SearchProtectToolbar_pcap.YR (Lavasoft MAS)Behaviour: Malware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: e4a140f0dba552c6764aaa413a118f48
SHA1: ad345f2cbbe0a71c5b5797030e4a9934b31b21cc
SHA256: 6a2afe8658ed43342c19ab9f5fc8ed6ecd32d18bb823dc104cb9d17e870c6138
SSDeep: 12288:xEGLLmWAq2IL94rprrvP0dp4Ap5JDuAHGPfmbdy4ZIDpBl4:x1nFAq2IA30diWLKlfCpGDl4
Size: 731488 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: ?? 2014 ClientConnect Ltd.
Created at: 2012-02-24 21:19:59
Analyzed on: WindowsXP SP3 32-bit
Summary: Malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Malware creates the following process(es):No processes have been created.The Malware injects its code into the following process(es):
%original file name%.exe:840
Mutexes
The following mutexes were created/opened:
ZonesLockedCacheCounterMutexZonesCounterMutexZonesCacheCounterMutexRasPbFileWininetProxyRegistryMutexWininetConnectionMutexWininetStartupMutexc:!documents and settings!adm!local settings!history!history.ie5!c:!documents and settings!adm!cookies!ShimCacheMutexc:!documents and settings!adm!local settings!temporary internet files!content.ie5!_!MSFTHISTORY!_oleacc-msaa-loadedCTF.LBES.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003CTF.Compart.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003CTF.Asm.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003CTF.Layouts.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003CTF.TMD.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003DDrawDriverObjectListMutexDDrawWindowListMutex__DDrawExclMode____DDrawCheckExclMode___!SHMSFTHISTORY!_c:!documents and settings!adm!local settings!history!history.ie5!mshist012015031320150314!
File activity
The process %original file name%.exe:840 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\button[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\3729900[1].htm (27132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\NextButton_Sprite-wide-grey[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\NoneSilentSuccess.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.dotdotdot.min[1].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\X[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\manager\scripts\jquery-1.10.1.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[3].js (916 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\3706054[2].htm (23048 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\manager\scripts\gplay.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\X[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[2].js (916 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CancelBG[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\webapphost.dll (39329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\nonadwords_trip[1].htm (4685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\-[1].png (933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\certInlineLB.pfx (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\NextButton_Sprite wide[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\Failed.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss2.tmp (41445 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\FDMClient.dll (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\3706054[1].htm (24656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[1].jpg (1564 bytes)
%System%\wbem\Logs\wbemprox.log (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\InstallationSuccessful[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\manager\scripts\WebBrowser_embedded.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\752fefa4-2091-409c-b42c-abdd63222afb[2].jpg (524 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\BoxBgNew[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[1].js (916 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\WelcomeScreen.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CancelBG[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\DM_loader.gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CancelBGGoogleDialog[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\nonadwords_trip[1].html (6898 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\752fefa4-2091-409c-b42c-abdd63222afb[1].jpg (477 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\NextButton_Sprite-wide-grey[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\SmallLoader[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\manager\manager.html (328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\button[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SmallLoader[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\icon.png (550 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\-[2].png (933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\Success.htm (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\manager\scripts\manager.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\proxy.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\PS_SearchProtectCH[1].json (22880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\manager\init.html (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\customframeapi[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\manager\scripts\sharedWorker.js (296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\3707848[1].htm (25222 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\NextButton_Sprite-wide-grey[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SmallLoader[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\-[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CancelBG[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\nonadwords_trip[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\button[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\752fefa4-2091-409c-b42c-abdd63222afb[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\X[1].png (0 bytes)
Registry activity
The process %original file name%.exe:840 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015031320150314]
"CachePrefix" = ":2015031320150314:"
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012015031320150314\"
[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"WebBrowser_embedded.exe" = "6000"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"%original file name%.exe" = "6000"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015031320150314]
"CacheLimit" = "8192"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015031320150314]
"CacheRepair" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1330111199"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D9 26 50 76 E3 64 ED 62 D3 A7 72 70 25 34 D5 CF"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015031320150314]
"CacheOptions" = "11"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Malware modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Malware modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Malware modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Malware deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031720140318]
The Malware deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
| MD5 | File path |
|---|---|
| b87a1c92512f3320e907c1534071f4b9 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsx3.tmp\FDMClient.dll |
| 62008374a494afeea2ee2ae9eee4c8c0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsx3.tmp\System.dll |
| 07f09c1bf361f757675b77320a08506c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsx3.tmp\manager\scripts\WebBrowser_embedded.exe |
| fb2d0b843bf1f8d7150ec2294c983d7d | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsx3.tmp\webapphost.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Malware file.
- Delete or disinfect the following files created/modified by the Malware:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\button[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\3729900[1].htm (27132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\NextButton_Sprite-wide-grey[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\NoneSilentSuccess.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.dotdotdot.min[1].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\X[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\manager\scripts\jquery-1.10.1.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[3].js (916 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\3706054[2].htm (23048 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\manager\scripts\gplay.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\X[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[2].js (916 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CancelBG[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\webapphost.dll (39329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\nonadwords_trip[1].htm (4685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\-[1].png (933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\certInlineLB.pfx (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\NextButton_Sprite wide[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\Failed.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss2.tmp (41445 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\FDMClient.dll (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\3706054[1].htm (24656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\boxshot[1].jpg (1564 bytes)
%System%\wbem\Logs\wbemprox.log (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\InstallationSuccessful[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\manager\scripts\WebBrowser_embedded.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\752fefa4-2091-409c-b42c-abdd63222afb[2].jpg (524 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\BoxBgNew[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[1].js (916 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\WelcomeScreen.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CancelBG[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\DM_loader.gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CancelBGGoogleDialog[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\nonadwords_trip[1].html (6898 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\752fefa4-2091-409c-b42c-abdd63222afb[1].jpg (477 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\NextButton_Sprite-wide-grey[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\SmallLoader[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\manager\manager.html (328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\button[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SmallLoader[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\icon.png (550 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\-[2].png (933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\Success.htm (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\manager\scripts\manager.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\proxy.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\PS_SearchProtectCH[1].json (22880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\manager\init.html (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\customframeapi[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx3.tmp\manager\scripts\sharedWorker.js (296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\3707848[1].htm (25222 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: ?? 2014 ClientConnect Ltd.
Product Name: Setup.exe
Product Version: 1.4.0.4.141207.02
Legal Copyright: ?? 2014 ClientConnect Ltd.
Legal Trademarks:
Original Filename: BLACKJACK_ARENA.exe
Internal Name:
File Version:
File Description: Setup.exe
Comments:
Language: Language Neutral
Company Name: ?? 2014 ClientConnect Ltd.Product Name: Setup.exeProduct Version: 1.4.0.4.141207.02Legal Copyright: ?? 2014 ClientConnect Ltd.Legal Trademarks: Original Filename: BLACKJACK_ARENA.exeInternal Name: File Version: File Description: Setup.exeComments: Language: Language Neutral
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 28432 | 28672 | 4.50399 | f569e353af0ed51bf4c216faa9bed4e7 |
| .rdata | 32768 | 10898 | 11264 | 3.04561 | 91eee43954e068e650f7b73a8b0e6915 |
| .data | 45056 | 425660 | 512 | 1.02085 | db9f7acbf1c3ddfe255077b699955dfa |
| .ndata | 471040 | 8130560 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .rsrc | 8601600 | 3288 | 3584 | 2.85443 | 4a45493a823b246abd36b043e8b496d1 |
| .reloc | 8605696 | 3978 | 4096 | 3.74736 | 4a4ad12c3d51c29781da455d71dc567e |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://pixel.va.dmccint.com/api/usages/ | |
| hxxp://e8210.g.akamaiedge.net/Global/GlobalPage/3706054/?Language=None&Welcome=true | |
| hxxp://e8210.g.akamaiedge.net/MainOffer/3706054/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None | |
| hxxp://e8210.g.akamaiedge.net/Js/jquery.dotdotdot.min.js?fid=3712096 | |
| hxxp://e8210.g.akamaiedge.net/Js/jquery.dotdotdot.min.js?fid=3712096GlobalPage | |
| hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/X.png | |
| hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/-.png | |
| hxxp://e8210.g.akamaiedge.net///img/Offers/r_39/r_8f/14-11-16-16.09.56.301/boxshot.jpg | |
| hxxp://e8210.g.akamaiedge.net///img/Logos/r_ec/r_b1/752fefa4-2091-409c-b42c-abdd63222afb.jpg | |
| hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/BoxBgNew.png | |
| hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/CancelBG.png | |
| hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/button.png | |
| hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png | |
| hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/InstallationSuccessful.png | |
| hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/images/SmallLoader.gif | |
| hxxp://engine.ams.drive-c-files.com/DecisionEngine.ashx | |
| hxxp://e8210.g.akamaiedge.net/DynamicOffer/3706054/3707848/?mainofferId=3712096&ShowSkipAll=1&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None | |
| hxxp://e8210.g.akamaiedge.net/DynamicOffer/3706054/3729900/?mainofferId=3712096&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None&HideOnCancel=true | |
| hxxp://e8210.g.akamaiedge.net/Js/jquery.dotdotdot.min.js?fid=3729900 | |
| hxxp://e8210.g.akamaiedge.net/Js/jquery.dotdotdot.min.js?fid=3707848 | |
| hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/CancelBGGoogleDialog.png | |
| hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/NextButton_Sprite wide.png | |
| hxxp://e6652.g.akamaiedge.net/ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie | |
| hxxp://a1128.g1.akamai.net/customoffers/customframeapi.js | |
| hxxp://e6652.g.akamaiedge.net/LMS/PS_searchprotectCH/PS_SearchProtectCH.json | |
| hxxp://engine.drive-c-files.com/DecisionEngine.ashx | 195.78.120.173 |
| hxxp://cms.dmccint.com/Js/jquery.dotdotdot.min.js?fid=3707848 | 23.59.100.83 |
| hxxp://cms.dmccint.com/DynamicOffer/3706054/3707848/?mainofferId=3712096&ShowSkipAll=1&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None | 23.59.100.83 |
| hxxp://data.dmccint.com/api/usages/ | 199.101.115.225 |
| hxxp://cms.dmccint.com/CmsThemes/Default/Images/button.png | 23.59.100.83 |
| hxxp://cms.dmccint.com/Js/jquery.dotdotdot.min.js?fid=3729900 | 23.59.100.83 |
| hxxp://cms.dmccint.com/CmsThemes/Default/Images/CancelBGGoogleDialog.png | 23.59.100.83 |
| hxxp://cmsstorage.dmccint.com///img/Logos/r_ec/r_b1/752fefa4-2091-409c-b42c-abdd63222afb.jpg | 23.59.100.83 |
| hxxp://cms.dmccint.com/CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png | 23.59.100.83 |
| hxxp://cms.dmccint.com/CmsThemes/Default/Images/BoxBgNew.png | 23.59.100.83 |
| hxxp://dehosting.dmccint.com/customoffers/customframeapi.js | 88.221.132.82 |
| hxxp://cms.dmccint.com/Js/jquery.dotdotdot.min.js?fid=3712096 | 23.59.100.83 |
| hxxp://cms.dmccint.com/CmsThemes/Default/Images/X.png | 23.59.100.83 |
| hxxp://cmsstorage.dmccint.com///img/Offers/r_39/r_8f/14-11-16-16.09.56.301/boxshot.jpg | 23.59.100.83 |
| hxxp://cms.dmccint.com/Js/jquery.dotdotdot.min.js?fid=3712096GlobalPage | 23.59.100.83 |
| hxxp://cms.dmccint.com/CmsThemes/Default/Images/NextButton_Sprite wide.png | 23.59.100.83 |
| hxxp://cms.dmccint.com/CmsThemes/Default/Images/CancelBG.png | 23.59.100.83 |
| hxxp://storage.stgbssint.com/LMS/PS_searchprotectCH/PS_SearchProtectCH.json | 23.59.118.129 |
| hxxp://cms.dmccint.com/DynamicOffer/3706054/3729900/?mainofferId=3712096&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None&HideOnCancel=true | 23.59.100.83 |
| hxxp://cms.dmccint.com/CmsThemes/Default/images/SmallLoader.gif | 23.59.100.83 |
| hxxp://cms.dmccint.com/Global/GlobalPage/3706054/?Language=None&Welcome=true | 23.59.100.83 |
| hxxp://storage.stgbssint.com/ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie | 23.59.118.129 |
| hxxp://cms.dmccint.com/CmsThemes/Default/Images/InstallationSuccessful.png | 23.59.100.83 |
| hxxp://cms.dmccint.com/CmsThemes/Default/Images/-.png | 23.59.100.83 |
| hxxp://cms.dmccint.com/MainOffer/3706054/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None | 23.59.100.83 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /customoffers/customframeapi.js HTTP/1.1
Accept: */*
Referer: hXXp://storage.stgbssint.com/ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dehosting.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Wed, 03 Sep 2014 13:26:01 GMT
Accept-Ranges: bytes
ETag: "46a2919a7ac7cf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 798
Cache-Control: private, max-age=31536000
Expires: Sat, 12 Mar 2016 00:07:35 GMT
Date: Fri, 13 Mar 2015 00:07:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?"....i[T.t.N.....7NRz..:]eu.l.....4_N.Y.....Y...T.U...[e5..a<...;w...,......;......X.3...Y....G..W....(g....`B_..W.....2/.......j......=...\...^d.|..b.Z.............}4r......Wu.UP....H.w........w.|....8O.:..W|.h..m]L.m...,k..I>......N..~...e.....k.uM8./po\....`]...yu..'Y...?#.4o..a.A..S..j..e<q.}.~...t.O.....H?z..k?J....f...~I..M~s.M...m.|..c...Y~...6.o..0. Z....We6....9.......zo.z..w........\..Rk.....K./..1..D........m.8....h:.l...w.t.0o?J0...h.,..............$=..._.....n.l..... ...F..3.V......U^.Ok]@.....K..b..>...o;..t`m....jZ..|t...Cj......y.[...v..Z...?.|..?......[..]..`.i..A.q..4m.....#.F|U,g..X.......I.'.."....z#.......h.......a..b.K.#L...k.M..-..&...6z..........;....8".F...HTTP/1.1 200 OK..Content-Type: application/x-javascript..Content-Encoding: gzip..Last-Modified: Wed, 03 Sep 2014 13:26:01 GMT..Accept-Ranges: bytes..ETag: "46a2919a7ac7cf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length: 798..Cache-Control: private, max-age=31536000..Expires: Sat, 12 Mar 2016 00:07:35 GMT..Date: Fri, 13 Mar 2015 00:07:35 GMT..Connection: keep-alive..Vary: Accept-Encoding...............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?"....i[T.t.N.....7NRz..:]eu.l.....4_N.Y.....Y...T.U...[e5..a<...;w...,......;......X.3...Y....G..W....(g....`B_..W.....2/.......j......=...\...^d.|..b.Z.............}4r......Wu.UP....H.w........w.|....8
<<< skipped >>>
GET /MainOffer/3706054/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 168141
Cache-Control: private, max-age=18000
Expires: Fri, 13 Mar 2015 05:07:30 GMT
Date: Fri, 13 Mar 2015 00:07:30 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html> <![endif]-->..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. <meta charset="utf-8" />.. .. <title>installation</title>.. <style>./* =============================================================================.. HTML5 Boilerplate CSS: h5bp.com/css.. ========================================================================== */..article, aside, details, figcaption, figure, footer, header, hgroup, nav, section { display: block; }..audio, canvas, video { display: inline-block; *display: inline; *zoom: 1; }..audio:not([controls]) { display: none; }..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, select, textarea { font-family: sans-serif; color: #222; }..body { margin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-shadow: none; }..::selection { text-shadow: none; }..a { color: #00e; outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..a:focus { outline: none ; }..a:hover, a:active { outline: none;border: none; }...ie7 a:focus, *:focus {.. noFocusLine: expression(th
<<< skipped >>>
GET /Js/jquery.dotdotdot.min.js?fid=3712096GlobalPage HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3706054/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 02 Mar 2015 09:41:45 GMT
Accept-Ranges: bytes
ETag: "b27d518cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 6149
Cache-Control: private, max-age=18000
Expires: Fri, 13 Mar 2015 05:07:31 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.www.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dual licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_License. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.empty();for(var i=0,d=r.length;d>i;i ){var l=r.eq(i);if(t.append(l),n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}function r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgroup, option, textarea, script, style",u="script, .dotdotdot-keep";return e.contents().detach().each(function(){var f=this,h=t(f);if("undefined"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"append"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.detach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];if(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLetter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).join(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.length&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>
GET /CmsThemes/Default/Images/X.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3706054/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "9ca65118cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 1076
Cache-Control: private, max-age=317
Expires: Fri, 13 Mar 2015 00:12:48 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:CBFD1020532511E199C4D6240585BDC2" xmpMM:DocumentID="xmp.did:CBFD1021532511E199C4D6240585BDC2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CBFD101E532511E199C4D6240585BDC2" stRef:documentID="xmp.did:CBFD101F532511E199C4D6240585BDC2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..q<....IDATx.b)--}...p..}.....i...2q u...2... v..F.$3.Z...@...$..&..%..i. ....@......... g5.[0@.j.ua ..T..._f@..0.L.6 N..EP....v.$..}.v.H;..v ....@.....w....`.uP(...@..*..........1.%>.d....IEND.B`.....
<<< skipped >>>
GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3706054/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "d6223c18cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 2726
Cache-Control: private, max-age=3690
Expires: Fri, 13 Mar 2015 01:09:01 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
.PNG........IHDR...>.........$.=.....sRGB.........gAMA......a.....pHYs.......... ......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:257C616565E511E1B1E4ACFCC563EDC8" xmpMM:DocumentID="xmp.did:257C616665E511E1B1E4ACFCC563EDC8"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:257C616365E511E1B1E4ACFCC563EDC8" stRef:documentID="xmp.did:257C616465E511E1B1E4ACFCC563EDC8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...P....IDATx^...N#K.....%.@.......B.D..$`.3U..j.3.h0..%m..E.iW.'........ ..?.......<<<.......V..i..d...`....S......v... ....S.Y.....r.._677...F..>=~....8z.....yyy)......`~r.>u.s{{...............Y.>5z.......!|....l6 [[[-z..x.........j...o{j..................EN...O..:..#....2....O......S.Y.?.......S.g.>..]b..X75eV]s....!|.//...#|........S..........j!|...........j....\u...:'''.....;;;C.........UM...O...?OOO..........F...?.W...U....X.............%v....O..!|..../X.4.....!|.......!|.......!|.......!|.......!|.......!|.......!|
<<< skipped >>>
GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3706054/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "2d64d18cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 2562
Cache-Control: private, max-age=18000
Expires: Fri, 13 Mar 2015 05:07:31 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
.PNG........IHDR.......}........R....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:72B2EB26C3E111E3AEC3EB792256C508" xmpMM:DocumentID="xmp.did:72B2EB27C3E111E3AEC3EB792256C508"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72B2EB24C3E111E3AEC3EB792256C508" stRef:documentID="xmp.did:72B2EB25C3E111E3AEC3EB792256C508"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......tIDATx....o\W...{f.........P.hb..VDQ..R!..*6f.... ..T.6..."V(...*..Xb.#!;.H...r.R.3q.nR?.^..~h&.....9..2v.f...|.;.1.(...R..~...N.{6.....[.e.'-..1(..k6[K.V.r.}.^ul...._...3[[.7..S.|p.....3g.Z./_.... Cxw?...G9...BC...R.....Lmnn^.<^o........b...Z...{.`~.....d......x...I0..L..HM....".@..4..`.... ..4..... .I07....$h;..T#...C.H4...v(.iF.v(.IG.v(.)F.....;..0..T#XM.&A...`=.. .)F.(r......<...@.....E...#Xm.... ...:..d#XO.".@......A.R.`.. ..F...%. .IF.W)..l.C#...NZ..b.B.8........./..s.............;.^..E.MY"."....?{.'Y}%....\`....jg...\y.......6a...$~.....s.f~..K/.-.....9...Fu......|.....l
<<< skipped >>>
GET /CmsThemes/Default/Images/-.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3706054/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "2e263118cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 933
Cache-Control: private, max-age=3632
Expires: Fri, 13 Mar 2015 01:08:03 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
.PNG........IHDR.............e.......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:C8E631185D6711E1A99F8AF4FFA87D51" xmpMM:DocumentID="xmp.did:C8E631195D6711E1A99F8AF4FFA87D51"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C8E631165D6711E1A99F8AF4FFA87D51" stRef:documentID="xmp.did:C8E631175D6711E1A99F8AF4FFA87D51"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>Z..G....IDATx.b,--.a``8....01.........{f.......IEND.B`.....
GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3706054/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "d6223c18cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 2726
Cache-Control: private, max-age=3690
Expires: Fri, 13 Mar 2015 01:09:01 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
.PNG........IHDR...>.........$.=.....sRGB.........gAMA......a.....pHYs.......... ......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:257C616565E511E1B1E4ACFCC563EDC8" xmpMM:DocumentID="xmp.did:257C616665E511E1B1E4ACFCC563EDC8"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:257C616365E511E1B1E4ACFCC563EDC8" stRef:documentID="xmp.did:257C616465E511E1B1E4ACFCC563EDC8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...P....IDATx^...N#K.....%.@.......B.D..$`.3U..j.3.h0..%m..E.iW.'........ ..?.......<<<.......V..i..d...`....S......v... ....S.Y.....r.._677...F..>=~....8z.....yyy)......`~r.>u.s{{...............Y.>5z.......!|....l6 [[[-z..x.........j...o{j..................EN...O..:..#....2....O......S.Y.?.......S.g.>..]b..X75eV]s....!|.//...#|........S..........j!|...........j....\u...:'''.....;;;C.........UM...O...?OOO..........F...?.W...U....X.............%v....O..!|..../X.4.....!|.......!|.......!|.......!|.......!|.......!|.......!|
<<< skipped >>>
GET /CmsThemes/Default/Images/InstallationSuccessful.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3706054/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "cce64518cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 2670
Cache-Control: private, max-age=7857
Expires: Fri, 13 Mar 2015 02:18:28 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
.PNG........IHDR...#...".......`.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:F1E913D3555911E18CA7F85F751BB1C7" xmpMM:DocumentID="xmp.did:F1E913D4555911E18CA7F85F751BB1C7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F1E913D1555911E18CA7F85F751BB1C7" stRef:documentID="xmp.did:F1E913D2555911E18CA7F85F751BB1C7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>~. .....IDATx..W]l.U.>........t...V~.X ...I@HA.'~.D. .J4....o.V.&...X.B.E...M$}....l...o.P..g........w.eKA.....nw.....}.9.`.n....r.|?(J..7 .;.....`.,.a.8Op....O..f..*.m..... g..(.../.f0.E.......L..........Ru.r.....J.....`2..O..*8....@.....X...@|..@..,S..K.....P=.#..n....D.P..Y.x.:T.t.......Qv.n4..P6......x$.\....a.....#0}.W...y:.*.@.q...OJ.....pdIi..#9s.a...F..a....."P....H........].H....x4...O/.<.....h:.J<b)..[....y....|f.a.....cy a..#..K2.z~I..ZS....HM...[,Wj@..0..D.4a.d.HQ..?.sp...6.....g:....2#...X.V.,.@.S.<....)....%.....p.&......M....$.b.......I.>hI.O.c.6AW'....C<1..F[..
<<< skipped >>>
GET /CmsThemes/Default/images/SmallLoader.gif HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3706054/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "6205018cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 1504
Cache-Control: private, max-age=15840
Expires: Fri, 13 Mar 2015 04:31:31 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
GIF89a.........................v.....5..d..e..........................{......................................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="hXXp://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="A5EDB964567077337C8E54A0BBE35981" xmpMM:DocumentID="xmp.did:861DE9F12C2811E484A994AD54106D49" xmpMM:InstanceID="xmp.iid:861DE9F02C2811E484A994AD54106D49" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:df987947-01f7-4167-b08b-2878b7f29ca6" stRef:documentID="adobe:docid:photoshop:b746f760-73f3-1177-8ee4-c7825aacab4e"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .................................!.......,..........D`28Ga\.PA.......e3..L.UU:....Q..XCh.(...-.Z.....v..v._0\Q.J'.a.z.....!.......,..........4.PA..]h28Ga,.eU.z.T..M,K6G..@.d. J.C.d4.N. .J'.b.2...!.......,..........4.PA..]h28Ga,.eU.z.T..M,K6G
<<< skipped >>>
GET /DynamicOffer/3706054/3729900/?mainofferId=3712096&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None&HideOnCancel=true HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 168717
Cache-Control: private, max-age=18000
Expires: Fri, 13 Mar 2015 05:07:34 GMT
Date: Fri, 13 Mar 2015 00:07:34 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html> <![endif]-->..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. <meta charset="utf-8" />.. .. <title>installation</title>.. <style>./* =============================================================================.. HTML5 Boilerplate CSS: h5bp.com/css.. ========================================================================== */..article, aside, details, figcaption, figure, footer, header, hgroup, nav, section { display: block; }..audio, canvas, video { display: inline-block; *display: inline; *zoom: 1; }..audio:not([controls]) { display: none; }..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, select, textarea { font-family: sans-serif; color: #222; }..body { margin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-shadow: none; }..::selection { text-shadow: none; }..a { color: #00e; outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..a:focus { outline: none ; }..a:hover, a:active { outline: none;border: none; }...ie7 a:focus, *:focus {.. noFocusLine: expression(th
<<< skipped >>>
GET /Js/jquery.dotdotdot.min.js?fid=3729900 HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3706054/3729900/?mainofferId=3712096&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None&HideOnCancel=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 02 Mar 2015 09:41:45 GMT
Accept-Ranges: bytes
ETag: "b27d518cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 6149
Cache-Control: private, max-age=18000
Expires: Fri, 13 Mar 2015 05:07:35 GMT
Date: Fri, 13 Mar 2015 00:07:35 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.www.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dual licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_License. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.empty();for(var i=0,d=r.length;d>i;i ){var l=r.eq(i);if(t.append(l),n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}function r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgroup, option, textarea, script, style",u="script, .dotdotdot-keep";return e.contents().detach().each(function(){var f=this,h=t(f);if("undefined"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"append"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.detach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];if(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLetter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).join(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.length&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>
GET /CmsThemes/Default/Images/CancelBGGoogleDialog.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3706054/3707848/?mainofferId=3712096&ShowSkipAll=1&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "8cf73d18cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 6035
Cache-Control: private, max-age=3696
Expires: Fri, 13 Mar 2015 01:09:11 GMT
Date: Fri, 13 Mar 2015 00:07:35 GMT
Connection: keep-alive
.PNG........IHDR...J...1.............sRGB.........gAMA......a.....pHYs.......... ......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:257C616565E511E1B1E4ACFCC563EDC8" xmpMM:DocumentID="xmp.did:257C616665E511E1B1E4ACFCC563EDC8"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:257C616365E511E1B1E4ACFCC563EDC8" stRef:documentID="xmp.did:257C616465E511E1B1E4ACFCC563EDC8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...P....IDATx^...N....P...L.).A(...A."1...$<rcK...r....] .E. 8.^..[......o........ @.7.u&... @......(J..... @...'...^z....puu5...c........cmmm:.#@.......g......{..u>|.0.....?~.......i..........(JQ^... @....,p......pyy9lnn.....1_z./....^;..... @`...x....v:nnn....aooo..(J..I...SI...W.....F.......u..OBz.(.%i>.....*........ @.............p}}=lmmMg.......O.9...../&@..............|.m.@............79.....8..... . .8.t||<.A.[.|Vi>.4~}..%g.z.... @...6......J....F..l.........y".W....\..O.-?t..N..... @`...o..K.|.m,J.1.%..V..!-..... .........
<<< skipped >>>
POST /api/usages/ HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: data.dmccint.com
Content-Length: 550
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "dm_version" : "1.4.0.4.141207.02" , "tracking_id" : "" , "json_send_time" : "2015-3-13.2:7:41:458" , "phase" : "Init" , "phase_type" : "regular" , "attempt_number" : "1" , "bundle_id" : "6e4e2937-a2d8-424c-b0de-1517125686e7" , "Is_Test" : "0" , "installation_session_id" : "ae4011e0-7483-4a25-970f-3814d45fc4ca" , "publisher_id" : "Incredimail / Perion" , "publisher_internal_id" : "198" , "publisher_account_id" : "A-480753" , "activated_by_stub" : "0" , "sln" : "14866" , "welcome_screen" : "0" }
HTTP/1.1 202 Accepted
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Fri, 13 Mar 2015 00:07:29 GMT
Content-Length: 0
....
POST /api/usages/ HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: data.dmccint.com
Content-Length: 585
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "14866" , "json_send_time" : "2015-3-13.2:7:42:130" , "phase" : "AfterNavM" , "phase_type" : "technical" , "order" : "" , "result" : "Success" , "error_details" : "" , "phase_duration" : "" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "extra_details" : "" , "attempt_number" : "1" , "offer_id" : "" , "offer_suggestion_number" : "" }
HTTP/1.1 202 Accepted
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Fri, 13 Mar 2015 00:07:29 GMT
Content-Length: 0
HTTP/1.1 202 Accepted..Cache-Control: no-cache..Pragma: no-cache..Expires: -1..Server: Microsoft-IIS/8.5..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"..Date: Fri, 13 Mar 2015 00:07:29 GMT..Content-Length: 0......
POST /api/usages/ HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: data.dmccint.com
Content-Length: 2239
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "14866" , "json_send_time" : "2015-3-13.2:7:46:458" , "phase" : "InStartLoop" , "phase_type" : "technical" , "order" : "" , "result" : "Success" , "error_details" : "" , "phase_duration" : "5000" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "extra_details" : "" , "attempt_number" : "1" , "offer_id" : "" , "offer_suggestion_number" : "" , "installation_session_id" : "ae4011e0-7483-4a25-970f-3814d45fc4ca" , "publisher_id" : "Incredimail / Perion" , "publisher_internal_id" : "198" , "activated_by_stub" : "0" , "stub_version" : "no_stub" , "welcome_screen" : "0", "publisher_account_id" : "A-480753" , "channel_id" : "" , "machine_user_id" : "9EKT4KIHYP05AIWKCMQN9NQXBR0OGZGUDWSPEVZXPXWQ6S2TD6LRCPJLMTQCFHUBKY67AOEAOT3MNTQYLME8MG" , "bundle_id" : "6e4e2937-a2d8-424c-b0de-1517125686e7" , "general_id" : "unknown" , "dm_version" : "1.4.0.4.141207.02" , "build_id" : "00000000" , "mrs_id" : "17" , "mrs_file_version" : "Naive_recommender_Bayesian_adjust_2015-03-12.csv" , "user_operating_syste
HTTP/1.1 202 Accepted
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Fri, 13 Mar 2015 00:07:34 GMT
Content-Length: 0
....
POST /api/usages/ HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: data.dmccint.com
Content-Length: 2239
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "14866" , "json_send_time" : "2015-3-13.2:7:46:724" , "phase" : "StartingLoop" , "phase_type" : "technical" , "order" : "" , "result" : "Success" , "error_details" : "" , "phase_duration" : "203" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "extra_details" : "" , "attempt_number" : "1" , "offer_id" : "" , "offer_suggestion_number" : "" , "installation_session_id" : "ae4011e0-7483-4a25-970f-3814d45fc4ca" , "publisher_id" : "Incredimail / Perion" , "publisher_internal_id" : "198" , "activated_by_stub" : "0" , "stub_version" : "no_stub" , "welcome_screen" : "0", "publisher_account_id" : "A-480753" , "channel_id" : "" , "machine_user_id" : "9EKT4KIHYP05AIWKCMQN9NQXBR0OGZGUDWSPEVZXPXWQ6S2TD6LRCPJLMTQCFHUBKY67AOEAOT3MNTQYLME8MG" , "bundle_id" : "6e4e2937-a2d8-424c-b0de-1517125686e7" , "general_id" : "unknown" , "dm_version" : "1.4.0.4.141207.02" , "build_id" : "00000000" , "mrs_id" : "17" , "mrs_file_version" : "Naive_recommender_Bayesian_adjust_2015-03-12.csv" , "user_operating_syste
HTTP/1.1 202 Accepted
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Fri, 13 Mar 2015 00:07:34 GMT
Content-Length: 0
....
POST /api/usages/ HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: data.dmccint.com
Content-Length: 2681
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "14866" , "json_send_time" : "2015-3-13.2:7:46:974" , "phase" : "InitComplete" , "phase_type" : "regular" , "order" : "2.0" , "result" : "Success" , "error_details" : "" , "phase_duration" : "0" , "duration_details" : "EngineMgrCreated:672,BuildUserProfile:3766,retrieveCid:0,sendXML:0,xmlSent:0,startParse:766,endParse:0,StartOffersLoop:218,ValidateMO:0,NavigateFirstSlot:0,ReportInitComplete:0," , "general_status_code" : "1" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "offer_id" : "3712096" , "product_id" : "0" , "product_type" : "Publisher's Offer" , "product_id_version" : "" , "rule_id" : "560021" , "vector_id" : "560614" , "is_parallel" : "0" , "call_service_duration" : "766" , "navigate_mo_duration" : "MONavigationCompleted:2297," , "navigate_global_duration" : "GlobalNavigationCompleted:2282," , "attempt_number" : "1" , "installation_session_id" : "ae4011e0-7483-4a25-970f-3814d45fc4ca" , "publisher_id" : "Incredimail / Perion" , "publisher_internal_id" : "198" , "activated_by_stub" : "0" , "stub_version" : "no_stub" , "welcome_
HTTP/1.1 202 Accepted
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Fri, 13 Mar 2015 00:07:34 GMT
Content-Length: 0
....
POST /api/usages/ HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: data.dmccint.com
Content-Length: 2702
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "14866" , "json_send_time" : "2015-3-13.2:7:47:239" , "phase" : "OfferPresented" , "phase_type" : "regular" , "order" : "3.1" , "result" : "Success" , "error_details" : "" , "phase_duration" : "0" , "duration_details" : "" , "general_status_code" : "2" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "offer_suggestion_number" : "1" , "offer_presented_number" : "1" , "slot_number" : "1" , "position_in_slot" : "1" , "server_settings" : {"DownloadBrowser":"IE","CType":"-1","SearchProvider":"Bing","UserMode":"-1"} , "user_selection_settings" : "" , "condition_type" : "None" , "offer_type" : "Main" , "offer_id" : "3712096" , "root_offer_id" : "3712096" , "rule_id" : "560021" , "vector_id" : "560614" , "product_id" : "0" , "product_id_version" : "" , "product_type" : "Publisher's Offer" , "state" : "" , "installation_type" : "0" , "attempt_number" : "1" , "installation_session_id" : "ae4011e0-7483-4a25-970f-3814d45fc4ca" , "publisher_id" : "Incredimail / Perion" , "publisher_internal_id" : "198" , "activated_by_stub" : "0" , "stub_version" :
HTTP/1.1 202 Accepted
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Fri, 13 Mar 2015 00:07:34 GMT
Content-Length: 0
....
POST /api/usages/ HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: data.dmccint.com
Content-Length: 2193
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "14866" , "json_send_time" : "2015-3-13.2:7:47:489" , "phase" : "ChromeError" , "phase_type" : "regular" , "order" : "" , "result" : "Error" , "error_details" : "error: did not found chrome full path" , "phase_duration" : "16" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "download_url" : "" , "installation_session_id" : "ae4011e0-7483-4a25-970f-3814d45fc4ca" , "publisher_id" : "Incredimail / Perion" , "publisher_internal_id" : "198" , "activated_by_stub" : "0" , "stub_version" : "no_stub" , "welcome_screen" : "0", "publisher_account_id" : "A-480753" , "channel_id" : "" , "machine_user_id" : "9EKT4KIHYP05AIWKCMQN9NQXBR0OGZGUDWSPEVZXPXWQ6S2TD6LRCPJLMTQCFHUBKY67AOEAOT3MNTQYLME8MG" , "bundle_id" : "6e4e2937-a2d8-424c-b0de-1517125686e7" , "general_id" : "unknown" , "dm_version" : "1.4.0.4.141207.02" , "build_id" : "00000000" , "mrs_id" : "17" , "mrs_file_version" : "Naive_recommender_Bayesian_adjust_2015-03-12.csv" , "user_operating_system" : "Microsoft Windows XP" , "user_service_pa
HTTP/1.1 202 Accepted
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Fri, 13 Mar 2015 00:07:35 GMT
Content-Length: 0
HTTP/1.1 202 Accepted..Cache-Control: no-cache..Pragma: no-cache..Expires: -1..Server: Microsoft-IIS/8.5..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"..Date: Fri, 13 Mar 2015 00:07:35 GMT..Content-Length: 0..
GET /ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3706054/3707848/?mainofferId=3712096&ShowSkipAll=1&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: storage.stgbssint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Thu, 19 Feb 2015 16:40:37 GMT
Accept-Ranges: bytes
ETag: "7e1bfdc9624cd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 46581
Cache-Control: private, max-age=86400
Expires: Sat, 14 Mar 2015 00:07:35 GMT
Date: Fri, 13 Mar 2015 00:07:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Max-Age: 604800
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: origin, content-type
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?"~..7N...O.<y...<M...L_~....I.......wr...7O....o.x...w.7u.l....Yy.....~.$...y.....{uu5..7....o^.}......n......}tD8.....\6.E..>|....H.<..."o3..]m..h]\~..I.l.e...z...N...>j.w-.}.N.Y...g..|....E[.G...O..i..<m...9m.....w..O.......~...o...|w4...........j..Ge1:...hR.......X.....&y9.F.*[..lR......Q;...K.\...YQ..EV_..G;..l6 ....9.o.)~.?....../..-.Y......Q:..@....u......_Bx..._<..Y^?ZV.5>c.R.x{Z.e.j.....~CxM.........4{4..{.r^M..~..mq.....f;..W..|b:|..g.z.2:...U1k.4J..z"..'e.....]...O..y..Qv..u..u.....?:........e5}{.m.......IQ.-};/f.|y.=...bN......w.Q..-.b...p4.{}....i....[....^#.........O.|q.1..MdxB...W..D)....iB..~O8w:..o'....O..n=......P ..s"...*.&..Gi6i.r.....2?'..I0......=......~".......T.e.f....hl.j.../<.u.T.... 6....X~!.r..A.5 ...R...h.......6..g.....=<n.C..s.....5...P..O......k...7S.]......o.M.^..z9{...l...o..mh.u.(....n..g....BJ7.Iw..j....lkg....Wh&._;.D(Ryo..\.J..Tp..L.'...v...I8.II..j8e......._..9?...NRo%i..F..L .q....z4..PA.CK.h.x. .....!k.o...o..~w. !ysG...O...NG4|R..\3.3uA.m..i;0z..A..o.g.c..?.z.2>.4. ..3..I MV.l..l..t...X...(i...5.b`..P04..t.7..n....pfo.t.....`....h...wI.......\..P.....y..^S.y...@H.................m..z...ym....s.-...#.......u^VW..n.V.W.........h...........-.o....T.y.jL}.._.J.gQ.6.A#".... ....}H../?..................>.........o.b...~..o....`..PrE...<....O.9}..~c.....N...h....Q?.7?f...7RK...3.....x.......y.......}..}.......o.;....eE .........S&...
<<< skipped >>>
GET /LMS/PS_searchprotectCH/PS_SearchProtectCH.json HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://storage.stgbssint.com/ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie#cms.dmccint.com/DynamicOffer/3706054/3707848/?mainofferId=3712096&ShowSkipAll=1&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: storage.stgbssint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/json
Last-Modified: Thu, 12 Mar 2015 08:16:02 GMT
Accept-Ranges: bytes
ETag: "70858bc79c5cd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 243349
Cache-Control: private, max-age=7200
Expires: Fri, 13 Mar 2015 02:07:36 GMT
Date: Fri, 13 Mar 2015 00:07:36 GMT
Connection: keep-alive
Access-Control-Max-Age: 604800
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: origin, content-type
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
{"Product":"PS_SearchProtectCH","LastUpdate":1351464,"Translations":{"ar":{"Keys":{"@@AcceptAndInstallButton@@":{"Text":"\u0623\u0648\u0627\u0641\u0642 & \u0648\u0642\u0645 \u0628\u0627\u0644\u062a\u062b\u0628\u064a\u062a"},"@@Body_text_1st_paragraph@@":{"Text":"\u064a\u064f\u0631\u062c\u0649 \u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0648\u0627\u0644\u0634\u0631\u0648\u0637 \u0627\u0644\u0647\u0627\u0645\u0629 \u0627\u0644\u062a\u0627\u0644\u064a\u0629 \u0642\u0628\u0644 \u0627\u0644\u0645\u062a\u0627\u0628\u0639\u0629."},"@@Body_text_1st_paragraph_2@@":{"Text":"\u0643\u062c\u0632\u0621 \u0645\u0646 \u062a\u062b\u0628\u064a\u062a \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c\u060c \u064a\u0645\u0643\u0646\u0643 \u0623\u064a\u0636\u064b\u0627 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0645\u064a\u0632\u0629 \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0628\u062d\u062b. \u064a\u064f\u0631\u062c\u0649 \u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0648\u0627\u0644\u0634\u0631\u0648\u0637 \u0642\u0628\u0644 \u0627\u0644\u0627\u0633\u062a\u0645\u0631\u0627\u0631."},"@@Body_text_2nd_paragraph_2@@":{"Text":"\u0642\u0645 \u0628\u062a\u062b\u0628\u064a\u062a \u0645\u064a\u0632\u0629 \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0628\u062d\u062b \u0644\u062a\u0639\u064a\u064a\u0646 \u0627\u0644\u0635\u0641\u062d\u0629 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629 \u0648\u0639\u0644\u0627\u0645\u0629 \u0627\u0644\u06
<<< skipped >>>
GET ///img/Offers/r_39/r_8f/14-11-16-16.09.56.301/boxshot.jpg HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3706054/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sun, 16 Nov 2014 13:09:56 GMT
Accept-Ranges: bytes
ETag: "f8cc7a9e9e1d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 16185
Cache-Control: private, max-age=18000
Expires: Fri, 13 Mar 2015 05:07:31 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P.....*hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.154911, 2013/10/29-11:47:16 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:AC46783505E111E49780B6B779278E31" xmpMM:DocumentID="xmp.did:AC46783605E111E49780B6B779278E31"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:AC46783305E111E49780B6B779278E31" stRef:documentID="xmp.did:AC46783405E111E49780B6B779278E31"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................................................................................................................................!1A..Qaq"...2B...R#..b..34..r.CS...c$T.........................!1..AQ.aq.".....2...BR..b#..r..c$...%............?...Y.%....F.#B.....hB4!....F.#B.....hB4!....F.#B.....hB4!....F.#B.....hB4!....F.#B.....hB4!....F.#B.....hB4!....F.#B.....hB4!....F.#B.....hB4!...C....r.U......UR..;.A..SB*.6.......).h..U.'].....hB4!....F.#B.....hB4!^.........(!.P.....).$.`.@'$.S.$.r.-.1..^
<<< skipped >>>
GET ///img/Logos/r_ec/r_b1/752fefa4-2091-409c-b42c-abdd63222afb.jpg HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3706054/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 12 Nov 2014 13:23:17 GMT
Accept-Ranges: bytes
ETag: "561819d27bfecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 5501
Cache-Control: private, max-age=18000
Expires: Fri, 13 Mar 2015 05:07:32 GMT
Date: Fri, 13 Mar 2015 00:07:32 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P.....zhXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:31518c97-5f4f-164a-8d09-af8099c7a196" xmpMM:DocumentID="xmp.did:BC28621F93B011E3B19BB55B2FBB893A" xmpMM:InstanceID="xmp.iid:BC28621E93B011E3B19BB55B2FBB893A" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:31518c97-5f4f-164a-8d09-af8099c7a196" stRef:documentID="xmp.did:31518c97-5f4f-164a-8d09-af8099c7a196"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...&Adobe.d....................@...@...{............................................................................................................................................7........................................................................................... ...@P0!#$."........................!..1A"Qa2. q.B#...@..RbP...s$4.....................1.!A. q.0P.Qa....."2.@..BR3...................!.1AQaq... @..0....P...........................).7.6@...i........9..$.....yz.....l...>....^....v s.Zg..\i-..-qu}/7.P.<..A..~-..B...I
<<< skipped >>>
GET /Global/GlobalPage/3706054/?Language=None&Welcome=true HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 188278
Cache-Control: private, max-age=18000
Expires: Fri, 13 Mar 2015 05:07:30 GMT
Date: Fri, 13 Mar 2015 00:07:30 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html> <![endif]-->..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. <meta charset="utf-8" />.. .. <title>installation</title>.. <style>./* =============================================================================.. HTML5 Boilerplate CSS: h5bp.com/css.. ========================================================================== */..article, aside, details, figcaption, figure, footer, header, hgroup, nav, section { display: block; }..audio, canvas, video { display: inline-block; *display: inline; *zoom: 1; }..audio:not([controls]) { display: none; }..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, select, textarea { font-family: sans-serif; color: #222; }..body { margin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-shadow: none; }..::selection { text-shadow: none; }..a { color: #00e; outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..a:focus { outline: none ; }..a:hover, a:active { outline: none;border: none; }...ie7 a:focus, *:focus {.. noFocusLine: expression(th
<<< skipped >>>
GET /Js/jquery.dotdotdot.min.js?fid=3712096 HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3706054/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 02 Mar 2015 09:41:45 GMT
Accept-Ranges: bytes
ETag: "b27d518cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 6149
Cache-Control: private, max-age=18000
Expires: Fri, 13 Mar 2015 05:07:31 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.www.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dual licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_License. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.empty();for(var i=0,d=r.length;d>i;i ){var l=r.eq(i);if(t.append(l),n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}function r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgroup, option, textarea, script, style",u="script, .dotdotdot-keep";return e.contents().detach().each(function(){var f=this,h=t(f);if("undefined"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"append"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.detach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];if(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLetter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).join(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.length&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>
GET /CmsThemes/Default/Images/-.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3706054/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "2e263118cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 933
Cache-Control: private, max-age=14764
Expires: Fri, 13 Mar 2015 04:13:35 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
.PNG........IHDR.............e.......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:C8E631185D6711E1A99F8AF4FFA87D51" xmpMM:DocumentID="xmp.did:C8E631195D6711E1A99F8AF4FFA87D51"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C8E631165D6711E1A99F8AF4FFA87D51" stRef:documentID="xmp.did:C8E631175D6711E1A99F8AF4FFA87D51"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>Z..G....IDATx.b,--.a``8....01.........{f.......IEND.B`.HTTP/1.1 200 OK..Content-Type: image/png..Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT..Accept-Ranges: bytes..ETag: "2e263118cd54d01:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"..Content-Length: 933..Cache-Control: private, max-age=14764..Expires: Fri, 13 Mar 2015 04:13:35 GMT..Date: Fri, 13 Mar 2015 00:07:31 GMT..Connection: keep-alive...PNG........IHDR.............e.......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..."
<<< skipped >>>
GET /CmsThemes/Default/Images/BoxBgNew.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3706054/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "d88e3718cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 5182
Cache-Control: private, max-age=3651
Expires: Fri, 13 Mar 2015 01:08:22 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
.PNG........IHDR...[...G......9......pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3706054/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "d8ff3918cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 3937
Cache-Control: private, max-age=3690
Expires: Fri, 13 Mar 2015 01:09:01 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
.PNG........IHDR...............r.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:E4C0C980D870E111A2F7CE32BC247645" xmpMM:DocumentID="xmp.did:1D12B49752CE11E4A35AAE9F3918A442" xmpMM:InstanceID="xmp.iid:1D12B49652CE11E4A35AAE9F3918A442" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4A3B36E671AF11E1BCD6B8635898C9B3" stRef:documentID="xmp.did:4A3B36E771AF11E1BCD6B8635898C9B3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>o.a*....IDATx...k.e.A......{..........P.K..........*~.i.....i...V$...E.....Z.TJ.1..:*..m......*i..jn..;3.....]k.s..L.o".}~.a.9.O.e}.._{....i..,.... ...g...._..-... ..".=....qT.{9..,../..?}...}...~..=............G...~,....xi3..e.o..@...WB...4.. u....... ?.H.."<....Ey......W......,|.?~)....f..^;..W.........w.k7.1...z..^Q\Q........l./4...`.B..-....X..Kygy.....F.......u:.n&.....G.g.&...zvo...........hz...........hz.....v.y.&...zY.-..,L.......z.7.X...{...izvo..(.WU..7.....t...._.h..f..^;...,~.....r.......TWg.......k.V.......T..=f
<<< skipped >>>
GET /CmsThemes/Default/Images/X.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3706054/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "9ca65118cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 1076
Cache-Control: private, max-age=18000
Expires: Fri, 13 Mar 2015 05:07:31 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:CBFD1020532511E199C4D6240585BDC2" xmpMM:DocumentID="xmp.did:CBFD1021532511E199C4D6240585BDC2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CBFD101E532511E199C4D6240585BDC2" stRef:documentID="xmp.did:CBFD101F532511E199C4D6240585BDC2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..q<....IDATx.b)--}...p..}.....i...2q u...2... v..F.$3.Z...@...$..&..%..i. ....@......... g5.[0@.j.ua ..T..._f@..0.L.6 N..EP....v.$..}.v.H;..v ....@.....w....`.uP(...@..*..........1.%>.d....IEND.B`.....
<<< skipped >>>
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3706054/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "d8ff3918cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 3937
Cache-Control: private, max-age=3690
Expires: Fri, 13 Mar 2015 01:09:01 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
.PNG........IHDR...............r.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:E4C0C980D870E111A2F7CE32BC247645" xmpMM:DocumentID="xmp.did:1D12B49752CE11E4A35AAE9F3918A442" xmpMM:InstanceID="xmp.iid:1D12B49652CE11E4A35AAE9F3918A442" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4A3B36E671AF11E1BCD6B8635898C9B3" stRef:documentID="xmp.did:4A3B36E771AF11E1BCD6B8635898C9B3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>o.a*....IDATx...k.e.A......{..........P.K..........*~.i.....i...V$...E.....Z.TJ.1..:*..m......*i..jn..;3.....]k.s..L.o".}~.a.9.O.e}.._{....i..,.... ...g...._..-... ..".=....qT.{9..,../..?}...}...~..=............G...~,....xi3..e.o..@...WB...4.. u....... ?.H.."<....Ey......W......,|.?~)....f..^;..W.........w.k7.1...z..^Q\Q........l./4...`.B..-....X..Kygy.....F.......u:.n&.....G.g.&...zvo...........hz...........hz.....v.y.&...zY.-..,L.......z.7.X...{...izvo..(.WU..7.....t...._.h..f..^;...,~.....r.......TWg.......k.V.......T..=f
<<< skipped >>>
GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3706054/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "2d64d18cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 2562
Cache-Control: private, max-age=17959
Expires: Fri, 13 Mar 2015 05:06:50 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
.PNG........IHDR.......}........R....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:72B2EB26C3E111E3AEC3EB792256C508" xmpMM:DocumentID="xmp.did:72B2EB27C3E111E3AEC3EB792256C508"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72B2EB24C3E111E3AEC3EB792256C508" stRef:documentID="xmp.did:72B2EB25C3E111E3AEC3EB792256C508"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......tIDATx....o\W...{f.........P.hb..VDQ..R!..*6f.... ..T.6..."V(...*..Xb.#!;.H...r.R.3q.nR?.^..~h&.....9..2v.f...|.;.1.(...R..~...N.{6.....[.e.'-..1(..k6[K.V.r.}.^ul...._...3[[.7..S.|p.....3g.Z./_.... Cxw?...G9...BC...R.....Lmnn^.<^o........b...Z...{.`~.....d......x...I0..L..HM....".@..4..`.... ..4..... .I07....$h;..T#...C.H4...v(.iF.v(.IG.v(.)F.....;..0..T#XM.&A...`=.. .)F.(r......<...@.....E...#Xm.... ...:..d#XO.".@......A.R.`.. ..F...%. .IF.W)..l.C#...NZ..b.B.8........./..s.............;.^..E.MY"."....?{.'Y}%....\`....jg...\y.......6a...$~.....s.f~..K/.-.....9...Fu......|.....l
<<< skipped >>>
GET /CmsThemes/Default/images/SmallLoader.gif HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3706054/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "6205018cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 1504
Cache-Control: private, max-age=15840
Expires: Fri, 13 Mar 2015 04:31:31 GMT
Date: Fri, 13 Mar 2015 00:07:31 GMT
Connection: keep-alive
GIF89a.........................v.....5..d..e..........................{......................................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="hXXp://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="A5EDB964567077337C8E54A0BBE35981" xmpMM:DocumentID="xmp.did:861DE9F12C2811E484A994AD54106D49" xmpMM:InstanceID="xmp.iid:861DE9F02C2811E484A994AD54106D49" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:df987947-01f7-4167-b08b-2878b7f29ca6" stRef:documentID="adobe:docid:photoshop:b746f760-73f3-1177-8ee4-c7825aacab4e"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .................................!.......,..........D`28Ga\.PA.......e3..L.UU:....Q..XCh.(...-.Z.....v..v._0\Q.J'.a.z.....!.......,..........4.PA..]h28Ga,.eU.z.T..M,K6G..@.d. J.C.d4.N. .J'.b.2...!.......,..........4.PA..]h28Ga,.eU.z.T..M,K6G
<<< skipped >>>
GET /DynamicOffer/3706054/3707848/?mainofferId=3712096&ShowSkipAll=1&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 176421
Cache-Control: private, max-age=18000
Expires: Fri, 13 Mar 2015 05:07:35 GMT
Date: Fri, 13 Mar 2015 00:07:35 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html> <![endif]-->..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. <meta charset="utf-8" />.. .. <title>installation</title>.. <style>./* =============================================================================.. HTML5 Boilerplate CSS: h5bp.com/css.. ========================================================================== */..article, aside, details, figcaption, figure, footer, header, hgroup, nav, section { display: block; }..audio, canvas, video { display: inline-block; *display: inline; *zoom: 1; }..audio:not([controls]) { display: none; }..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, select, textarea { font-family: sans-serif; color: #222; }..body { margin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-shadow: none; }..::selection { text-shadow: none; }..a { color: #00e; outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..a:focus { outline: none ; }..a:hover, a:active { outline: none;border: none; }...ie7 a:focus, *:focus {.. noFocusLine: expression(th
<<< skipped >>>
GET /Js/jquery.dotdotdot.min.js?fid=3707848 HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3706054/3707848/?mainofferId=3712096&ShowSkipAll=1&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 02 Mar 2015 09:41:45 GMT
Accept-Ranges: bytes
ETag: "b27d518cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 6149
Cache-Control: private, max-age=18000
Expires: Fri, 13 Mar 2015 05:07:35 GMT
Date: Fri, 13 Mar 2015 00:07:35 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.www.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dual licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_License. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.empty();for(var i=0,d=r.length;d>i;i ){var l=r.eq(i);if(t.append(l),n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}function r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgroup, option, textarea, script, style",u="script, .dotdotdot-keep";return e.contents().detach().each(function(){var f=this,h=t(f);if("undefined"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"append"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.detach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];if(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLetter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).join(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.length&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>
GET /CmsThemes/Default/Images/NextButton_Sprite wide.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3706054/3707848/?mainofferId=3712096&ShowSkipAll=1&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 02 Mar 2015 09:41:44 GMT
Accept-Ranges: bytes
ETag: "624f4c18cd54d01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 2779
Cache-Control: private, max-age=15743
Expires: Fri, 13 Mar 2015 04:29:58 GMT
Date: Fri, 13 Mar 2015 00:07:35 GMT
Connection: keep-alive
.PNG........IHDR.......}........R....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:72B2EB22C3E111E3AEC3EB792256C508" xmpMM:DocumentID="xmp.did:72B2EB23C3E111E3AEC3EB792256C508"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72B2EB20C3E111E3AEC3EB792256C508" stRef:documentID="xmp.did:72B2EB21C3E111E3AEC3EB792256C508"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.x.I...MIDATx....k]i...s..i..j....n.bq.2.c.Zq....("..A......tQ.S..8. h..af1.....f3.XZ.J[.T.i3.Mnnn.9..7..L.].C.......dw6_....v..y=E=y...P.)........s..........#UU.8_.4A..k.Vk...{..........b......w....,.E./.3.@..e....G..];z......f....34...v[...H1....g......'.......bss.H......699y...^..0...TU....h.V ..x.sOL.?r..@JYX...:4...$...?!.@.. .B......t&.H3.KM..d.... ..... ..... .&(..H6..C.H5..C....@...T.... ..... ..... .&(..H6..C.H5..C.H...A.. ..............4B0....,g....,..n..;......G.|r........r.1..o..b..........mp.)...B.u....l......../.\..`~~......P...C{.... ..Fh.W/].t....7..N,.1....'..D..z..c.......
<<< skipped >>>
POST /DecisionEngine.ashx HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: engine.drive-c-files.com
Content-Length: 2509
Connection: Keep-Alive
Cache-Control: no-cache
<OFFER_REQUEST><COMPLETE_COMMAND_LINE>false</COMPLETE_COMMAND_LINE><USER_PROFILE><PUBLISHER_ID_NUM>198</PUBLISHER_ID_NUM><SESSION_ID><![CDATA[ae4011e0-7483-4a25-970f-3814d45fc4ca]]></SESSION_ID><TRACKING_ID><![CDATA[]]></TRACKING_ID><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>DMVersion</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE>1.4.0.4.141207.02</USER_ATTRIBUTE_VALUE></USER_ATTRIBUTE><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>DefaultBrowser</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE>IE</USER_ATTRIBUTE_VALUE></USER_ATTRIBUTE><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>CurrentToolbar</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE><![CDATA[]]></USER_ATTRIBUTE_VALUE></USER_ATTRIBUTE><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>Homepage</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE><![CDATA[about:blank]]></USER_ATTRIBUTE_VALUE></USER_ATTRIBUTE><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>DefaultSearch</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE><![CDATA[]]></USER_ATTRIBUTE_VALUE>&l
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Fri, 13 Mar 2015 00:07:34 GMT
Content-Length: 8242
...<OFFER_RESPONSE><MAIN_OFFER><OFFER_ID>3712096</OFFER_ID><OFFER_NAME>BLACKJACK ARENA</OFFER_NAME><OFFER_URL>no_dynamic_main_offer_url_supported_in_this_version</OFFER_URL><OFFER_DESCRIPTION /><OFFER_INSTALL_CMD><OFFER_ID>3712096</OFFER_ID><OFFER_STATE>default</OFFER_STATE><DOWNLOAD_URL>hXXp://VVV.freeridegames.com/do/getSDMGW?type=Silent&gameId=100799&sId=sweet_full_whitelabel&subId=10985</DOWNLOAD_URL><INSTALL_COMMAND_LINE /></OFFER_INSTALL_CMD><INSTALLATION_TYPE>1</INSTALLATION_TYPE><PRODUCT_ID /><PRODUCT_TYPE>Publisher's Offer</PRODUCT_TYPE><PRODUCT_VERSION /><ROOT_OFFER_ID>3712096</ROOT_OFFER_ID><DOWNLOAD_URL>hXXp://VVV.freeridegames.com/do/getSDMGW?type=Silent&gameId=100799&sId=sweet_full_whitelabel&subId=10985</DOWNLOAD_URL><OFFER_FILE_NAME /><DOWNLOAD_BACKUP_URL>hXXp://VVV.freeridegames.com/do/getSDMGW?type=Silent&gameId=100799&sId=sweet_full_whitelabel&subId=10985</DOWNLOAD_BACKUP_URL><CONDITION_TYPE>None</CONDITION_TYPE><TOTAL_STEPS>1</TOTAL_STEPS><SOFTWARE_PRODUCT_VERSION /><ANTI_OFFER /><SUCCESS_CODE /><INSTALLATION_UI_ELEMENTS><UI_ELEMENT><NAME>DownloadBrowser</NAME><VALUE>IE</VALUE></UI_ELEMENT><UI_ELEMENT><NAME>CType</NAME><VALUE>-1</VALUE></UI_ELEMENT><UI_
<<< skipped >>>
GET ///img/Logos/r_ec/r_b1/752fefa4-2091-409c-b42c-abdd63222afb.jpg HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3706054/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Wed, 12 Nov 2014 13:23:17 GMT
Accept-Ranges: bytes
ETag: "561819d27bfecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 5501
Cache-Control: private, max-age=18000
Expires: Fri, 13 Mar 2015 05:07:32 GMT
Date: Fri, 13 Mar 2015 00:07:32 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......P.....zhXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:31518c97-5f4f-164a-8d09-af8099c7a196" xmpMM:DocumentID="xmp.did:BC28621F93B011E3B19BB55B2FBB893A" xmpMM:InstanceID="xmp.iid:BC28621E93B011E3B19BB55B2FBB893A" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:31518c97-5f4f-164a-8d09-af8099c7a196" stRef:documentID="xmp.did:31518c97-5f4f-164a-8d09-af8099c7a196"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...&Adobe.d....................@...@...{............................................................................................................................................7........................................................................................... ...@P0!#$."........................!..1A"Qa2. q.B#...@..RbP...s$4.....................1.!A. q.0P.Qa....."2.@..BR3...................!.1AQaq... @..0....P...........................).7.6@...i........9..$.....yz.....l...>....^....v s.Zg..\i-..-qu}/7.P.<..A..~-..B...I
<<< skipped >>>
Map
The Malware connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_840:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ndata
.ndata
.rsrc
.rsrc
@.reloc
@.reloc
RegDeleteKeyExW
RegDeleteKeyExW
Kernel32.DLL
Kernel32.DLL
PSAPI.DLL
PSAPI.DLL
%s=%s
%s=%s
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
GetAsyncKeyState
GetAsyncKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
SHFileOperationW
SHFileOperationW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegEnumKeyW
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
Z-U}G
Z-U}G
.lH$F
.lH$F
.wv "
.wv "
zcÃ
zcÃ
.?AVfsURL@@
.?AVfsURL@@
.?AVfsInternetURLFile@@
.?AVfsInternetURLFile@@
.?AVfsInternetURLFileDownloader@@
.?AVfsInternetURLFileDownloader@@
.?AVfsHttpFile@@
.?AVfsHttpFile@@
.?AVfsFtpConnection@@
.?AVfsFtpConnection@@
.?AVfsFtpFile@@
.?AVfsFtpFile@@
.?AVfsHttpConnection@@
.?AVfsHttpConnection@@
6'6,60646]6
6'6,60646]6
2(2F2i2
2(2F2i2
Thawte Certification1
Thawte Certification1
hXXp://ocsp.thawte.com0
hXXp://ocsp.thawte.com0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
hXXps://VVV.verisign.com/cps0
hXXps://VVV.verisign.com/cps0
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0q
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0q
hXXp://ocsp.verisign.com0;
hXXp://ocsp.verisign.com0;
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/rpa0
hXXps://VVV.verisign.com/rpa0
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://crl.verisign.com/pca3-g5.crl04
#hXXp://crl.verisign.com/pca3-g5.crl04
hXXp://ocsp.verisign.com0
hXXp://ocsp.verisign.com0
Nullsoft Install System v2.46.5-Unicode
Nullsoft Install System v2.46.5-Unicode
logging set to %d
logging set to %d
settings logging to %d
settings logging to %d
created uninstaller: %d, "%s"
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: success ("%s")
Exec: command="%s"
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack
Exch: stack
RMDir: "%s"
RMDir: "%s"
MessageBox: %d,"%s"
MessageBox: %d,"%s"
Delete: "%s"
Delete: "%s"
File: wrote %d to "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename failed: %s
Rename on reboot: %s
Rename on reboot: %s
Rename: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
SetFileAttributes: "%s":X
Sleep(%d)
Sleep(%d)
detailprint: %s
detailprint: %s
Call: %d
Call: %d
Aborting: "%s"
Aborting: "%s"
Jump: %d
Jump: %d
verifying installer: %d%%
verifying installer: %d%%
unpacking data: %d%%
unpacking data: %d%%
... %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
~nsu.tmp
install.log
install.log
%u.%u%s%s
%u.%u%s%s
Skipping section: "%s"
Skipping section: "%s"
Section: "%s"
Section: "%s"
New install of "%s" to "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
*?|/":
*?|/":
invalid registry key
invalid registry key
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
x%c
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
%s: failed opening file "%s"
LOCALS~1\Temp\nsx3.tmp\webapphost.dll
LOCALS~1\Temp\nsx3.tmp\webapphost.dll
on Data\Google\Chrome\User Data\Default
on Data\Google\Chrome\User Data\Default
.4.0.4.141207.02\14-12-08-12.20.18.575\0038824c-feac-413a-8789-94f89e52ddeb.png
.4.0.4.141207.02\14-12-08-12.20.18.575\0038824c-feac-413a-8789-94f89e52ddeb.png
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx3.tmp\webapphost.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx3.tmp\webapphost.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx3.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx3.tmp
on\App Paths\IEXPLORE.EXE
on\App Paths\IEXPLORE.EXE
1.0.0.1
1.0.0.1
Download.dll
Download.dll
nsx3.tmp
nsx3.tmp
File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx3.tmp\webapphost.dll" (overwriteflag=1)
File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx3.tmp\webapphost.dll" (overwriteflag=1)
\webapphost.dll"
\webapphost.dll"
XPLORE.EXE
XPLORE.EXE
gle\Chrome\User Data\Default
gle\Chrome\User Data\Default
.4.0.4.141207.02\14-12-08-12.20.18.575\0038824c-feac-413a-8789-94f89e52ddeb.ico
.4.0.4.141207.02\14-12-08-12.20.18.575\0038824c-feac-413a-8789-94f89e52ddeb.ico
ME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx3.tmp
ME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx3.tmp
45C7A-2265-4E18-9610-99F026DADF11
45C7A-2265-4E18-9610-99F026DADF11
c:\%original file name%.exe
c:\%original file name%.exe
%original file name%.exe
%original file name%.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsc1.tmp
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsc1.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
LORE.EXE
LORE.EXE
IEXPLORE.EXE
IEXPLORE.EXE
PLORE.EXE
PLORE.EXE
FA945C7A-2265-4E18-9610-99F026DADF11
FA945C7A-2265-4E18-9610-99F026DADF11
hXXp://data.dmccint.com/api/usages/
hXXp://data.dmccint.com/api/usages/
hXXp://engine.drive-c-files.com//DecisionEngine.ashx
hXXp://engine.drive-c-files.com//DecisionEngine.ashx
\\192.168.17.111\Bundles\59\512\ct5124859\6e4e2937a2d8424cb0de1517125686e7\Downloads\Prod\DDE1.4.0.4.141207.02\14-12-08-12.20.18.575\0038824c-feac-413a-8789-94f89e52ddeb.ico
\\192.168.17.111\Bundles\59\512\ct5124859\6e4e2937a2d8424cb0de1517125686e7\Downloads\Prod\DDE1.4.0.4.141207.02\14-12-08-12.20.18.575\0038824c-feac-413a-8789-94f89e52ddeb.ico
\\192.168.17.111\Bundles\59\512\ct5124859\6e4e2937a2d8424cb0de1517125686e7\Downloads\Prod\DDE1.4.0.4.141207.02\14-12-08-12.20.18.575\0038824c-feac-413a-8789-94f89e52ddeb.png
\\192.168.17.111\Bundles\59\512\ct5124859\6e4e2937a2d8424cb0de1517125686e7\Downloads\Prod\DDE1.4.0.4.141207.02\14-12-08-12.20.18.575\0038824c-feac-413a-8789-94f89e52ddeb.png
6e4e2937-a2d8-424c-b0de-1517125686e7
6e4e2937-a2d8-424c-b0de-1517125686e7
00000000
00000000
3712096
3712096
hXXp://cms.dmccint.com/MainOffer/3706054/
hXXp://cms.dmccint.com/MainOffer/3706054/
Setup.exe
Setup.exe
hXXp://cms.dmccint.com/Global/GlobalPage/3706054/
hXXp://cms.dmccint.com/Global/GlobalPage/3706054/
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx3.tmp\webapp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx3.tmp\webapp\
Naive_recommender_Bayesian_adjust_2015-03-12.csv
Naive_recommender_Bayesian_adjust_2015-03-12.csv
Microsoft Windows XP
Microsoft Windows XP
6.0.2900.5512
6.0.2900.5512
%Documents and Settings%\%current user%\Local Settings\Application Data
%Documents and Settings%\%current user%\Local Settings\Application Data
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx3.tmp\client_xml.xml
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx3.tmp\client_xml.xml
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx3.tmp\offer.xml
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx3.tmp\offer.xml
no_dynamic_main_offer_url_supported_in_this_version
no_dynamic_main_offer_url_supported_in_this_version
%Program Files%\Internet Explorer\iexplore.exe
%Program Files%\Internet Explorer\iexplore.exe
BLACKJACK_ARENA.exe
BLACKJACK_ARENA.exe
1.4.0.4.141207.02
1.4.0.4.141207.02
svchost.exe_1508:
.text
.text
`.data
`.data
.rsrc
.rsrc
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
RPCRT4.dll
RPCRT4.dll
NETAPI32.dll
NETAPI32.dll
ole32.dll
ole32.dll
ntdll.dll
ntdll.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
GetProcessHeap
GetProcessHeap
NtOpenKey
NtOpenKey
svchost.pdb
svchost.pdb
\PIPE\
\PIPE\
Software\Microsoft\Windows NT\CurrentVersion\Svchost
Software\Microsoft\Windows NT\CurrentVersion\Svchost
\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\
\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\
5.1.2600.5512 (xpsp.080413-2111)
5.1.2600.5512 (xpsp.080413-2111)
svchost.exe
svchost.exe
Windows
Windows
Operating System
Operating System
5.1.2600.5512
5.1.2600.5512