Trojan.Win32.IEDummy.FD, GenericAutorunWorm.YR (Lavasoft MAS)Behaviour: Trojan, Worm, WormAutorun
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 3231f14f7228912a6c119d6385047431
SHA1: ec239d5a92a2813a372d56e55fc5e0c462ad502e
SHA256: 1d01e3a1a30c4506122755df7bbd640289f6fcc90b607932341213a7f28c0b0e
SSDeep: 1536:PKkwsgFmQz3I2Cx0VCYG8L2wSrfJKz6t6cOrCtF8RfjSh3skpO5s2z:ydFLzbCGVF7SrUz/cOrCtF8Rfj68f5jz
Size: 77824 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6, MicrosoftVisualBasicv50v60
Company: no certificate found
Created at: 2007-11-27 18:48:13
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer. |
Process activity
The Trojan creates the following process(es):
%original file name%.exe:928
The Trojan injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
No files have been created.
Registry activity
The process %original file name%.exe:928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 E4 46 2B A5 FB 18 4A 78 66 44 74 1C C8 B0 46"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableRegistryTools" = "0"
The Trojan adds the reference to itself to be executed when a user logs on:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = "Explorer.exe"
The Trojan deletes the following value(s) in system registry:
The Trojan disables automatic startup of the application by deleting the following autorun value:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo Messengger"
"Yahoo Messenger"
Dropped PE files
There are no dropped PE files.
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:928
- Delete the original Trojan file.
- Remove the references to the Trojan by modifying the following registry value(s) (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = "Explorer.exe" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: iSergiwa Software - www.sergiwa.com
Product Name: SRT - iSergiwa Software
Product Version: 2.00
Legal Copyright: All rights reserved
Legal Trademarks: Free for personal use ONLY!
Original Filename: SRT.exe
Internal Name: SRT
File Version: 2.00
File Description: A free tool to remove Sohanad virus and friends!
Comments: A free tool to remove Sohanad virus and friends!
Language: Language Neutral
Company Name: iSergiwa Software - www.sergiwa.comProduct Name: SRT - iSergiwa SoftwareProduct Version: 2.00Legal Copyright: All rights reservedLegal Trademarks: Free for personal use ONLY!Original Filename: SRT.exeInternal Name: SRTFile Version: 2.00File Description: A free tool to remove Sohanad virus and friends!Comments: A free tool to remove Sohanad virus and friends!Language: Language Neutral
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 63464 | 65536 | 4.60914 | dbdb619d298278ef4ea91ad9d82ccc62 |
.data | 69632 | 3096 | 4096 | 0 | 620f0b67a91f7f74151bc5be745b7110 |
.rsrc | 73728 | 2392 | 4096 | 1.62887 | 49c874cbaebac12c5370c6f199b6d5e6 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://sergiwa.com/modules/mydownloads/singlefile.php?cid=2&lid=6 | |
hxxp://sedoparking.com/ | |
hxxp://vip1.g5.cachefly.net/js/jquery-1.4.2.min.js | |
hxxp://sedoparking.com/images/js_preloader.gif | |
hxxp://sedoparking.com/search/tsc.php?&ses=1463718019f040e932a28694b67f42c5aa3fc6dac5&200=MjMxMDQyOTg1&21=MTk0LjI0Mi45Ni4yMTg=&681=MTQ2MzcxODAxOWYwNDBlOTMyYTI4Njk0YjY3ZjQyYzVhYTNmYzZkYWM1&682=&616=&crc=48ca082ccc3156ee64036354d684be64ce306b9d&cv=1 | |
hxxp://sedoparking.com/search/redirect.php?f=http://zd1.november-lax.com/zcvisitor/293d5924-1e42-11e6-b462-12ce168cfdfd&v=YTlkZDlmYWIxODZmMjM2NDU3NDVhMTM4YTljMDQxOTcJMQl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMDI2NS45ODY0MDkxMAl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMGU0My41ODY5OTMwNgkxNDYzNzE4MDE5CWFkXzMxXzA=&l=NQlBRFMJZDBhZWU2MmM5OGM2NjcwOWYyMzc5Njc1ZGY0MTM5MDYJMC4wMDAxCTAJMTMJCTMxCTEJMQkwCWFjYjcyMDg0ZTIwOTliMGI5OWUxMTM5MzU0NDlmMTZjCQkyMzEwNDI5ODUJYwk3NTE4MjY4MQkJc2VyZ2l3YQkxMTAxCTMxCTMxCTM1CTE0NjM3MTgwMTkJMC4wMDAxNwlOCTAJMAkwCQkwLjAwMDEJCQkJCQl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMDI2NS45ODY0MDkxMAkwLjAwMDE3CTAJCTEJMAkxMzc0CTkyMDY2ODI5CQkxOTQuMjQyLjk2LjIxOA== | |
hxxp://sedoparking.com/search/tcerider.php?f=http://zd1.november-lax.com/zcvisitor/293d5924-1e42-11e6-b462-12ce168cfdfd&v=YTlkZDlmYWIxODZmMjM2NDU3NDVhMTM4YTljMDQxOTcJMQl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMDI2NS45ODY0MDkxMAl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMGU0My41ODY5OTMwNgkxNDYzNzE4MDE5CWFkXzMxXzA=&l=NQlBRFMJZDBhZWU2MmM5OGM2NjcwOWYyMzc5Njc1ZGY0MTM5MDYJMC4wMDAxCTAJMTMJCTMxCTEJMQkwCWFjYjcyMDg0ZTIwOTliMGI5OWUxMTM5MzU0NDlmMTZjCQkyMzEwNDI5ODUJYwk3NTE4MjY4MQkJc2VyZ2l3YQkxMTAxCTMxCTMxCTM1CTE0NjM3MTgwMTkJMC4wMDAxNwlOCTAJMAkwCQkwLjAwMDEJCQkJCQl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMDI2NS45ODY0MDkxMAkwLjAwMDE3CTAJCTEJMAkxMzc0CTkyMDY2ODI5CQkxOTQuMjQyLjk2LjIxOA== | |
hxxp://zd1.november-lax.com/zcvisitor/293d5924-1e42-11e6-b462-12ce168cfdfd | 54.88.117.14 |
hxxp://zd1.november-lax.com/zcredirect?visitid=293d5924-1e42-11e6-b462-12ce168cfdfd&type=js&browserWidth=0&browserHeight=0&iframeDetected=false | 54.88.117.14 |
hxxp://i4mqv.trackvoluum.com/zp-redirect?target=http://lzy9000.blueprint1.cpa.clicksure.com/?lp=4&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&caid=99737be6-2ea4-4523-be9f-85692b529ef9&zpid=293d5924-1e42-11e6-b462-12ce168cfdfd&cid=wPOJS4587E672CUS0RUM8J70&rt=R | |
hxxp://lzy9000.blueprint1.cpa.clicksure.com/?lp=4&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70 | 78.137.119.123 |
hxxp://www.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133 | 37.220.94.196 |
hxxp://www.millionaires-blueprint.co/promo-offer/css/styles.css | 37.220.94.196 |
hxxp://www.millionaires-blueprint.co/promo-offer/css/video-js.css | 37.220.94.196 |
hxxp://www.millionaires-blueprint.co/includes/bootstrap.min.css | 37.220.94.196 |
hxxp://www.millionaires-blueprint.co/promo-offer/css/members.css | 37.220.94.196 |
hxxp://www.millionaires-blueprint.co/promo-offer/css/font/vjs.eot? | 37.220.94.196 |
hxxp://www.millionaires-blueprint.co/fonts/glyphicons-halflings-regular.eot? | 37.220.94.196 |
hxxp://www.millionaires-blueprint.co/promo-offer/images/speaker.jpg | 37.220.94.196 |
hxxp://www-google-analytics.l.google.com/analytics.js | |
hxxp://www.millionaires-blueprint.co/promo-offer/js/jquery-1.9.1.min.js | 37.220.94.196 |
hxxp://splitter.binarypromos.com/api/v1/funnel.min.js?v=1.1&product=millionairesblueprint | 104.20.79.100 |
hxxp://www.millionaires-blueprint.co/promo-offer/js/video.js | 37.220.94.196 |
hxxp://www.millionaires-blueprint.co/includes/exit.js | 37.220.94.196 |
hxxp://c.global-ssl.fastly.net/nr-918.min.js | |
hxxp://bam.nr-data.net/1/4915dfb183?a=8404545&v=918.2e0ff1d&to=YgFaNUJTC0BYBkFdXFtLbRNZHRVBVghaGVxTAl0TH1sLV1wdG0RbRQ==&rst=2407&ap=53&fe=2219&dc=2219&f=["err","ins"]&at=TkZZQwpJGE4=&jsonp=NREUM.setToken | 50.31.164.173 |
hxxp://ww1.sergiwa.com/search/redirect.php?f=http://zd1.november-lax.com/zcvisitor/293d5924-1e42-11e6-b462-12ce168cfdfd&v=YTlkZDlmYWIxODZmMjM2NDU3NDVhMTM4YTljMDQxOTcJMQl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMDI2NS45ODY0MDkxMAl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMGU0My41ODY5OTMwNgkxNDYzNzE4MDE5CWFkXzMxXzA=&l=NQlBRFMJZDBhZWU2MmM5OGM2NjcwOWYyMzc5Njc1ZGY0MTM5MDYJMC4wMDAxCTAJMTMJCTMxCTEJMQkwCWFjYjcyMDg0ZTIwOTliMGI5OWUxMTM5MzU0NDlmMTZjCQkyMzEwNDI5ODUJYwk3NTE4MjY4MQkJc2VyZ2l3YQkxMTAxCTMxCTMxCTM1CTE0NjM3MTgwMTkJMC4wMDAxNwlOCTAJMAkwCQkwLjAwMDEJCQkJCQl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMDI2NS45ODY0MDkxMAkwLjAwMDE3CTAJCTEJMAkxMzc0CTkyMDY2ODI5CQkxOTQuMjQyLjk2LjIxOA== | 72.52.4.90 |
hxxp://zd1.zeroredirect11.com/zcredirect?visitid=293d5924-1e42-11e6-b462-12ce168cfdfd&type=js&browserWidth=0&browserHeight=0&iframeDetected=false | 54.88.117.14 |
hxxp://js-agent.newrelic.com/nr-918.min.js | 185.31.17.175 |
hxxp://en.sergiwa.com/modules/mydownloads/singlefile.php?cid=2&lid=6 | |
hxxp://track.trackbyme.info/zp-redirect?target=http://lzy9000.blueprint1.cpa.clicksure.com/?lp=4&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&caid=99737be6-2ea4-4523-be9f-85692b529ef9&zpid=293d5924-1e42-11e6-b462-12ce168cfdfd&cid=wPOJS4587E672CUS0RUM8J70&rt=R | 52.28.41.125 |
hxxp://img.sedoparking.com/js/jquery-1.4.2.min.js | 205.234.175.175 |
hxxp://ww1.sergiwa.com/ | 72.52.4.90 |
hxxp://ww1.sergiwa.com/search/tsc.php?&ses=1463718019f040e932a28694b67f42c5aa3fc6dac5&200=MjMxMDQyOTg1&21=MTk0LjI0Mi45Ni4yMTg=&681=MTQ2MzcxODAxOWYwNDBlOTMyYTI4Njk0YjY3ZjQyYzVhYTNmYzZkYWM1&682=&616=&crc=48ca082ccc3156ee64036354d684be64ce306b9d&cv=1 | 72.52.4.90 |
hxxp://www.google-analytics.com/analytics.js | 173.194.113.198 |
hxxp://ww1.sergiwa.com/search/tcerider.php?f=http://zd1.november-lax.com/zcvisitor/293d5924-1e42-11e6-b462-12ce168cfdfd&v=YTlkZDlmYWIxODZmMjM2NDU3NDVhMTM4YTljMDQxOTcJMQl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMDI2NS45ODY0MDkxMAl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMGU0My41ODY5OTMwNgkxNDYzNzE4MDE5CWFkXzMxXzA=&l=NQlBRFMJZDBhZWU2MmM5OGM2NjcwOWYyMzc5Njc1ZGY0MTM5MDYJMC4wMDAxCTAJMTMJCTMxCTEJMQkwCWFjYjcyMDg0ZTIwOTliMGI5OWUxMTM5MzU0NDlmMTZjCQkyMzEwNDI5ODUJYwk3NTE4MjY4MQkJc2VyZ2l3YQkxMTAxCTMxCTMxCTM1CTE0NjM3MTgwMTkJMC4wMDAxNwlOCTAJMAkwCQkwLjAwMDEJCQkJCQl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMDI2NS45ODY0MDkxMAkwLjAwMDE3CTAJCTEJMAkxMzc0CTkyMDY2ODI5CQkxOTQuMjQyLjk2LjIxOA== | 72.52.4.90 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /zcredirect?visitid=293d5924-1e42-11e6-b462-12ce168cfdfd&type=js&browserWidth=0&browserHeight=0&iframeDetected=false HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: zd1.zeroredirect11.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
redirected: JS
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 20 May 2016 04:20:19 GMT
Server: ZeroPark-Traffic
36a..<!DOCTYPE html>.<html>..<head>...<META http-equiv="refresh" content="1;URL='hXXp://track.trackbyme.info/zp-redirect?target=http://lzy9000.blueprint1.cpa.clicksure.com/?lp=4&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&caid=99737be6-2ea4-4523-be9f-85692b529ef9&zpid=293d5924-1e42-11e6-b462-12ce168cfdfd&cid=wPOJS4587E672CUS0RUM8J70&rt=R'">..</head>..<body>...<script type="text/javascript">....window.location="hXXp://track.trackbyme.info/zp-redirect?target=http://lzy9000.blueprint1.cpa.clicksure.com/?lp=4&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&caid=99737be6-2ea4-4523-be9f-85692b529ef9&zpid=293d5924-1e42-11e6-b462-12ce168cfdfd&cid=wPOJS4587E672CUS0RUM8J70&rt=R";...</script>..</body>.</html>..0..HTTP/1.1 200 OK..Cache-Control: no-store, no-cache, pre-check=0, post-check=0..content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'..x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'..X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'..redirected: JS..Content-Type: text/html;charset=UTF-8..Transfer-Encoding: chunked..Date: Fri, 20 May 2016 04:20:19 GMT..Server: ZeroPark-Traffic..36a..<!DOCTYPE html>.<html>..<head>...<META http-equiv="refresh" content="1;URL='hXXp://track.trackbyme.info/zp-red
<<< skipped >>>
GET /?lp=4&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: lzy9000.blueprint1.cpa.clicksure.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Server: nginx/1.6.2
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.5.21
Cache-Control: no-cache
Location: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
P3P: policyref="hXXp://cpa.clicksure.com/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OUR SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: laravel_session=1b2e164e2738839563d1a71715084c94c656190e; expires=Fri, 20-May-2016 06:20:21 GMT; Max-Age=7200; path=/; domain=cpa.clicksure.com; httponly
Set-Cookie: campaign_lp_aff_8733603=00f0ba0efbf0ece132ad4117c7903afd01ddf3cd+2016-05-20; expires=Sat, 21-May-2016 04:20:21 GMT; Max-Age=86400; path=/; domain=cpa.clicksure.com; httponly
Set-Cookie: campaign_216183=85ae5b5d7ab7c5e53daee987bbc681b82a945ebc+{"click":1132560031,"tracked":[],"tracked_time":1463718021}; expires=Sun, 19-Jun-2016 04:20:21 GMT; Max-Age=2592000; path=/; domain=cpa.clicksure.com; httponly
X-Cacheable: NO:Not Cacheable
Content-Length: 5205
Accept-Ranges: bytes
Date: Fri, 20 May 2016 04:20:21 GMT
Age: 0
Connection: keep-alive
X-Cache: MISS
Via: WebCelerate
<!DOCTYPE html>.<html>. <head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script type="text/javascript">window.NREUM||(NREUM={}),__nr_require=function(e,t,n){function r(n){if(!t[n]){var o=t[n]={exports:{}};e[n][0].call(o.exports,function(t){var o=e[n][1][t];return r(o||t)},o,o.exports)}return t[n].exports}if("function"==typeof __nr_require)return __nr_require;for(var o=0;o<n.length;o )r(n[o]);return r}({1:[function(e,t,n){function r(e,t){return function(){o(e,[(new Date).getTime()].concat(a(arguments)),null,t)}}var o=e("handle"),i=e(2),a=e(3);"undefined"==typeof window.newrelic&&(newrelic=NREUM);var u=["setPageViewName","addPageAction","setCustomAttribute","finished","addToTrace","inlineHit"],c=["addPageAction"],f="api-";i(u,function(e,t){newrelic[t]=r(f t,"api")}),i(c,function(e,t){newrelic[t]=r(f t)}),t.exports=newrelic,newrelic.noticeError=function(e){"string"==typeof e&&(e=new Error(e)),o("err",[e,(new Date).getTime()])}},{}],2:[function(e,t,n){function r(e,t){var n=[],r="",i=0;for(r in e)o.call(e,r)&&(n[i]=t(r,e[r]),i =1);return n}var o=Object.prototype.hasOwnProperty;t.exports=r},{}],3:[function(e,t,n){function r(e,t,n){t||(t=0),"undefined"==typeof n&&(n=e?e.length:0);for(var r=-1,o=n-t||0,i=Array(0>o?0:o); r<o;)i[r]=e[t r];return i}t.exports=r},{}],ee:[function(e,t,n){function r(){}function o(e){function t(e){return e&&e instanceof r?e:e?u(e,a,i):i()}function n(n,r,o){e&&e(n,r,o);for(var i=t(o),a=l(n),u=a.length,c=0;u>c;c
<<< skipped >>>
GET /nr-918.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: js-agent.newrelic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: 6J/6rr52Hu9KiLf5QffVi3DYIBt9QCYHvjGmU7pQQlw2kn8qyqXj3Ko6PcfnW Kxeef2bJCR7 I=
x-amz-request-id: 6F1F1FD74C007491
Last-Modified: Mon, 28 Mar 2016 18:05:52 GMT
ETag: "07fddb3720b5e77e10d486281e40571d"
Content-Type: application/javascript
Server: AmazonS3
Content-Length: 22729
Accept-Ranges: bytes
Date: Fri, 20 May 2016 04:20:23 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-fra1239-FRA
X-Cache: HIT
X-Cache-Hits: 183
X-Timer: S1463718023.806905,VS0,VE0
Vary: Accept-Encoding
Cache-Control: public, max-age=3600
!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var a="function"==typeof __nr_require&&__nr_require;if(!i&&a)return a(t,!0);if(o)return o(t,!0);throw new Error("Cannot find module '" t "'")}var s=e[t]={exports:{}};n[t][0].call(s.exports,function(e){var o=n[t][1][e];return r(o||e)},s,s.exports)}return e[t].exports}for(var o="function"==typeof __nr_require&&__nr_require,i=0;i<t.length;i )r(t[i]);return r}({1:[function(n,e,t){e.exports=function(n,e){return"addEventListener"in window?addEventListener(n,e,!1):"attachEvent"in window?attachEvent("on" n,e):void 0}},{}],2:[function(n,e,t){function r(n,e,t,r){l("bstAgg",[n,e,t,r]),p[n]||(p[n]={});var i=p[n][e];return i||(i=p[n][e]={params:t||{}}),i.metrics=o(r,i.metrics),i}function o(n,e){return e||(e={count:0}),e.count =1,c(n,function(n,t){e[n]=i(t,e[n])}),e}function i(n,e){return e?(e&&!e.c&&(e={t:e.t,min:e.t,max:e.t,sos:e.t*e.t,c:1}),e.c =1,e.t =n,e.sos =n*n,n>e.max&&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function a(n,e){return e?p[n]&&p[n][e]:p[n]}function s(n){for(var e={},t="",r=!1,o=0;o<n.length;o )t=n[o],e[t]=u(p[t]),e[t].length&&(r=!0),delete p[t];return r?e:null}function u(n){return"object"!=typeof n?[]:c(n,f)}function f(n,e){return e}var c=n(30),l=n("handle"),p={};e.exports={store:r,take:s,get:a}},{}],3:[function(n,e,t){function r(n,e,t){"string"==typeof e&&("/"!==e.charAt(0)&&(e="/" e),d.customTransaction=(t||"hXXp://custom.transaction") e)}function o(n,e){var t=e||n;f.store("cm","finished",{name:"finished"},{time:t-d.offset}),i(n,{name:"fin
<<< skipped >>>
GET /search/tsc.php?&ses=1463718019f040e932a28694b67f42c5aa3fc6dac5&200=MjMxMDQyOTg1&21=MTk0LjI0Mi45Ni4yMTg=&681=MTQ2MzcxODAxOWYwNDBlOTMyYTI4Njk0YjY3ZjQyYzVhYTNmYzZkYWM1&682=&616=&crc=48ca082ccc3156ee64036354d684be64ce306b9d&cv=1 HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://ww1.sergiwa.com/
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ww1.sergiwa.com
Connection: Keep-Alive
Cookie: tu=c6643c217733cb748736e5135c86d86c; NSC_tfep-83 63 5 01-91=ffffffff516a73d445525d5f4f58455e445a4a423660
HTTP/1.0 200 OK
Date: Fri, 20 May 2016 04:20:19 GMT
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from 440444
nnCoection: close
Connection: Keep-Alive
........................
GET /search/redirect.php?f=http://zd1.november-lax.com/zcvisitor/293d5924-1e42-11e6-b462-12ce168cfdfd&v=YTlkZDlmYWIxODZmMjM2NDU3NDVhMTM4YTljMDQxOTcJMQl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMDI2NS45ODY0MDkxMAl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMGU0My41ODY5OTMwNgkxNDYzNzE4MDE5CWFkXzMxXzA=&l=NQlBRFMJZDBhZWU2MmM5OGM2NjcwOWYyMzc5Njc1ZGY0MTM5MDYJMC4wMDAxCTAJMTMJCTMxCTEJMQkwCWFjYjcyMDg0ZTIwOTliMGI5OWUxMTM5MzU0NDlmMTZjCQkyMzEwNDI5ODUJYwk3NTE4MjY4MQkJc2VyZ2l3YQkxMTAxCTMxCTMxCTM1CTE0NjM3MTgwMTkJMC4wMDAxNwlOCTAJMAkwCQkwLjAwMDEJCQkJCQl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMDI2NS45ODY0MDkxMAkwLjAwMDE3CTAJCTEJMAkxMzc0CTkyMDY2ODI5CQkxOTQuMjQyLjk2LjIxOA== HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ww1.sergiwa.com
Connection: Keep-Alive
Cookie: tu=c6643c217733cb748736e5135c86d86c; NSC_tfep-83 63 5 01-91=ffffffff516a73d445525d5f4f58455e445a4a423660
HTTP/1.0 302 Moved Temporarily
Date: Fri, 20 May 2016 04:20:19 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7 squeeze28
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 20 May 2016 04:20:19 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Location: hXXp://ww1.sergiwa.com/search/tcerider.php?f=http://zd1.november-lax.com/zcvisitor/293d5924-1e42-11e6-b462-12ce168cfdfd&v=YTlkZDlmYWIxODZmMjM2NDU3NDVhMTM4YTljMDQxOTcJMQl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMDI2NS45ODY0MDkxMAl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMGU0My41ODY5OTMwNgkxNDYzNzE4MDE5CWFkXzMxXzA=&l=NQlBRFMJZDBhZWU2MmM5OGM2NjcwOWYyMzc5Njc1ZGY0MTM5MDYJMC4wMDAxCTAJMTMJCTMxCTEJMQkwCWFjYjcyMDg0ZTIwOTliMGI5OWUxMTM5MzU0NDlmMTZjCQkyMzEwNDI5ODUJYwk3NTE4MjY4MQkJc2VyZ2l3YQkxMTAxCTMxCTMxCTM1CTE0NjM3MTgwMTkJMC4wMDAxNwlOCTAJMAkwCQkwLjAwMDEJCQkJCQl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMDI2NS45ODY0MDkxMAkwLjAwMDE3CTAJCTEJMAkxMzc0CTkyMDY2ODI5CQkxOTQuMjQyLjk2LjIxOA==
Vary: User-Agent,Accept-Encoding
Content-Encoding: gzip
Content-Length: 20
Content-Type: text/html
X-Cache: MISS from 190779
Cneonction: close
Connection: Keep-Alive
........................
GET /search/tcerider.php?f=http://zd1.november-lax.com/zcvisitor/293d5924-1e42-11e6-b462-12ce168cfdfd&v=YTlkZDlmYWIxODZmMjM2NDU3NDVhMTM4YTljMDQxOTcJMQl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMDI2NS45ODY0MDkxMAl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMGU0My41ODY5OTMwNgkxNDYzNzE4MDE5CWFkXzMxXzA=&l=NQlBRFMJZDBhZWU2MmM5OGM2NjcwOWYyMzc5Njc1ZGY0MTM5MDYJMC4wMDAxCTAJMTMJCTMxCTEJMQkwCWFjYjcyMDg0ZTIwOTliMGI5OWUxMTM5MzU0NDlmMTZjCQkyMzEwNDI5ODUJYwk3NTE4MjY4MQkJc2VyZ2l3YQkxMTAxCTMxCTMxCTM1CTE0NjM3MTgwMTkJMC4wMDAxNwlOCTAJMAkwCQkwLjAwMDEJCQkJCQl3dzEuc2VyZ2l3YS5jb201NzNlOTA4MmJiMDI2NS45ODY0MDkxMAkwLjAwMDE3CTAJCTEJMAkxMzc0CTkyMDY2ODI5CQkxOTQuMjQyLjk2LjIxOA== HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ww1.sergiwa.com
Connection: Keep-Alive
Cookie: tu=c6643c217733cb748736e5135c86d86c; NSC_tfep-83 63 5 01-91=ffffffff516a73d445525d5f4f58455e445a4a423660
HTTP/1.0 302 Moved Temporarily
Date: Fri, 20 May 2016 04:20:19 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7 squeeze28
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 20 May 2016 04:20:19 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Location: hXXp://zd1.november-lax.com/zcvisitor/293d5924-1e42-11e6-b462-12ce168cfdfd
Vary: User-Agent,Accept-Encoding
Content-Encoding: gzip
Content-Length: 185
Content-Type: text/html
X-Cache: MISS from 100825
Cneonction: close
Connection: Keep-Alive
............A.. .....n...kc.8..c..(.."-J....j..n..........m..!k.r.cx<.$..].....!..e.9...$.....ed...-$.......L~.9&....5...*.....U.$n..{....J.Uo.} ..XTY.O(.9.......9H..!HP...J.7|.........HTTP/1.0 302 Moved Temporarily..Date: Fri, 20 May 2016 04:20:19 GMT..Server: Apache..X-Powered-By: PHP/5.3.3-7 squeeze28..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Last-Modified: Fri, 20 May 2016 04:20:19 GMT..Cache-Control: no-store, no-cache, must-revalidate..Cache-Control: post-check=0, pre-check=0..Pragma: no-cache..Location: hXXp://zd1.november-lax.com/zcvisitor/293d5924-1e42-11e6-b462-12ce168cfdfd..Vary: User-Agent,Accept-Encoding..Content-Encoding: gzip..Content-Length: 185..Content-Type: text/html..X-Cache: MISS from 100825..Cneonction: close..Connection: Keep-Alive..............A.. .....n...kc.8..c..(.."-J....j..n..........m..!k.r.cx<.$..].....!..e.9...$.....ed...-$.......L~.9&....5...*.....U.$n..{....J.Uo.} ..XTY.O(.9.......9H..!HP...J.7|...........
<<< skipped >>>
GET /modules/mydownloads/singlefile.php?cid=2&lid=6 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: en.sergiwa.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Fri, 20 May 2016 04:20:18 GMT
Server: Apache/2.2.15 (Linux)
X-Powered-By: PHP/5.5.35
Location: hXXp://ww1.sergiwa.com
Content-Length: 1
Connection: close
Content-Type: text/html; charset=UTF-8
...
GET /zcvisitor/293d5924-1e42-11e6-b462-12ce168cfdfd HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: zd1.november-lax.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 20 May 2016 04:20:19 GMT
Server: ZeroPark-Traffic
3ef..<!DOCTYPE html>.<html>..<head>...<META http-equiv="refresh" content="1;URL='hXXp://zd1.zeroredirect11.com/zcredirect?visitid=293d5924-1e42-11e6-b462-12ce168cfdfd&type=meta'">..</head>..<body>...<script type="text/javascript">....setTimeout(function () {.....var pageWidth = window.innerWidth ? window.innerWidth : (document.documentElement && document.documentElement.clientWidth ? document.documentElement.clientWidth : document.getElementsByTagName('body')[0].clientWidth);.....var pageHeight = window.innerHeight ? window.innerHeight : (document.documentElement && document.documentElement.clientHeight ? document.documentElement.clientHeight : document.getElementsByTagName('body')[0].clientHeight);.....var iframeDetected = window.self !== window.top;.....window.location="hXXp://zd1.zeroredirect11.com/zcredirect?visitid=293d5924-1e42-11e6-b462-12ce168cfdfd&type=js&browserWidth=" pageWidth "&browserHeight=" pageHeight "&iframeDetected=" iframeDetected;....}, 1);...</script>..</body>.</html>..0..
GET /1/4915dfb183?a=8404545&v=918.2e0ff1d&to=YgFaNUJTC0BYBkFdXFtLbRNZHRVBVghaGVxTAl0TH1sLV1wdG0RbRQ==&rst=2407&ap=53&fe=2219&dc=2219&f=["err","ins"]&at=TkZZQwpJGE4=&jsonp=NREUM.setToken HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: bam.nr-data.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=a5ad3657d0b93b5a;Path=/;Domain=.nr-data.net
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Content-Length: 57
NREUM.setToken({'stn':0,'err':0,'ins':0,'cap':0,'spa':0})HTTP/1.1 200 OK..Set-Cookie: JSESSIONID=a5ad3657d0b93b5a;Path=/;Domain=.nr-data.net..Expires: Thu, 01 Jan 1970 00:00:00 GMT..Content-Type: text/javascript;charset=ISO-8859-1..Content-Length: 57..NREUM.setToken({'stn':0,'err':0,'ins':0,'cap':0,'spa':0})..
GET /zp-redirect?target=http://lzy9000.blueprint1.cpa.clicksure.com/?lp=4&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&caid=99737be6-2ea4-4523-be9f-85692b529ef9&zpid=293d5924-1e42-11e6-b462-12ce168cfdfd&cid=wPOJS4587E672CUS0RUM8J70&rt=R HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: track.trackbyme.info
Connection: Keep-Alive
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Date: Fri, 20 May 2016 04:20:20 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://lzy9000.blueprint1.cpa.clicksure.com/?lp=4&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70
Pragma: no-cache
Server: Voluum-Traffic/1.0
Set-Cookie: 99737be6-2ea4-4523-be9f-85692b529ef9-v4=99737be6-2ea4-4523-be9f-85692b529ef9; Domain=track.trackbyme.info; Path=/; HttpOnly
Set-Cookie: voluum-cid-v4={ "cid" : "wPOJS4587E672CUS0RUM8J70", "caid" : "99737be6-2ea4-4523-be9f-85692b529ef9"}; Domain=track.trackbyme.info; Expires=Sat, 20-May-2017 04:20:20 GMT; Path=/; HttpOnly
X-Robots-Tag: noindex, nofollow
Content-Length: 0
Connection: keep-alive
HTTP/1.1 302 Found..Cache-Control: no-store, no-cache, pre-check=0, post-check=0..Date: Fri, 20 May 2016 04:20:20 GMT..Expires: Thu, 01 Jan 1970 00:00:00 GMT..Location: hXXp://lzy9000.blueprint1.cpa.clicksure.com/?lp=4&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70..Pragma: no-cache..Server: Voluum-Traffic/1.0..Set-Cookie: 99737be6-2ea4-4523-be9f-85692b529ef9-v4=99737be6-2ea4-4523-be9f-85692b529ef9; Domain=track.trackbyme.info; Path=/; HttpOnly..Set-Cookie: voluum-cid-v4={ "cid"%20: "wPOJS4587E672CUS0RUM8J70", "caid" : %2299737be6-2ea4-4523-be9f-85692b529ef9"}; Domain=track.trackbyme.info; Expires=Sat, 20-May-2017 04:20:20 GMT; Path=/; HttpOnly..X-Robots-Tag: noindex, nofollow..Content-Length: 0..Connection: keep-alive..
<<< skipped >>>
GET /api/v1/funnel.min.js?v=1.1&product=millionairesblueprint HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: splitter.binarypromos.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 20 May 2016 04:20:22 GMT
Content-Type: application/javascript
Content-Length: 10294
Connection: keep-alive
Set-Cookie: __cfduid=d5232066c47f627b36d04e2389074ef8a1463718022; expires=Sat, 20-May-17 04:20:22 GMT; path=/; domain=.binarypromos.com; HttpOnly
Last-Modified: Mon, 21 Dec 2015 17:27:52 GMT
ETag: "8b40-5276bcf09ad7d-gzip"
Cache-Control: public, max-age=290304000
Expires: Fri, 01 Aug 2025 04:20:22 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Accept-Ranges: bytes
Server: cloudflare-nginx
CF-RAY: 2a5cfeeb61e405b5-ARN
...........}k{.H.... l6...FR2........xb;....H.O.-.-..P....~....E..=...<..}........[...7.........a7...87..|8O|.')..Q..C.. .6.d...=...F..:M...C.c.-.Q..(.....u...Qm...)..o...k..:..... L7p.0.....'...'.<.a..lt...8.I..C....`$......v:..!.`./..q.....3.XC#.n).Pt...I.g.......u..._7..).[......kkg..Ds.8.f.=..4.n..Cn.......C.@.......O0:.r ..&.... I.<...\..:.....7.."......u..O.>pc......|_........%.7....'~.....<2......i<;....`.......m......=g.Q.O.,.Pw:@..>.;....~.F:Z..'.7..n...z@.B7.,...........}.(p..^....HN.a...0,'O..o4=%.5.Q.hP%...2..Oz|...G .lr.....[.....E...z....}..5..c.....V|..S.....9..|1<0.........@]g.*..4...1"......`Y..$...0..f.....6...........:.n....d.2.S.......=,.E....,.:X.V...eF.p,..|,..2.....v..=c" ....q.$...W........._..Z....H.......H.4I.]......8..b..(b\.... ...&..q.!?'......... !..i.p....jC.~.#.k......w..pGN......fI.g....Zq..._....@.0.S..%....i...Q...Y..,aj...n#..I.h' ......;P.d.............gs..!.....k..-r".jeN.... . .Y.J>..$Li.....w....d1..5.....*.B..f......P.).tB.....ng.dg1....[2.....v..BT..]..<....6....$q..R.0.5h..)._k..}...Q^V..g...J. .....g........?../....W..W_7...T7...>....'.......D_..}..}.#...../.I...j=....W.....}.......R_.....n8....&3....%9...TO..z^;.#v.....^.T.i~.w}...Z....!.~.O.....Z...zn....z.x..z...k=b......... .F..o. .j. ....oso.4....o.J....o.dy...[=3.m"6W..N/.......wz..N.-..4...Vw.wz..NO.wzvx.W{.....G}.^...y..^.........'..?....=;....'.........;..}._..G....Q......Z\..R.\....Y.$?.Y...fR!...K...{...........|^.\....9.\...7..u.s= ...;oJhep=Q...|.....Fu....=./...B....Kr.W.
<<< skipped >>>
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ww1.sergiwa.com
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Fri, 20 May 2016 04:20:18 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7 squeeze29
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Fri, 20 May 2016 04:20:18 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tu=c6643c217733cb748736e5135c86d86c; expires=Tue, 31-Dec-2019 23:00:00 GMT; path=/; domain=sergiwa.com; httponly
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_KoCF4Mdr2JMnAS7DASaKopPFXXseO5fU xwzWvHGID7usWBQ9i8yO JspLiVfv5YIpOoVyGqVEzq6qrj5KVDOw==
Vary: User-Agent,Accept-Encoding
Content-Encoding: gzip
Content-Length: 2907
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from 891047
nnCoection: close
Connection: Keep-Alive
Set-Cookie: NSC_tfep-83 63 5 01-91=ffffffff516a73d445525d5f4f58455e445a4a423660;path=/;httponly
...........X........_..35]a..V.....(.C....q..........M...fb....".9'.d~...~..Sg.....L./.._..J..r.$s..k&=y^...._2s.T.....t.r...7.8e.S..k...2..........L.U4...w........h....$K.s...h.....b...-..1iX.... ...y.]O&.z.fsRvs\.O.f....%;...C...q.....Z.Knt)..5..../.g).. .X..l...;.}._..z.qj=.. b.r.|N..B..........y.C._>.e.xH...I.....).P....|...N...am..,}8.......}..."...W ..E..c..V.f.......$<.H.%.^.dy.\J$t.S...aj...|.{H.{.I.K.....l..h.).MU.F_.?c..l....A.v..z...9......A....n.&....\O.....f*.........(.I.U.....<@.<&..R..*...H...?\=........MCs.....G..p.N.&...v..<V..]fm..Iw..S[.8.F...h._rWR=..#`. ..'`.}.i.....H.twm.w......O.....f..c....<P..)g. s..<.".3.K.@..Ge.F.M...{.g....k.A.2.aJ........GD......y......TKW.1s.Z....%\B:9..2......SR.6R.l....X..).8.%.G....A..4.......).... ..f...'....=a......3.D....H.[.....^...9.*....BC...$..?.XI.|2.q` yC....R.sO..6..`.i........4?...8Zy...Z.pf.."........1.j..e....;s.....f'0..9]....BP.xk.L...].....j(.....<..qr...;U.....jeF.....[m..kB.E^.4A..sY.I-bI........4r.|g..'v...yg/..=.o..Bv..G...&...`&&o6....C..S. .!W;Q....R.@od..oQ.spu.n.....-.P .........\.ZZC=....D..K......'{...Wu.K..S.]...[=ncM.......t.............t}.......l....b._..c....._..................E.....4..J.~3..Q.....n6.W....\.*....5.jRy.*.K.._...#.I.(f.2 ..:.9.....M.|.(K...@.......1.?....Z.C9...U..4.b...c...............^.k.^f..%..m...g....i5*..Y......W&...%..Y.F.tfb..*...{..)A-n*..A.U.w...(..%...`t....I.-.d.Kt.i..%..}fJ.c.....!..I-..1...;*.f..wI.).p..V....O.f%a......z..l,b.z....Dl.....V.......)......t.$.E..b..s=YF........k.-.L
<<< skipped >>>
GET /js/jquery-1.4.2.min.js HTTP/1.1
Accept: */*
Referer: hXXp://ww1.sergiwa.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.sedoparking.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 20 May 2016 04:20:19 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-CFHash: "0d658c3f0a7efaa05a6fcee9758231b3"
Last-Modified: Mon, 18 Apr 2016 10:42:48 GMT
X-CF3: M
CF4Age: 0
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0213
X-CF1: 11696:fB.fra2:cf:cacheA.fra2-v:H
Content-Encoding: gzip
6876..............y_........Y.<n......e......`..*....K.........%....s....?-j..%2.....~$'......?8 ...B...A.8(dAaX.......B.0 .....0._..J...BRX-..G.].J..p..>..|......B..M..-......q....a....?..>=L.O...R...U..ne<p%Jq.\.......~.t..?*...$.f..?.._...^...a.$ .......u.....nw.0...n.U.......2..F..H.T.g]......w........r...........~....k..x.......e.......y...?...........QfB...........(./].W....u.})....Z!.Z.......=..Zg..J=.......A..'.....[.,..............O{.....>.{.....(....B..KA7.le...?.}.q%..O....o.KA.....o....,/L....t.........2..|.......~...o...*...N.Ui.A.K.<....V...... .... ..J|....u."..;.....A.._...............z.Cj.J....A.d.^...v..z)....M..~.4v..:.J........N..........T..X.0..................M...V..RR.......n.7.Pa.....o.'.R..V...I....J...nL?....u..........\....=.r.......`.|.Q..'s.nyF..QiW.........T..W... ....r.........U}^j......k-z..i...nmT..{..=.....(b.......n<.....{...L.../.)<..R%l...Ye.O.5....wzc_..J......}....G:r....5..~X...8T9C.3z.].f.u-....?~.P..Vx......v1.T Q1..^..MP.....6...w..&..,.]5....X....._...R.p....-..vc7..p..P6...{.....:.......M.......{.V..X.....'.00..@.....BI...B........{V.X)....Rq..P,....qg9...a&l0^..n`......z.zj...k...j..M....... ..w}..O'.C..~.m......P..2.m..$H.k.O.U(..;.G[%........b.^..u.{.R=*..bY.^..q.F.o..%..QX. C.Q_pU.Zo.B.?.\....y..T.h..U..A.A...[G..u..Q....J...u. ...O&7.A........A..X`8...A<..S&1.$.e.......b 7. .N.....\.b..).'..[.~... .;...._J ...V...".R8Vu.....v..K).^./...|..:.n.}o%>..c..X.,>-.T.Ss.....)......... .u..v....`.vP....v^tuw..P.-...zaaTb...:.t...[.AG....M
<<< skipped >>>
GET /promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.millionaires-blueprint.co
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html
Vary: Accept-Encoding
Set-Cookie: aff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: clickID=1132560031; expires=Sun, 19-Jun-2016 04:20:38 GMT; path=/
Set-Cookie: clickId=1132560031; expires=Sun, 19-Jun-2016 04:20:38 GMT; path=/
Content-Encoding: gzip
X-Cacheable: YES
Content-Length: 7099
Accept-Ranges: bytes
Date: Fri, 20 May 2016 04:20:21 GMT
Age: 0
Connection: keep-alive
X-Cache: MISS
...........<.v.8....4gW!..%..M2.......i.Iw.Z'."!..E.y....A...e[..$(Qq:.{69.&q)..^..G{>..e..Y6...v.../.i...o.IM#...5......h../....e..f4IY..y6i?57.gY....yp......=>.i..Cf...2.......2..(.. ..D.53v.u...*[.ck.D>_8.W.....Y...Z...r...3...Swu..~..4}z......Ez...._O.?..z.....9J>'.n..I.yY.# #.D..x7..........^.....>. v..$K...z.A..;r<...wT.)..b......h..,Op.~w..5...h.U'.T4.....h....O.}......&<.....?...E.l6...6.n.Gv...Z...o.#.WY.\...>.!k....d..k.f....^.5I.f...i..O.C..@..B.n..`.2..)s.,{...e..'!.....q......5.....jY%~.^..{{.....v{.$...i.A.......|5(J^.a..<..jn....d. .ID.6K......^@4'.......k..&...GKz.W.fX.e^\..../..7....O.o/....w./..<0B..o...Jk`..dq.../<...a..'.Z...o3.[HB.d.....^?..".C...-...G..,;..X.A..tK.t....).p...1......e...H'.R...ON&...pie. %...4...Im...[.[.....9s.. .nvwg.#..Hc.d3#........."..9...1?.y...Wo]&.. bnT-.Q.Jre...-...m....K.y..S...O.....U..G._..{=...{..Q .K..A-.H6..w....,...q:.VE..^.B.A....0......ML .....m..M.T`...je. .9......C......F..6h..}..d....R......-5....b..n....O.|m.....i..........6W...G).J....Jc_.. J.{9..>..n@.1f......o.9Y0..ic. |.eI....5.S....m..S).O.A...,.b... (...............x..h..~....mz..q.}.........\..\..&.....#....O*..DB...]..P..`.4H..J|P|P.v.T.:...&~.Q..........f.Q ......9.......el.z.=.O.E51.=.f"8..........-3......P....`.=.6.'%.bO..yu5l.M...M..t..B)...q.kX@e9Ij.8.L`x..M.,...~..W.M.v..X..........l.5..?. 1x.{#6..H....C&....G~k.W.....;.za..U.[K...>._.....@......"z.p.l..r{`3.r..y.R.:2.A.....9.~o.$.v...c..0'...m......9B."b.Z8.\..p......{l[T.)S.....wo_Cfx%.......1..
<<< skipped >>>
GET /promo-offer/css/styles.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.millionaires-blueprint.co
Connection: Keep-Alive
Cookie: clickID=1132560031; clickId=1132560031
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/css
Last-Modified: Thu, 03 Mar 2016 17:18:35 GMT
Cache-Control: max-age=7200 public
reset-client-side-age: 1
X-Cacheable: YES
Content-Length: 2156
Accept-Ranges: bytes
Date: Fri, 20 May 2016 04:20:21 GMT
Age: 6289
Connection: keep-alive
X-Cache: HIT
body {. font-family: 'Helvetica', 'Arial', sans-serif;. text-align: center;. line-height: 2em;. background-color: black;. color: white;.}.body h1 {. margin: 30px 0 0 0;. padding: 0;. line-height: 1em;.}.body h1 strong {. color: red;.}.body h3 {. margin: 10px 0;. padding: 0;. line-height: 1em;.}.body h3 strong {. font-size: 1.7em;. color: yellow;.}.body h5 {. margin: 0 0 10px 0;. padding: 0;. font-size: 1em;. color: white;.}.body h4 {. font-size: 1.5em;. color: yellow;.}.body iframe.wistia_embed {. width: 650px;. height: 365px;. margin: 0 auto;. border: none;.}.body .form {. width: 40%;. margin: 10px auto;. padding: 10px;. background: #0f0f0f;. border-radius: 3px;. -moz-border-radius: 3px;. -webkit-border-radius: 3px;.}.body .form h4 {. margin: 0;. padding: 10px;. color: #fff;.}.body .form form {. display: block;.}.body .form form input {. width: 85%;. margin: 10px auto;. display: block;.}.body .form form input[type="text"] {. padding: 10px;. border: 3px solid #000;. border-radius: 6px;. -moz-border-radius: 6px;. -webkit-border-radius: 6px;. font-size: 1.2em;. color: #000;.}.body .form form input[type="submit"] {. width: 450px;. height: 98px;. display: block;. background: url('../images/register_now_button.png') center no-repeat transparent;. border: 0;. box-shadow: none;. text-indent: -10000%;.}.body .form form input[type="submit"]:hover {. cursor: pointe
<<< skipped >>>
GET /includes/bootstrap.min.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.millionaires-blueprint.co
Connection: Keep-Alive
Cookie: clickID=1132560031; clickId=1132560031
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/css
Last-Modified: Thu, 03 Mar 2016 17:18:35 GMT
Cache-Control: max-age=7200 public
reset-client-side-age: 1
X-Cacheable: YES
Content-Length: 122540
Accept-Ranges: bytes
Date: Fri, 20 May 2016 04:20:21 GMT
Age: 6301
Connection: keep-alive
X-Cache: HIT
/*!. * Bootstrap v3.3.5 (hXXp://getbootstrap.com). * Copyright 2011-2015 Twitter, Inc.. * Licensed under MIT (hXXps://github.com/twbs/bootstrap/blob/master/LICENSE). *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{height:0;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}pre{overflow:auto}code,kbd,pre,samp{font-family:monospace,monospace;font-size:1em}button,input,optgroup,select,textarea{margin:0;font:inherit;color:inherit}button{overflow:visible}button,select{text-transform:none}button,html input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer}button[disabled],html input[disabled]{cursor:default}button::-moz-focus-inner,input::-moz-focus-inner{padding:0;border:0}
<<< skipped >>>
GET /promo-offer/images/speaker.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.millionaires-blueprint.co
Connection: Keep-Alive
Cookie: clickID=1132560031; clickId=1132560031
HTTP/1.1 200 OK
Server: nginx
Content-Type: image/jpeg
Last-Modified: Thu, 03 Mar 2016 17:18:35 GMT
Cache-Control: max-age=7200 public
reset-client-side-age: 1
X-Cacheable: YES
Content-Length: 1816
Accept-Ranges: bytes
Date: Fri, 20 May 2016 04:20:22 GMT
Age: 6297
Connection: keep-alive
X-Cache: HIT
......Exif..II*.................Ducky.......P.....1hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:712A2F87BF4B11E499FB949779439A45" xmpMM:DocumentID="xmp.did:712A2F88BF4B11E499FB949779439A45"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:712A2F85BF4B11E499FB949779439A45" stRef:documentID="xmp.did:712A2F86BF4B11E499FB949779439A45"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..............................................................................................................................................................................................................................................!.1.345."2b.T.Qaq..BRr.............................!1A..Q..a..2..."#............?.(.}..N....h^H.W..R.o..P)...y[@Mn...h..sE.x.l..Z.....*t.2.U..~.Yp.H)S~k"...I.R!....[.L.DD...a....]..h}....n.e..;...l........E.s@H....h.. ....\...W<9DL.v.W............8..p.....G...q..m.[..&.6..Q..1...=....B..G$^...0.....@..............1.....8u9w.._:e@.Ur..c2b0...,....g..bl.jFdY....6.
<<< skipped >>>
GET /promo-offer/js/video.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.millionaires-blueprint.co
Connection: Keep-Alive
Cookie: clickID=1132560031; clickId=1132560031; _ga=GA1.2.1661237672.1463718029; _gat=1
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-javascript
Last-Modified: Thu, 03 Mar 2016 17:18:35 GMT
Cache-Control: max-age=7200 public
reset-client-side-age: 1
X-Cacheable: YES
Content-Length: 117730
Accept-Ranges: bytes
Date: Fri, 20 May 2016 04:20:23 GMT
Age: 6298
Connection: keep-alive
X-Cache: HIT
/*! Video.js v4.12.5 Copyright 2014 Brightcove, Inc. hXXps://github.com/videojs/video.js/blob/master/LICENSE */ .(function() {var b=void 0,f=!0,j=null,l=!1;function m(){return function(){}}function n(a){return function(){return this[a]}}function q(a){return function(){return a}}var s;document.createElement("video");document.createElement("audio");document.createElement("track");.function t(a,c,d){if("string"===typeof a){0===a.indexOf("#")&&(a=a.slice(1));if(t.Aa[a])return c&&t.log.warn('Player "' a '" is already initialised. Options will not be applied.'),d&&t.Aa[a].I(d),t.Aa[a];a=t.m(a)}if(!a||!a.nodeName)throw new TypeError("The element or ID supplied is not valid. (videojs)");return a.player||new t.Player(a,c,d)}var videojs=window.videojs=t;t.ic="4.12";t.vd="https:"==document.location.protocol?"hXXps://":"hXXp://";t.VERSION="4.12.5";.t.options={techOrder:["html5","flash"],html5:{},flash:{},width:300,height:150,defaultVolume:0,playbackRates:[],inactivityTimeout:2E3,children:{mediaLoader:{},posterImage:{},loadingSpinner:{},textTrackDisplay:{},bigPlayButton:{},controlBar:{},errorDisplay:{},textTrackSettings:{}},language:document.getElementsByTagName("html")[0].getAttribute("lang")||navigator.languages&&navigator.languages[0]||navigator.If||navigator.language||"en",languages:{},notSupportedMessage:"No compatible source was found for this video."};."GENERATED_CDN_VSN"!==t.ic&&(videojs.options.flash.swf=t.vd "vjs.zencdn.net/" t.ic "/video-js.swf");t.Jd=function(a,c){t.options.languages[a]=t.options.languages[a]!==
<<< skipped >>>
GET /analytics.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Fri, 20 May 2016 04:13:44 GMT
Expires: Fri, 20 May 2016 06:13:44 GMT
Last-Modified: Mon, 09 May 2016 22:17:11 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 11491
Age: 398
Cache-Control: public, max-age=7200
...........}is....w....GCF0%.N..r....$.......XR.-$.U...u7...2.....T..6...F.@...H$.....ox.d].).{.I.........ys]..h......c..h....T[h.Fb,U.{..8r.u<hwX.............a.....N....!Oz..`.=..s..=.....~.5q0=..w..3pv_..z...........?~.|rz................p4....dzs{w.P.onm?{....6~8...h7qq....5#.L.......G..x....y.?.F.#u.Hl.o}..qs#.]P.c.#.C..5........k...zMN........SY.:..}...\.....x.....B....".(Jq,.Ia[t..3.A....s.p....s...._...M.k^s..f..h.#.....t.cAN. ....9.^..=..*.<.."~......#.d|.D.Q..|0pu5.q.~....../..J./.7.;...x.'.T$...k..GR.._......_X63T-.4..!..W.........bT../..;^.Tfii..e.....YR.B.../"...z..j..N...j..m_&......w{...H...D8gS...s.............x8....O...>..6oLc.....I...."..l...3&..N..?r.K.......D.T.Z....T.^......U...G....@So.x"z...a..z.9..............!..-_...2...rE.8,,...D......../...JX....c..C.......:;.........O....C../..DUW....5`..u4}a..H.........pS..<...`.P...Y.......0&lD3`....w..PeC.k...........6VQ.R..P.`.U.r.d.F...%.$n..;..c.0T..'..9. ....k.S.5...d..i..0.....x...4.i.....sv.z.D.JE...@...4.V..zY.....9sK.!0G.Z]=%.z.t:@...Y....9..p$.7B@T....S...dtZ... .....7g.|.............`P.f\...h..CY........y..n....!H$;.J...d.0..#..x>.w.......l}..?~.......x.4s.vi[..(9T.~...E_.. VO...O...qh.[..A..P..H._...$H..n.`.b.<.8.....o.....q..4.............6r............i.#4.W|...,.b.'.Wd.;U..;rJ....:PJ`...%.......|v..|...q.o.a .b..............3|.m..V.6..c<6?..x..%...q......y8P..}.>K.&.x=.c....F|...rY....>.:,B...K..17.....U..e...x|.......]..U.>......|.....| N.%.......d...5.;..^Z..@.e........1Dh.].x.L.>.%....z.*.. .Z.zC.
<<< skipped >>>
GET /r/collect?v=1&_v=j43&a=599973280&t=pageview&_s=1&dl=http://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133&ul=en-us&de=utf-8&dt=FREE Access - Millionaire's Blueprint&sd=32-bit&sr=1276x846&vp=263x1320&je=0&fl=11.6 r602&_u=AEAAAEAAI~&jid=457202612&cid=1661237672.1463718029&tid=UA-66137886-1&_r=1&z=1681974947 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Fri, 20 May 2016 04:20:22 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-Allow-Origin: *..Date: Fri, 20 May 2016 04:20:22 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-store, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-Content-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2..Content-Length: 35..GIF89a.............,...........D..;..
GET /promo-offer/css/video-js.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.millionaires-blueprint.co
Connection: Keep-Alive
Cookie: clickID=1132560031; clickId=1132560031
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/css
Last-Modified: Thu, 03 Mar 2016 17:18:35 GMT
Cache-Control: max-age=7200 public
reset-client-side-age: 1
X-Cacheable: YES
Content-Length: 27990
Accept-Ranges: bytes
Date: Fri, 20 May 2016 04:20:21 GMT
Age: 6301
Connection: keep-alive
X-Cache: HIT
/*!.Video.js Default Styles (hXXp://videojs.com).Version 4.12.5.Create your own skin at hXXp://designer.videojs.com.*/./* SKIN.================================================================================.The main class name for all skin-specific styles. To make your own skin,.replace all occurrences of 'vjs-default-skin' with a new name. Then add your new.skin name to your video tag instead of the default skin..e.g. <video class="video-js my-skin-name">.*/..vjs-default-skin {. color: #cccccc;.}./* Custom Icon Font.--------------------------------------------------------------------------------.The control icons are from a custom font. Each icon corresponds to a character.(e.g. "\e001"). Font icons allow for easy scaling and coloring of icons..*/.@font-face {. font-family: 'VideoJS';. src: url('font/vjs.eot');. src: url('font/vjs.eot?#iefix') format('embedded-opentype'), url('font/vjs.woff') format('woff'), url('font/vjs.ttf') format('truetype'), url('font/vjs.svg#icomoon') format('svg');. font-weight: normal;. font-style: normal;.}./* Base UI Component Classes.--------------------------------------------------------------------------------.*/./* Slider - used for Volume bar and Seek bar */..vjs-default-skin .vjs-slider {. /* Replace browser focus highlight with handle highlight */. outline: 0;. position: relative;. cursor: pointer;. padding: 0;. /* background-color-with-alpha */. background-color: #333333;. background-color: rgba(51, 51, 51, 0.9);.}..vjs-default-skin .vjs-slider:focus {.
<<< skipped >>>
GET /promo-offer/css/members.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.millionaires-blueprint.co
Connection: Keep-Alive
Cookie: clickID=1132560031; clickId=1132560031
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/css
Last-Modified: Thu, 03 Mar 2016 17:18:35 GMT
Cache-Control: max-age=7200 public
reset-client-side-age: 1
X-Cacheable: YES
Content-Length: 10570
Accept-Ranges: bytes
Date: Fri, 20 May 2016 04:20:21 GMT
Age: 6295
Connection: keep-alive
X-Cache: HIT
body {. margin: 0;. padding: 0 0 100px 0;. font-family: 'Helvetica', 'Arial', sans-serif;. font-weight: normal;. font-size: 14px;. line-height: 1.5em;. background-color: #000 !important;. color: #fff !important;.}..body.funnel {. margin: 0;. font-family: 'Helvetica', 'Arial', sans-serif;. font-weight: normal;. font-size: 14px;. line-height: 1.5em;. background-color: #000 !important;. color: #fff !important;. padding: 0 0 20px 0;.}...container {. max-width: 960px !important;. margin: 0 auto;. padding: 0;. display: block;.}...container-form-alt {. max-width: 644px;. margin: 30px auto;. padding: 20px;. display: block;. border: 1px solid #d2d2d2;. border-radius: 6px;. -webkit-border-radius: 6px;. -moz-border-radius: 6px;. background: url('../images/arrow-bg.jpg') no-repeat;. background-color: #fff;. background-position: 50% 85%;.}...header {. margin: 20px auto 10px auto;. padding: 0 0 20px 0;. display: block;. background: url('../images/horizontal_rule.png') bottom center no-repeat transparent;.}...header .left,..header .right {. width: 49%;. margin: 0;. padding: 0;. display: inline-block;. vertical-align: middle;.}...intro {. display: block;.}...intro h1 {. font-weight: normal;. text-align: center;. line-height: 1.2em;. font-size:26px;. margin: 0 0 10px 0;.}...intro h1 span {. font-weight: bold;. color: yellow;.}...video {. display: block;. margin-top: 15px;.}...vide
<<< skipped >>>
GET /promo-offer/css/font/vjs.eot? HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.millionaires-blueprint.co
Connection: Keep-Alive
Cookie: clickID=1132560031; clickId=1132560031
HTTP/1.1 404 Not Found
Server: nginx
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=5, must-revalidate
X-Cacheable: YES
Content-Length: 195
Accept-Ranges: bytes
Date: Fri, 20 May 2016 04:20:21 GMT
Age: 0
Connection: keep-alive
X-Cache: MISS
..........U.=..0..wN.....1.......M...(.?.=......Y.e.,Y.2E.-W./LK.a...r.../..F.^.vz.l..6.....<..v.o.._.:.v..V...'..!I.U/..8k..d.......X...]x.......pA.sr.....gM.Ir....D...%M..\X..~Ni..5....P.$.'...HTTP/1.1 404 Not Found..Server: nginx..Content-Type: text/html..Vary: Accept-Encoding..Content-Encoding: gzip..Cache-Control: max-age=5, must-revalidate..X-Cacheable: YES..Content-Length: 195..Accept-Ranges: bytes..Date: Fri, 20 May 2016 04:20:21 GMT..Age: 0..Connection: keep-alive..X-Cache: MISS............U.=..0..wN.....1.......M...(.?.=......Y.e.,Y.2E.-W./LK.a...r.../..F.^.vz.l..6.....<..v.o.._.:.v..V...'..!I.U/..8k..d.......X...]x.......pA.sr.....gM.Ir....D...%M..\X..~Ni..5....P.$.'...t>....
GET /fonts/glyphicons-halflings-regular.eot? HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.millionaires-blueprint.co
Connection: Keep-Alive
Cookie: clickID=1132560031; clickId=1132560031
HTTP/1.1 404 Not Found
Server: nginx
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=5, must-revalidate
X-Cacheable: YES
Content-Length: 195
Accept-Ranges: bytes
Date: Fri, 20 May 2016 04:20:22 GMT
Age: 0
Connection: keep-alive
X-Cache: MISS
..........U.=..0..wN.....1.......M...(.?.=......Y.e.,Y.2E.-W./LK.a...r.../..F.^.vz.l..6.....<..v.o.._.:.v..V...'..!I.U/..8k..d.......X...]x.......pA.sr.....gM.Ir....D...%M..\X..~Ni..5....P.$.'.......
GET /promo-offer/js/jquery-1.9.1.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.millionaires-blueprint.co
Connection: Keep-Alive
Cookie: clickID=1132560031; clickId=1132560031
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-javascript
Last-Modified: Thu, 03 Mar 2016 17:18:35 GMT
Cache-Control: max-age=7200 public
reset-client-side-age: 1
X-Cacheable: YES
Content-Length: 111588
Accept-Ranges: bytes
Date: Fri, 20 May 2016 04:20:22 GMT
Age: 6296
Connection: keep-alive
X-Cache: HIT
..../*! jQuery v1.9.1 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license.//@ sourceMappingURL=jquery.min.map.*/.(function (e, t) {. var n, r, i = typeof t, o = e.document, a = e.location, s = e.jQuery, u = e.$, l = {}, c = [], p = "1.9.1", f = c.concat, d = c.push, h = c.slice, g = c.indexOf, m = l.toString, y = l.hasOwnProperty, v = p.trim, b = function (e, t) { return new b.fn.init(e, t, r) }, x = /[ -]?(?:\d*\.|)\d (?:[eE][ -]?\d |)/.source, w = /\S /g, T = /^[\s\uFEFF\xA0] |[\s\uFEFF\xA0] $/g, N = /^(?:(<[\w\W] >)[^>]*|#([\w-]*))$/, C = /^<(\w )\s*\/?>(?:<\/\1>|)$/, k = /^[\],:{}\s]*$/, E = /(?:^|:|,)(?:\s*\[) /g, S = /\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g, A = /"[^"\\\r\n]*"|true|false|null|-?(?:\d \.|)\d (?:[eE][ -]?\d |)/g, j = /^-ms-/, D = /-([\da-z])/gi, L = function (e, t) { return t.toUpperCase() }, H = function (e) { (o.addEventListener || "load" === e.type || "complete" === o.readyState) && (q(), b.ready()) }, q = function () { o.addEventListener ? (o.removeEventListener("DOMContentLoaded", H, !1), e.removeEventListener("load", H, !1)) : (o.detachEvent("onreadystatechange", H), e.detachEvent("onload", H)) }; b.fn = b.prototype = { jquery: p, constructor: b, init: function (e, n, r) { var i, a; if (!e) return this; if ("string" == typeof e) { if (i = "<" === e.charAt(0) && ">" === e.charAt(e.length - 1) && e.length >= 3 ? [null, e, null] : N.exec(e), !i || !i[1] && n) return !n || n.jquery ? (n || r).find(e) : this.constructor(n).find(e); if (i[1]) { if (n =
<<< skipped >>>
GET /includes/exit.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.millionaires-blueprint.co/promo-offer/?c=IL&aff_id=4926&clickID=1132560031&aff=&s1=99737be6-2ea4-4523-be9f-85692b529ef9&s2=15d6970a-0ab5-46f5-91a8-c31da1f01eb0&s3=wPOJS4587E672CUS0RUM8J70&campaignid=32133
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.millionaires-blueprint.co
Connection: Keep-Alive
Cookie: clickID=1132560031; clickId=1132560031; _ga=GA1.2.1661237672.1463718029; _gat=1
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/x-javascript
Last-Modified: Thu, 03 Mar 2016 17:18:35 GMT
Cache-Control: max-age=7200 public
reset-client-side-age: 1
X-Cacheable: YES
Content-Length: 784
Accept-Ranges: bytes
Date: Fri, 20 May 2016 04:20:23 GMT
Age: 6297
Connection: keep-alive
X-Cache: HIT
(function() {. setTimeout(function() {. var _tags = ['button', 'input', 'a', '.btn'], _els, _i, _i2;. for(_i in _tags) {. _els = document.getElementsByTagName(_tags[_i]);. for(_i2 in _els) {. if((_tags[_i] == 'input' && _els[_i2].type != 'button' && _els[_i2].type != 'submit' && _els[_i2].type != 'image') || _els[_i2].target == '_blank') continue;. _els[_i2].onclick = function() {window.onbeforeunload = function(){};}. }. }.. window.onbeforeunload = function() {. setTimeout(function() {. window.onbeforeunload = function() {};. setTimeout(function() {. document.location.href = _exit_url;. }, 500);. },5);. return _exit_message;. }. }, 500);.})();HTTP/1.1 200 OK..Server: nginx..Content-Type: application/x-javascript..Last-Modified: Thu, 03 Mar 2016 17:18:35 GMT..Cache-Control: max-age=7200 public..reset-client-side-age: 1..X-Cacheable: YES..Content-Length: 784..Accept-Ranges: bytes..Date: Fri, 20 May 2016 04:20:23 GMT..Age: 6297..Connection: keep-alive..X-Cache: HIT..(function() {. setTimeout(function() {. var _tags = ['button', 'input', 'a', '.btn'], _els, _i, _i2;. for(_i in _tags) {. _els = document.getElementsByTagName(_tags[_i]);. for(_i2 in _els) {. if((_tags[_i] == 'input' && _els[_i2].type != 'button' && _els[_i2].type != 'submit' && _els[_i2].type != 'image') || _els[_i2].target == '_blank') continue;. _els[_i2].onclick = function(
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_928:
.text
.text
`.data
`.data
.rsrc
.rsrc
ad:%C
ad:%C
R.eD/
R.eD/
Click to visit iSergiwa Software web site for more free tools
Click to visit iSergiwa Software web site for more free tools
%Program Files%\Microsoft Visual Studio\VB98\VB6.OLB
%Program Files%\Microsoft Visual Studio\VB98\VB6.OLB
C:\Windows\system32\MSVBVM60.DLL\3
C:\Windows\system32\MSVBVM60.DLL\3
VBA6.DLL
VBA6.DLL
MSVBVM60.DLL
MSVBVM60.DLL
A*\AE:\1\DATA\MyTopSecret\MyVB\MyPubPros\SRT\SRT 2.0\SRT.vbp
A*\AE:\1\DATA\MyTopSecret\MyVB\MyPubPros\SRT\SRT 2.0\SRT.vbp
WScript.Shell
WScript.Shell
\program files\Internet explorer\iexplore hXXp://en.sergiwa.com/modules/mydownloads/singlefile.php?cid=2&lid=6
\program files\Internet explorer\iexplore hXXp://en.sergiwa.com/modules/mydownloads/singlefile.php?cid=2&lid=6
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 /f
reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 /f
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Explorer.exe
Explorer.exe
SSCVIIHOST.exe
SSCVIIHOST.exe
blastclnnn.exe
blastclnnn.exe
autorun.ini
autorun.ini
setting.ini
setting.ini
\program files\Internet explorer\iexplore hXXp://VVV.sergiwa.com
\program files\Internet explorer\iexplore hXXp://VVV.sergiwa.com
autorun.inf
autorun.inf
VVV.sergiwa.com
VVV.sergiwa.com
@*\AE:\1\DATA\MyTopSecret\MyVB\MyPubPros\SRT\SRT 2.0\SRT.vbp
@*\AE:\1\DATA\MyTopSecret\MyVB\MyPubPros\SRT\SRT 2.0\SRT.vbp
iSergiwa Software - VVV.sergiwa.com
iSergiwa Software - VVV.sergiwa.com
SRT.exe
SRT.exe
iexplore.exe_1460:
%?9-*09,*19}*09
%?9-*09,*19}*09
.text
.text
`.data
`.data
.rsrc
.rsrc
msvcrt.dll
msvcrt.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
USER32.dll
USER32.dll
SHLWAPI.dll
SHLWAPI.dll
SHDOCVW.dll
SHDOCVW.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
IE-X-X
IE-X-X
rsabase.dll
rsabase.dll
System\CurrentControlSet\Control\Windows
System\CurrentControlSet\Control\Windows
dw15 -x -s %u
dw15 -x -s %u
watson.microsoft.com
watson.microsoft.com
IEWatsonURL
IEWatsonURL
%s -h %u
%s -h %u
iedw.exe
iedw.exe
Iexplore.XPExceptionFilter
Iexplore.XPExceptionFilter
jscript.DLL
jscript.DLL
mshtml.dll
mshtml.dll
mlang.dll
mlang.dll
urlmon.dll
urlmon.dll
wininet.dll
wininet.dll
shdocvw.DLL
shdocvw.DLL
browseui.DLL
browseui.DLL
comctl32.DLL
comctl32.DLL
IEXPLORE.EXE
IEXPLORE.EXE
iexplore.pdb
iexplore.pdb
ADVAPI32.dll
ADVAPI32.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
IExplorer.EXE
IExplorer.EXE
IIIIIB(II<.fg>
IIIIIB(II<.fg>
7?_____ZZSSH%
7?_____ZZSSH%
)z.UUUUUUUU
)z.UUUUUUUU
,....Qym
,....Qym
````2```
````2```
{.QLQIIIKGKGKGKGKGKG
{.QLQIIIKGKGKGKGKGKG
;33;33;0
;33;33;0
8888880
8888880
8887080
8887080
browseui.dll
browseui.dll
shdocvw.dll
shdocvw.dll
6.00.2900.5512 (xpsp.080413-2105)
6.00.2900.5512 (xpsp.080413-2105)
Windows
Windows
Operating System
Operating System
6.00.2900.5512
6.00.2900.5512