Backdoor.Win32.Farfli.FD, SearchProtectToolbar_pcap.YR (Lavasoft MAS)Behaviour: Backdoor
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: b86c719f93d86db71d4df0853d97214f
SHA1: 6fc83dae7b45585eb9a30ee3eb5e650e2b58bdc1
SHA256: dcebaec8d155f11d149bf6e0dff73ea22eb2f50f3164cf3eb2da3d9537278e1a
SSDeep: 6144:yz 92mhAMJ/cPl3iwbNozlx/LVXHSPF0MfK:yK2mhAMJ/cPlN 7VXL
Size: 212336 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-06-09 16:19:49
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Backdoor. Malware that enables a remote control of victim's machine.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Backdoor creates the following process(es):
wsmallstub.exe:472
%original file name%.exe:1560
The Backdoor injects its code into the following process(es):
DVD_Shrink_v3.2.0.15.exe:1596
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process DVD_Shrink_v3.2.0.15.exe:1596 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\button[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\DM_loader.gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\manager\init.html (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\X[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CancelBG[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CancelBG[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\4357d65f-a22b-4e28-a57c-d632a6270d43[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\nonadwords_trip[1].html (6038 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB3.tmp (45350 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\PS_searchprotect[1].json (32508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SmallLoader[2].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\certInlineLB.pfx (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\PCOptimumBoost[1].htm (1787 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\button[2].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\1569870[2].htm (23341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\manager\scripts\WebBrowser_embedded.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CancelBGGoogleDialog[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[2].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\manager\scripts\manager.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\customframeapi[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\manager\scripts\jquery-1.10.1.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\Failed.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\PCOptimumBoost[1].html (1642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\994349[1].htm (24471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\BoxBgNew[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\icon.png (431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\NextButton_Sprite wide[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\X[1].png (1 bytes)
%System%\wbem\Logs\wbemprox.log (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\1569870[1].htm (27085 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\proxy.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.dotdotdot.min[2].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\-[1].png (933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\nonadwords_trip[1].htm (3611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[1].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CancelBG[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\BoxBgNew[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\NoneSilentSuccess.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\manager\manager.html (328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\webapphost.dll (39329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\NextButton_Sprite-wide-grey[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\manager\scripts\sharedWorker.js (296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\InstallationSuccessful[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\1514591[1].htm (24993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\left_text[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SmallLoader[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\WelcomeScreen.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\AfterDawn[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\manager\scripts\gplay.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\Success.htm (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.dotdotdot.min[1].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\FDMClient.dll (8184 bytes)
The Backdoor deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130218\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013030120130302\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\nonadwords_trip[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013030120130302 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\button[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\PCOptimumBoost[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SmallLoader[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CancelBG[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\BoxBgNew[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130218 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021820130225 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021820130225\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspB2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CancelBG[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\X[1].png (0 bytes)
The process wsmallstub.exe:472 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\49deca54-7b41-4951-ba0d-e55cf038edeb\DVD_Shrink_v3.2.0.15.exe (3626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
The process %original file name%.exe:1560 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\icon.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\stub_settings.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wsmallstub.exe (2665 bytes)
The Backdoor deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\icon.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wsmallstub.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\__tmp_rar_sfx_access_check_1980906 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\stub_settings.xml (0 bytes)
Registry activity
The process DVD_Shrink_v3.2.0.15.exe:1596 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"WebBrowser_embedded.exe" = "6000"
"DVD_Shrink_v3.2.0.15.exe" = "6000"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014122320141224]
"CacheLimit" = "8192"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014122320141224]
"CachePrefix" = ":2014122320141224:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014122320141224]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014122320141224\"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "DVD_Shrink_v3.2.0.15.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014122320141224]
"CacheRepair" = "0"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014122320141224]
"CacheOptions" = "11"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1330111199"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "16 14 22 3E 86 2C 8F 6D 34 A7 72 ED F2 93 3B 75"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Backdoor deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013030120130302]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021120130218]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021820130225]
The Backdoor deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process wsmallstub.exe:472 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "29 EF B9 07 7A D3 E1 7C 95 32 4C FD 93 4A 8A B0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Backdoor deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process %original file name%.exe:1560 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D8 FE 43 F6 AE A3 FF F5 2F D3 25 98 AC A7 41 B3"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0]
"wsmallstub.exe" = "wsmallstub"
The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Dropped PE files
MD5 | File path |
---|---|
7ce9c717ec8ff8d1c38d97d436189b53 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\49deca54-7b41-4951-ba0d-e55cf038edeb\DVD_Shrink_v3.2.0.15.exe |
dd4b2762aa7ddc1314bbbdb42640aa20 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsaB4.tmp\FDMClient.dll |
62008374a494afeea2ee2ae9eee4c8c0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsaB4.tmp\System.dll |
07f09c1bf361f757675b77320a08506c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsaB4.tmp\manager\scripts\WebBrowser_embedded.exe |
f64b71ab811b25b1cd2fe801449af25c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsaB4.tmp\webapphost.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
wsmallstub.exe:472
%original file name%.exe:1560 - Delete the original Backdoor file.
- Delete or disinfect the following files created/modified by the Backdoor:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\button[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\DM_loader.gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\manager\init.html (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\X[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CancelBG[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CancelBG[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\4357d65f-a22b-4e28-a57c-d632a6270d43[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\nonadwords_trip[1].html (6038 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB3.tmp (45350 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\PS_searchprotect[1].json (32508 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SmallLoader[2].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\certInlineLB.pfx (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\PCOptimumBoost[1].htm (1787 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\button[2].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\1569870[2].htm (23341 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\manager\scripts\WebBrowser_embedded.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CancelBGGoogleDialog[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[2].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\manager\scripts\manager.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\customframeapi[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\manager\scripts\jquery-1.10.1.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\Failed.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\PCOptimumBoost[1].html (1642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\994349[1].htm (24471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\BoxBgNew[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\icon.png (431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\NextButton_Sprite wide[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\X[1].png (1 bytes)
%System%\wbem\Logs\wbemprox.log (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\1569870[1].htm (27085 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\proxy.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.dotdotdot.min[2].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\-[1].png (933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[1].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CancelBG[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\BoxBgNew[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\NoneSilentSuccess.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\manager\manager.html (328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\webapphost.dll (39329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\NextButton_Sprite-wide-grey[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\manager\scripts\sharedWorker.js (296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\InstallationSuccessful[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\1514591[1].htm (24993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\left_text[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SmallLoader[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\WelcomeScreen.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\AfterDawn[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\manager\scripts\gplay.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\Success.htm (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.dotdotdot.min[1].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB4.tmp\FDMClient.dll (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\49deca54-7b41-4951-ba0d-e55cf038edeb\DVD_Shrink_v3.2.0.15.exe (3626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\icon.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\stub_settings.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wsmallstub.exe (2665 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name: 1.3.9.0.140504.0
Product Version: 1.3.9.
Legal Copyright: (c) 2014 ClientConnect Ltd
Legal Trademarks:
Original Filename: DVD_Shrink_v3.2.0.15.ex
Internal Name: DVD_Shrink_v3.2.0.15.ex
File Version: 1.3.9.
File Description: Setup.ex
Comments:
Language: English (United States)
Company Name: Product Name: 1.3.9.0.140504.0Product Version: 1.3.9.Legal Copyright: (c) 2014 ClientConnect LtdLegal Trademarks: Original Filename: DVD_Shrink_v3.2.0.15.exInternal Name: DVD_Shrink_v3.2.0.15.exFile Version: 1.3.9.File Description: Setup.exComments: Language: English (United States)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 74526 | 74752 | 4.54396 | a8692f5ba740240ef0f9a827376f76f9 |
.rdata | 81920 | 7445 | 7680 | 3.46159 | d4f36accffde0bf520f52486679ccf0d |
.data | 90112 | 96036 | 512 | 2.46008 | b6c7edb5b7fec47a37a622cc5d71f3f4 |
.CRT | 188416 | 32 | 512 | 0.273198 | 439411041ee0b8261668525c5c132cd9 |
.rsrc | 192512 | 13724 | 13824 | 3.13935 | d556d4d28805afa6f911bbd373c4a780 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 66
20a1cc1abdac40f46d8e0aede3c84cbc
dc4891503b7a98d07319c2771e79192e
6faf9d8d9870f3d635dd5406083a17ca
0e43ed0d51af206b106693caf2745067
8b1b8144955c45b2c5e02fa5e05eb775
c4b6804fb5135658e95cd815f9ed2e04
f28e8c7e0bc01fa20d5b3e0f3c5420e7
17e19aaa661c6398e57dfab2bb1aa2d6
47d258151bdc9531528031f19ad0cfc2
c6fb01478c983cdbb2b82def26947c5c
ebe47e79344483b09d65c55638001974
054e9f941c4d06da0e43c063e98714a9
0bc038c839581166a3d7443cfc7d2cfe
b1ac555dfc0bb4d9a64d912574fa0dde
fdaaf3213c83a24c4c209fb5e65c04b6
3d4e152e1ef3195e859ccd4c5cac4a05
0f796b8ee2a25a65488813a8bc9ee06f
b34f22d88e267d6c706ca0ce202fbcf7
87916029b9d43b3d64bc3d9dbb7e6d4c
98bf6d4e3671d2cd20f238794c2b277e
54fd2905b6a4e2ff46851e3ad3231fb1
7bfef502c6cf82fc066e3cad39f9a0e0
f559287308ba44036f2c9a0381837a52
c67ea61534ef16eefc56f02b60eba05d
8cd0313290e88f773d7fa186c1a103d1
Network Activity
URLs
URL | IP |
---|---|
hxxp://173.223.99.12/CmsThemes/Default/Images/X.png | |
hxxp://173.223.99.12/CmsThemes/Default/Images/-.png | |
hxxp://173.223.99.12///img/Logos/r_f2/r_92/4357d65f-a22b-4e28-a57c-d632a6270d43.jpg | |
hxxp://173.223.99.12/CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png | |
hxxp://173.223.99.12/CmsThemes/Default/Images/button.png | |
hxxp://173.223.99.12/CmsThemes/Default/Images/CancelBG.png | |
hxxp://173.223.99.12/CmsThemes/Default/images/SmallLoader.gif | |
hxxp://173.223.99.12/CmsThemes/Default/Images/InstallationSuccessful.png | |
hxxp://engine.va.dmccint.com/DecisionEngine.ashx | |
hxxp://54.243.179.23/ | |
hxxp://173.223.99.12/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None | |
hxxp://173.223.99.12/DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None | |
hxxp://173.223.99.12/Js/jquery.dotdotdot.min.js?fid=1514591 | |
hxxp://a173-223-99-12.deploy.static.akamaitechnologies.com/CmsThemes/Default/Images/X.png | |
hxxp://a173-223-99-12.deploy.static.akamaitechnologies.com///img/Logos/r_f2/r_92/4357d65f-a22b-4e28-a57c-d632a6270d43.jpg | |
hxxp://a173-223-99-12.deploy.static.akamaitechnologies.com/CmsThemes/Default/Images/-.png | |
hxxp://a173-223-99-12.deploy.static.akamaitechnologies.com/CmsThemes/Default/Images/button.png | |
hxxp://a173-223-99-12.deploy.static.akamaitechnologies.com/CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png | |
hxxp://a173-223-99-12.deploy.static.akamaitechnologies.com/CmsThemes/Default/Images/CancelBGGoogleDialog.png | |
hxxp://a1128.g1.akamai.net/customoffers/PC optimum boost/en/1/PCOptimumBoost.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie | |
hxxp://a173-223-99-12.deploy.static.akamaitechnologies.com/CmsThemes/Default/Images/CancelBG.png | |
hxxp://a173-223-99-12.deploy.static.akamaitechnologies.com/CmsThemes/Default/Images/NextButton_Sprite wide.png | |
hxxp://a173-223-99-12.deploy.static.akamaitechnologies.com/CmsThemes/Default/images/SmallLoader.gif | |
hxxp://a173-223-99-12.deploy.static.akamaitechnologies.com/CmsThemes/Default/Images/BoxBgNew.png | |
hxxp://a173-223-99-12.deploy.static.akamaitechnologies.com/Js/jquery.dotdotdot.min.js?fid=994349 | |
hxxp://a1128.g1.akamai.net/customoffers/PC optimum boost/en/1/img/left_text.png | |
hxxp://e6652.g.akamaiedge.net/ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie | |
hxxp://a1128.g1.akamai.net/customoffers/customframeapi.js | |
hxxp://e6652.g.akamaiedge.net/LMS/PS_searchprotect/PS_searchprotect.json | |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/CancelBG.png | |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/CancelBGGoogleDialog.png | |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/button.png | |
hxxp://cms.dmccint.com/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None | |
hxxp://ude.databssint.com/ | |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/-.png | |
hxxp://dehosting.dmccint.com/customoffers/PC optimum boost/en/1/PCOptimumBoost.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie | 184.84.243.32 |
hxxp://cms.dmccint.com/CmsThemes/Default/images/SmallLoader.gif | |
hxxp://cms.dmccint.com/Js/jquery.dotdotdot.min.js?fid=994349 | |
hxxp://cms.dmccint.com/Js/jquery.dotdotdot.min.js?fid=1514591 | |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/BoxBgNew.png | |
hxxp://engine.dmccint.com/DecisionEngine.ashx | 199.101.114.147 |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/X.png | |
hxxp://storage.stgbssint.com/ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie | 23.9.119.70 |
hxxp://dehosting.dmccint.com/customoffers/customframeapi.js | 184.84.243.32 |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/NextButton_Sprite wide.png | |
hxxp://cms.dmccint.com/DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None | |
hxxp://storage.stgbssint.com/LMS/PS_searchprotect/PS_searchprotect.json | 23.9.119.70 |
hxxp://dehosting.dmccint.com/customoffers/PC optimum boost/en/1/img/left_text.png | 184.84.243.32 |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png | |
hxxp://cmsstorage.dmccint.com///img/Logos/r_f2/r_92/4357d65f-a22b-4e28-a57c-d632a6270d43.jpg | |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/InstallationSuccessful.png |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: storage.stgbssint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Length: 35920
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Thu, 21 Aug 2014 07:42:36 GMT
Accept-Ranges: bytes
ETag: "03ea67913bdcf1:528"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private, max-age=86400
Expires: Wed, 24 Dec 2014 21:04:19 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Max-Age: 604800
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: origin, content-type
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
...............7.(._.^...Lk..".......QlY....e.%..f...H.*.d&....\......s3k......8...d".@..CI..3k..b./..........>.>.....^<.\.M:x..g_>{<..ON.{......'...x......d....2QI..........70.. ...........8/.O^}sr.@O...<V...J..3......Y)z..~..''.E.....7R...|,..%oD.8..........K....7.JO....(..;.>.#.S.J...'.....M.@..SrY..s..N....o..|.j`.'....]......!..._}..|..4........2.K..l.S<./d.c^n....".\.\]q........E.J..M\\&Y4.n..*...k.CS..W..N&.>}#..,..8N..,.\.. ..4.).......L6.w.y..E....q...D./.4..%.._S..x-.r.*...k>.......u...../U.F....z[.\....F..Jv.A.;l..........(?x....|......%...M...,.w...A0.......-.!..........b..I.(H.JV .M.. .\^)l.......j.IFE.8eB......}.\..4..L......'.......?.......A......D.dW.......5......E~.,..U.QX..?..f..A..o..a....2OwJN]b*....'.o{c.....`.Q..*6_?J.Lc`&.4.5j...x...]Q.E......alG..b0..-.<..?...BB..w....o\...~8.gza2..|...h..@... vP..G.<z.Q...NV...8.3....E..V.......S..%.....[.o...x._.p)..L..P.C.........1..u?XBm...o.......f........{..0.05C.A..NX.N.).<E..`M....'...t0~PN..V..g...m4...o.%I.I. ...A..S.N...7.....m...N.WI.3....oi....F.-..a.e|.....v...E.X.3.V ..w!.n*[..|....u....q...x....]....Uk.....~.-:...m.\..q..d....e!ev.......?H...............~]...{.xp).x..0>.".S/...u._.c.N.=b.........G..*)D...%.O@.q..t2.$.....A.......0....t.}..7N2d.n....g..N(..~.I....H....... `.[.....S.&.?lo...`=.....\.<....N{[...4...] `..}n.,.....i...6[.eE...]?.D..[....a=|..}.[(.._@!"..C.~.Q.w...\.|.t....q".o!....R'1sG....z..2..M^.n'...`...Nz'.....!..6... v....,.S\.R.}b.?&.....,.....ep..........dL.L>.{G...!...
<<< skipped >>>
GET /LMS/PS_searchprotect/PS_searchprotect.json HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://storage.stgbssint.com/ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie#cms.dmccint.com/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: storage.stgbssint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Length: 250005
Content-Type: application/json
Last-Modified: Wed, 17 Dec 2014 11:45:53 GMT
Accept-Ranges: bytes
ETag: "a8cc23ef19d01:ded"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private, max-age=7200
Expires: Tue, 23 Dec 2014 23:04:20 GMT
Date: Tue, 23 Dec 2014 21:04:20 GMT
Connection: keep-alive
Access-Control-Max-Age: 604800
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: origin, content-type
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
{"Product":"PS_SearchProtect","LastUpdate":1345880,"Translations":{"ar":{"Keys":{"@@AcceptAndInstallButton@@":{"Text":"\u0623\u0648\u0627\u0641\u0642 & \u0648\u0642\u0645 \u0628\u0627\u0644\u062a\u062b\u0628\u064a\u062a"},"@@Body_text_1st_paragraph@@":{"Text":"\u064a\u064f\u0631\u062c\u0649 \u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0648\u0627\u0644\u0634\u0631\u0648\u0637 \u0627\u0644\u0647\u0627\u0645\u0629 \u0627\u0644\u062a\u0627\u0644\u064a\u0629 \u0642\u0628\u0644 \u0627\u0644\u0645\u062a\u0627\u0628\u0639\u0629."},"@@Body_text_1st_paragraph_2@@":{"Text":"\u0643\u062c\u0632\u0621 \u0645\u0646 \u062a\u062b\u0628\u064a\u062a \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c\u060c \u064a\u0645\u0643\u0646\u0643 \u0623\u064a\u0636\u064b\u0627 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0645\u064a\u0632\u0629 \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0628\u062d\u062b. \u064a\u064f\u0631\u062c\u0649 \u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0648\u0627\u0644\u0634\u0631\u0648\u0637 \u0642\u0628\u0644 \u0627\u0644\u0627\u0633\u062a\u0645\u0631\u0627\u0631."},"@@Body_text_2nd_paragraph@@":{"Text":"\u0642\u0645 \u0628\u062a\u062b\u0628\u064a\u062a \u0645\u064a\u0632\u0629 \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0628\u062d\u062b \u0644\u062a\u0639\u064a\u064a\u0646 \u0627\u0644\u0635\u0641\u062d\u0629 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629 \u0648\u0627\u0644\u0628\u062d\u062b \u0627\u0644\u0627\u
<<< skipped >>>
GET ///img/Logos/r_f2/r_92/4357d65f-a22b-4e28-a57c-d632a6270d43.jpg HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 21 Jan 2014 10:18:01 GMT
If-None-Match: "9024a8109216cf1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/jpeg
Last-Modified: Tue, 21 Jan 2014 10:18:01 GMT
ETag: "9024a8109216cf1:0"
Cache-Control: private, max-age=10243
Expires: Tue, 23 Dec 2014 23:55:01 GMT
Date: Tue, 23 Dec 2014 21:04:18 GMT
Connection: keep-alive
GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1569870/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "caa5998c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "caa5998c6fd01:0"
Cache-Control: private, max-age=8122
Expires: Tue, 23 Dec 2014 23:19:34 GMT
Date: Tue, 23 Dec 2014 21:04:12 GMT
Connection: keep-alive
....
GET /DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 174709
Cache-Control: private, max-age=18000
Expires: Wed, 24 Dec 2014 02:04:18 GMT
Date: Tue, 23 Dec 2014 21:04:18 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html> <![endif]-->..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. <meta charset="utf-8" />.. .. <title>installation</title>.. <style>./* =============================================================================.. HTML5 Boilerplate CSS: h5bp.com/css.. ========================================================================== */..article, aside, details, figcaption, figure, footer, header, hgroup, nav, section { display: block; }..audio, canvas, video { display: inline-block; *display: inline; *zoom: 1; }..audio:not([controls]) { display: none; }..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, select, textarea { font-family: sans-serif; color: #222; }..body { margin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-shadow: none; }..::selection { text-shadow: none; }..a { color: #00e; outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..a:focus { outline: none ; }..a:hover, a:active { outline: none;border: none; }...ie7 a:focus, *:focus {.. noFocusLine: expression(th
<<< skipped >>>
GET /CmsThemes/Default/images/SmallLoader.gif HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:29:01 GMT
If-None-Match: "d0643b44c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "ce177098c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1504
Cache-Control: private, max-age=8115
Expires: Tue, 23 Dec 2014 23:19:34 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
GIF89a.........................v.....5..d..e..........................{......................................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="hXXp://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="A5EDB964567077337C8E54A0BBE35981" xmpMM:DocumentID="xmp.did:861DE9F12C2811E484A994AD54106D49" xmpMM:InstanceID="xmp.iid:861DE9F02C2811E484A994AD54106D49" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:df987947-01f7-4167-b08b-2878b7f29ca6" stRef:documentID="adobe:docid:photoshop:b746f760-73f3-1177-8ee4-c7825aacab4e"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .................................!.......,..........D`28Ga\.PA.......e3..L.UU:....Q..XCh.(...-.Z.....v..v._0\Q.J'.a.z.....!.......,..........4.PA..]h28Ga,.eU.z.T..M,K6G..@.d. J.C.d4.N. .J'.b.2...!.......,..........4.PA..]h28Ga,.eU.z.T..M,K6G
<<< skipped >>>
GET /CmsThemes/Default/Images/X.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "0c67198c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "0c67198c6fd01:0"
Cache-Control: private, max-age=9260
Expires: Tue, 23 Dec 2014 23:38:39 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "404a5898c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "404a5898c6fd01:0"
Cache-Control: private, max-age=8115
Expires: Tue, 23 Dec 2014 23:19:34 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/NextButton_Sprite wide.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "98a6d98c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "98a6d98c6fd01:0"
Cache-Control: private, max-age=8769
Expires: Tue, 23 Dec 2014 23:30:28 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/images/SmallLoader.gif HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "ce177098c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/gif
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "ce177098c6fd01:0"
Cache-Control: private, max-age=8115
Expires: Tue, 23 Dec 2014 23:19:34 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1569870/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "404a5898c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "404a5898c6fd01:0"
Cache-Control: private, max-age=8770
Expires: Tue, 23 Dec 2014 23:30:22 GMT
Date: Tue, 23 Dec 2014 21:04:12 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1569870/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "404a5898c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "404a5898c6fd01:0"
Cache-Control: private, max-age=8770
Expires: Tue, 23 Dec 2014 23:30:22 GMT
Date: Tue, 23 Dec 2014 21:04:12 GMT
Connection: keep-alive
....
GET /DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 174715
Cache-Control: private, max-age=18000
Expires: Wed, 24 Dec 2014 02:04:18 GMT
Date: Tue, 23 Dec 2014 21:04:18 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html> <![endif]-->..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. <meta charset="utf-8" />.. .. <title>installation</title>.. <style>./* =============================================================================.. HTML5 Boilerplate CSS: h5bp.com/css.. ========================================================================== */..article, aside, details, figcaption, figure, footer, header, hgroup, nav, section { display: block; }..audio, canvas, video { display: inline-block; *display: inline; *zoom: 1; }..audio:not([controls]) { display: none; }..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, select, textarea { font-family: sans-serif; color: #222; }..body { margin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-shadow: none; }..::selection { text-shadow: none; }..a { color: #00e; outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..a:focus { outline: none ; }..a:hover, a:active { outline: none;border: none; }...ie7 a:focus, *:focus {.. noFocusLine: expression(th
<<< skipped >>>
GET /Js/jquery.dotdotdot.min.js?fid=1514591 HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 04 Dec 2014 13:31:23 GMT
Accept-Ranges: bytes
ETag: "be63c598c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 6149
Cache-Control: private, max-age=9336
Expires: Tue, 23 Dec 2014 23:39:54 GMT
Date: Tue, 23 Dec 2014 21:04:18 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.www.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dual licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_License. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.empty();for(var i=0,d=r.length;d>i;i ){var l=r.eq(i);if(t.append(l),n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}function r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgroup, option, textarea, script, style",u="script, .dotdotdot-keep";return e.contents().detach().each(function(){var f=this,h=t(f);if("undefined"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"append"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.detach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];if(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLetter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).join(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.length&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>
GET /CmsThemes/Default/Images/X.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "0c67198c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "0c67198c6fd01:0"
Cache-Control: private, max-age=8974
Expires: Tue, 23 Dec 2014 23:33:52 GMT
Date: Tue, 23 Dec 2014 21:04:18 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/-.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "ac4d4d98c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "ac4d4d98c6fd01:0"
Cache-Control: private, max-age=8763
Expires: Tue, 23 Dec 2014 23:30:21 GMT
Date: Tue, 23 Dec 2014 21:04:18 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "404a5898c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "404a5898c6fd01:0"
Cache-Control: private, max-age=8764
Expires: Tue, 23 Dec 2014 23:30:22 GMT
Date: Tue, 23 Dec 2014 21:04:18 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:29:01 GMT
If-None-Match: "6f33944c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:29:01 GMT
ETag: "6f33944c6fd01:0"
Cache-Control: private, max-age=9330
Expires: Tue, 23 Dec 2014 23:39:48 GMT
Date: Tue, 23 Dec 2014 21:04:18 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/CancelBGGoogleDialog.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "e8b65c98c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 6035
Cache-Control: private, max-age=8770
Expires: Tue, 23 Dec 2014 23:30:28 GMT
Date: Tue, 23 Dec 2014 21:04:18 GMT
Connection: keep-alive
.PNG........IHDR...J...1.............sRGB.........gAMA......a.....pHYs.......... ......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:257C616565E511E1B1E4ACFCC563EDC8" xmpMM:DocumentID="xmp.did:257C616665E511E1B1E4ACFCC563EDC8"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:257C616365E511E1B1E4ACFCC563EDC8" stRef:documentID="xmp.did:257C616465E511E1B1E4ACFCC563EDC8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...P....IDATx^...N....P...L.).A(...A."1...$<rcK...r....] .E. 8.^..[......o........ @.7.u&... @......(J..... @...'...^z....puu5...c........cmmm:.#@.......g......{..u>|.0.....?~.......i..........(JQ^... @....,p......pyy9lnn.....1_z./....^;..... @`...x....v:nnn....aooo..(J..I...SI...W.....F.......u..OBz.(.%i>.....*........ @.............p}}=lmmMg.......O.9...../&@..............|.m.@............79.....8..... . .8.t||<.A.[.|Vi>.4~}..%g.z.... @...6......J....F..l.........y".W....\..O.-?t..N..... @`...o..K.|.m,J.1.%..V..!-..... .........
<<< skipped >>>
GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "caa5998c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:29:01 GMT
Accept-Ranges: bytes
ETag: "c8592844c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 2726
Cache-Control: private, max-age=8621
Expires: Tue, 23 Dec 2014 23:27:59 GMT
Date: Tue, 23 Dec 2014 21:04:18 GMT
Connection: keep-alive
.PNG........IHDR...>.........$.=.....sRGB.........gAMA......a.....pHYs.......... ......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:257C616565E511E1B1E4ACFCC563EDC8" xmpMM:DocumentID="xmp.did:257C616665E511E1B1E4ACFCC563EDC8"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:257C616365E511E1B1E4ACFCC563EDC8" stRef:documentID="xmp.did:257C616465E511E1B1E4ACFCC563EDC8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...P....IDATx^...N#K.....%.@.......B.D..$`.3U..j.3.h0..%m..E.iW.'........ ..?.......<<<.......V..i..d...`....S......v... ....S.Y.....r.._677...F..>=~....8z.....yyy)......`~r.>u.s{{...............Y.>5z.......!|....l6 [[[-z..x.........j...o{j..................EN...O..:..#....2....O......S.Y.?.......S.g.>..]b..X75eV]s....!|.//...#|........S..........j!|...........j....\u...:'''.....;;;C.........UM...O...?OOO..........F...?.W...U....X.............%v....O..!|..../X.4.....!|.......!|.......!|.......!|.......!|.......!|.......!|
<<< skipped >>>
GET /CmsThemes/Default/Images/NextButton_Sprite wide.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "98a6d98c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 2779
Cache-Control: private, max-age=8132
Expires: Tue, 23 Dec 2014 23:19:50 GMT
Date: Tue, 23 Dec 2014 21:04:18 GMT
Connection: keep-alive
.PNG........IHDR.......}........R....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:72B2EB22C3E111E3AEC3EB792256C508" xmpMM:DocumentID="xmp.did:72B2EB23C3E111E3AEC3EB792256C508"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72B2EB20C3E111E3AEC3EB792256C508" stRef:documentID="xmp.did:72B2EB21C3E111E3AEC3EB792256C508"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.x.I...MIDATx....k]i...s..i..j....n.bq.2.c.Zq....("..A......tQ.S..8. h..af1.....f3.XZ.J[.T.i3.Mnnn.9..7..L.].C.......dw6_....v..y=E=y...P.)........s..........#UU.8_.4A..k.Vk...{..........b......w....,.E./.3.@..e....G..];z......f....34...v[...H1....g......'.......bss.H......699y...^..0...TU....h.V ..x.sOL.?r..@JYX...:4...$...?!.@.. .B......t&.H3.KM..d.... ..... ..... .&(..H6..C.H5..C....@...T.... ..... ..... .&(..H6..C.H5..C.H...A.. ..............4B0....,g....,..n..;......G.|r........r.1..o..b..........mp.)...B.u....l......../.\..`~~......P...C{.... ..Fh.W/].t....7..N,.1....'..D..z..c.......
<<< skipped >>>
GET /CmsThemes/Default/Images/BoxBgNew.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "524e5698c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:29:01 GMT
Accept-Ranges: bytes
ETag: "6972344c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 5182
Cache-Control: private, max-age=9334
Expires: Tue, 23 Dec 2014 23:39:53 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
.PNG........IHDR...[...G......9......pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
GET /Js/jquery.dotdotdot.min.js?fid=994349 HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Thu, 04 Dec 2014 13:31:23 GMT
Accept-Ranges: bytes
ETag: "be63c598c6fd01:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 6149
Cache-Control: private, max-age=10976
Expires: Wed, 24 Dec 2014 00:07:15 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.www.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dual licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_License. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.empty();for(var i=0,d=r.length;d>i;i ){var l=r.eq(i);if(t.append(l),n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}function r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgroup, option, textarea, script, style",u="script, .dotdotdot-keep";return e.contents().detach().each(function(){var f=this,h=t(f);if("undefined"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"append"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.detach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];if(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLetter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).join(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.length&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>
GET /CmsThemes/Default/Images/-.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "ac4d4d98c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "ac4d4d98c6fd01:0"
Cache-Control: private, max-age=8762
Expires: Tue, 23 Dec 2014 23:30:21 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:29:01 GMT
If-None-Match: "6f33944c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:29:01 GMT
ETag: "6f33944c6fd01:0"
Cache-Control: private, max-age=9329
Expires: Tue, 23 Dec 2014 23:39:48 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/CancelBGGoogleDialog.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "e8b65c98c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "e8b65c98c6fd01:0"
Cache-Control: private, max-age=8769
Expires: Tue, 23 Dec 2014 23:30:28 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:29:01 GMT
If-None-Match: "c8592844c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:29:01 GMT
ETag: "c8592844c6fd01:0"
Cache-Control: private, max-age=8620
Expires: Tue, 23 Dec 2014 23:27:59 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/BoxBgNew.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:29:01 GMT
If-None-Match: "6972344c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:29:01 GMT
ETag: "6972344c6fd01:0"
Cache-Control: private, max-age=9334
Expires: Tue, 23 Dec 2014 23:39:53 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
POST /DecisionEngine.ashx HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: engine.dmccint.com
Content-Length: 2509
Connection: Keep-Alive
Cache-Control: no-cache
<OFFER_REQUEST><COMPLETE_COMMAND_LINE>false</COMPLETE_COMMAND_LINE><USER_PROFILE><PUBLISHER_ID_NUM>244</PUBLISHER_ID_NUM><SESSION_ID><![CDATA[49deca54-7b41-4951-ba0d-e55cf038edeb]]></SESSION_ID><TRACKING_ID><![CDATA[]]></TRACKING_ID><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>DMVersion</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE>1.4.0.4.141214.03</USER_ATTRIBUTE_VALUE></USER_ATTRIBUTE><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>DefaultBrowser</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE>IE</USER_ATTRIBUTE_VALUE></USER_ATTRIBUTE><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>CurrentToolbar</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE><![CDATA[]]></USER_ATTRIBUTE_VALUE></USER_ATTRIBUTE><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>Homepage</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE><![CDATA[about:blank]]></USER_ATTRIBUTE_VALUE></USER_ATTRIBUTE><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>DefaultSearch</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE><![CDATA[]]></USER_ATTRIBUTE_VALUE></USE
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 23 Dec 2014 21:04:16 GMT
Content-Length: 11519
...<OFFER_RESPONSE><MAIN_OFFER><OFFER_ID>1572961</OFFER_ID><OFFER_NAME>DVD Shrink v3.2.0.15</OFFER_NAME><OFFER_URL>no_dynamic_main_offer_url_supported_in_this_version</OFFER_URL><OFFER_DESCRIPTION /><OFFER_INSTALL_CMD><OFFER_ID>1572961</OFFER_ID><OFFER_STATE>default</OFFER_STATE><DOWNLOAD_URL>hXXp://VVV.afterdawn.com/software/general/download.cfm?version_id=1421&installer_download=1&perion=1</DOWNLOAD_URL><INSTALL_COMMAND_LINE /></OFFER_INSTALL_CMD><INSTALLATION_TYPE>1</INSTALLATION_TYPE><PRODUCT_ID /><PRODUCT_TYPE>Publisher's Offer</PRODUCT_TYPE><PRODUCT_VERSION /><ROOT_OFFER_ID>1572961</ROOT_OFFER_ID><DOWNLOAD_URL>hXXp://VVV.afterdawn.com/software/general/download.cfm?version_id=1421&installer_download=1&perion=1</DOWNLOAD_URL><OFFER_FILE_NAME /><DOWNLOAD_BACKUP_URL>http://VVV.afterdawn.com/software/general/download.cfm?version_id=1421&installer_download=1&perion=1</DOWNLOAD_BACKUP_URL><CONDITION_TYPE>None</CONDITION_TYPE><TOTAL_STEPS>1</TOTAL_STEPS><SOFTWARE_PRODUCT_VERSION /><ANTI_OFFER /><SUCCESS_CODE /><INSTALLATION_UI_ELEMENTS><UI_ELEMENT><NAME>DownloadBrowser</NAME><VALUE>IE</VALUE></UI_ELEMENT><UI_ELEMENT><NAME>CType</NAME><VALUE>-1</VALUE></UI_ELEMENT><UI_ELEMENT><NAME
<<< skipped >>>
GET ///img/Logos/r_f2/r_92/4357d65f-a22b-4e28-a57c-d632a6270d43.jpg HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1569870/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 21 Jan 2014 10:18:01 GMT
If-None-Match: "9024a8109216cf1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/jpeg
Last-Modified: Tue, 21 Jan 2014 10:18:01 GMT
ETag: "9024a8109216cf1:0"
Cache-Control: private, max-age=10250
Expires: Tue, 23 Dec 2014 23:55:01 GMT
Date: Tue, 23 Dec 2014 21:04:11 GMT
Connection: keep-alive
....
GET ///img/Logos/r_f2/r_92/4357d65f-a22b-4e28-a57c-d632a6270d43.jpg HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/994349/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 21 Jan 2014 10:18:01 GMT
If-None-Match: "9024a8109216cf1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/jpeg
Last-Modified: Tue, 21 Jan 2014 10:18:01 GMT
ETag: "9024a8109216cf1:0"
Cache-Control: private, max-age=10242
Expires: Tue, 23 Dec 2014 23:55:01 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
GET /customoffers/PC optimum boost/en/1/PCOptimumBoost.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1569870/1514591/?mainofferId=1572961&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dehosting.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Thu, 13 Nov 2014 10:11:54 GMT
Accept-Ranges: bytes
ETag: "427df63f2affcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 10303
Cache-Control: private, max-age=31536000
Expires: Wed, 23 Dec 2015 21:04:18 GMT
Date: Tue, 23 Dec 2014 21:04:18 GMT
Connection: keep-alive
Vary: Accept-Encoding
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?"~........7....t.....WO.....m....{'w.>}.4.........x'}Sg..h.j..w.....7NR}>.......WWW..{........w...(..v......GG...J.-.e.Y.......................v....uq..G'........U.Q:..>.......0................q[.e~............@).i..7...(.T.....O.,...X>Jw...W.lV,/._.......(......"....j.........*..Q......5pM~....A..X.u...b.............}.yq1o...vwz..*..Gi6i.r....5.....*.i...to...$......r.(]...G...n....?fe.Z^|t'.....v.......... D..|...VD..[......y.....C5#.......)~.....o..Awwo....x..I............?...p. n|....@.p{_.......h.6.6.6@...i...8.{....x,.....T.,....C...x.. ..x.C..=..i......e^.....5....:_ Y.l."....n.1.........}M........j.:N.....3t.w.y.%..m..n.m.........7..3.3A;{..'..w...I&.O...4....:.?g.eZ.>...Y...)4.GdT.o...BX.........ix.......E.._.../.....x.~...UJ.....iz...../N_.y|wB`......e.gMN..%.o..I..j.~...7.$'.O.s2.iU.UI<..UZ,.6 K|F..../Wm.X/..'...j.qzv.^...f...%X.tV...w....;.O...7...Y>#6....5.'....(..lq......MJ.........gQ.iu.f.....u...).Uz5/.......O.~......X/.v{B....jU...o5.g....,.9.1.V5d..Pw4.g....W....gOO......N...........g'o..|...,..:M.z....................7../_........9}............K..c..:.F4.?I..z..|q.../.|.>.../..y.tD..~s..9...._.|s..W_0..........8.........sB......1..IV. ..4'YS.[.....&......fvA.. .k.s.g4..._........Xd.4..n :..2'. ....jc.^...i..#.....kn..L.]h.U...1...5..0.^.g.y.Z..6...O.d.........9.E..$. ...1.8...,x..jy..=...v..[_..VU..x.^2wge.^3....#yY..e.Ij..UU...#....tyQ..MJ..X.?3.....f...HS^T3...
<<< skipped >>>
GET /customoffers/PC optimum boost/en/1/img/left_text.png HTTP/1.1
Accept: */*
Referer: hXXp://dehosting.dmccint.com/customoffers/PC optimum boost/en/1/PCOptimumBoost.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dehosting.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 13 Nov 2014 10:11:54 GMT
Accept-Ranges: bytes
ETag: "8a5af43f2affcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 11937
Cache-Control: private, max-age=31536000
Expires: Wed, 23 Dec 2015 21:04:19 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
.PNG........IHDR...=.........KF......sRGB.........gAMA......a.....pHYs..........o.d...6IDATx^.......@'....x)...... ..L..D=~.......r.....D....\...}.A.\.(zA.\.(zA.\.(zA.\.(zA.\.(zA.\.(zA.\.(z..}}|.... ...?8....s........l..`....I.~..g......{..o..}.}hs?S.'..T.a.......NU.X.1...Y.n....E9...s..6=..wz...|~jg.#..W.:NS.x...B^....ER.....#b!|'..P.......pX!>.._..i9G.c.l.4..n.....1.^.....v...#..l.....{._...E.^.y..]E.D...`."J....h\..x[k.>%..:.UQ.{..*t.0.....Gm.......C..q.'...G.;G.O.]...u...m.{...76-..f..Mr........>7G.Q@.:.E.>:.l.=..[6..{_'?...a..mh..(z...EO.jPa....Fn.z.o.iU.|..6....[...........A.Q.........).a.O6M..S.)..s...'..Q.&......=.....=.`l.I.{.=..V.,y.^^)zw.A.,z....!......f....Cj...c...I~......z........7.e...B.;R......k6.....q=. w.6-....G....GW#g........fa.q.....Q.....;6m.[...q......F..#s....&|.E......o...@?....x..%.%.....;m.[...*.}......U......z........=.<z..$.......&.FRZ.......'...G..r...9..g..>...O...Pc}d.N....j.:NQ.x..&../x...y.w....[............Cu..zmlZ..RL.\. z.YW.,...v.l..B...*.. ..5...eDa....K..5..x.....nm<oC.B..'.>i...j..:(..{W*.=...=..:-.;....z..4.S/...q.....F...." e(..2&=.}^..Xz.7... .>.*z.Y ..z..J3..Q..Evk.j.%....u.....-.A...(zA.\.(zA.\.(zA.\..Q.. .V......................................E.....$..]..w..........J...#?.'......m..[............o.....{~..P..6..'..D..]^_.r....../4._g....Ii..G.c..q....n......}L.N\......G.....<.....^..kY.......I.E...[...~..b....m.r..<..#9G.k...G...I2.._H.}...a..m..(...2..*:..ps~... #lor.|...u#k..R....b.U.....<......6.s..5..kS.>....6.........>
<<< skipped >>>
GET /customoffers/customframeapi.js HTTP/1.1
Accept: */*
Referer: hXXp://storage.stgbssint.com/ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dehosting.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Wed, 03 Sep 2014 13:26:01 GMT
Accept-Ranges: bytes
ETag: "46a2919a7ac7cf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 798
Cache-Control: private, max-age=31536000
Expires: Wed, 23 Dec 2015 21:04:19 GMT
Date: Tue, 23 Dec 2014 21:04:19 GMT
Connection: keep-alive
Vary: Accept-Encoding
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?"....i[T.t.N.....7NRz..:]eu.l.....4_N.Y.....Y...T.U...[e5..a<...;w...,......;......X.3...Y....G..W....(g....`B_..W.....2/.......j......=...\...^d.|..b.Z.............}4r......Wu.UP....H.w........w.|....8O.:..W|.h..m]L.m...,k..I>......N..~...e.....k.uM8./po\....`]...yu..'Y...?#.4o..a.A..S..j..e<q.}.~...t.O.....H?z..k?J....f...~I..M~s.M...m.|..c...Y~...6.o..0. Z....We6....9.......zo.z..w........\..Rk.....K./..1..D........m.8....h:.l...w.t.0o?J0...h.,..............$=..._.....n.l..... ...F..3.V......U^.Ok]@.....K..b..>...o;..t`m....jZ..|t...Cj......y.[...v..Z...?.|..?......[..]..`.i..A.q..4m.....#.F|U,g..X.......I.'.."....z#.......h.......a..b.K.#L...k.M..-..&...6z..........;....8".F.....
GET /CmsThemes/Default/Images/X.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1569870/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:29:01 GMT
If-None-Match: "d0643b44c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "0c67198c6fd01:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 1076
Cache-Control: private, max-age=8981
Expires: Tue, 23 Dec 2014 23:33:52 GMT
Date: Tue, 23 Dec 2014 21:04:11 GMT
Connection: keep-alive
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:CBFD1020532511E199C4D6240585BDC2" xmpMM:DocumentID="xmp.did:CBFD1021532511E199C4D6240585BDC2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CBFD101E532511E199C4D6240585BDC2" stRef:documentID="xmp.did:CBFD101F532511E199C4D6240585BDC2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..q<....IDATx.b)--}...p..}.....i...2q u...2... v..F.$3.Z...@...$..&..%..i. ....@......... g5.[0@.j.ua ..T..._f@..0.L.6 N..EP....v.$..}.v.H;..v ....@.....w....`.uP(...@..*..........1.%>.d....IEND.B`.....
<<< skipped >>>
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1569870/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:29:01 GMT
If-None-Match: "67f82544c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "404a5898c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 3937
Cache-Control: private, max-age=8771
Expires: Tue, 23 Dec 2014 23:30:22 GMT
Date: Tue, 23 Dec 2014 21:04:11 GMT
Connection: keep-alive
.PNG........IHDR...............r.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:E4C0C980D870E111A2F7CE32BC247645" xmpMM:DocumentID="xmp.did:1D12B49752CE11E4A35AAE9F3918A442" xmpMM:InstanceID="xmp.iid:1D12B49652CE11E4A35AAE9F3918A442" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4A3B36E671AF11E1BCD6B8635898C9B3" stRef:documentID="xmp.did:4A3B36E771AF11E1BCD6B8635898C9B3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>o.a*....IDATx...k.e.A......{..........P.K..........*~.i.....i...V$...E.....Z.TJ.1..:*..m......*i..jn..;3.....]k.s..L.o".}~.a.9.O.e}.._{....i..,.... ...g...._..-... ..".=....qT.{9..,../..?}...}...~..=............G...~,....xi3..e.o..@...WB...4.. u....... ?.H.."<....Ey......W......,|.?~)....f..^;..W.........w.k7.1...z..^Q\Q........l./4...`.B..-....X..Kygy.....F.......u:.n&.....G.g.&...zvo...........hz...........hz.....v.y.&...zY.-..,L.......z.7.X...{...izvo..(.WU..7.....t...._.h..f..^;...,~.....r.......TWg.......k.V.......T..=f
<<< skipped >>>
GET /CmsThemes/Default/images/SmallLoader.gif HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1569870/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:29:01 GMT
If-None-Match: "d0643b44c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/gif
Last-Modified: Thu, 04 Dec 2014 13:29:01 GMT
ETag: "d0643b44c6fd01:0"
Cache-Control: private, max-age=8627
Expires: Tue, 23 Dec 2014 23:27:59 GMT
Date: Tue, 23 Dec 2014 21:04:12 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1569870/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "404a5898c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "404a5898c6fd01:0"
Cache-Control: private, max-age=8770
Expires: Tue, 23 Dec 2014 23:30:22 GMT
Date: Tue, 23 Dec 2014 21:04:12 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1569870/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "404a5898c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "404a5898c6fd01:0"
Cache-Control: private, max-age=8770
Expires: Tue, 23 Dec 2014 23:30:22 GMT
Date: Tue, 23 Dec 2014 21:04:12 GMT
Connection: keep-alive
POST / HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 2337
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "20876" , "json_send_time" : "2014-12-23.17:54:40:373" , "phase" : "InStartLoop" , "phase_type" : "technical" , "order" : "" , "result" : "Success" , "error_details" : "" , "phase_duration" : "7719" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "extra_details" : "" , "attempt_number" : "1" , "offer_id" : "" , "offer_suggestion_number" : "" , "installation_session_id" : "49deca54-7b41-4951-ba0d-e55cf038edeb" , "publisher_id" : "AfterDawn.com" , "publisher_internal_id" : "244" , "activated_by_stub" : "1" , "stub_version" : "1.3.9.0.140504.01" , "welcome_screen" : "0" ,"test_id":"44","group_id":"1", "publisher_account_id" : "A-4410674" , "channel_id" : "" , "machine_user_id" : "FXZ/RKL XW0KRSKYQZS7P1XAWA84/LVSSRISW8IEZO0WIRO4OGWJZXLA9ZKGQOLBMWLATTL7OAP8E LP9RINZA" , "bundle_id" : "c62722b7-da76-4ef0-adf0-9118edbfbf93" , "general_id" : "GID1238065" , "dm_version" : "1.4.0.4.141214.03" , "build_id" : "0000000000000000000000" , "mrs_id" : "24" , "mrs_file_version" : "Bayes_glm_only_current_comb
HTTP/1.1 202 Accepted
Date: Tue, 23 Dec 2014 21:04:16 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
HTTP/1.1 202 Accepted..Date: Tue, 23 Dec 2014 21:04:16 GMT..P3P: CP="NOI ADM DEV COM NAV OUR STP"..Server: Apache-Coyote/1.1..Content-Length: 0..Connection: keep-alive......
POST / HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 2268
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "20876" , "json_send_time" : "2014-12-23.17:54:41:44" , "phase" : "Android detection start" , "phase_type" : "regular" , "order" : "" , "result" : "Success" , "error_details" : "" , "phase_duration" : "671" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "download_url" : "" , "installation_session_id" : "49deca54-7b41-4951-ba0d-e55cf038edeb" , "publisher_id" : "AfterDawn.com" , "publisher_internal_id" : "244" , "activated_by_stub" : "1" , "stub_version" : "1.3.9.0.140504.01" , "welcome_screen" : "0" ,"test_id":"44","group_id":"1", "publisher_account_id" : "A-4410674" , "channel_id" : "" , "machine_user_id" : "FXZ/RKL XW0KRSKYQZS7P1XAWA84/LVSSRISW8IEZO0WIRO4OGWJZXLA9ZKGQOLBMWLATTL7OAP8E LP9RINZA" , "bundle_id" : "c62722b7-da76-4ef0-adf0-9118edbfbf93" , "general_id" : "GID1238065" , "dm_version" : "1.4.0.4.141214.03" , "build_id" : "0000000000000000000000" , "mrs_id" : "24" , "mrs_file_version" : "Bayes_glm_only_current_combinations_2014-12-23.csv" , "user_operating_system" : "Microsoft Windo
HTTP/1.1 202 Accepted
Date: Tue, 23 Dec 2014 21:04:17 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
....
POST / HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 2334
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "20876" , "json_send_time" : "2014-12-23.17:54:41:76" , "phase" : "StartingLoop" , "phase_type" : "technical" , "order" : "" , "result" : "Success" , "error_details" : "" , "phase_duration" : "0" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "extra_details" : "" , "attempt_number" : "1" , "offer_id" : "" , "offer_suggestion_number" : "" , "installation_session_id" : "49deca54-7b41-4951-ba0d-e55cf038edeb" , "publisher_id" : "AfterDawn.com" , "publisher_internal_id" : "244" , "activated_by_stub" : "1" , "stub_version" : "1.3.9.0.140504.01" , "welcome_screen" : "0" ,"test_id":"44","group_id":"1", "publisher_account_id" : "A-4410674" , "channel_id" : "" , "machine_user_id" : "FXZ/RKL XW0KRSKYQZS7P1XAWA84/LVSSRISW8IEZO0WIRO4OGWJZXLA9ZKGQOLBMWLATTL7OAP8E LP9RINZA" , "bundle_id" : "c62722b7-da76-4ef0-adf0-9118edbfbf93" , "general_id" : "GID1238065" , "dm_version" : "1.4.0.4.141214.03" , "build_id" : "0000000000000000000000" , "mrs_id" : "24" , "mrs_file_version" : "Bayes_glm_only_current_combina
HTTP/1.1 202 Accepted
Date: Tue, 23 Dec 2014 21:04:17 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
....
POST / HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 2781
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "20876" , "json_send_time" : "2014-12-23.17:54:41:107" , "phase" : "InitComplete" , "phase_type" : "regular" , "order" : "2.0" , "result" : "Success" , "error_details" : "" , "phase_duration" : "0" , "duration_details" : "EngineMgrCreated:828,BuildUserProfile:6656,retrieveCid:0,sendXML:0,xmlSent:16,startParse:391,endParse:15,StartOffersLoop:703,ValidateMO:0,NavigateFirstSlot:0,ReportInitComplete:0," , "general_status_code" : "1" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "offer_id" : "1572961" , "product_id" : "0" , "product_type" : "Publisher's Offer" , "product_id_version" : "" , "rule_id" : "465651" , "vector_id" : "466244" , "is_parallel" : "0" , "call_service_duration" : "407" , "navigate_mo_duration" : "MONavigationCompleted:1578," , "navigate_global_duration" : "GlobalNavigationCompleted:2110," , "attempt_number" : "1" , "installation_session_id" : "49deca54-7b41-4951-ba0d-e55cf038edeb" , "publisher_id" : "AfterDawn.com" , "publisher_internal_id" : "244" , "activated_by_stub" : "1" , "stub_version" : "1.3.9.0.140504.01" , "welcome_s
HTTP/1.1 202 Accepted
Date: Tue, 23 Dec 2014 21:04:17 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
....
POST / HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 2801
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "20876" , "json_send_time" : "2014-12-23.17:54:41:138" , "phase" : "OfferPresented" , "phase_type" : "regular" , "order" : "3.1" , "result" : "Success" , "error_details" : "" , "phase_duration" : "63" , "duration_details" : "" , "general_status_code" : "2" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "offer_suggestion_number" : "1" , "offer_presented_number" : "1" , "slot_number" : "1" , "position_in_slot" : "1" , "server_settings" : {"DownloadBrowser":"IE","CType":"-1","SearchProvider":"Bing","UserMode":"-1"} , "user_selection_settings" : "" , "condition_type" : "None" , "offer_type" : "Main" , "offer_id" : "1572961" , "root_offer_id" : "1572961" , "rule_id" : "465651" , "vector_id" : "466244" , "product_id" : "0" , "product_id_version" : "" , "product_type" : "Publisher's Offer" , "state" : "" , "installation_type" : "0" , "attempt_number" : "1" , "installation_session_id" : "49deca54-7b41-4951-ba0d-e55cf038edeb" , "publisher_id" : "AfterDawn.com" , "publisher_internal_id" : "244" , "activated_by_stub" : "1" , "stub_version" : "1.3.9.0.140
HTTP/1.1 202 Accepted
Date: Tue, 23 Dec 2014 21:04:18 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
....
POST / HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 2291
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "20876" , "json_send_time" : "2014-12-23.17:54:41:279" , "phase" : "ChromeError" , "phase_type" : "regular" , "order" : "" , "result" : "Error" , "error_details" : "error: did not found chrome full path" , "phase_duration" : "16" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "download_url" : "" , "installation_session_id" : "49deca54-7b41-4951-ba0d-e55cf038edeb" , "publisher_id" : "AfterDawn.com" , "publisher_internal_id" : "244" , "activated_by_stub" : "1" , "stub_version" : "1.3.9.0.140504.01" , "welcome_screen" : "0" ,"test_id":"44","group_id":"1", "publisher_account_id" : "A-4410674" , "channel_id" : "" , "machine_user_id" : "FXZ/RKL XW0KRSKYQZS7P1XAWA84/LVSSRISW8IEZO0WIRO4OGWJZXLA9ZKGQOLBMWLATTL7OAP8E LP9RINZA" , "bundle_id" : "c62722b7-da76-4ef0-adf0-9118edbfbf93" , "general_id" : "GID1238065" , "dm_version" : "1.4.0.4.141214.03" , "build_id" : "0000000000000000000000" , "mrs_id" : "24" , "mrs_file_version" : "Bayes_glm_only_current_combinations_2014-12-23.csv" , "user_operating_sys
HTTP/1.1 202 Accepted
Date: Tue, 23 Dec 2014 21:04:18 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
HTTP/1.1 202 Accepted..Date: Tue, 23 Dec 2014 21:04:18 GMT..P3P: CP="NOI ADM DEV COM NAV OUR STP"..Server: Apache-Coyote/1.1..Content-Length: 0..Connection: keep-alive..
GET /CmsThemes/Default/Images/-.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1569870/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "ac4d4d98c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "ac4d4d98c6fd01:0"
Cache-Control: private, max-age=8245
Expires: Tue, 23 Dec 2014 23:21:36 GMT
Date: Tue, 23 Dec 2014 21:04:11 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1569870/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:29:01 GMT
If-None-Match: "6f33944c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:29:01 GMT
ETag: "6f33944c6fd01:0"
Cache-Control: private, max-age=8982
Expires: Tue, 23 Dec 2014 23:33:53 GMT
Date: Tue, 23 Dec 2014 21:04:11 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1569870/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:29:01 GMT
If-None-Match: "c8592844c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "caa5998c6fd01:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 2726
Cache-Control: private, max-age=8246
Expires: Tue, 23 Dec 2014 23:21:37 GMT
Date: Tue, 23 Dec 2014 21:04:11 GMT
Connection: keep-alive
.PNG........IHDR...>.........$.=.....sRGB.........gAMA......a.....pHYs.......... ......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:257C616565E511E1B1E4ACFCC563EDC8" xmpMM:DocumentID="xmp.did:257C616665E511E1B1E4ACFCC563EDC8"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:257C616365E511E1B1E4ACFCC563EDC8" stRef:documentID="xmp.did:257C616465E511E1B1E4ACFCC563EDC8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...P....IDATx^...N#K.....%.@.......B.D..$`.3U..j.3.h0..%m..E.iW.'........ ..?.......<<<.......V..i..d...`....S......v... ....S.Y.....r.._677...F..>=~....8z.....yyy)......`~r.>u.s{{...............Y.>5z.......!|....l6 [[[-z..x.........j...o{j..................EN...O..:..#....2....O......S.Y.?.......S.g.>..]b..X75eV]s....!|.//...#|........S..........j!|...........j....\u...:'''.....;;;C.........UM...O...?OOO..........F...?.W...U....X.............%v....O..!|..../X.4.....!|.......!|.......!|.......!|.......!|.......!|.......!|
<<< skipped >>>
GET /CmsThemes/Default/Images/InstallationSuccessful.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1569870/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "e87a6698c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 2670
Cache-Control: private, max-age=8890
Expires: Tue, 23 Dec 2014 23:32:22 GMT
Date: Tue, 23 Dec 2014 21:04:12 GMT
Connection: keep-alive
.PNG........IHDR...#...".......`.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:F1E913D3555911E18CA7F85F751BB1C7" xmpMM:DocumentID="xmp.did:F1E913D4555911E18CA7F85F751BB1C7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F1E913D1555911E18CA7F85F751BB1C7" stRef:documentID="xmp.did:F1E913D2555911E18CA7F85F751BB1C7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>~. .....IDATx..W]l.U.>........t...V~.X ...I@HA.'~.D. .J4....o.V.&...X.B.E...M$}....l...o.P..g........w.eKA.....nw.....}.9.`.n....r.|?(J..7 .;.....`.,.a.8Op....O..f..*.m..... g..(.../.f0.E.......L..........Ru.r.....J.....`2..O..*8....@.....X...@|..@..,S..K.....P=.#..n....D.P..Y.x.:T.t.......Qv.n4..P6......x$.\....a.....#0}.W...y:.*.@.q...OJ.....pdIi..#9s.a...F..a....."P....H........].H....x4...O/.<.....h:.J<b)..[....y....|f.a.....cy a..#..K2.z~I..ZS....HM...[,Wj@..0..D.4a.d.HQ..?.sp...6.....g:....2#...X.V.,.@.S.<....)....%.....p.&......M....$.b.......I.>hI.O.c.6AW'....C<1..F[..
<<< skipped >>>
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1569870/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "404a5898c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:29:01 GMT
Accept-Ranges: bytes
ETag: "67f82544c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 3937
Cache-Control: private, max-age=8890
Expires: Tue, 23 Dec 2014 23:32:22 GMT
Date: Tue, 23 Dec 2014 21:04:12 GMT
Connection: keep-alive
.PNG........IHDR...............r.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:E4C0C980D870E111A2F7CE32BC247645" xmpMM:DocumentID="xmp.did:1D12B49752CE11E4A35AAE9F3918A442" xmpMM:InstanceID="xmp.iid:1D12B49652CE11E4A35AAE9F3918A442" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4A3B36E671AF11E1BCD6B8635898C9B3" stRef:documentID="xmp.did:4A3B36E771AF11E1BCD6B8635898C9B3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>o.a*....IDATx...k.e.A......{..........P.K..........*~.i.....i...V$...E.....Z.TJ.1..:*..m......*i..jn..;3.....]k.s..L.o".}~.a.9.O.e}.._{....i..,.... ...g...._..-... ..".=....qT.{9..,../..?}...}...~..=............G...~,....xi3..e.o..@...WB...4.. u....... ?.H.."<....Ey......W......,|.?~)....f..^;..W.........w.k7.1...z..^Q\Q........l./4...`.B..-....X..Kygy.....F.......u:.n&.....G.g.&...zvo...........hz...........hz.....v.y.&...zY.-..,L.......z.7.X...{...izvo..(.WU..7.....t...._.h..f..^;...,~.....r.......TWg.......k.V.......T..=f
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 742
Cache-Control: no-cache
{ "send_attempt" : "1" , "phase_type" : "technical" , "installation_session_id" : "49deca54-7b41-4951-ba0d-e55cf038edeb" , "json_send_time" : "2014-12-23.17:54:41:107" , "result" : "Success" , "error_details" : "" , "general_status_code" : "" , "phase" : "SmallStub_WaitForDMInitComplete" , "attempt_number" : "1" , "internal_error_number" : "" , "bundle_id" : "c62722b7-da76-4ef0-adf0-9118edbfbf93" , "stub_version" : "1.3.9.0.140504.01" , "publisher_internal_id" : "244" , "publisher_account_id" : "A-4410674" , "publisher_id" : "AfterDawn.com" , "download_url" : "hXXp://resolver.dmccint.com/DMResolver/ResolveByBundleID/" , "tracking_id" : "" , "file_name" : "%original file name%.exe" , "extra_data" : "" , "Is_Test" : "0" }
HTTP/1.1 202 Accepted
Date: Tue, 23 Dec 2014 21:04:17 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
....
POST / HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 731
Cache-Control: no-cache
{ "send_attempt" : "1" , "phase_type" : "regular" , "installation_session_id" : "49deca54-7b41-4951-ba0d-e55cf038edeb" , "json_send_time" : "2014-12-23.17:54:41:294" , "result" : "Success" , "error_details" : "" , "general_status_code" : "" , "phase" : "SmallStub_EndOfSession" , "attempt_number" : "1" , "internal_error_number" : "" , "bundle_id" : "c62722b7-da76-4ef0-adf0-9118edbfbf93" , "stub_version" : "1.3.9.0.140504.01" , "publisher_internal_id" : "244" , "publisher_account_id" : "A-4410674" , "publisher_id" : "AfterDawn.com" , "download_url" : "hXXp://resolver.dmccint.com/DMResolver/ResolveByBundleID/" , "tracking_id" : "" , "file_name" : "%original file name%.exe" , "extra_data" : "" , "Is_Test" : "0" }
HTTP/1.1 202 Accepted
Date: Tue, 23 Dec 2014 21:04:17 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
HTTP/1.1 202 Accepted..Date: Tue, 23 Dec 2014 21:04:17 GMT..P3P: CP="NOI ADM DEV COM NAV OUR STP"..Server: Apache-Coyote/1.1..Content-Length: 0..Connection: keep-alive..
Map
The Backdoor connects to the servers at the folowing location(s):
Strings from Dumps
DVD_Shrink_v3.2.0.15.exe_1596:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ndata
.ndata
.rsrc
.rsrc
@.reloc
@.reloc
RegDeleteKeyExW
RegDeleteKeyExW
Kernel32.DLL
Kernel32.DLL
PSAPI.DLL
PSAPI.DLL
%s=%s
%s=%s
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
GetAsyncKeyState
GetAsyncKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
SHFileOperationW
SHFileOperationW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegEnumKeyW
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
H#.Mx
H#.Mx
dWi7.wU
dWi7.wU
zcÃ
zcÃ
.?AVfsURL@@
.?AVfsURL@@
.?AVfsInternetURLFile@@
.?AVfsInternetURLFile@@
.?AVfsInternetURLFileDownloader@@
.?AVfsInternetURLFileDownloader@@
.?AVfsHttpFile@@
.?AVfsHttpFile@@
.?AVfsFtpConnection@@
.?AVfsFtpConnection@@
.?AVfsFtpFile@@
.?AVfsFtpFile@@
.?AVfsHttpConnection@@
.?AVfsHttpConnection@@
6'6,60646]6
6'6,60646]6
2(2F2i2
2(2F2i2
Thawte Certification1
Thawte Certification1
hXXp://ocsp.thawte.com0
hXXp://ocsp.thawte.com0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
hXXps://VVV.verisign.com/cps0
hXXps://VVV.verisign.com/cps0
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0q
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0q
hXXp://ocsp.verisign.com0;
hXXp://ocsp.verisign.com0;
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/rpa0
hXXps://VVV.verisign.com/rpa0
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://crl.verisign.com/pca3-g5.crl04
#hXXp://crl.verisign.com/pca3-g5.crl04
hXXp://ocsp.verisign.com0
hXXp://ocsp.verisign.com0
Nullsoft Install System v2.46.5-Unicode
Nullsoft Install System v2.46.5-Unicode
logging set to %d
logging set to %d
settings logging to %d
settings logging to %d
created uninstaller: %d, "%s"
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: success ("%s")
Exec: command="%s"
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack
Exch: stack
RMDir: "%s"
RMDir: "%s"
MessageBox: %d,"%s"
MessageBox: %d,"%s"
Delete: "%s"
Delete: "%s"
File: wrote %d to "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename failed: %s
Rename on reboot: %s
Rename on reboot: %s
Rename: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
SetFileAttributes: "%s":X
Sleep(%d)
Sleep(%d)
detailprint: %s
detailprint: %s
Call: %d
Call: %d
Aborting: "%s"
Aborting: "%s"
Jump: %d
Jump: %d
verifying installer: %d%%
verifying installer: %d%%
unpacking data: %d%%
unpacking data: %d%%
... %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
~nsu.tmp
install.log
install.log
%u.%u%s%s
%u.%u%s%s
Skipping section: "%s"
Skipping section: "%s"
Section: "%s"
Section: "%s"
New install of "%s" to "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
*?|/":
*?|/":
invalid registry key
invalid registry key
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
x%c
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
%s: failed opening file "%s"
LOCALS~1\Temp\nsaB4.tmp\webapphost.dll
LOCALS~1\Temp\nsaB4.tmp\webapphost.dll
n Data\Google\Chrome\User Data\Default
n Data\Google\Chrome\User Data\Default
=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsaB4.tmp\webapphost.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsaB4.tmp\webapphost.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsaB4.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsaB4.tmp
n\App Paths\IEXPLORE.EXE
n\App Paths\IEXPLORE.EXE
geDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
geDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
1.0.0.1
1.0.0.1
Download.dll
Download.dll
nsaB4.tmp
nsaB4.tmp
File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsaB4.tmp\webapphost.dll" (overwriteflag=1)
File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsaB4.tmp\webapphost.dll" (overwriteflag=1)
\webapphost.dll"
\webapphost.dll"
PLORE.EXE
PLORE.EXE
gle\Chrome\User Data\Default
gle\Chrome\User Data\Default
dleIDGuid=c62722b7-da76-4ef0-adf0-9118edbfbf93 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
dleIDGuid=c62722b7-da76-4ef0-adf0-9118edbfbf93 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
BundleIDGuid=c62722b7-da76-4ef0-adf0-9118edbfbf93 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
BundleIDGuid=c62722b7-da76-4ef0-adf0-9118edbfbf93 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
ByStub BundleIDGuid=c62722b7-da76-4ef0-adf0-9118edbfbf93 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
ByStub BundleIDGuid=c62722b7-da76-4ef0-adf0-9118edbfbf93 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
4-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
4-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\49deca54-7b41-4951-ba0d-e55cf038edeb\DVD_Shrink_v3.2.0.15.exe /ByStub BundleIDGuid=c62722b7-da76-4ef0-adf0-9118edbfbf93 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\49deca54-7b41-4951-ba0d-e55cf038edeb\DVD_Shrink_v3.2.0.15.exe /ByStub BundleIDGuid=c62722b7-da76-4ef0-adf0-9118edbfbf93 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\49deca54-7b41-4951-ba0d-e55cf038edeb
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\49deca54-7b41-4951-ba0d-e55cf038edeb
DVD_Shrink_v3.2.0.15.exe
DVD_Shrink_v3.2.0.15.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nspB2.tmp
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nspB2.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\49deca54-7b41-4951-ba0d-e55cf038edeb\DVD_Shrink_v3.2.0.15.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\49deca54-7b41-4951-ba0d-e55cf038edeb\DVD_Shrink_v3.2.0.15.exe
LORE.EXE
LORE.EXE
IEXPLORE.EXE
IEXPLORE.EXE
49deca54-7b41-4951-ba0d-e55cf038edeb
49deca54-7b41-4951-ba0d-e55cf038edeb
hXXp://ude.databssint.com
hXXp://ude.databssint.com
hXXp://engine.dmccint.com/DecisionEngine.ashx
hXXp://engine.dmccint.com/DecisionEngine.ashx
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico
Icons\icon.png
Icons\icon.png
c62722b7-da76-4ef0-adf0-9118edbfbf93
c62722b7-da76-4ef0-adf0-9118edbfbf93
AfterDawn.com
AfterDawn.com
1572961
1572961
hXXp://cms.dmccint.com/MainOffer/1569870/
hXXp://cms.dmccint.com/MainOffer/1569870/
DVD Shrink v3.2.0.15
DVD Shrink v3.2.0.15
Setup.exe
Setup.exe
hXXp://cms.dmccint.com/Global/GlobalPage/1569870/
hXXp://cms.dmccint.com/Global/GlobalPage/1569870/
hXXp://business.va.conduit.com/chrome/inline/instafeed/shell.html
hXXp://business.va.conduit.com/chrome/inline/instafeed/shell.html
6-4ef0-adf0-9118edbfbf93 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
6-4ef0-adf0-9118edbfbf93 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
ccmd.smc//:ptth=lrUegaPlabolG
ccmd.smc//:ptth=lrUegaPlabolG
1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
yStub BundleIDGuid=c62722b7-da76-4ef0-adf0-9118edbfbf93 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
yStub BundleIDGuid=c62722b7-da76-4ef0-adf0-9118edbfbf93 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
1.3.9.0.140504.01
1.3.9.0.140504.01
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsaB4.tmp\webapp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsaB4.tmp\webapp\
1989312
1989312
Bayes_glm_only_current_combinations_2014-12-23.csv
Bayes_glm_only_current_combinations_2014-12-23.csv
Microsoft Windows XP
Microsoft Windows XP
6.0.2900.5512
6.0.2900.5512
%Documents and Settings%\%current user%\Local Settings\Application Data
%Documents and Settings%\%current user%\Local Settings\Application Data
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default
/ByStub BundleIDGuid=c62722b7-da76-4ef0-adf0-9118edbfbf93 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
/ByStub BundleIDGuid=c62722b7-da76-4ef0-adf0-9118edbfbf93 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=49deca54-7b41-4951-ba0d-e55cf038edeb MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1569870/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=244 PublisherName=AfterDawn.com AcountId=A-4410674 MainOfferKey=1572961 MainOfferName=DVD Shrink v3.2.0.15 DynamicOfferCount=2 IsSilent=false Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1569870/ MOBrowserInline=false MOInstallationType=1 Fwd="test_id":"44","group_id":"1" IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsaB4.tmp\client_xml.xml
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsaB4.tmp\client_xml.xml
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsaB4.tmp\offer.xml
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsaB4.tmp\offer.xml
no_dynamic_main_offer_url_supported_in_this_version
no_dynamic_main_offer_url_supported_in_this_version
%Program Files%\Internet Explorer\iexplore.exe
%Program Files%\Internet Explorer\iexplore.exe
GenericDM.exe
GenericDM.exe
1.4.0.4.141214.03
1.4.0.4.141214.03
svchost.exe_1496:
.text
.text
`.data
`.data
.rsrc
.rsrc
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
RPCRT4.dll
RPCRT4.dll
NETAPI32.dll
NETAPI32.dll
ole32.dll
ole32.dll
ntdll.dll
ntdll.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
GetProcessHeap
GetProcessHeap
NtOpenKey
NtOpenKey
svchost.pdb
svchost.pdb
\PIPE\
\PIPE\
Software\Microsoft\Windows NT\CurrentVersion\Svchost
Software\Microsoft\Windows NT\CurrentVersion\Svchost
\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\
\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\
5.1.2600.5512 (xpsp.080413-2111)
5.1.2600.5512 (xpsp.080413-2111)
svchost.exe
svchost.exe
Windows
Windows
Operating System
Operating System
5.1.2600.5512
5.1.2600.5512