<t.;.IR]U....DJb,..H.q.:.q..>.....$....;..J......=..h4._.Q<...<....V}....h8..w...g.[.....x._.:...2..Y.....U<..&."r^M.u.T..$.3.......,.'.E..'..."N>..7.>9.d.O..*.O.y.N3'......4.%.8r...O..........~..i~;..l..$...?..q.f..b:.6.I.....{:.:..,.A..d0O7?.W.I.'...q.=.....y.L2......T.K..|.n4d...P.%.x......B........'.:s/..A..%C/.v........i.w...}..........dB..E..z..~1......h.~....,......t.Z.vYO../.p..I..J,....D..9`.....JM...~.:.;qwR..j.7......Yg...n.|0.b.n.f.S;K...A.3:.......k..A.,.vq...Z...Fx0..A..8<.xm..J..0.....2M'q8Umn.j~.G'_gZ..,]..q..6._.<...I..q..7L.ZL.d.LcLV?0'.M.~..#.*~-.y5....E.....QI..h..s..`....x:.....f.....a.P#.6;Q}...r...f0.B2.*.{8....Z........U(:Dh....bG@..........<.5.]....|..w..$......@>_..t^Kh..I.......C.......=.._...,...p.76.u..........1A...y.^".F...=jkP....a.....l.\.*...w.Y...H...I...f.. ..-...!.>S.l.}G.....e=Cv....-..8....;..).......yw3..8...mp.e...p0....W.,8...K...K..C2.....O&y<...k...68....8.._..l_...S.>.....=.cH2....#..o. .JNQ......~W........7...^vj.I.."".kI..........^..b. ...Ea.j..kft.~ ../.G..t....|.....n.Db.V.g...p...V5..5.......@nq)......~yX..$..K.5.e6B}.0.l..".....xc......<.0/...,..q...R..H......"..o..L..tQ.M&0....A..c..z..e4p1.1..Al...v.(..$xX........R...b1.^W...8o)...[.N.(......&n.M.o2.\.N...c...G$.3............r...Z(..v..v..}.n.a...?<.%i.../.Y.B?H....D@..q...]..;....x.8Y....4#Z=.`-...4.j...T.@..oA.......;...!..p.\..E\S.F...3....Mt.DZ...v_~.....7...WE....{.q@.`]Y..7F..@.r..H........0.....D0k.....B..0.....y........
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Cache-Control: max-age = 511667
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT
If-None-Match: "57ff143e-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=499258
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581eb58e-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:46:06 GMT
Server: ECS (vie/F2D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...20161105210000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20161105210000Z....20161112210000Z0...*.H.............:u.....)(........'....@WHh.B..6Ex.!K^..}H.1..r..0.Ds.6[..[.j.....M.{q,.>p.v...'Q........c.9|Z..j2..!.,z.. ..yG.L..k3.I...Y..p.7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O..$.aS.:]~*..KxP.2,0..D....M.#N......aF...CZ*..xt/.....B..{...~i.yeA..;..{..EMoB>...W8..HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=499258..Content-Type: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT..Etag: "581eb58e-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Modified: Sun, 06 Nov 2016 04:46:06 GMT..Server: ECS (vie/F2D5)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0.......>.i...G...&....cd ...20161105210000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20161105210000Z....20161112210000Z0...*.H.............:u.....)(........'....@WHh.B..6Ex.!K^..}H.1..r..0.Ds.6[..[.j.....M.{q,.>p.v...'Q........c.9|Z..j2..!.,z.. ..yG.L..k3.I...Y..p.7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O..$.aS.:]~*..KxP.2,0..D....M.#N......aF...CZ*..xt/.....B..{...~i.yeA..;..{..EMoB>...W8......
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEA7LCTmysQFUuJVwx7Irekc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=496111
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581ead2c-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:10:20 GMT
Server: ECS (vie/F2BA)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20161106033900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;.....9...T..p.. zG....20161106033900Z....20161113025400Z0...*.H..............0<.F...PlF....ly@?...r5..J.bYwT.F.|.)... ..-D..9%. #.k..9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G),sR. k.x..1.o..?...a.r.........)....`.... .P......6.....E..i%N.j...lw.j.l:..`C..#R..`8.....BQud...@...1...J.mT..6..I.@..C?....4$.. q...|...7.5...w..a...y.HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=496111..Content-Type: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT..Etag: "581ead2c-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Modified: Sun, 06 Nov 2016 04:10:20 GMT..Server: ECS (vie/F2BA)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20161106033900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;.....9...T..p.. zG....20161106033900Z....20161113025400Z0...*.H..............0<.F...PlF....ly@?...r5..J.bYwT.F.|.)... ..-D..9%. #.k..9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G),sR. k.x..1.o..?...a.r.........)....`.... .P......6.....E..i%N.j...lw.j.l:..`C..#R..`8.....BQud...@...1...J.mT..6..I.@..C?....4$.. q...|...7.5...w..a...y...
<<< skipped >>>
GET /web/log?evt=10002&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:32 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=dfb70m77u4d4keeodlvpnbeb63; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341128429013; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434112; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w9|WB8dQ|WB8dQ; path=/
POST /installer/urlsLog?unique_id=47936C0FEA50B790BD59E50713FEF01C&affiliate_id=3673&br=iexplore HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.technologieyvonlheureux.com
Content-Length: 406
Cache-Control: no-cache
Cookie: PHPSESSID=vo7vi6ivng3trr1iuu5r10pui5; _wau=14784341069875129; _wal=1478434106; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; APPSESSID=w8|WB8dP|WB8dP
hXXp://go.microsoft.com/fwlink/?LinkId=129791
hXXp://go.microsoft.com/fwlink/?LinkId=129792
hXXp://go.microsoft.com/fwlink/?LinkId=121315
hXXps://ieonline.microsoft.com/#ieslice
hXXps://VVV.mozilla.org/en-US/about/
hXXps://VVV.mozilla.org/en-US/contribute/
hXXps://VVV.mozilla.org/en-US/firefox/customize/
hXXps://VVV.mozilla.org/en-US/firefox/help/
hXXps://VVV.mozilla.org/en-US/firefox/central/
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:27 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434107; expires=Mon, 06-Nov-2017 12:08:27 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:27 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:27 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
POST /installer/installedProgramsLogs?unique_id=47936C0FEA50B790BD59E50713FEF01C&affiliate_id=3673 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Filename: nsiFCFE.tmp
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Content-Length: 459
Connection: Keep-Alive
Cache-Control: no-cache
7-Zip 9.20
Adobe Flash Player 23 ActiveX
Social2Search
Google Chrome
Mozilla Firefox 49.0.1 (x86 en-US)
Total Commander (Remove or Repair)
WinPcap 4.1.3
Wireshark 0.99.6a
Microsoft Visual C 2008 Redistributable - x86 9.0.30729.4148
Java(TM) 6 Update 18
VMware Tools
Java Auto Updater
ActivePerl 5.16.2 Build 1602
Google Update Helper
Microsoft .NET Framework 4.5
Microsoft PowerPoint Viewer
Microsoft .NET Framework 4.5
Adobe Reader 9.3.4
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:28 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=kg2996i2b84m0jots8mavlbcf2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341084013938; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434108; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w29|WB8dP|WB8dP; path=/
GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com
HTTP/1.1 200 OK
Server: Apache
ETag: "422ad394b282092665011bc408d8ad5e:1478433628"
Last-Modified: Sun, 06 Nov 2016 12:00:28 GMT
Date: Sun, 06 Nov 2016 12:08:42 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..161106114300Z..161116114300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H............X.Hb5b...*s0.!..J9.w9.t....!.....x....wlU...c@gf.r@.~.)8W%..........3.*_./..N7Y]6t..:....4.1Rh6...p....%.E.p......../....0../...HTTP/1.1 200 OK..Server: Apache..ETag: "422ad394b282092665011bc408d8ad5e:1478433628"..Last-Modified: Sun, 06 Nov 2016 12:00:28 GMT..Date: Sun, 06 Nov 2016 12:08:42 GMT..Content-Length: 325..Connection: keep-alive..Content-Type: application/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..161106114300Z..161116114300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H............X.Hb5b...*s0.!..J9.w9.t....!.....x....wlU...c@gf.r@.~.)8W%..........3.*_./..N7Y]6t..:....4.1Rh6...p....%.E.p......../....0../.....
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Cache-Control: max-age = 511667
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT
If-None-Match: "57ff143e-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=499258
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581eb58e-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:46:06 GMT
Server: ECS (vie/F2D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...20161105210000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20161105210000Z....20161112210000Z0...*.H.............:u.....)(........'....@WHh.B..6Ex.!K^..}H.1..r..0.Ds.6[..[.j.....M.{q,.>p.v...'Q........c.9|Z..j2..!.,z.. ..yG.L..k3.I...Y..p.7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O..$.aS.:]~*..KxP.2,0..D....M.#N......aF...CZ*..xt/.....B..{...~i.yeA..;..{..EMoB>...W8..HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=499258..Content-Type: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT..Etag: "581eb58e-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Modified: Sun, 06 Nov 2016 04:46:06 GMT..Server: ECS (vie/F2D5)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0.......>.i...G...&....cd ...20161105210000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20161105210000Z....20161112210000Z0...*.H.............:u.....)(........'....@WHh.B..6Ex.!K^..}H.1..r..0.Ds.6[..[.j.....M.{q,.>p.v...'Q........c.9|Z..j2..!.,z.. ..yG.L..k3.I...Y..p.7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O..$.aS.:]~*..KxP.2,0..D....M.#N......aF...CZ*..xt/.....B..{...~i.yeA..;..{..EMoB>...W8......
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEA7LCTmysQFUuJVwx7Irekc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=496111
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581ead2c-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:10:20 GMT
Server: ECS (vie/F2BA)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20161106033900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;.....9...T..p.. zG....20161106033900Z....20161113025400Z0...*.H..............0<.F...PlF....ly@?...r5..J.bYwT.F.|.)... ..-D..9%. #.k..9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G),sR. k.x..1.o..?...a.r.........)....`.... .P......6.....E..i%N.j...lw.j.l:..`C..#R..`8.....BQud...@...1...J.mT..6..I.@..C?....4$.. q...|...7.5...w..a...y.HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=496111..Content-Type: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT..Etag: "581ead2c-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Modified: Sun, 06 Nov 2016 04:10:20 GMT..Server: ECS (vie/F2BA)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20161106033900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;.....9...T..p.. zG....20161106033900Z....20161113025400Z0...*.H..............0<.F...PlF....ly@?...r5..J.bYwT.F.|.)... ..-D..9%. #.k..9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G),sR. k.x..1.o..?...a.r.........)....`.... .P......6.....E..i%N.j...lw.j.l:..`C..#R..`8.....BQud...@...1...J.mT..6..I.@..C?....4$.. q...|...7.5...w..a...y...
<<< skipped >>>
GET /imgs/app/social2search/login-bg-img.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: main-social2search.netdna-ssl.com
Connection: Keep-Alive
Cookie: APPSESSID=w5|WB8dT|WB8dT
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:45 GMT
Content-Type: image/png
Content-Length: 2520039
Connection: keep-alive
Last-Modified: Mon, 09 May 2016 20:24:41 GMT
ETag: "2673e7-5326e9931c20c"
Server: NetDNA-cache/2.2
X-Cache: HIT
Accept-Ranges: bytes
.PNG........IHDR.......\...... ......gAMA......a...@.IDATx...k.%.....Wuk$..B.&..L.}..`...0h..k...V.[u.? .w..........{.................Wo.....W.^.~....7o_...|x.._..z..]>...W...........o.^..O^o..........>||....W.....u......7o;............W......z..[.............^........;K....W..|{....Wo..../....O.^}..Y.....~d..O.~{......[....7s..M.{..}0..........2.........?|..............t.f.........b.<6............Wor].7.a...H{...^C....). .....W_.|m...~.R:.. ..V.....s_.}....y...Q....?!>}..d*..L...}E.7.........L......._;~...u......7s|..........g:....X........n..G...]|...L.."K.|yl....G.~..7.....:....,.|..........>..7..c?F...7......h......Gx............M....C.-..>...z. ....|..%x.[.h...E..~..g.q|.......]........1.E........B....../?.......>T........Q.L....g~dN.Py[..70....o.../.._...&..8.^.........i.3}..~.~........9..;...}~.C.26}.g.<.......sb.Y...m./.......g.i.T.....~.........,.^........Q...#...G..en..g.{~..]..a.:......J.O...x......t.........9..5..>4.........X.....s...9......m...GO_C..~...z.%nW..$......?../O.k...g...............=...o..0.....}.N.._....I<{...o.&7......M.a.C........*....O..-.)v%......7..]0..>=..&=6...8,..&c[.N.....l.?{p.....J.......C9@%s...V..o..&Zp...:.'&..En.:c../<D...I.l.|...~......ZG<....7.....k..y.'X..k.7.c...5}.\..g...>..<..O..~1.z.....W..'..Oq.....=...?se0a[.w.S.c#.c.x....;.....k>..,w-~....7..Wc.9b...fS.%*......6y...;..~GQ.E...K.j..N..\..;.%..K.._.....9.......zr<.a.6..~...R93.x:....vv!...dk.9(.$w..{...LP....}.X.g...<~...x.F.7~...!.....ozh.H=..W..g._<....z.%
<<< skipped >>>
GET /installer/getTimestamp HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:04 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=grulj1pnksagiapuikkdk8ifa1; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340842021152; expires=Mon, 06-Nov-2017 12:08:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434084; expires=Mon, 06-Nov-2017 12:08:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=0,91,10,51,81,86,83,5,52,84; expires=Mon, 06-Nov-2017 12:08:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 10
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w16|WB8dJ|WB8dJ; path=/
1478434084..
GET /installer/progress?section=8.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:29 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=ip86d1ccjd8dkiqnjr2o8qkon2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341098383326; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434109; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w1|WB8dQ|WB8dQ; path=/
GET /css/min_signup.css?1.00401.0 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:41 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sun, 06 Nov 2016 14:08:42 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434122; expires=Mon, 06-Nov-2017 12:08:42 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:42 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 616
Connection: close
Content-Type: text/css;charset=UTF-8
Set-Cookie: APPSESSID=w20|WB8dT|WB8dS; path=/
Cache-control: private
...........T...0...TQ.D...B......o..d`.w.m..a....Kv...iT^.{|f.93.Y.jR."..........#...&F.K.XES#a..`.......$.../..L(DU..._.G....o-g.. !Q..u..%.*..)..15.......:..B.Q.b...V..8....H.KF1"....dcv.?!S...M.8/T.Y..'.1. .. YD2....L..P.b.H. ..C....d`.B..a/J`[.&.... .D....w....-.....vY..&.....E4........."...Z.]h..4...".....9. .(..DPk...@.(..z...2......q.....w.f.iC....u..P..k.]S&..@.....KD.!A....V.yOe..r0.ct.qx=...v.9#.[r.......Y...8:..9....*.$.........s'...n.HG........\AA....Xs....I..)......3*...X....G.]{....v.F.Y...}....{.........M..N....,P:W.Y.^....r...b....6..#..k.}........)....,Y..R.......}...j.......<.G[..i...^........
GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1
Cache-Control: max-age = 564348
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1362
content-transfer-encoding: binary
Cache-Control: max-age=592825, public, no-transform, must-revalidate
Last-Modified: Sun, 6 Nov 2016 08:48:44 GMT
Expires: Sun, 13 Nov 2016 08:48:44 GMT
Date: Sun, 06 Nov 2016 12:08:43 GMT
Connection: keep-alive
0..N......G0..C.. .....0.....40..00.......j.#.p.e$.\ps.*.. .j..20161106084844Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U....... ...:.....20161106084844Z....20161113084844Z0...*.H....................?....@~...r[...0}..r.lg..........Y.....9F3.DOzk..}.B..'.....)......e"J~].G.a.......1.g.' .......w..f,.J.D...#..E....=6{....!9....t!.T.y....2NT.9.h.S.......N...f...... .a.....5X......10....L..@.Q.A.1....mq.@.....b...D...K...v,AiX..1....5F=..X.....2U.....0...0..|0..d........:.0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Global CA0...151203170230Z..161214170230Z02100...U...'GeoTrust Global CA TGV OCSP Responder 40.."0...*.H.............0.........[.c.#zj......RME.....,......(..U......!-.l..R..E.~..%."./8mv..D...*...Rx........mw.~2..Q5T\.H...Wk*..a.z.$._..T......;T.S.r(._*.G....^.P.!.3..t.......s......P....C._.g.b.oK...EV..>...>.|.o.~quo.............v4..Tt....Q.]A.Y......... w.E..=.%.n7.......{" *C........0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U...........0...U.......0.0 ..U....0...0.1.0...U....TGV-C-670...*.H...............aEc<..'R......]C.ri.Zm.....|..B.$..76..h....l...Xbxua...C.X.S....~K..A..._.T@$.....9(.... ......\.*.....5.b.x...[QM.._9P.=..l...gf..L.?..3 ......Z....._...20R;...x.......C..0....l.G.A..5TS>d.U......w.(\....v..9.z7.....J..;..'...u.Y...BB.@.2u.e..eW..J.U....
<<< skipped >>>
POST /web/log?evt=10023&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Content-Length: 942
Content-Type: application/x-www-form-urlencoded
Host: VVV.technologieyvonlheureux.com
7-Zip 9.20
Adobe Flash Player 23 ActiveX
Google Chrome
Mozilla Firefox 49.0.1 (x86 en-US)
Total Commander (Remove or Repair)
WinPcap 4.1.3
Wireshark 0.99.6a
Microsoft Visual C 2008 Redistributable - x86 9.0.30729.4148
Java(TM) 6 Update 18
VMware Tools
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Java Auto Updater
ActivePerl 5.16.2 Build 1602
Google Update Helper
Microsoft .NET Framework 4.5
Microsoft PowerPoint Viewer
Microsoft .NET Framework 4.5
Adobe Reader 9.3.4
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:19 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=pg8goq1gu85g7o8m9ffm8sm466; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340996807822; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434099; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=39,56,65,99,61,30,96,68,79,25; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w2|WB8dN|WB8dN; path=/
GET /signup?aid=3673&inline=0&afr=0 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:30 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=sf1v45nucnc8unf1qbf40nusf1; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341107850532; expires=Mon, 06-Nov-2017 12:08:30 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434110; expires=Mon, 06-Nov-2017 12:08:30 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=0,93,1,98,73,21,3,22,58,51; expires=Mon, 06-Nov-2017 12:08:30 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Length: 5089
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w66|WB8dQ|WB8dQ; path=/
<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xmlns:fb="hXXp://ogp.me/ns/fb#" xml:lang="en" prefix="og: hXXp://ogp.me/ns#">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>...<base href="hXXp://VVV.technologieyvonlheureux.com" />...<title>Social2Search.com | Download Social2Search for Free</title>..<meta name="title" content="Social2Search.com | Download Social2Search for Free" />....<meta name="description" content="Enhance Your Search Experience With Results From Your Friends! Download Social2Search and get Social Results and Recommendations in Your Regular Search Results | Social2Search.com" />..<meta name="keywords" content="Download Social2Search, Social2Search Download, Install Social2Search, Get Social2Search, Social2Search, Social Search, Social results, Social Search Results, Recommendations from your friends, recommendations, Facebook friends recommendations, Find a Friend's Facebook Post, Find a Tweet" />.......<!-- Google Chrome Web Store Verification -->..<meta name="google-site-verification" content="5KnCIaGgQoFFL2URoeiXrg0xTbPK3qJZLbDJpbIoC9U" />...<link rel="shortcut icon" href="/imgs/social2search/favicon.ico" type="image/x-icon" />..<link href="hXXps://fonts.googleapis.com/css?family=Merriweather:300,400,700,900" rel="stylesheet" type="text/css">..<link href="hXXps://fonts.googleapis.com/css?family=Open Sans:300,400,600,700,800" rel="stylesheet" type="text/css">
<<< skipped >>>
GET /ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00401.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ajax.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Thu, 27 Oct 2016 05:14:47 GMT
Expires: Fri, 27 Oct 2017 05:14:47 GMT
Last-Modified: Fri, 27 Nov 2015 19:30:24 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 89894
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 888834
............y..7.(..-}.6.gHF..$.E.........Z.dr5:.....1..a..4...[ P.F..c.vg.=...R....B-[.=XO>K~.?.lz.|..........a..br;./.g....N/y...w....g7..s9.M...~._l:....j = ...6}:OG.(.d.2.&..0.&..,yqx....O..'...e^..].W..e.o..^l.g.J...A..J8....qk.s>..f.m'y..q..1@.M~^_..J&..}6.%....MgY2*.a>......L.....m.B..l.]%g. ..Yr.a..m......$:X........q{.\.0..._s.C...\.?.... ..~.%..n.=?O:T../k...M..|:._.[.F..,...Z..J....{.......n...l. .=~~.......~......~...^B..<~}....'...[K..^.x....~.|...q..|.....T..t..|~s...........W.........?;......z..K..F~..|.%.y...........b........9.>|y......5b.>.Z/.....0.2X..../^?~...S.og..K..gO._<FXw.m.....>...S.@n...........?b..L......y...a..X........... ..5..Y.~......G.D..sj{..!Nu.....|...?.....QO..../a.#..`......|.F...p.a.|...x..:y<.M....?.Q.G...go.......7.)e....Qz.K........$ ..krpp......l.J.A.5<..,.\.........$.#y@gu...lv._e@y....v.A...t....9....&2HG#./......@..w.d.A.K.O'..m...%..b~.d...w.b.`Z.F..)..5..q^.....v.....u.M.We.%..m.....t..~..D..}....gY9..8....'E.c..n..{...\...,[R...B" .../X..y>.e..R...|../:./..M6tp>....'GG.D......x..|V..p45 .....kl...m.v....R....og.~......(k........6a..#.<.3......2y.<...K8.._.UB....e{c.?.....'%....W._3.X.........:.....a..C.p.l'.I...4{..t4.h../s....kO.....!.:oG*.r.^..i..m3'....... Hx..<Rr}....aP.arF.A"'\.>F&.*}...x\..s`..Z.o.k........Ja/.R{)..........:.-.^.2AtDpq\.&v..*..........vhiK.#.....\O|.Q)..T!..0..i1..3..6..X........d..<...E.s..e.....l...V......`..A........%)...P!....l".#o%..v=}5..C.....%...l.l....~..[.E...q.....2;..:v... ..l'..
<<< skipped >>>
GET /webenhancer/config?v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Host: VVV.technologieyvonlheureux.com
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:19 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=86jb7uggdj5jlnjf1djes7aqk2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340992775019; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434099; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=39,20,52,39,16,13,58,15,23,87; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Connection: close
Transfer-Encoding: chunked
Content-Type: application/octet-stream
Set-Cookie: APPSESSID=w29|WB8dN|WB8dN; path=/
155f5......:`x....dn...G>..T.....'U..Z..T...L.%...$Yu.-zp.!....r8*.0y...1.d.........j..9.hc...xWX...Y..N.C. .d..n.jT......[...<.}..#.%.{3#.b...@....W...<..m...7.X.. ....x.3.....[..}5...& k....|.m.1..fn....)T...;..GW.#>g5.A.J.pJQ.Qhu....Q.. .?..../!.k....}FX...ji...&.Y.......N...>....yE..........IA.V1.!.....`....b.M..&.......i...K.x.6.m....4|......W?x~F.......=...A3....h...."...Hr....k.C................O..........7.h..j..."M(...4xv.Y.t.........s.$....5.....B...V.J......v7H...b5..,...{...D...G.......-9...V..z.QK1....(h..a.MS...RR)i....n~.@.6.g1.........b.....2.E/n.......a...Ym.......}!u....RJ...p........{zO.o.iT-......C1k&mj.....9AS..f<...j.%..uG>p..KzW.e.....my.../......Q...>..Z..$.O.A/.X.[.aF...,]F.(...3.r.l%.....,.Y.B......lj..ot;1.6"C..:9u)................5..y...mm..Mk....W.....o.r.Z$...Q,q..m2.....*.$.z..3&..-..u...kEm...@zb.6...t.....Q..M..NBR.....~N..`C" '.;.Q.0..w.N....BM.I?3..<....6.E$.-.Z.:.jmLi..... .g.....n..)}..M.=..1m......;.!............Q..D.P......7...2D...U.....h.....5..F4....~aJ.m..!.z.W?$....f...^F..D`5..U[ti..j.. uk....@P.......d..M.}L.'{..*'......#..Y.....2."E.'.M...#P^0....AHe.a...w.....c....B...tC..8).MJ....... ..*.c.M(.;i..FE.%..(.\G..HX?."T.;.k...tc..84.0.WA....YAE1..;...n^Z..A.h......Y.A.m...'.~7d........m..S.7%....g.M!^...d..-].v..Pf..!...R;..-9!)a..3..K...I...............w,Cu.8..p'."$.@8.........{..oP.S....#.O...Y.V.#.F.i3W.{...R..m...L$8-s......&...?.J?..l........_0.....R....xg........wwk$..:.....Nv^'.....J..$.f..DmS.\..t.K8.......B0.'.[.....r...4..._P.O.#jA
<<< skipped >>>
GET /en_US/all.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: connect.facebook.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: a17fb71a1a0f9fe8f1ac75bd270cd266
ETag: "8cb6e5a3ee5717d0c084c670ee9114b2"
X-Frame-Options: DENY
timing-allow-origin: *
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data:;style-src data: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* hXXps://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com;
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
X-XSS-Protection: 0
Content-Type: application/x-javascript; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552000; preload
Expires: Sun, 06 Nov 2016 12:21:30 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-MD5: WS13IM Y6i4YSFBWj58 Pw==
X-FB-Debug: W0GBFxyNJfAqCHR4yj mn7aEyJq8Cjkbs7f11Xahv7hMBK6EcBdhNG8MDUd5/PdrMcIa1yOOPlpQryhcX5Myrw==
Date: Sun, 06 Nov 2016 12:08:45 GMT
Connection: keep-alive
Content-Length: 58308
............{..8.0............./..............I...'....B..y...H.d.I..>....L...,.J..R].~..?}v|t..y........$N..Yg.&q.ts........ n.z....._.?...J?A...$..MK.E'h'...!.T....%..q.tK...LJ.^Pz5...#.x.....>Q:...Eo:.5....yUP.j2.>..vz...7.>.......k:. -.a.M......R.j....\.........?...T........._z/.WG.d.L.FA.^5K%.S..M....vZ..=.F...\S_..$..&qV..v....pYV.U..jGD...W....0...... .w.......`..Q...k...>k...G......?..x....(.i...I..U.UU.....".....z.4..t..:..N.L... .M.{,.. ...H.t.@L.JT...J...dR*..B....?/.>[...z.......O.<_.<...~.%a.....{f.|r.....o.D...>......z.......d.F0.M......6...S......h..R\J....d*.......{....$..U..j..p'].q.m....R.1I#.1..a..Xym_.8,.......;..... .3.EQ..D........R.....U.......U.kU..:..m........:k../.e....._.....:..i......So..W.TGb"....z...\...S..:..NE79.-.b..(.#8.8.....S..A....Z.~y..6`.n......?........S..T./..M...ws......uP......l....T8.0.. ._m..>b..86..........~..Ny....00...........a..H.6O$b.I..5..jB_8....P..|c.[.B.....S..ZC..y...KWa[....|......NL..C.U.~\.&.Y.Tp).q5.`,.5W..$.l.c../.U..8O..2.K...`6D.mS.&........M.F.W.U...U'...$.`...`..o..g..^..7.....o..u.....t..6Ar..i..G#.=.k.|.. ..6..t.}Qd.<.].@..o....%...Y8..V..,...e..i.......Q@.d.....l....."....#.<...d2M......)...;;..H?../...7. .........z.]P..^YT}..........$....4..S.</A.%@.R;..............t].......Jt.g.$.......&,X.O.Z3z.6#8..).O.^.w.]....%S.h.a...@..\.../...UA.....\..^....jA......-....!f.4...7..... 8Wfi.N..*..ox.......\..`.....PL.o..(....g.i...x.^..Z..k ..=P.\4.!G...p..] ^qG...z......R.....>...;.g...en.wY...;;y5..@..KO...(....
<<< skipped >>>
GET /imgs/social2search/favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434122; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dT|WB8dS
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:51 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Mon, 22 Feb 2016 16:43:16 GMT
ETag: "5a596-52c5e8791889d"
Accept-Ranges: bytes
Content-Length: 370070
Connection: close
Content-Type: image/vnd.microsoft.icon
Set-Cookie: APPSESSID=w20|WB8dV|WB8dS; path=/
Cache-control: private
............ .h...f... .... .........00.... ..%..v...@@.... .(B...;........ .(...F}........ .( ..n...(....... ..... .........................J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..I ..M1..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J-..........S8..J,..J,..J,..J,..J,..J,..I-.._H%.`I'.J...J,..I ..............K...J,..J,..J,..T8..Q6..........................^G'.........O2..J,..J,..J,..J,..R6..................................nX8.L...J,..J,..M...P/..Q0..............}c?..d>..d>.~d>.............Q0..O/..M-..V3..Y4..Z6...............gB.`8...vU...r.............]:..Y4..V3.._8..a9..tR"..................i?.yS..................~^2.a9.._8..g=..i>..{W#......................a..._)..............c3.i>..g=..nA..pB..rD........................q.wF..............uI..pB..nA..tD..wF..yG................S.{I..}J...l8.............yG..wF..tD..yG..|I...K...S...................................Z..~K..|I..yG..~J...L...M...Z...]...........................]...]...M...L..~J...L...N...O...Q...R...S...W...q-..r/..X...S...R...Q...P...N...L...N...O...Q...S...T...U...V...W...W...V...U...T...S...Q...O...N...O...P...R...T...U...V...W...X...X...W...W...U...T...R...P...O..................................................................(... ...@..... .........................O...K,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..K,..N...K,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..E*..YB#.F ..J,.
<<< skipped >>>
GET /css/webfonts/F37F5_0.eot? HTTP/1.1
Accept: */*
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Origin: hXXp://VVV.technologieyvonlheureux.com
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434122; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dT|WB8dS
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:44 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Tue, 09 Feb 2016 18:41:20 GMT
ETag: "1025c-52b5aa9da82b9"
Accept-Ranges: bytes
Content-Length: 66140
Connection: close
Content-Type: application/vnd.ms-fontobject
\.................................LP................... .....3...........................&....V.e.r.s.i.o.n. .1...0.0.0.;.P.S. .1...1.0.;.h.o.t.c.o.n.v. .1...0...5.7.;.m.a.k.e.o.t.f...l.i.b.2...0...2.1.8.9.5.;.c.o.m...m.y.f.o.n.t.s...u.r.w...c.o.o.p.e.r...b.l.a.c.k.-.d...w.f.k.i.t.2...6.7.t.X......&C.o.o.p.e.r.B.l.a.D................`OS/2g......D...`cmap..u4........cvt .!.....H...6fpgm../........egasp.......@....glyf...... H....head...$.......6hhea...p...X...$hmtx$..#...|...Ploca...........4maxp.:.k....... name..W........@post:.p$........prep.. ...................................................3._.<......................W....................._.........X...K...X...^.~..............................UKWN.@. .....!...... .............. .....................&. .....~...S.a.x.~...... . . . " & 0 : .!"..... ...R.`.x.}...... . . . & 0 9 .!"...................p.H.G.F.E.B.9.3...h...............................................!.....W.^.............................M.......4.(...!.X. .X.!. ...e.....!...C.....X.^.X.<.,.......,.#.....X...X.(.X...X...X...X. .X...X...X...X...,.#.,.....!.X.<...!.........;..........."...............".......s...;...y...t...>...........................4...#.....................{...'...............M.7...y...................B.......d...q.......m...........Z...........................s.......Z...k.........#...........[.....4.(.X.M.X...X...X.........A.........{.........!...........2...!.X.<.............X...X...,.#.................................;...;...;...;...;...;...................
<<< skipped >>>
GET /installer/finish?v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:32 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=1puqibqvk9jug8kffdqrobj696; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341121831392; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434112; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w69|WB8dQ|WB8dQ; path=/
GET /css/min_fancybox.css?1.00401.0 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:41 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sun, 06 Nov 2016 14:08:41 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434121; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1531
Connection: close
Content-Type: text/css;charset=UTF-8
Set-Cookie: APPSESSID=w20|WB8dT|WB8dS; path=/
Cache-control: private
...........Y.n.6....."..:.l.Y..b.v...>.C..J.l".).t....wH]L...u.....)...3...".<~...1.....\(...aJ7$.k..3....T...&z.N.|3_..X.b.a.....(p....'.J*!.\P....'"S&...&....DyB6.x...t.P.3..r..?.m.^B.vPq..[ib...V........q!..'.fxA..dW......J...@.,.....p..b.Xd.4[...J=..|qy.`4......m?4u..t.Y..qb...... .2!...E.J..M....!..X.5...b....n;$....Ek.=R..|H..V...=Q&^...<..J...O..[.W;..5......]D...q}$L.....3..4O..^... ...~.....^$H..R.3..86` -1W9.`...].1..d...L"........x.F..'.<..$9..CS...`2...J...o..V.pi..}O...5PG:.R.m,....N......e..7.WnM(z.%...6..i6.....v.......A^3B5......!.....xGbA.!.9.*.GL..nV.....Z2..-.Z.,t2..P...>t..W.~.{.z8b.?..4....M`.x.....EX6|_([.Os.,F4.m..g..X........lg2;v.....)..>.Y4.s..Gu.o.....3..K0...I(............w.].i....D..(..9.C...b.......z(.Yd..b......EOT. .....|.....1.-....a.......}.....D...Gz.~5.@L.t......=H......H.{.....~..j!....0.}..j.....^..r....5.'3..c.u.{.........t......T3R...%..l.c........7..:.7I.bR.......k.d{.-L*h.......].&.]..1.UQY.O&.nk7........[G..x........m.5..(..cN..*...r./_..[..N(w.......Jy0RJ.4.....I..>.T.......p.....q......0.CwX..4h..=[y:i.f.....MCbV..l.........GoK.x.h..-..(#j.0.....h..[.."........GT.:,<.....i.I~.c.f=..1..;.}.2p..R..&..X.$...?L`}3.R!..W.K.D.G.Y..v.O..hWJ....>..js........H>]*.....C..t.....O...!*.u.....v.RN.?/.Zi._...0'. .9)..u<...T|...w..rE.>G...;S....$...Zto.r.NZ?..g3...(....^R5*,..H.(f....u.O....G.A(.ik......D.v..D..j/..*..*.a.j..#.{../.....a....sk..6.=.a.$_..ixW.|a..........^.6./...k...Z... .o....-..R..f....f.....N..Z.D.......u..q..Dke...>..:5....
<<< skipped >>>
GET /css/webfonts/Lato-Black-webfont.eot? HTTP/1.1
Accept: */*
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Origin: hXXp://VVV.technologieyvonlheureux.com
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434122; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dT|WB8dS
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:44 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Tue, 09 Feb 2016 18:41:20 GMT
ETag: "8832-52b5aa9daa1fb"
Accept-Ranges: bytes
Content-Length: 34866
Connection: close
Content-Type: application/vnd.ms-fontobject
2...`.............................LP....J`.@........... ....T.os....................L.a.t.o.....B.l.a.c.k...H.V.e.r.s.i.o.n. .1...0.1.0.;. .W.e.s.t.e.r.n. .c.h.a.r.a.c.t.e.r. .s.e.t.....L.a.t.o. .B.l.a.c.k.................FFTMZps2........GDEF.......(... OS/2...I...H...`cmap.R.i........cvt ...\...|...Ffpgm../........egasp.......,....glyf...2...8..x.head...........6hhea.1.#...@...$hmtx p ....d..."loca.u0`........maxp........... name7.O........ppostlO.....,....prep^..y... ...@.................8.'.....8. ...................................'.........3.......3........................@.`J........tyPL. . ...q.q...... ........%..... .....................................(. .....~............ . . . . " & / _ .!"......... ............ . . . . " & / _ .!".....................j.e.b.`.\.Y.Q."...a ................................................................................................................ !"#$%&'()* ,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a...................................cd.~..hf.i........e.....................b.....xy|}z{.................................................%.......=...............:...J. ...1.R.../.A.4.L.D.........#..........,...K.*PX.JvY..#?... X=YK.*PX}Y ......-.., ... -..,KRXE#Y!-..,i. .@PX!.@Y-..,.. X!#!zX...Y.KRXX...Y.#!.. X.FvYX...YYY.-..,.\Z-..,."..PX. .\\...Y-..,.$..PX.@.\\...Y-..,.. 9/-.., }.. X...Y ..%I# ..&J..PX.e.a ..PX8.!!Y...a ..RX8.!!YY.-..,.. X!...!Y-.., ... -.., /.. \X G#Faj X db8.!!Y.!Y-..,.. 9/ . G.Fa#. .#J..PX#..RX.@8.!Y.#..PX.@e8.!YY-..,.. X=..!!. ..
<<< skipped >>>
GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1
Cache-Control: max-age = 564348
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1362
content-transfer-encoding: binary
Cache-Control: max-age=593013, public, no-transform, must-revalidate
Last-Modified: Sun, 6 Nov 2016 08:48:44 GMT
Expires: Sun, 13 Nov 2016 08:48:44 GMT
Date: Sun, 06 Nov 2016 12:08:43 GMT
Connection: keep-alive
0..N......G0..C.. .....0.....40..00.......j.#.p.e$.\ps.*.. .j..20161106084844Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U....... ...:.....20161106084844Z....20161113084844Z0...*.H....................?....@~...r[...0}..r.lg..........Y.....9F3.DOzk..}.B..'.....)......e"J~].G.a.......1.g.' .......w..f,.J.D...#..E....=6{....!9....t!.T.y....2NT.9.h.S.......N...f...... .a.....5X......10....L..@.Q.A.1....mq.@.....b...D...K...v,AiX..1....5F=..X.....2U.....0...0..|0..d........:.0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Global CA0...151203170230Z..161214170230Z02100...U...'GeoTrust Global CA TGV OCSP Responder 40.."0...*.H.............0.........[.c.#zj......RME.....,......(..U......!-.l..R..E.~..%."./8mv..D...*...Rx........mw.~2..Q5T\.H...Wk*..a.z.$._..T......;T.S.r(._*.G....^.P.!.3..t.......s......P....C._.g.b.oK...EV..>...>.|.o.~quo.............v4..Tt....Q.]A.Y......... w.E..=.%.n7.......{" *C........0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U...........0...U.......0.0 ..U....0...0.1.0...U....TGV-C-670...*.H...............aEc<..'R......]C.ri.Zm.....|..B.$..76..h....l...Xbxua...C.X.S....~K..A..._.T@$.....9(.... ......\.*.....5.b.x...[QM.._9P.=..l...gf..L.?..3 ......Z....._...20R;...x.......C..0....l.G.A..5TS>d.U......w.(\....v..9.z7.....J..;..'...u.Y...BB.@.2u.e..eW..J.U....
<<< skipped >>>
GET /js/min_signup_page.js?1.00401.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:42 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sun, 06 Nov 2016 14:08:42 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434122; expires=Mon, 06-Nov-2017 12:08:42 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:42 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 333
Connection: close
Content-Type: application/javascript
Set-Cookie: APPSESSID=w20|WB8dT|WB8dS; path=/
Cache-control: private
.............j.1...-......%ji.T.....>..8...&K2Q...M6...^y....d2...._.......r......h.g_.w..g.R*X..YH....X.-.bH;$..[f.P...;X.kk.....6j..(.V*. N.c..r... ..H..c...XZ.s`E.... `..]J../."cS....C..v.....<.Rc#.....i.?..O..;gBO.....!._..2,.....J...'V.u..W..\<.6.E..........5..>.E...0 .>.;;u.....l.....};>....~5. ..g6...7_q..O...9.\1..o....o.....
GET /dc.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: stats.g.doubleclick.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Date: Sun, 06 Nov 2016 11:06:28 GMT
Expires: Sun, 06 Nov 2016 13:06:28 GMT
Last-Modified: Wed, 28 Sep 2016 20:19:01 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 15977
Age: 3736
Cache-Control: public, max-age=7200
...........}kW....w~........pk..f......Z.R..Y.C 8i.pi......b..}.>g..Kl...}4....d....O...-.....`~...E...]7..>..>....Pf.a.yU."HCC...i...T*..b.....'..Olf[.Y.[c6P/.....'n.m'..m.... !_XXll..&..(..E..V=/.u.X..%.w...i..rDoT.....?>z..1`.D...y...y7. \...5ZI...TA..........C...p3..A..x.k.q4.2...?L.k=.v....4.:sB[...l.w.o {.....?Nc....|..........q.........[.n..2..X~.......S.f.]h~....7:.n...m.C#6...........#....y...7.|..f.W.>..wS......)..Q....i......z......D.`...7N....y.C;....`1....x..p.tG.L..=..1r...M..2..)xa...{0!..5...^...7..."..........J8... ...5.O....l...r...|....R...P.0ok.8.Z.2....i|...S.y.od...~..k.>.....0vGr.mI.....0.&&yg.sf2......m.....G=0..B.6..u....A.h.A.0.V.:.-...j..L.....5.E.[...Q.{2imA......T........~. ...0*%.....>......hX...ga1./$......f.#..d,.|www5/XX...c5..D-.....p.h..8D.@./.X,.....&gTV..5..,.x..?.....(.>?6Sy.].`.]...'-"....-...........(.n.@_"p"`.*...T.1.$..t.....o?.."../.kX.)L.....-.....E1M.....@..T.F9.,HP........# ....d...-,.......-.j..BS....9...%.~Sug,...`."...4a..@.p]..yn.i(5.....U.r..$j..0{|.i.5........H}.......A=..&.Vq....4<..*7c.<b.....OQ8X...&..a/a.....aI.j.7.E.:cuV=.P.q..d.....X....#..@.T...q......U.T~.@.C......S.#....Q.....K......A.y._....z|..9...9.zM......%m........m).?4.Q...c.....PTDB&..7.-G....E.....E.7.t.V..G....._..!.....xt..}.......Ev..x..a.{...d.. .q./..OB|..6..{....a^.......@?.......o.....*T.;/Oa.......J..........I.)......J..#..A....FS.....t.H..h...W..|B.~..t.6..........t"<..z..||.......8..B9......x.a....m.V[.=...K!..\.....w."d...=>.B..(K...u.....~.".@b
<<< skipped >>>
GET /signup?aid=3673&inline=0&afr=0 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:40 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434120; expires=Mon, 06-Nov-2017 12:08:40 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:40 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:40 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1996
Connection: close
Content-Type: text/html; charset=utf-8
...........X{o.8......X..v..d'..e.h.(....%.........."U..-\..oHI~5... .-.....3..>......).....z...S.t.......l6.f..TI.=88.... ......L. .P.p<....r*....#..1..=...M.....r........u$>|.....Ka@.....#Q.....MhE9"..*..............2A.kz..&Br.0(.R.....y...#.A........;.@U4... 9.3.%...&.KE..@/,..:....i.V....J.5..t.Xf.. ..bBE......PN..(.v...L.............X.~J.*b...V..v..P..OS .&L..W....d..|%.;..vk.=@1.*. .=.Y{C...M..6..M...-.Gh....m.J.....^...0..-.%..q...F.&g4....5.#..ML .4.....f.}3.0..1H...}.|.2.@.'(.:.F..H.._..c.9...7,..S.f......'............b.......t.7...w.......o..\..|.3.3......'R.(7.E..L.....u.................XJ...~y....^...$...:(....6..H.wc.2^...J..P3.u..........t:^%.)8..3j......~....._.).........qE.e..n..)-W.\.).....!.|.I.4!...s.j.....Q.~-...4R7.*.L.a...\q..Z.....^K. ....P.!........r@.^X.......E...t.iL..r6.....T.v...1H.@..u.N.M.?........2....V.~.^.u...b..f....x.X......^.h.a....C.{...4KD..3L......U...i....t.T).. B.6....j......F.lw.V.^..r.K.-L.=^u=...-a@@...HH...J@.[6&...Srp7X.o.9...[u.......wk(..w.Q9..4...9d..8u.S.....\^.?....x.^.":...c/2.....ay......V,...{..(.}..8...............m.4fx..Y...p.c..k.}...V..@...C..........v..w.v....I&...fWK.2d..4...._].47.r.-| %l...e.g..|.......o.].o..V.QqX..gya../h$...ke{..d...n.C...G...i.I..{..........m.m?F~".V..`.dOlT..>q.=.rv.q...Y.=B.E&z...:e0..Z..v.4E....". ....[.Y...}.d.....7,.t....ye7...9. .f..4I..Q.9....!...#...j....>o._.6.].....G."...@....k.k".2zU...*E....&..K.n;wGD..UH....c.....0....6..j..[........7.qA"N5......Z..!..FI.1.3..#k.%v..[.....)aq...|......TmT..i.@.E....7..
<<< skipped >>>
GET /installer/progress?section=7.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:28 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=d07ar9u04vrn17cocnmdc481g2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341086100816; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434108; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w28|WB8dP|WB8dP; path=/
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Cache-Control: max-age = 511667
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT
If-None-Match: "57ff143e-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=499258
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581eb58e-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:46:06 GMT
Server: ECS (vie/F2D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...20161105210000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20161105210000Z....20161112210000Z0...*.H.............:u.....)(........'....@WHh.B..6Ex.!K^..}H.1..r..0.Ds.6[..[.j.....M.{q,.>p.v...'Q........c.9|Z..j2..!.,z.. ..yG.L..k3.I...Y..p.7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O..$.aS.:]~*..KxP.2,0..D....M.#N......aF...CZ*..xt/.....B..{...~i.yeA..;..{..EMoB>...W8..HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=499258..Content-Type: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT..Etag: "581eb58e-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Modified: Sun, 06 Nov 2016 04:46:06 GMT..Server: ECS (vie/F2D5)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0.......>.i...G...&....cd ...20161105210000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......20161105210000Z....20161112210000Z0...*.H.............:u.....)(........'....@WHh.B..6Ex.!K^..}H.1..r..0.Ds.6[..[.j.....M.{q,.>p.v...'Q........c.9|Z..j2..!.,z.. ..yG.L..k3.I...Y..p.7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O..$.aS.:]~*..KxP.2,0..D....M.#N......aF...CZ*..xt/.....B..{...~i.yeA..;..{..EMoB>...W8......
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEA7LCTmysQFUuJVwx7Irekc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=496111
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581ead2c-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:10:20 GMT
Server: ECS (vie/F2BA)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20161106033900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;.....9...T..p.. zG....20161106033900Z....20161113025400Z0...*.H..............0<.F...PlF....ly@?...r5..J.bYwT.F.|.)... ..-D..9%. #.k..9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G),sR. k.x..1.o..?...a.r.........)....`.... .P......6.....E..i%N.j...lw.j.l:..`C..#R..`8.....BQud...@...1...J.mT..6..I.@..C?....4$.. q...|...7.5...w..a...y.HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=496111..Content-Type: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT..Etag: "581ead2c-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Modified: Sun, 06 Nov 2016 04:10:20 GMT..Server: ECS (vie/F2BA)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..20161106033900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb...Yr;.....9...T..p.. zG....20161106033900Z....20161113025400Z0...*.H..............0<.F...PlF....ly@?...r5..J.bYwT.F.|.)... ..-D..9%. #.k..9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G),sR. k.x..1.o..?...a.r.........)....`.... .P......6.....E..i%N.j...lw.j.l:..`C..#R..`8.....BQud...@...1...J.mT..6..I.@..C?....4$.. q...|...7.5...w..a...y...
<<< skipped >>>
GET /css/min_general.css?1.00401.0 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:41 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sun, 06 Nov 2016 14:08:41 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434121; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 18549
Connection: close
Content-Type: text/css;charset=UTF-8
Set-Cookie: APPSESSID=w20|WB8dT|WB8dS; path=/
Cache-control: private
...........}...H...h.0\.H2/IT&zf..............(.J.M.,.r.....xq...C.T.gm..DF..^D...k. .C58.....{.)..q|_..y...q.*v.V...l.].......>...F.7...).;..7o.....6.*}.........d..<ysw<.ny;....*]m.E^.g..O.>...Cz.,.|...iw...T...<Y}..g...H..../7Y..>.y;...]R}.&.-..:]..2.W_.......{(6....y).U.aW.Sz...?..<.&..7o.ZQ`.s.|C...h..v...9.g.[..L..l.O.-..:=.zO.b.e..>..e.......j.m....n..6.n..6.n'..tX..y.......ayH..0Y...du(._vC......U.N..4..7.a..f.....5.]...a..O.0...,.....B..y.$U..>...U....*).... ..jS......y. _..z...lE.&.....2...=..!.O.C......S9.'d.d..n....}s...............Uw.Rh5.GINN..erL.l.>i.I.$....1..1.M[.v...tr...<.rK.......=...o..Y.>..zd}...<O.cz{L...T)...,....IN,..c.~..P.tS..?.......B.w..H..>..7vO%..5..hs....<}...v..eN...&...........4Ov...7....G........WO..`..1.....X....... ..._O..Kq......f....o.t.....![W[X{...T>"t........MQ.C....L9m.'.m>.s..Jaf..d.....m...5^f..e.YE..h..;.P..wyZUhAG.....:].d....i....q...M.......n.....25..!.1.d.yv$.R}.9........[..l..,-.{.,.-F#r.5.....O.G.(..Y..y...*.r....O...]...Lw....w..k.B...Z.<m.gd..i.....o.F...&.&t6..d]<.....V`H6......P%..^g.2..hkyN...Ye.X..G...t.......H.m..>....!..W..t..v.pa@.p...SHz. .Wt6'.X..M>%.).:.{hL.._....N.8k........|.D.....8o@O..@v.9........ [....*v.|.FK.....aY|24..Cm.....U.8[.r....'z[.?..k.c'......c...d....RA.0.zS......DG?...........5.....v.O..>...9%...=.K...R.V..$.Y:...o....i.&..:.....s.iL.3.......@..^...d.r..|j.?}?.1|........).&..6..f 5.7.Xbo.v.$....w...i....D.)q..L}b.J.8...EUo..#,.<....M4.:J..........%....~....h...*..
<<< skipped >>>
GET /ajax/libs/jquery/1.7/jquery.min.js?1.00401.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ajax.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Tue, 25 Oct 2016 05:15:53 GMT
Expires: Wed, 25 Oct 2017 05:15:53 GMT
Last-Modified: Fri, 16 Oct 2015 18:27:31 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33622
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 1061568
...............F.?...).hM...H.l....qeYn...Xr.=,..\$..%.u.E......m|#2...,.g....H$... ..>o....6.|<....o..g..x......<.6...H..6?{.._..v......U.<.........|w.Y..;...b....p..qg......y.E.>.;Y>.o......~.w..&_....uy([.E...o..a<.....Y...d.}TY4.. .....^....|.._.I..(.....e.v=.?zA?.l......>5..x..2..{......~..7.|...].f./h\.W.7."....t....M.o"z./...?.y1...^..=...b.Q{._ ...-.Wi:H.....rgW`./K.\..\..._*.w.7....qg{.^.6;Z..oi.....E.w..g..b...ibm.....j/1.y'...X.,.Ce.1W@..D2...W5S...te].t..WQ~........t..i.x..;y.N.t.I.....?.....-`.......G[5.M..(..A.t.t.E..Q..m.h.....|u.......~..-.Z....>.m>..^..gq.......>..4..."..........|......>..lh....iSc.f.[...I...?Lh.....L...*..|s~...[..J.q........hK..xP.5U...y....j.n.l....Z..Z.u.......?.*..v.O....e.7..bI..M..7..6....gS:>...XN<.[>.vv.oV...u...]r>.NGA...p........s/....|Nx...-.;?....q.......Q.(..Ftj..s.p..e...........Y......Og....M.......W......#i..[.. *]...j.z.e.....f..VA?.3ss.........9..fC.{...d.[..xC..k/....!X.^.w.[....l.6.h9X.i...........c@.......@.[5.....6.v."..U...-..[. T`.&.....p2,F#...6...r...."<3-.;?P..QB.L....$.F..3.w?....cB...Gv....bU...<......s.......DP:.K..0kL51..5.E..P.h...D.....k..)^....n.x.&*..,........^.*...bfqD6.......,&.....{.........%%.J..c..'_.L.*f.}..h.........#o....$..G...'Bv.|.R...P.Q../1C.V&.l.9.....7%.e...Y=.t...:..^.g...|..........5.n.{.n.-COi...QK....o....>PO..s.../......o..............4Dc...l..I4A.j2....0.#x.'.n=5.....qa..L..}..<.~q5................N..7a^.h-.>..G.y...3..&.@..r.s.<.........G..W.Q.*...;.....*.
<<< skipped >>>
GET /installer/start?v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:04 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=sb30ufbssqerpn069qsljfldf1; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340844690433; expires=Mon, 06-Nov-2017 12:08:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434084; expires=Mon, 06-Nov-2017 12:08:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w26|WB8dJ|WB8dJ; path=/
GET /connect/xd_arbiter/r/fTmIQU3LxvB.js?version=42 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: staticxx.facebook.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Expires: Sat, 04 Nov 2017 21:55:06 GMT
Strict-Transport-Security: max-age=15552000; preload
Cache-Control: public,max-age=31536000,immutable
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data:;style-src data: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* hXXps://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com;
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Vary: Accept-Encoding
Content-Encoding: gzip
X-FB-Debug: NOFfziK/Z 3Hc6pFjPrQIcxs05h62zzPT CBRjMm 7EsvDNwhAgxHQGuEsp/8YUEar3M/3Z7A0Ta7cFDLNxzmQ==
Date: Sun, 06 Nov 2016 12:08:46 GMT
Connection: keep-alive
Content-Length: 11595
...........}i{.H.....X.-..u.....5.*WO.[.VU......@"....l.......$H..g.y.yz,.32"2....'.?....... _F.C....|..yD....:I..^.I...N.$...4..,.gZ@..M...z..}.....37.W.....%....;....Q.n....i..8..t9.c7Z{4.V..A..'.iJ6m?M.f.h.....$6...V...u..y.&.ZLo.....L.$5.......f....T[.....z.9.!...$.1 .qob.......<.3..| ......O|..f.$.m...H.=R...aNS.'i_.._..^y.fr..2...r:.'....Zsk.X...\6.. r<...'l..........aD..ciG.....i..bjn...}C.5..g..v..."...Vh...pb..-.7x..#......)..i....8SlSQ............v......86...X.^...0F.(....6........F.o.^..8'.Wi.'.u;O..)l.>91a......d..L....t.........v.....D.Ys`).cr.....C]......N...(.i0....Cs..'*....J...$..r...C5..].O.;.!.."..~~...>7...h>...Y.e...G.g..lb.,j...3I.S.aI.....;Pc;.0....T.....'..q%.....L...68..H.k.t2P..:.@t.PY........xUbS.S....H...ci`....{...%.3hkfu.>..c....."..v.. #..q..=..0..0.......s.......Vk. ...>.L.T...........r.j..a..p...../.b.z.HLj.......kw.@..j...l.O.#.N.x4Mj..........b.(...G.d0r...........Jf.....oy......<C.........80....:..Z3..3..=c..v4........mqV).....$.$n..(Q^[.........F.f..d...Q...Us.tm..p.A[.[......@....W.,@DK.E.uhq...R..J..Kc4.lw..R.K..f. .6..\.q.l.'..f......".'.7$'.)...W.%K..8,.....Kc..,...BTS........9.........>.S~..1.....8..d.f.1.3.iA.U...0"Y.t.G...w..D-2...3..4....V.*..|.m6I...pjH....Ic.......n..W...E5....\.,...:.....E....]........@..vpnwGA.vZ.`!..X3.NO......I...A.H..'......gi^\.V....i............S.\d...k9C.CsVQ.l......V @.....}..?..x.9j..E.%..... .g....q..g65...*....M\t=.D.3....Y...F...m...n H..$.....Zf.(.>.. ?B.V..4E|.........G.n..(..^:4....v.!.Vy.C....%c.\o6e.
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCB2zJf1Xylv2 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2016 10:35:29 GMT
Expires: Tue, 08 Nov 2016 10:35:29 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 178394
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..20161104010148Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....%.W.[.....20161104010148Z....20161111010148Z0...*.H.............P............-9..K.......}...Ad{N..K...ddlbi..C8.._:..K......O29..:..........r.....w[.."m...y"-.B..'..Z#..1.o.^*JzAz.)..V...?...79&Z...0....l<...$..o.f.-....(...P.I..U..|.....!2^ .f..m..8K.2dHQ...?.y......a...JK.b..!...XA.$0..X...M._..t....h...E.?.<.Op....HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Fri, 04 Nov 2016 10:35:29 GMT..Expires: Tue, 08 Nov 2016 10:35:29 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Age: 178394..Cache-Control: public, max-age=345600..0..........0..... .....0......0...0......J......h.v....b..Z./..20161104010148Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....%.W.[.....20161104010148Z....20161111010148Z0...*.H.............P............-9..K.......}...Ad{N..K...ddlbi..C8.._:..K......O29..:..........r.....w[.."m...y"-.B..'..Z#..1.o.^*JzAz.)..V...?...79&Z...0....l<...$..o.f.-....(...P.I..U..|.....!2^ .f..m..8K.2dHQ...?.y......a...JK.b..!...XA.$0..X...M._..t....h...E.?.<.Op......
GET /installer/progress?section=4.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:21 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=bs0m4ij9jv9hskjmh7m4irlt76; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341012219988; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434101; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w14|WB8dO|WB8dO; path=/
Map
The Adware connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_2472:
.text
.text
`.rdata
`.rdata
@.data
@.data
@.ndata
@.ndata
.rsrc
.rsrc
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
COMCTL32.dll
COMCTL32.dll
VERSION.dll
VERSION.dll
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
GetAsyncKeyState
GetAsyncKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyA
RegEnumKeyA
RegOpenKeyExA
RegOpenKeyExA
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHFileOperationA
SHFileOperationA
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
Jump: %d
Jump: %d
Aborting: "%s"
Aborting: "%s"
Call: %d
Call: %d
detailprint: %s
detailprint: %s
Sleep(%d)
Sleep(%d)
SetFileAttributes: "%s":X
SetFileAttributes: "%s":X
CreateDirectory: "%s" (%d)
CreateDirectory: "%s" (%d)
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: "%s" created
CreateDirectory: "%s" created
IfFileExists: file "%s" exists, jumping %d
IfFileExists: file "%s" exists, jumping %d
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" does not exist, jumping %d
Rename: %s
Rename: %s
Rename on reboot: %s
Rename on reboot: %s
Rename failed: %s
Rename failed: %s
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
File: skipped: "%s" (overwriteflag=%d)
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: error creating "%s"
File: wrote %d to "%s"
File: wrote %d to "%s"
Delete: "%s"
Delete: "%s"
MessageBox: %d,"%s"
MessageBox: %d,"%s"
RMDir: "%s"
RMDir: "%s"
Exch: stack
Exch: stack
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: success ("%s": file:"%s" params:"%s")
Exec: command="%s"
Exec: command="%s"
Exec: success ("%s")
Exec: success ("%s")
Exec: failed createprocess ("%s")
Exec: failed createprocess ("%s")
Error registering DLL: %s not found in %s
Error registering DLL: %s not found in %s
Error registering DLL: Could not load %s
Error registering DLL: Could not load %s
WriteINIStr: wrote [%s] %s=%s in %s
WriteINIStr: wrote [%s] %s=%s in %s
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
CopyFiles "%s"->"%s"
CopyFiles "%s"->"%s"
DeleteRegValue: "%s\%s" "%s"
DeleteRegValue: "%s\%s" "%s"
DeleteRegKey: "%s\%s"
DeleteRegKey: "%s\%s"
WriteRegStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteReg: error writing into "%s\%s" "%s"
WriteReg: error writing into "%s\%s" "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error creating key "%s\%s"
created uninstaller: %d, "%s"
created uninstaller: %d, "%s"
settings logging to %d
settings logging to %d
logging set to %d
logging set to %d
verifying installer: %d%%
verifying installer: %d%%
Section: "%s"
Section: "%s"
Skipping section: "%s"
Skipping section: "%s"
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
... %d%%
... %d%%
~nsu.tmp
~nsu.tmp
%u.%u%s%s
%u.%u%s%s
install.log
install.log
New install of "%s" to "%s"
New install of "%s" to "%s"
Delete: DeleteFile("%s")
Delete: DeleteFile("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile failed("%s")
RMDir: RemoveDirectory invalid input("%s")
RMDir: RemoveDirectory invalid input("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory failed("%s")
%s=%s
%s=%s
*?|/":
*?|/":
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
invalid registry key
invalid registry key
x%c
x%c
RegDeleteKeyExA
RegDeleteKeyExA
sers\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll
sers\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll
02&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
02&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll
firstrun=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
firstrun=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp
AC76BA86-7AD7-1033-7B44-A93000000001}
AC76BA86-7AD7-1033-7B44-A93000000001}
run=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
run=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
q*R.bl_
q*R.bl_
e.XM.
e.XM.
$X.Zp
$X.Zp
X:\7|E
X:\7|E
.dJb& &:pa
.dJb& &:pa
.Aakr
.Aakr
%5X*/
%5X*/
MJ.Qm
MJ.Qm
;#;(;-;2;;;
;#;(;-;2;;;
: :%:3:<:>
: :%:3:<:>
: :$:(:,:0:4:8:<:>
: :$:(:,:0:4:8:<:>
5"64686
5"64686
= =$=(=,=0=4=8=
= =$=(=,=0=4=8=
= =$=(=,=0=4=8=
= =$=(=,=0=4=8=
3"3,363@3
3"3,363@3
= =(=0=8=
= =(=0=8=
1 1$1(1,10141
1 1$1(1,10141
:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll
:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll
p?firstrun=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
p?firstrun=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiFCFE.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiFCFE.tmp
nsiFCFE.tmp
nsiFCFE.tmp
File: skipped: "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll" (overwriteflag=1)
File: skipped: "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll" (overwriteflag=1)
D.tmp\inetc.dll"
D.tmp\inetc.dll"
902d1298b7313b2bf0050dd40.ico,0, sw=0, hk=0
902d1298b7313b2bf0050dd40.ico,0, sw=0, hk=0
\AppData\Local\Temp\nsn66FD.tmp\inetc.dll
\AppData\Local\Temp\nsn66FD.tmp\inetc.dll
Windows\815346a4778321839cef8ab48bf110e2.exe
Windows\815346a4778321839cef8ab48bf110e2.exe
Adobe Reader 9.3.4
Adobe Reader 9.3.4
.NET Framework 4 Client Profile (KB2656405)
.NET Framework 4 Client Profile (KB2656405)
gram Files\Internet Explorer\iexplore.exe
gram Files\Internet Explorer\iexplore.exe
:\Program Files\Internet Explorer\iexplore.exe
:\Program Files\Internet Explorer\iexplore.exe
c:\%original file name%.exe
c:\%original file name%.exe
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb
%original file name%.exe
%original file name%.exe
ers\"%CurrentUserName%"\AppData\Local\Temp\nsd5EB3.tmp
ers\"%CurrentUserName%"\AppData\Local\Temp\nsd5EB3.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
269092128
269092128
1478434084
1478434084
%Program Files%\Internet Explorer\iexplore.exe
%Program Files%\Internet Explorer\iexplore.exe
%Program Files%\be105bbb97d93cef6c0d6cf170a32291
%Program Files%\be105bbb97d93cef6c0d6cf170a32291
88dcd395-b062-45b3-a6cd-79f37c0eba08
88dcd395-b062-45b3-a6cd-79f37c0eba08
hXXp://VVV.technologieyvonlheureux.com/web/log
hXXp://VVV.technologieyvonlheureux.com/web/log
hXXp://VVV.technologieyvonlheureux.com/web/log?evt=10002&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hXXp://VVV.technologieyvonlheureux.com/web/log?evt=10002&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
IE.HTTP
IE.HTTP
"%Program Files%\Internet Explorer\iexplore.exe" -nohome
"%Program Files%\Internet Explorer\iexplore.exe" -nohome
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss92DE.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss92DE.tmp
0728832
0728832
twitter.ico
twitter.ico
03967CDD-F8BD-4AC9-8369-0D2BD8F246F5}
03967CDD-F8BD-4AC9-8369-0D2BD8F246F5}
6.1.7600.16385 (win7_rtm.090713-1255)
6.1.7600.16385 (win7_rtm.090713-1255)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs
815346a4778321839cef8ab48bf110e2.exe
815346a4778321839cef8ab48bf110e2.exe
dd4e70c902d1298b7313b2bf0050dd40.ico
dd4e70c902d1298b7313b2bf0050dd40.ico
bc5601ccb5de9f6cb8cd31285eef3bbe.ico
bc5601ccb5de9f6cb8cd31285eef3bbe.ico
ffdefbf88c95cae97a1671206e9fe39e.ico
ffdefbf88c95cae97a1671206e9fe39e.ico
-2046754816
-2046754816
-2147410511
-2147410511
61fda4ee77910796d32333421184d8b6.exe
61fda4ee77910796d32333421184d8b6.exe
3514ea1003608a0c7fb4630ce20fd94c.exe
3514ea1003608a0c7fb4630ce20fd94c.exe
ce1c22c865645f1f8a89a398e374a17f.exe
ce1c22c865645f1f8a89a398e374a17f.exe
fe31ca0af645687ee3c5b1da57895877.exe
fe31ca0af645687ee3c5b1da57895877.exe
c850ebe35760d7b12fc1318953221f59.exe
c850ebe35760d7b12fc1318953221f59.exe
525bac57de7cb6660b9a54b1a6b27dc9.exe
525bac57de7cb6660b9a54b1a6b27dc9.exe
C:\Windows\815346a4778321839cef8ab48bf110e2.exe
C:\Windows\815346a4778321839cef8ab48bf110e2.exe
hXXp://VVV.technologieyvonlheureux.com/index.php?firstrun=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hXXp://VVV.technologieyvonlheureux.com/index.php?firstrun=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
)-.Yln
)-.Yln
Nullsoft Install System v19-Mar-2012.cvs
Nullsoft Install System v19-Mar-2012.cvs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Uninstall Social2Search\uninstall.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Uninstall Social2Search\uninstall.lnk
lorer\iexplore.exe" -nohome
lorer\iexplore.exe" -nohome
er 9.3.4
er 9.3.4
%original file name%.exe_2472_rwx_10004000_00001000:
callback%d
callback%d
61fda4ee77910796d32333421184d8b6.exe_656:
.text
.text
`.rdata
`.rdata
.xdata
.xdata
@.rsrc
@.rsrc
@.reloc
@.reloc
zcÃ
zcÃ
.?AV?$_Ref_count_del@PAUHKEY__@@V@@@std@@
.?AV?$_Ref_count_del@PAUHKEY__@@V@@@std@@
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
Operation not permitted
Operation not permitted
Inappropriate I/O control operation
Inappropriate I/O control operation
Broken pipe
Broken pipe
operator
operator
GetProcessWindowStation
GetProcessWindowStation
4#
4#
$!=820%4
$!=820%4
FVAEPYKD.pdb
FVAEPYKD.pdb
NtDelayExecution
NtDelayExecution
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
CreateNamedPipeW
CreateNamedPipeW
GetWindowsDirectoryW
GetWindowsDirectoryW
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
RegOpenKeyW
RegOpenKeyW
RegCreateKeyW
RegCreateKeyW
ole32.dll
ole32.dll
405;6{6(8
405;6{6(8
1a2%4s4
1a2%4s4
: :$:(:,:0:4:8:
: :$:(:,:0:4:8:
;";=;`;{;
;";=;`;{;
4989
4989
1 1(10181@1
1 1(10181@1
ADVAPI32.DLL
ADVAPI32.DLL
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
ntdll.dll
ntdll.dll
kernel32.dll
kernel32.dll
mscoree.dll
mscoree.dll
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe
wajam.dll
wajam.dll
\\.\pipe\
\\.\pipe\
\BaseNamedObjects\_MMapEvent_0x%x_0x%x
\BaseNamedObjects\_MMapEvent_0x%x_0x%x
9.75.1.48
9.75.1.48
61fda4ee77910796d32333421184d8b6.exe_656_rwx_010EA000_00002000:
zcÃ
zcÃ
.?AV?$_Ref_count_del@PAUHKEY__@@V@@@std@@
.?AV?$_Ref_count_del@PAUHKEY__@@V@@@std@@
61fda4ee77910796d32333421184d8b6.exe_656_rwx_01103000_00005000:
4#
4#
$!=820%4
$!=820%4
FVAEPYKD.pdb
FVAEPYKD.pdb
NtDelayExecution
NtDelayExecution
.text
.text
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
CreateNamedPipeW
CreateNamedPipeW
GetWindowsDirectoryW
GetWindowsDirectoryW
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe
wajam.dll
wajam.dll
ntdll.dll
ntdll.dll
kernel32.dll
kernel32.dll
\\.\pipe\
\\.\pipe\
\BaseNamedObjects\_MMapEvent_0x%x_0x%x
\BaseNamedObjects\_MMapEvent_0x%x_0x%x
61fda4ee77910796d32333421184d8b6.exe_2552:
.text
.text
`.rdata
`.rdata
.xdata
.xdata
@.rsrc
@.rsrc
@.reloc
@.reloc
zcÃ
zcÃ
.?AV?$_Ref_count_del@PAUHKEY__@@V@@@std@@
.?AV?$_Ref_count_del@PAUHKEY__@@V@@@std@@
function not supported
function not supported
operation canceled
operation canceled
address_family_not_supported
address_family_not_supported
operation_in_progress
operation_in_progress
operation_not_supported
operation_not_supported
protocol_not_supported
protocol_not_supported
operation_would_block
operation_would_block
address family not supported
address family not supported
broken pipe
broken pipe
inappropriate io control operation
inappropriate io control operation
not supported
not supported
operation in progress
operation in progress
operation not permitted
operation not permitted
operation not supported
operation not supported
operation would block
operation would block
protocol not supported
protocol not supported
Operation not permitted
Operation not permitted
Inappropriate I/O control operation
Inappropriate I/O control operation
Broken pipe
Broken pipe
operator
operator
GetProcessWindowStation
GetProcessWindowStation
4#
4#
$!=820%4
$!=820%4
FVAEPYKD.pdb
FVAEPYKD.pdb
NtDelayExecution
NtDelayExecution
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
CreateNamedPipeW
CreateNamedPipeW
GetWindowsDirectoryW
GetWindowsDirectoryW
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
RegOpenKeyW
RegOpenKeyW
RegCreateKeyW
RegCreateKeyW
ole32.dll
ole32.dll
405;6{6(8
405;6{6(8
1a2%4s4
1a2%4s4
: :$:(:,:0:4:8:
: :$:(:,:0:4:8:
;";=;`;{;
;";=;`;{;
4989
4989
1 1(10181@1
1 1(10181@1
ADVAPI32.DLL
ADVAPI32.DLL
- floating point support not loaded
- floating point support not loaded
- CRT not initialized
- CRT not initialized
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
USER32.DLL
USER32.DLL
ntdll.dll
ntdll.dll
kernel32.dll
kernel32.dll
mscoree.dll
mscoree.dll
c:\program files\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe
c:\program files\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe
wajam.dll
wajam.dll
\\.\pipe\
\\.\pipe\
\BaseNamedObjects\_MMapEvent_0x%x_0x%x
\BaseNamedObjects\_MMapEvent_0x%x_0x%x
9.75.1.48
9.75.1.48
61fda4ee77910796d32333421184d8b6.exe_2552_rwx_010EA000_00002000:
zcÃ
zcÃ
.?AV?$_Ref_count_del@PAUHKEY__@@V@@@std@@
.?AV?$_Ref_count_del@PAUHKEY__@@V@@@std@@
61fda4ee77910796d32333421184d8b6.exe_2552_rwx_01103000_00005000:
4#
4#
$!=820%4
$!=820%4
FVAEPYKD.pdb
FVAEPYKD.pdb
NtDelayExecution
NtDelayExecution
.text
.text
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
ADVAPI32.dll
ADVAPI32.dll
SHDeleteKeyW
SHDeleteKeyW
SHLWAPI.dll
SHLWAPI.dll
CreateNamedPipeW
CreateNamedPipeW
GetWindowsDirectoryW
GetWindowsDirectoryW
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
c:\program files\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe
c:\program files\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe
wajam.dll
wajam.dll
ntdll.dll
ntdll.dll
kernel32.dll
kernel32.dll
\\.\pipe\
\\.\pipe\
\BaseNamedObjects\_MMapEvent_0x%x_0x%x
\BaseNamedObjects\_MMapEvent_0x%x_0x%x
61fda4ee77910796d32333421184d8b6.exe_2552_rwx_6C1A1000_00001000:
VERSION.dll
VERSION.dll
iexplore.exe_1304:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
v9.uj
v9.uj
>.uzf
>.uzf
.us;}
.us;}
IEFRAME.dll
IEFRAME.dll
MLANG.dll
MLANG.dll
iertutil.dll
iertutil.dll
urlmon.dll
urlmon.dll
ole32.dll
ole32.dll
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
KERNEL32.dll
KERNEL32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
GetWindowsDirectoryW
GetWindowsDirectoryW
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
UrlApplySchemeW
UrlApplySchemeW
PathIsURLW
PathIsURLW
UrlCanonicalizeW
UrlCanonicalizeW
UrlCreateFromPathW
UrlCreateFromPathW
iexplore.pdb
iexplore.pdb
KEYW
KEYW
KEYWh
KEYWh
KEYWD
KEYWD
.ENNNG.
.ENNNG.
a.ry.v
a.ry.v
l.igM4
l.igM4
?1%SGf
?1%SGf
xh.JW^
xh.JW^
.97777"7" " " !
.97777"7" " " !
3.... ))
3.... ))
8888888888888
8888888888888
8888888888
8888888888
.lPV)
.lPV)
úW1
úW1
.ApX/
.ApX/
H.ZAf
H.ZAf
ð[U
ð[U
%s!FK
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
888777777
Y.hilkRROMLK=C,
Y.hilkRROMLK=C,
..(((($$
..(((($$
3...((((%
3...((((%
3....(.''$
3....(.''$
3.2...((((%
3.2...((((%
33.2....(,'
33.2....(,'
55323222...
55323222...
(%&'00443445?
(%&'00443445?
00.,,,4(
00.,,,4(
000.,,9(
000.,,9(
0020..9(
0020..9(
003200;(
003200;(
(#'( (''''!'!
(#'( (''''!'!
Microsoft.InternetExplorer.Default
Microsoft.InternetExplorer.Default
user32.dll
user32.dll
Kernel32.DLL
Kernel32.DLL
xfire.exe
xfire.exe
wlmail.exe
wlmail.exe
winamp.exe
winamp.exe
waol.exe
waol.exe
sidebar.exe
sidebar.exe
psocdesigner.exe
psocdesigner.exe
np.exe
np.exe
netscape.exe
netscape.exe
netcaptor.exe
netcaptor.exe
neoplanet.exe
neoplanet.exe
msn.exe
msn.exe
mshtmpad.exe
mshtmpad.exe
mshta.exe
mshta.exe
loader42.exe
loader42.exe
infopath.exe
infopath.exe
iexplore.exe
iexplore.exe
iepreview.exe
iepreview.exe
groove.exe
groove.exe
explorer.exe
explorer.exe
dreamweaver.exe
dreamweaver.exe
contribute.exe
contribute.exe
aol.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
"%s" %s
Kernel32.dll
Kernel32.dll
\AppPatch\sysmain.sdb
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
kernel32.dll
{00000000-0000-0000-0000-000000000000}
{00000000-0000-0000-0000-000000000000}
\\?\Volume
\\?\Volume
shell:%s
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Frame_URLEntered
Imaging_CreateWebPagePreview
Imaging_CreateWebPagePreview
WS_ExecuteQuery
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
IEXPLORE.EXE
Windows
Windows
9.00.8112.16421
9.00.8112.16421
iexplore.exe_1412:
.text
.text
`.data
`.data
.rsrc
.rsrc
@.reloc
@.reloc
v9.uj
v9.uj
>.uzf
>.uzf
.us;}
.us;}
IEFRAME.dll
IEFRAME.dll
MLANG.dll
MLANG.dll
iertutil.dll
iertutil.dll
urlmon.dll
urlmon.dll
ole32.dll
ole32.dll
SHELL32.dll
SHELL32.dll
SHLWAPI.dll
SHLWAPI.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
KERNEL32.dll
KERNEL32.dll
ADVAPI32.dll
ADVAPI32.dll
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
GetWindowsDirectoryW
GetWindowsDirectoryW
_amsg_exit
_amsg_exit
_wcmdln
_wcmdln
UrlApplySchemeW
UrlApplySchemeW
PathIsURLW
PathIsURLW
UrlCanonicalizeW
UrlCanonicalizeW
UrlCreateFromPathW
UrlCreateFromPathW
iexplore.pdb
iexplore.pdb
KEYW
KEYW
KEYWh
KEYWh
KEYWD
KEYWD
.ENNNG.
.ENNNG.
a.ry.v
a.ry.v
l.igM4
l.igM4
?1%SGf
?1%SGf
xh.JW^
xh.JW^
.97777"7" " " !
.97777"7" " " !
3.... ))
3.... ))
8888888888888
8888888888888
8888888888
8888888888
.lPV)
.lPV)
úW1
úW1
.ApX/
.ApX/
H.ZAf
H.ZAf
ð[U
ð[U
%s!FK
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
888777777
Y.hilkRROMLK=C,
Y.hilkRROMLK=C,
..(((($$
..(((($$
3...((((%
3...((((%
3....(.''$
3....(.''$
3.2...((((%
3.2...((((%
33.2....(,'
33.2....(,'
55323222...
55323222...
(%&'00443445?
(%&'00443445?
00.,,,4(
00.,,,4(
000.,,9(
000.,,9(
0020..9(
0020..9(
003200;(
003200;(
(#'( (''''!'!
(#'( (''''!'!
Microsoft.InternetExplorer.Default
Microsoft.InternetExplorer.Default
user32.dll
user32.dll
Kernel32.DLL
Kernel32.DLL
xfire.exe
xfire.exe
wlmail.exe
wlmail.exe
winamp.exe
winamp.exe
waol.exe
waol.exe
sidebar.exe
sidebar.exe
psocdesigner.exe
psocdesigner.exe
np.exe
np.exe
netscape.exe
netscape.exe
netcaptor.exe
netcaptor.exe
neoplanet.exe
neoplanet.exe
msn.exe
msn.exe
mshtmpad.exe
mshtmpad.exe
mshta.exe
mshta.exe
loader42.exe
loader42.exe
infopath.exe
infopath.exe
iexplore.exe
iexplore.exe
iepreview.exe
iepreview.exe
groove.exe
groove.exe
explorer.exe
explorer.exe
dreamweaver.exe
dreamweaver.exe
contribute.exe
contribute.exe
aol.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
"%s" %s
Kernel32.dll
Kernel32.dll
\AppPatch\sysmain.sdb
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
kernel32.dll
{00000000-0000-0000-0000-000000000000}
{00000000-0000-0000-0000-000000000000}
\\?\Volume
\\?\Volume
shell:%s
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Frame_URLEntered
Imaging_CreateWebPagePreview
Imaging_CreateWebPagePreview
WS_ExecuteQuery
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
IEXPLORE.EXE
Windows
Windows
9.00.8112.16421
9.00.8112.16421