Backdoor.Win32.Farfli.FD, SearchProtectToolbar_pcap.YR (Lavasoft MAS)Behaviour: Backdoor
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 631b98cf4ca36cc609f5e1f61e011463
SHA1: 8145286c6db59500d61deacf10655285919ee57c
SHA256: 55e0600761aef392fec26d78917bb502a19ae0f96108c379ec298e93854c0880
SSDeep: 6144:Yz 92mhAMJ/cPl3izxhjDfuozlx/LVXHSPF0MfB:YK2mhAMJ/cPlUlfH7VXo
Size: 250368 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-06-09 16:19:49
Analyzed on: WindowsXPESX SP3 32-bit
Summary: Backdoor. Malware that enables a remote control of victim's machine.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Backdoor creates the following process(es):
wsmallstub.exe:1528
%original file name%.exe:1804
The Backdoor injects its code into the following process(es):
Your_Uninstaller.exe:1576
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process Your_Uninstaller.exe:1576 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\919447[1].htm (20416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\index[1].htm (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\1201760[1].htm (26835 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\manager\scripts\manager.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\manager\init.html (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\Success.htm (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\NoneSilentSuccess.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\DM_loader.gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\1199375[2].htm (24705 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB3.tmp (45350 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\nonadwords_trip[1].html (6038 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\InstallationSuccessful[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\manager\scripts\gplay.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\jquery.dotdotdot.min[1].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\proxy.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\BoxBgNew[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\PS_searchprotect[1].json (23728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\NextButton_Sprite wide[1].png (574 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\button[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\jquery.dotdotdot.min[2].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\manager\scripts\WebBrowser_embedded.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\CancelBG[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\index[1].html (373 bytes)
%System%\wbem\Logs\wbemprox.log (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\1199375[1].htm (22704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\manager\manager.html (328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\NextButton_Sprite-wide-grey[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\webapphost.dll (39329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\icon.png (431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\SmallLoader[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\certInlineLB.pfx (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\9ff4d7d9-e509-4157-9272-672e770a13c4[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\customframeapi[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\manager\scripts\sharedWorker.js (296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\X[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\nonadwords_trip[1].htm (3611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\manager\scripts\jquery-1.10.1.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\jquery.dotdotdot.min[4].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\WelcomeScreen.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\CancelBGGoogleDialog[1].png (64 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\NextButton_Sprite wide[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\2d5611a4-628a-4b0a-bb01-95750affa250[1].png (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\FDMClient.dll (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\jquery.dotdotdot.min[3].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\Failed.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\-[1].png (933 bytes)
The Backdoor deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130218\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013030120130302 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nslB2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130218 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\NextButton_Sprite wide[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013030120130302\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\index[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\nonadwords_trip[1].html (0 bytes)
The process wsmallstub.exe:1528 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\080914f4-46db-47a1-8d6d-2e1070d7fb1f\Your_Uninstaller.exe (3626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
The process %original file name%.exe:1804 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\icon.ico (3306 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\stub_settings.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wsmallstub.exe (2665 bytes)
The Backdoor deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wsmallstub.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\icon.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\__tmp_rar_sfx_access_check_1508703 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\stub_settings.xml (0 bytes)
Registry activity
The process Your_Uninstaller.exe:1576 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"WebBrowser_embedded.exe" = "6000"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014122420141225]
"CacheLimit" = "8192"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014122420141225]
"CacheOptions" = "11"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014122420141225]
"CacheRepair" = "0"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "Your_Uninstaller.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c14c4f6-74da-11e2-81b0-000c29ec7fc5}]
"BaseClass" = "Drive"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014122420141225]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014122420141225\"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1330111199"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014122420141225]
"CachePrefix" = ":2014122420141225:"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D B7 C9 08 CA 3E CB 25 CF 2F DA 82 73 E9 BB 22"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Your_Uninstaller.exe" = "6000"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Backdoor deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013030120130302]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021120130218]
The Backdoor deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process wsmallstub.exe:1528 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 FD B0 9A AB E8 46 35 38 9C 29 F1 3D D9 2C BB"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Backdoor deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process %original file name%.exe:1804 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 41 E1 E9 06 1B 92 F6 E6 10 62 5D 44 C2 2C 5D"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c14c4f6-74da-11e2-81b0-000c29ec7fc5}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0]
"wsmallstub.exe" = "wsmallstub"
The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Dropped PE files
MD5 | File path |
---|---|
7ce9c717ec8ff8d1c38d97d436189b53 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\080914f4-46db-47a1-8d6d-2e1070d7fb1f\Your_Uninstaller.exe |
dd4b2762aa7ddc1314bbbdb42640aa20 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsvB4.tmp\FDMClient.dll |
62008374a494afeea2ee2ae9eee4c8c0 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsvB4.tmp\System.dll |
07f09c1bf361f757675b77320a08506c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsvB4.tmp\manager\scripts\WebBrowser_embedded.exe |
f64b71ab811b25b1cd2fe801449af25c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsvB4.tmp\webapphost.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
wsmallstub.exe:1528
%original file name%.exe:1804 - Delete the original Backdoor file.
- Delete or disinfect the following files created/modified by the Backdoor:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\919447[1].htm (20416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\index[1].htm (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\1201760[1].htm (26835 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\manager\scripts\manager.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\manager\init.html (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\Success.htm (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\NoneSilentSuccess.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\DM_loader.gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\1199375[2].htm (24705 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsaB3.tmp (45350 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\nonadwords_trip[1].html (6038 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\InstallationSuccessful[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\manager\scripts\gplay.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\jquery.dotdotdot.min[1].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\proxy.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\BoxBgNew[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\PS_searchprotect[1].json (23728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\NextButton_Sprite wide[1].png (574 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\button[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\jquery.dotdotdot.min[2].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\manager\scripts\WebBrowser_embedded.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\CancelBG[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\index[1].html (373 bytes)
%System%\wbem\Logs\wbemprox.log (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\1199375[1].htm (22704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\manager\manager.html (328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\NextButton_Sprite-wide-grey[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\webapphost.dll (39329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\icon.png (431 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\SmallLoader[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\certInlineLB.pfx (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\9ff4d7d9-e509-4157-9272-672e770a13c4[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\customframeapi[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\manager\scripts\sharedWorker.js (296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\X[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\nonadwords_trip[1].htm (3611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\manager\scripts\jquery-1.10.1.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\jquery.dotdotdot.min[4].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\WelcomeScreen.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\KP27CLYF\CancelBGGoogleDialog[1].png (64 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\NextButton_Sprite wide[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CHEZ8TER\2d5611a4-628a-4b0a-bb01-95750affa250[1].png (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\FDMClient.dll (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O167C5I7\jquery.dotdotdot.min[3].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsvB4.tmp\Failed.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S96BCDQ7\-[1].png (933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\080914f4-46db-47a1-8d6d-2e1070d7fb1f\Your_Uninstaller.exe (3626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\icon.ico (3306 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\stub_settings.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wsmallstub.exe (2665 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name: 1.3.9.0.140504.0
Product Version: 1.3.9.
Legal Copyright: (c) 2014 ClientConnect Ltd
Legal Trademarks:
Original Filename: Your_Uninstaller.ex
Internal Name: Your_Uninstaller.ex
File Version: 1.3.9.
File Description: Setup.ex
Comments:
Language: English (United States)
Company Name: Product Name: 1.3.9.0.140504.0Product Version: 1.3.9.Legal Copyright: (c) 2014 ClientConnect LtdLegal Trademarks: Original Filename: Your_Uninstaller.exInternal Name: Your_Uninstaller.exFile Version: 1.3.9.File Description: Setup.exComments: Language: English (United States)
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 74526 | 74752 | 4.54396 | a8692f5ba740240ef0f9a827376f76f9 |
.rdata | 81920 | 7445 | 7680 | 3.46159 | d4f36accffde0bf520f52486679ccf0d |
.data | 90112 | 96036 | 512 | 2.46008 | b6c7edb5b7fec47a37a622cc5d71f3f4 |
.CRT | 188416 | 32 | 512 | 0.273198 | 439411041ee0b8261668525c5c132cd9 |
.rsrc | 192512 | 38164 | 38400 | 4.05087 | 2be43a53ce9007d251b1f780a86a734d |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 12
f63cfb64d561a27b92ed1383bf8a3145
7ab081c06a806d95715df0140ebf76c0
21540415bebf1bf7b81ba130b1f2f02e
f22ba2f920421decdb1d5eccaeec39ce
db023753606cff3a27bdc934d8b86883
9b1854447ee59987586123985065578f
37b459b0abd85680d80762dd4907a7fb
a1baad9b4e14d667ef4ab3684cbe3de2
4b0746c82b8f5852e37d12ddc3dd1f3d
f96871ecc110019f18c71dfb7dbcc021
944c10805faf474679503608b7a606de
21a1f9dbfbf7b5cb473761b6ef5062a9
Network Activity
URLs
URL | IP |
---|---|
hxxp://23.21.214.196/ | |
hxxp://e8210.g.akamaiedge.net/MainOffer/1199375/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141214.03&IsSmartCustomFrame=true&Language=None | |
hxxp://e8210.g.akamaiedge.net/Global/GlobalPage/1199375/?Language=None&Welcome=true | |
hxxp://e8210.g.akamaiedge.net/Js/jquery.dotdotdot.min.js?fid=1201545 | |
hxxp://e8210.g.akamaiedge.net/Js/jquery.dotdotdot.min.js?fid=1201545GlobalPage | |
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/X.png | |
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/-.png | |
hxxp://e8210.g.akamaiedge.net///img/offers/r_db/r_bc/2d5611a4-628a-4b0a-bb01-95750affa250.png | |
hxxp://e8210.g.akamaiedge.net///img/Logos/r_41/r_27/9ff4d7d9-e509-4157-9272-672e770a13c4.png | |
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/BoxBgNew.png | |
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png | |
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/button.png | |
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/CancelBG.png | |
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/images/SmallLoader.gif | |
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/InstallationSuccessful.png | |
hxxp://engine.va.dmccint.com/DecisionEngine.ashx | |
hxxp://ec2-23-21-214-196.compute-1.amazonaws.com/ | |
hxxp://e8210.g.akamaiedge.net/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None | |
hxxp://e8210.g.akamaiedge.net/DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None | |
hxxp://e8210.g.akamaiedge.net/Js/jquery.dotdotdot.min.js?fid=1201760 | |
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/NextButton_Sprite wide.png | |
hxxp://e6652.g.akamaiedge.net/ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie | |
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/CancelBGGoogleDialog.png | |
hxxp://e8210.g.akamaiedge.net/Js/jquery.dotdotdot.min.js?fid=919447 | |
hxxp://e6652.g.akamaiedge.net/ps/OptimizerPro/offerscreen/global/1/index.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie | |
hxxp://a1128.g1.akamai.net/customoffers/customframeapi.js | |
hxxp://e6652.g.akamaiedge.net/LMS/PS_searchprotect/PS_searchprotect.json | |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/CancelBG.png | 23.209.104.116 |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/CancelBGGoogleDialog.png | 23.209.104.116 |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/button.png | 23.209.104.116 |
hxxp://engine.dmccint.com/DecisionEngine.ashx | 199.101.114.147 |
hxxp://dehosting.dmccint.com/customoffers/customframeapi.js | 184.84.243.64 |
hxxp://ude.databssint.com/ | |
hxxp://cms.dmccint.com/Js/jquery.dotdotdot.min.js?fid=1201545 | 23.209.104.116 |
hxxp://cms.dmccint.com/CmsThemes/Default/images/SmallLoader.gif | 23.209.104.116 |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/-.png | 23.209.104.116 |
hxxp://cms.dmccint.com/Js/jquery.dotdotdot.min.js?fid=1201760 | 23.209.104.116 |
hxxp://cmsstorage.dmccint.com///img/Logos/r_41/r_27/9ff4d7d9-e509-4157-9272-672e770a13c4.png | 23.209.104.116 |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png | 23.209.104.116 |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/BoxBgNew.png | 23.209.104.116 |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/X.png | 23.209.104.116 |
hxxp://storage.stgbssint.com/ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie | 23.209.100.223 |
hxxp://cms.dmccint.com/Global/GlobalPage/1199375/?Language=None&Welcome=true | 23.209.104.116 |
hxxp://storage.stgbssint.com/ps/OptimizerPro/offerscreen/global/1/index.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie | 23.209.100.223 |
hxxp://storage.stgbssint.com/LMS/PS_searchprotect/PS_searchprotect.json | 23.209.100.223 |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/NextButton_Sprite wide.png | 23.209.104.116 |
hxxp://cms.dmccint.com/CmsThemes/Default/Images/InstallationSuccessful.png | 23.209.104.116 |
hxxp://cms.dmccint.com/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None | 23.209.104.116 |
hxxp://cms.dmccint.com/MainOffer/1199375/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141214.03&IsSmartCustomFrame=true&Language=None | 23.209.104.116 |
hxxp://cms.dmccint.com/Js/jquery.dotdotdot.min.js?fid=1201545GlobalPage | 23.209.104.116 |
hxxp://cms.dmccint.com/Js/jquery.dotdotdot.min.js?fid=919447 | 23.209.104.116 |
hxxp://cmsstorage.dmccint.com///img/offers/r_db/r_bc/2d5611a4-628a-4b0a-bb01-95750affa250.png | 23.209.104.116 |
hxxp://cms.dmccint.com/DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None | 23.209.104.116 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1199375/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "404a5898c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "404a5898c6fd01:0"
Cache-Control: private, max-age=8752
Expires: Wed, 24 Dec 2014 09:50:46 GMT
Date: Wed, 24 Dec 2014 07:24:54 GMT
Connection: keep-alive
....
GET /DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 174707
Cache-Control: private, max-age=18000
Expires: Wed, 24 Dec 2014 12:24:58 GMT
Date: Wed, 24 Dec 2014 07:24:58 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html> <![endif]-->..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. <meta charset="utf-8" />.. .. <title>installation</title>.. <style>./* =============================================================================.. HTML5 Boilerplate CSS: h5bp.com/css.. ========================================================================== */..article, aside, details, figcaption, figure, footer, header, hgroup, nav, section { display: block; }..audio, canvas, video { display: inline-block; *display: inline; *zoom: 1; }..audio:not([controls]) { display: none; }..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, select, textarea { font-family: sans-serif; color: #222; }..body { margin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-shadow: none; }..::selection { text-shadow: none; }..a { color: #00e; outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..a:focus { outline: none ; }..a:hover, a:active { outline: none;border: none; }...ie7 a:focus, *:focus {.. noFocusLine: expression(th
<<< skipped >>>
GET /Js/jquery.dotdotdot.min.js?fid=1201760 HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Thu, 04 Dec 2014 13:31:23 GMT
Accept-Ranges: bytes
ETag: "be63c598c6fd01:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 6149
Cache-Control: private, max-age=18000
Expires: Wed, 24 Dec 2014 12:24:58 GMT
Date: Wed, 24 Dec 2014 07:24:58 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.www.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dual licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_License. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.empty();for(var i=0,d=r.length;d>i;i ){var l=r.eq(i);if(t.append(l),n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}function r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgroup, option, textarea, script, style",u="script, .dotdotdot-keep";return e.contents().detach().each(function(){var f=this,h=t(f);if("undefined"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"append"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.detach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];if(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLetter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).join(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.length&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>
GET /CmsThemes/Default/Images/-.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "ac4d4d98c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "ac4d4d98c6fd01:0"
Cache-Control: private, max-age=8083
Expires: Wed, 24 Dec 2014 09:39:41 GMT
Date: Wed, 24 Dec 2014 07:24:58 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "404a5898c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "404a5898c6fd01:0"
Cache-Control: private, max-age=8748
Expires: Wed, 24 Dec 2014 09:50:46 GMT
Date: Wed, 24 Dec 2014 07:24:58 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "10ce6d98c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "10ce6d98c6fd01:0"
Cache-Control: private, max-age=7785
Expires: Wed, 24 Dec 2014 09:34:43 GMT
Date: Wed, 24 Dec 2014 07:24:58 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/NextButton_Sprite wide.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:29:01 GMT
Accept-Ranges: bytes
ETag: "ea23644c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 2779
Cache-Control: private, max-age=9683
Expires: Wed, 24 Dec 2014 10:06:21 GMT
Date: Wed, 24 Dec 2014 07:24:58 GMT
Connection: keep-alive
.PNG........IHDR.......}........R....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:72B2EB22C3E111E3AEC3EB792256C508" xmpMM:DocumentID="xmp.did:72B2EB23C3E111E3AEC3EB792256C508"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72B2EB20C3E111E3AEC3EB792256C508" stRef:documentID="xmp.did:72B2EB21C3E111E3AEC3EB792256C508"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.x.I...MIDATx....k]i...s..i..j....n.bq.2.c.Zq....("..A......tQ.S..8. h..af1.....f3.XZ.J[.T.i3.Mnnn.9..7..L.].C.......dw6_....v..y=E=y...P.)........s..........#UU.8_.4A..k.Vk...{..........b......w....,.E./.3.@..e....G..];z......f....34...v[...H1....g......'.......bss.H......699y...^..0...TU....h.V ..x.sOL.?r..@JYX...:4...$...?!.@.. .B......t&.H3.KM..d.... ..... ..... .&(..H6..C.H5..C....@...T.... ..... ..... .&(..H6..C.H5..C.H...A.. ..............4B0....,g....,..n..;......G.|r........r.1..o..b..........mp.)...B.u....l......../.\..`~~......P...C{.... ..Fh.W/].t....7..N,.1....'..D..z..c.......
<<< skipped >>>
GET /CmsThemes/Default/Images/CancelBGGoogleDialog.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "e8b65c98c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 6035
Cache-Control: private, max-age=12291
Expires: Wed, 24 Dec 2014 10:49:49 GMT
Date: Wed, 24 Dec 2014 07:24:58 GMT
Connection: keep-alive
.PNG........IHDR...J...1.............sRGB.........gAMA......a.....pHYs.......... ......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:257C616565E511E1B1E4ACFCC563EDC8" xmpMM:DocumentID="xmp.did:257C616665E511E1B1E4ACFCC563EDC8"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:257C616365E511E1B1E4ACFCC563EDC8" stRef:documentID="xmp.did:257C616465E511E1B1E4ACFCC563EDC8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...P....IDATx^...N....P...L.).A(...A."1...$<rcK...r....] .E. 8.^..[......o........ @.7.u&... @......(J..... @...'...^z....puu5...c........cmmm:.#@.......g......{..u>|.0.....?~.......i..........(JQ^... @....,p......pyy9lnn.....1_z./....^;..... @`...x....v:nnn....aooo..(J..I...SI...W.....F.......u..OBz.(.%i>.....*........ @.............p}}=lmmMg.......O.9...../&@..............|.m.@............79.....8..... . .8.t||<.A.[.|Vi>.4~}..%g.z.... @...6......J....F..l.........y".W....\..O.-?t..N..... @`...o..K.|.m,J.1.%..V..!-..... .........
<<< skipped >>>
GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "caa5998c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "caa5998c6fd01:0"
Cache-Control: private, max-age=8842
Expires: Wed, 24 Dec 2014 09:52:20 GMT
Date: Wed, 24 Dec 2014 07:24:58 GMT
Connection: keep-alive
....
GET /Js/jquery.dotdotdot.min.js?fid=919447 HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 04 Dec 2014 13:31:23 GMT
Accept-Ranges: bytes
ETag: "be63c598c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 6149
Cache-Control: private, max-age=10551
Expires: Wed, 24 Dec 2014 10:20:50 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.www.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dual licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_License. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.empty();for(var i=0,d=r.length;d>i;i ){var l=r.eq(i);if(t.append(l),n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}function r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgroup, option, textarea, script, style",u="script, .dotdotdot-keep";return e.contents().detach().each(function(){var f=this,h=t(f);if("undefined"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"append"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.detach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];if(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLetter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).join(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.length&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>
GET /CmsThemes/Default/Images/BoxBgNew.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "524e5698c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "524e5698c6fd01:0"
Cache-Control: private, max-age=8841
Expires: Wed, 24 Dec 2014 09:52:20 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/X.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "0c67198c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "0c67198c6fd01:0"
Cache-Control: private, max-age=7784
Expires: Wed, 24 Dec 2014 09:34:43 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "10ce6d98c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "10ce6d98c6fd01:0"
Cache-Control: private, max-age=7784
Expires: Wed, 24 Dec 2014 09:34:43 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/CancelBGGoogleDialog.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "e8b65c98c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "e8b65c98c6fd01:0"
Cache-Control: private, max-age=12290
Expires: Wed, 24 Dec 2014 10:49:49 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "caa5998c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "caa5998c6fd01:0"
Cache-Control: private, max-age=8841
Expires: Wed, 24 Dec 2014 09:52:20 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/BoxBgNew.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "524e5698c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "524e5698c6fd01:0"
Cache-Control: private, max-age=8841
Expires: Wed, 24 Dec 2014 09:52:20 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
GET /MainOffer/1199375/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141214.03&IsSmartCustomFrame=true&Language=None HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 174148
Cache-Control: private, max-age=18000
Expires: Wed, 24 Dec 2014 12:24:51 GMT
Date: Wed, 24 Dec 2014 07:24:51 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html> <![endif]-->..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. <meta charset="utf-8" />.. .. <title>installation</title>.. <style>./* =============================================================================.. HTML5 Boilerplate CSS: h5bp.com/css.. ========================================================================== */..article, aside, details, figcaption, figure, footer, header, hgroup, nav, section { display: block; }..audio, canvas, video { display: inline-block; *display: inline; *zoom: 1; }..audio:not([controls]) { display: none; }..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, select, textarea { font-family: sans-serif; color: #222; }..body { margin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-shadow: none; }..::selection { text-shadow: none; }..a { color: #00e; outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..a:focus { outline: none ; }..a:hover, a:active { outline: none;border: none; }...ie7 a:focus, *:focus {.. noFocusLine: expression(th
<<< skipped >>>
GET /Js/jquery.dotdotdot.min.js?fid=1201545 HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/1199375/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141214.03&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 04 Dec 2014 13:31:23 GMT
Accept-Ranges: bytes
ETag: "be63c598c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 6149
Cache-Control: private, max-age=17952
Expires: Wed, 24 Dec 2014 12:24:04 GMT
Date: Wed, 24 Dec 2014 07:24:52 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.www.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dual licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_License. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.empty();for(var i=0,d=r.length;d>i;i ){var l=r.eq(i);if(t.append(l),n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}function r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgroup, option, textarea, script, style",u="script, .dotdotdot-keep";return e.contents().detach().each(function(){var f=this,h=t(f);if("undefined"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"append"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.detach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];if(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLetter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).join(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.length&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>
GET /CmsThemes/Default/Images/X.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/1199375/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141214.03&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "0c67198c6fd01:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 1076
Cache-Control: private, max-age=7791
Expires: Wed, 24 Dec 2014 09:34:43 GMT
Date: Wed, 24 Dec 2014 07:24:52 GMT
Connection: keep-alive
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:CBFD1020532511E199C4D6240585BDC2" xmpMM:DocumentID="xmp.did:CBFD1021532511E199C4D6240585BDC2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CBFD101E532511E199C4D6240585BDC2" stRef:documentID="xmp.did:CBFD101F532511E199C4D6240585BDC2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..q<....IDATx.b)--}...p..}.....i...2q u...2... v..F.$3.Z...@...$..&..%..i. ....@......... g5.[0@.j.ua ..T..._f@..0.L.6 N..EP....v.$..}.v.H;..v ....@.....w....`.uP(...@..*..........1.%>.d....IEND.B`.....
<<< skipped >>>
GET /CmsThemes/Default/Images/BoxBgNew.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/1199375/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141214.03&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "524e5698c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 5182
Cache-Control: private, max-age=8848
Expires: Wed, 24 Dec 2014 09:52:20 GMT
Date: Wed, 24 Dec 2014 07:24:52 GMT
Connection: keep-alive
.PNG........IHDR...[...G......9......pHYs................OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE...........Q,......!.........{.k........>...........H3Q5...B..........@..$p....d!s.#...~<< ".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I. .6a.a.@..y..2.4..............x.....6..._-...."bb.....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<......$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?....D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/.@.4.Qh..p...U..=p..a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9., .......3...!.[..b@q..S.(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._... .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).)..4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC].@C.a.a......<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>
GET /CmsThemes/Default/images/SmallLoader.gif HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/1199375/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141214.03&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "ce177098c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1504
Cache-Control: private, max-age=7790
Expires: Wed, 24 Dec 2014 09:34:43 GMT
Date: Wed, 24 Dec 2014 07:24:53 GMT
Connection: keep-alive
GIF89a.........................v.....5..d..e..........................{......................................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 "> <rdf:RDF xmlns:rdf="hXXp://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="A5EDB964567077337C8E54A0BBE35981" xmpMM:DocumentID="xmp.did:861DE9F12C2811E484A994AD54106D49" xmpMM:InstanceID="xmp.iid:861DE9F02C2811E484A994AD54106D49" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:df987947-01f7-4167-b08b-2878b7f29ca6" stRef:documentID="adobe:docid:photoshop:b746f760-73f3-1177-8ee4-c7825aacab4e"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .................................!.......,..........D`28Ga\.PA.......e3..L.UU:....Q..XCh.(...-.Z.....v..v._0\Q.J'.a.z.....!.......,..........4.PA..]h28Ga,.eU.z.T..M,K6G..@.d. J.C.d4.N. .J'.b.2...!.......,..........4.PA..]h28Ga,.eU.z.T..M,K6G
<<< skipped >>>
GET /CmsThemes/Default/Images/-.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1199375/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "ac4d4d98c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "ac4d4d98c6fd01:0"
Cache-Control: private, max-age=8088
Expires: Wed, 24 Dec 2014 09:39:41 GMT
Date: Wed, 24 Dec 2014 07:24:53 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1199375/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "caa5998c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "caa5998c6fd01:0"
Cache-Control: private, max-age=8847
Expires: Wed, 24 Dec 2014 09:52:20 GMT
Date: Wed, 24 Dec 2014 07:24:53 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/images/SmallLoader.gif HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1199375/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "ce177098c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/gif
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "ce177098c6fd01:0"
Cache-Control: private, max-age=7790
Expires: Wed, 24 Dec 2014 09:34:43 GMT
Date: Wed, 24 Dec 2014 07:24:53 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1199375/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "404a5898c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "404a5898c6fd01:0"
Cache-Control: private, max-age=8753
Expires: Wed, 24 Dec 2014 09:50:46 GMT
Date: Wed, 24 Dec 2014 07:24:53 GMT
Connection: keep-alive
GET ///img/offers/r_db/r_bc/2d5611a4-628a-4b0a-bb01-95750affa250.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/1199375/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141214.03&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sun, 09 Mar 2014 10:05:22 GMT
Accept-Ranges: bytes
ETag: "d6b2ad157f3bcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 41495
Cache-Control: private, max-age=18000
Expires: Wed, 24 Dec 2014 12:24:52 GMT
Date: Wed, 24 Dec 2014 07:24:52 GMT
Connection: keep-alive
.PNG........IHDR.............?.......sRGB.........gAMA......a.....pHYs.......... ......tEXtSoftware.Adobe ImageReadyq.e<....IDATx^..w...u...4/_..........@...=H.n...i...hc'b.....cwB.....r.`HK.V$A/. A.....UU......e..s...|...*]uW.}^.......c..U-..}.r(.....-.............#....---YUU....Xmm...i.d2...h...~.s...~..po.}a.$.......3<........9f.Yg.r....`uuuI08f.1.p .........T__o;w....x........a......q.?y....q......a...:knn...&gb.5j{.}.A.#.`d|.....V.........|....)......|............}X../...4:........00.. .n...v..m...%..m*.JR..@......"_.ehh..#,..."..A...?n...w.!.....}aH.2.X..]r<}...<h`.:..o.>g......].....M.QX .ONN...Wmbb..\.b...~..Bl....n..O<a.<....}...~.......^....&........u....C.. 3.....J..y.-..f..I.r.X...A;u......>.bUc..}.Q/.......C(....1..h..g..{...{q..A..^g.[5?A..L.......v...9s..{\(b..9...g.uKG,...j.C!..1..hK.. ...p.h.A......6...9.Z..G.P..#.X....."..........~...h...?....D..?}.....p.p...*......Ah...$YKLp.Cy....b.,#t...AA.....?...nT|..~.hr;......&.../..c..........9.B@.P...d.u..Y.w..,...k....0<...n=iD..3.....0...!8z....0=...=.....'......Y.U............}.#.@(P&...U(~ ..".[.ZO....8.B@%F(..~...v.Y.\(....:w...W.\...O4.@..4x...1.Bp..q7.h.....zf#DW.}..=T..........{b.,n......g.....z..7......a.h...c..C.~.]..Bd...]".c......w.......F. .>.'...$*..".9A1csb[9..%.<T....(b.:#...e.$...t.O..~ ..k...M.....{.5.....o..."...O.e....W.A....:..=#.h!..z.1.h#L4cn..-....B.rB...A8..CAa.....R..'...c.8...I. ..@d.....H....~.....ub4-u.....i..R.....w..............0cj..L.n......s ....H^...{..XQ...../.V....(.wD.....q_...NXoF.
<<< skipped >>>
GET ///img/Logos/r_41/r_27/9ff4d7d9-e509-4157-9272-672e770a13c4.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1199375/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Sun, 09 Mar 2014 09:08:21 GMT
If-None-Match: "9e6f411e773bcf1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Sun, 09 Mar 2014 09:08:21 GMT
ETag: "9e6f411e773bcf1:0"
Cache-Control: private, max-age=17999
Expires: Wed, 24 Dec 2014 12:24:52 GMT
Date: Wed, 24 Dec 2014 07:24:53 GMT
Connection: keep-alive
....
GET ///img/Logos/r_41/r_27/9ff4d7d9-e509-4157-9272-672e770a13c4.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Sun, 09 Mar 2014 09:08:21 GMT
If-None-Match: "9e6f411e773bcf1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Sun, 09 Mar 2014 09:08:21 GMT
ETag: "9e6f411e773bcf1:0"
Cache-Control: private, max-age=17993
Expires: Wed, 24 Dec 2014 12:24:52 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
POST / HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 543
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "dm_version" : "1.4.0.4.141214.03" , "tracking_id" : "" , "json_send_time" : "2014-12-24.4:15:12:982" , "phase" : "Init" , "phase_type" : "regular" , "attempt_number" : "1" , "bundle_id" : "5a97c212-9d8d-4368-bcfc-7f7b8f3c3752" , "Is_Test" : "0" , "installation_session_id" : "080914f4-46db-47a1-8d6d-2e1070d7fb1f" , "publisher_id" : "URSoftware" , "publisher_internal_id" : "265" , "publisher_account_id" : "A-3330836" , "activated_by_stub" : "1" , "sln" : "29566" , "welcome_screen" : "0" }
HTTP/1.1 202 Accepted
Date: Wed, 24 Dec 2014 07:24:50 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
....
POST / HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 587
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "29566" , "json_send_time" : "2014-12-24.4:15:13:638" , "phase" : "AfterNavM" , "phase_type" : "technical" , "order" : "" , "result" : "Success" , "error_details" : "" , "phase_duration" : "" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "extra_details" : "" , "attempt_number" : "1" , "offer_id" : "" , "offer_suggestion_number" : "" }
HTTP/1.1 202 Accepted
Date: Wed, 24 Dec 2014 07:24:50 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
HTTP/1.1 202 Accepted..Date: Wed, 24 Dec 2014 07:24:50 GMT..P3P: CP="NOI ADM DEV COM NAV OUR STP"..Server: Apache-Coyote/1.1..Content-Length: 0..Connection: keep-alive......
POST / HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 2296
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "29566" , "json_send_time" : "2014-12-24.4:15:20:779" , "phase" : "InStartLoop" , "phase_type" : "technical" , "order" : "" , "result" : "Success" , "error_details" : "" , "phase_duration" : "7797" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "extra_details" : "" , "attempt_number" : "1" , "offer_id" : "" , "offer_suggestion_number" : "" , "installation_session_id" : "080914f4-46db-47a1-8d6d-2e1070d7fb1f" , "publisher_id" : "URSoftware" , "publisher_internal_id" : "265" , "activated_by_stub" : "1" , "stub_version" : "1.3.9.0.140504.01" , "welcome_screen" : "0", "publisher_account_id" : "A-3330836" , "channel_id" : "" , "machine_user_id" : "UPGGLP21ORZ3K5EA1X5F8YY1XNO5CI7N2QS4BF5DK6RX28AKIE0Z6STDXVY7DY/DBVFM8OXVWIBS0XSQ8FJ5NG" , "bundle_id" : "5a97c212-9d8d-4368-bcfc-7f7b8f3c3752" , "general_id" : "GID879506" , "dm_version" : "1.4.0.4.141214.03" , "build_id" : "0000000000000000000000" , "mrs_id" : "26" , "mrs_file_version" : "Naive_recommender_Bayesian_adjust_2014-12-24.csv" , "user_opera
HTTP/1.1 202 Accepted
Date: Wed, 24 Dec 2014 07:24:57 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
....
POST / HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 2228
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "29566" , "json_send_time" : "2014-12-24.4:15:21:310" , "phase" : "Android detection start" , "phase_type" : "regular" , "order" : "" , "result" : "Success" , "error_details" : "" , "phase_duration" : "531" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "download_url" : "" , "installation_session_id" : "080914f4-46db-47a1-8d6d-2e1070d7fb1f" , "publisher_id" : "URSoftware" , "publisher_internal_id" : "265" , "activated_by_stub" : "1" , "stub_version" : "1.3.9.0.140504.01" , "welcome_screen" : "0", "publisher_account_id" : "A-3330836" , "channel_id" : "" , "machine_user_id" : "UPGGLP21ORZ3K5EA1X5F8YY1XNO5CI7N2QS4BF5DK6RX28AKIE0Z6STDXVY7DY/DBVFM8OXVWIBS0XSQ8FJ5NG" , "bundle_id" : "5a97c212-9d8d-4368-bcfc-7f7b8f3c3752" , "general_id" : "GID879506" , "dm_version" : "1.4.0.4.141214.03" , "build_id" : "0000000000000000000000" , "mrs_id" : "26" , "mrs_file_version" : "Naive_recommender_Bayesian_adjust_2014-12-24.csv" , "user_operating_system" : "Microsoft Windows XP" , "user_service_pack" : "3.0"
HTTP/1.1 202 Accepted
Date: Wed, 24 Dec 2014 07:24:57 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
....
POST / HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 2294
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "29566" , "json_send_time" : "2014-12-24.4:15:21:341" , "phase" : "StartingLoop" , "phase_type" : "technical" , "order" : "" , "result" : "Success" , "error_details" : "" , "phase_duration" : "0" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "extra_details" : "" , "attempt_number" : "1" , "offer_id" : "" , "offer_suggestion_number" : "" , "installation_session_id" : "080914f4-46db-47a1-8d6d-2e1070d7fb1f" , "publisher_id" : "URSoftware" , "publisher_internal_id" : "265" , "activated_by_stub" : "1" , "stub_version" : "1.3.9.0.140504.01" , "welcome_screen" : "0", "publisher_account_id" : "A-3330836" , "channel_id" : "" , "machine_user_id" : "UPGGLP21ORZ3K5EA1X5F8YY1XNO5CI7N2QS4BF5DK6RX28AKIE0Z6STDXVY7DY/DBVFM8OXVWIBS0XSQ8FJ5NG" , "bundle_id" : "5a97c212-9d8d-4368-bcfc-7f7b8f3c3752" , "general_id" : "GID879506" , "dm_version" : "1.4.0.4.141214.03" , "build_id" : "0000000000000000000000" , "mrs_id" : "26" , "mrs_file_version" : "Naive_recommender_Bayesian_adjust_2014-12-24.csv" , "user_operati
HTTP/1.1 202 Accepted
Date: Wed, 24 Dec 2014 07:24:58 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
....
POST / HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 2742
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "29566" , "json_send_time" : "2014-12-24.4:15:21:388" , "phase" : "InitComplete" , "phase_type" : "regular" , "order" : "2.0" , "result" : "Success" , "error_details" : "" , "phase_duration" : "16" , "duration_details" : "EngineMgrCreated:828,BuildUserProfile:6890,retrieveCid:16,sendXML:0,xmlSent:0,startParse:234,endParse:16,StartOffersLoop:562,ValidateMO:16,NavigateFirstSlot:0,ReportInitComplete:0," , "general_status_code" : "1" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "offer_id" : "1201545" , "product_id" : "0" , "product_type" : "Publisher's Offer" , "product_id_version" : "" , "rule_id" : "467134" , "vector_id" : "467727" , "is_parallel" : "0" , "call_service_duration" : "234" , "navigate_mo_duration" : "MONavigationCompleted:3422," , "navigate_global_duration" : "GlobalNavigationCompleted:3547," , "attempt_number" : "1" , "installation_session_id" : "080914f4-46db-47a1-8d6d-2e1070d7fb1f" , "publisher_id" : "URSoftware" , "publisher_internal_id" : "265" , "activated_by_stub" : "1" , "stub_version" : "1.3.9.0.140504.01" , "welcome_scr
HTTP/1.1 202 Accepted
Date: Wed, 24 Dec 2014 07:24:57 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
....
POST / HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 2760
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "29566" , "json_send_time" : "2014-12-24.4:15:21:420" , "phase" : "OfferPresented" , "phase_type" : "regular" , "order" : "3.1" , "result" : "Success" , "error_details" : "" , "phase_duration" : "16" , "duration_details" : "" , "general_status_code" : "2" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "offer_suggestion_number" : "1" , "offer_presented_number" : "1" , "slot_number" : "1" , "position_in_slot" : "1" , "server_settings" : {"DownloadBrowser":"IE","CType":"-1","SearchProvider":"Bing","UserMode":"-1"} , "user_selection_settings" : "" , "condition_type" : "None" , "offer_type" : "Main" , "offer_id" : "1201545" , "root_offer_id" : "1201545" , "rule_id" : "467134" , "vector_id" : "467727" , "product_id" : "0" , "product_id_version" : "" , "product_type" : "Publisher's Offer" , "state" : "" , "installation_type" : "0" , "attempt_number" : "1" , "installation_session_id" : "080914f4-46db-47a1-8d6d-2e1070d7fb1f" , "publisher_id" : "URSoftware" , "publisher_internal_id" : "265" , "activated_by_stub" : "1" , "stub_version" : "1.3.9.0.140504.
HTTP/1.1 202 Accepted
Date: Wed, 24 Dec 2014 07:24:57 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
....
POST / HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 2250
Connection: Keep-Alive
Cache-Control: no-cache
{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "29566" , "json_send_time" : "2014-12-24.4:15:21:451" , "phase" : "ChromeError" , "phase_type" : "regular" , "order" : "" , "result" : "Error" , "error_details" : "error: did not found chrome full path" , "phase_duration" : "15" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "download_url" : "" , "installation_session_id" : "080914f4-46db-47a1-8d6d-2e1070d7fb1f" , "publisher_id" : "URSoftware" , "publisher_internal_id" : "265" , "activated_by_stub" : "1" , "stub_version" : "1.3.9.0.140504.01" , "welcome_screen" : "0", "publisher_account_id" : "A-3330836" , "channel_id" : "" , "machine_user_id" : "UPGGLP21ORZ3K5EA1X5F8YY1XNO5CI7N2QS4BF5DK6RX28AKIE0Z6STDXVY7DY/DBVFM8OXVWIBS0XSQ8FJ5NG" , "bundle_id" : "5a97c212-9d8d-4368-bcfc-7f7b8f3c3752" , "general_id" : "GID879506" , "dm_version" : "1.4.0.4.141214.03" , "build_id" : "0000000000000000000000" , "mrs_id" : "26" , "mrs_file_version" : "Naive_recommender_Bayesian_adjust_2014-12-24.csv" , "user_operating_system" : "Microsoft Windows XP" , "user_
HTTP/1.1 202 Accepted
Date: Wed, 24 Dec 2014 07:24:58 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
GET /customoffers/customframeapi.js HTTP/1.1
Accept: */*
Referer: hXXp://storage.stgbssint.com/ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dehosting.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Wed, 03 Sep 2014 13:26:01 GMT
Accept-Ranges: bytes
ETag: "46a2919a7ac7cf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 798
Cache-Control: private, max-age=31536000
Expires: Thu, 24 Dec 2015 07:24:59 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
Vary: Accept-Encoding
.............`.I.%&/m.{.J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?"....i[T.t.N.....7NRz..:]eu.l.....4_N.Y.....Y...T.U...[e5..a<...;w...,......;......X.3...Y....G..W....(g....`B_..W.....2/.......j......=...\...^d.|..b.Z.............}4r......Wu.UP....H.w........w.|....8O.:..W|.h..m]L.m...,k..I>......N..~...e.....k.uM8./po\....`]...yu..'Y...?#.4o..a.A..S..j..e<q.}.~...t.O.....H?z..k?J....f...~I..M~s.M...m.|..c...Y~...6.o..0. Z....We6....9.......zo.z..w........\..Rk.....K./..1..D........m.8....h:.l...w.t.0o?J0...h.,..............$=..._.....n.l..... ...F..3.V......U^.Ok]@.....K..b..>...o;..t`m....jZ..|t...Cj......y.[...v..Z...?.|..?......[..]..`.i..A.q..4m.....#.F|U,g..X.......I.'.."....z#.......h.......a..b.K.#L...k.M..-..&...6z..........;....8".F.....
POST /DecisionEngine.ashx HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: engine.dmccint.com
Content-Length: 2509
Connection: Keep-Alive
Cache-Control: no-cache
<OFFER_REQUEST><COMPLETE_COMMAND_LINE>false</COMPLETE_COMMAND_LINE><USER_PROFILE><PUBLISHER_ID_NUM>265</PUBLISHER_ID_NUM><SESSION_ID><![CDATA[080914f4-46db-47a1-8d6d-2e1070d7fb1f]]></SESSION_ID><TRACKING_ID><![CDATA[]]></TRACKING_ID><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>DMVersion</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE>1.4.0.4.141214.03</USER_ATTRIBUTE_VALUE></USER_ATTRIBUTE><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>DefaultBrowser</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE>IE</USER_ATTRIBUTE_VALUE></USER_ATTRIBUTE><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>CurrentToolbar</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE><![CDATA[]]></USER_ATTRIBUTE_VALUE></USER_ATTRIBUTE><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>Homepage</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE><![CDATA[about:blank]]></USER_ATTRIBUTE_VALUE></USER_ATTRIBUTE><USER_ATTRIBUTE><USER_ATTRIBUTE_NAME>DefaultSearch</USER_ATTRIBUTE_NAME><USER_ATTRIBUTE_VALUE><![CDATA[]]></USER_ATTRIBUTE_VALUE></USE
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 24 Dec 2014 07:24:57 GMT
Content-Length: 19758
...<OFFER_RESPONSE><MAIN_OFFER><OFFER_ID>1201545</OFFER_ID><OFFER_NAME>Your Uninstaller</OFFER_NAME><OFFER_URL>no_dynamic_main_offer_url_supported_in_this_version</OFFER_URL><OFFER_DESCRIPTION /><OFFER_INSTALL_CMD><OFFER_ID>1201545</OFFER_ID><OFFER_STATE>default</OFFER_STATE><DOWNLOAD_URL>hXXp://YourUninstaller.download.dmccint.com/Default.ashx?EnvironmentID=3</DOWNLOAD_URL><INSTALL_COMMAND_LINE>/verysilent</INSTALL_COMMAND_LINE></OFFER_INSTALL_CMD><INSTALLATION_TYPE>1</INSTALLATION_TYPE><PRODUCT_ID /><PRODUCT_TYPE>Publisher's Offer</PRODUCT_TYPE><PRODUCT_VERSION /><ROOT_OFFER_ID>1201545</ROOT_OFFER_ID><DOWNLOAD_URL>hXXp://YourUninstaller.download.dmccint.com/Default.ashx?EnvironmentID=3</DOWNLOAD_URL><OFFER_FILE_NAME /><DOWNLOAD_BACKUP_URL /><CONDITION_TYPE>None</CONDITION_TYPE><TOTAL_STEPS>1</TOTAL_STEPS><SOFTWARE_PRODUCT_VERSION /><ANTI_OFFER /><SUCCESS_CODE /><INSTALLATION_UI_ELEMENTS><UI_ELEMENT><NAME>DownloadBrowser</NAME><VALUE>IE</VALUE></UI_ELEMENT><UI_ELEMENT><NAME>CType</NAME><VALUE>-1</VALUE></UI_ELEMENT><UI_ELEMENT><NAME>SearchProvider</NAME><VALUE>Bing</VALUE></UI_ELEMENT><UI_ELEMENT><NAME>UserMode</NAME><VALUE>-1</VALUE></UI_ELE
<<< skipped >>>
GET /Global/GlobalPage/1199375/?Language=None&Welcome=true HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 186842
Cache-Control: private, max-age=18000
Expires: Wed, 24 Dec 2014 12:24:51 GMT
Date: Wed, 24 Dec 2014 07:24:51 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html> <![endif]-->..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. <meta charset="utf-8" />.. .. <title>installation</title>.. <style>./* =============================================================================.. HTML5 Boilerplate CSS: h5bp.com/css.. ========================================================================== */..article, aside, details, figcaption, figure, footer, header, hgroup, nav, section { display: block; }..audio, canvas, video { display: inline-block; *display: inline; *zoom: 1; }..audio:not([controls]) { display: none; }..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, select, textarea { font-family: sans-serif; color: #222; }..body { margin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-shadow: none; }..::selection { text-shadow: none; }..a { color: #00e; outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..a:focus { outline: none ; }..a:hover, a:active { outline: none;border: none; }...ie7 a:focus, *:focus {.. noFocusLine: expression(th
<<< skipped >>>
GET /Js/jquery.dotdotdot.min.js?fid=1201545GlobalPage HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1199375/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 04 Dec 2014 13:31:23 GMT
Accept-Ranges: bytes
ETag: "be63c598c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 6149
Cache-Control: private, max-age=18000
Expires: Wed, 24 Dec 2014 12:24:52 GMT
Date: Wed, 24 Dec 2014 07:24:52 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.www.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dual licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_License. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.empty();for(var i=0,d=r.length;d>i;i ){var l=r.eq(i);if(t.append(l),n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}function r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgroup, option, textarea, script, style",u="script, .dotdotdot-keep";return e.contents().detach().each(function(){var f=this,h=t(f);if("undefined"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"append"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.detach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];if(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLetter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).join(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.length&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>
GET /CmsThemes/Default/Images/-.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/1199375/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141214.03&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "ac4d4d98c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 933
Cache-Control: private, max-age=7791
Expires: Wed, 24 Dec 2014 09:34:43 GMT
Date: Wed, 24 Dec 2014 07:24:52 GMT
Connection: keep-alive
.PNG........IHDR.............e.......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:C8E631185D6711E1A99F8AF4FFA87D51" xmpMM:DocumentID="xmp.did:C8E631195D6711E1A99F8AF4FFA87D51"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C8E631165D6711E1A99F8AF4FFA87D51" stRef:documentID="xmp.did:C8E631175D6711E1A99F8AF4FFA87D51"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>Z..G....IDATx.b,--.a``8....01.........{f.......IEND.B`.....
GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/1199375/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141214.03&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "10ce6d98c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 2562
Cache-Control: private, max-age=7791
Expires: Wed, 24 Dec 2014 09:34:43 GMT
Date: Wed, 24 Dec 2014 07:24:52 GMT
Connection: keep-alive
.PNG........IHDR.......}........R....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:72B2EB26C3E111E3AEC3EB792256C508" xmpMM:DocumentID="xmp.did:72B2EB27C3E111E3AEC3EB792256C508"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72B2EB24C3E111E3AEC3EB792256C508" stRef:documentID="xmp.did:72B2EB25C3E111E3AEC3EB792256C508"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......tIDATx....o\W...{f.........P.hb..VDQ..R!..*6f.... ..T.6..."V(...*..Xb.#!;.H...r.R.3q.nR?.^..~h&.....9..2v.f...|.;.1.(...R..~...N.{6.....[.e.'-..1(..k6[K.V.r.}.^ul...._...3[[.7..S.|p.....3g.Z./_.... Cxw?...G9...BC...R.....Lmnn^.<^o........b...Z...{.`~.....d......x...I0..L..HM....".@..4..`.... ..4..... .I07....$h;..T#...C.H4...v(.iF.v(.IG.v(.)F.....;..0..T#XM.&A...`=.. .)F.(r......<...@.....E...#Xm.... ...:..d#XO.".@......A.R.`.. ..F...%. .IF.W)..l.C#...NZ..b.B.8........./..s.............;.^..E.MY"."....?{.'Y}%....\`....jg...\y.......6a...$~.....s.f~..K/.-.....9...Fu......|.....l
<<< skipped >>>
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/1199375/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141214.03&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "404a5898c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 3937
Cache-Control: private, max-age=8089
Expires: Wed, 24 Dec 2014 09:39:41 GMT
Date: Wed, 24 Dec 2014 07:24:52 GMT
Connection: keep-alive
.PNG........IHDR...............r.....tEXtSoftware.Adobe ImageReadyq.e<...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:E4C0C980D870E111A2F7CE32BC247645" xmpMM:DocumentID="xmp.did:1D12B49752CE11E4A35AAE9F3918A442" xmpMM:InstanceID="xmp.iid:1D12B49652CE11E4A35AAE9F3918A442" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4A3B36E671AF11E1BCD6B8635898C9B3" stRef:documentID="xmp.did:4A3B36E771AF11E1BCD6B8635898C9B3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>o.a*....IDATx...k.e.A......{..........P.K..........*~.i.....i...V$...E.....Z.TJ.1..:*..m......*i..jn..;3.....]k.s..L.o".}~.a.9.O.e}.._{....i..,.... ...g...._..-... ..".=....qT.{9..,../..?}...}...~..=............G...~,....xi3..e.o..@...WB...4.. u....... ?.H.."<....Ey......W......,|.?~)....f..^;..W.........w.k7.1...z..^Q\Q........l./4...`.B..-....X..Kygy.....F.......u:.n&.....G.g.&...zvo...........hz...........hz.....v.y.&...zY.-..,L.......z.7.X...{...izvo..(.WU..7.....t...._.h..f..^;...,~.....r.......TWg.......k.V.......T..=f
<<< skipped >>>
GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/1199375/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141214.03&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "caa5998c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 2726
Cache-Control: private, max-age=8114
Expires: Wed, 24 Dec 2014 09:40:06 GMT
Date: Wed, 24 Dec 2014 07:24:52 GMT
Connection: keep-alive
.PNG........IHDR...>.........$.=.....sRGB.........gAMA......a.....pHYs.......... ......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:257C616565E511E1B1E4ACFCC563EDC8" xmpMM:DocumentID="xmp.did:257C616665E511E1B1E4ACFCC563EDC8"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:257C616365E511E1B1E4ACFCC563EDC8" stRef:documentID="xmp.did:257C616465E511E1B1E4ACFCC563EDC8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...P....IDATx^...N#K.....%.@.......B.D..$`.3U..j.3.h0..%m..E.iW.'........ ..?.......<<<.......V..i..d...`....S......v... ....S.Y.....r.._677...F..>=~....8z.....yyy)......`~r.>u.s{{...............Y.>5z.......!|....l6 [[[-z..x.........j...o{j..................EN...O..:..#....2....O......S.Y.?.......S.g.>..]b..X75eV]s....!|.//...#|........S..........j!|...........j....\u...:'''.....;;;C.........UM...O...?OOO..........F...?.W...U....X.............%v....O..!|..../X.4.....!|.......!|.......!|.......!|.......!|.......!|.......!|
<<< skipped >>>
GET /CmsThemes/Default/Images/X.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1199375/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "0c67198c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "0c67198c6fd01:0"
Cache-Control: private, max-age=9213
Expires: Wed, 24 Dec 2014 09:58:26 GMT
Date: Wed, 24 Dec 2014 07:24:53 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1199375/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "10ce6d98c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "10ce6d98c6fd01:0"
Cache-Control: private, max-age=7790
Expires: Wed, 24 Dec 2014 09:34:43 GMT
Date: Wed, 24 Dec 2014 07:24:53 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1199375/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "404a5898c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "404a5898c6fd01:0"
Cache-Control: private, max-age=8088
Expires: Wed, 24 Dec 2014 09:39:41 GMT
Date: Wed, 24 Dec 2014 07:24:53 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/InstallationSuccessful.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1199375/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "e87a6698c6fd01:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 2670
Cache-Control: private, max-age=9213
Expires: Wed, 24 Dec 2014 09:58:26 GMT
Date: Wed, 24 Dec 2014 07:24:53 GMT
Connection: keep-alive
.PNG........IHDR...#...".......`.....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:F1E913D3555911E18CA7F85F751BB1C7" xmpMM:DocumentID="xmp.did:F1E913D4555911E18CA7F85F751BB1C7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F1E913D1555911E18CA7F85F751BB1C7" stRef:documentID="xmp.did:F1E913D2555911E18CA7F85F751BB1C7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>~. .....IDATx..W]l.U.>........t...V~.X ...I@HA.'~.D. .J4....o.V.&...X.B.E...M$}....l...o.P..g........w.eKA.....nw.....}.9.`.n....r.|?(J..7 .;.....`.,.a.8Op....O..f..*.m..... g..(.../.f0.E.......L..........Ru.r.....J.....`2..O..*8....@.....X...@|..@..,S..K.....P=.#..n....D.P..Y.x.:T.t.......Qv.n4..P6......x$.\....a.....#0}.W...y:.*.@.q...OJ.....pdIi..#9s.a...F..a....."P....H........].H....x4...O/.<.....h:.J<b)..[....y....|f.a.....cy a..#..K2.z~I..ZS....HM...[,Wj@..0..D.4a.d.HQ..?.sp...6.....g:....2#...X.V.,.@.S.<....)....%.....p.&......M....$.b.......I.>hI.O.c.6AW'....C<1..F[..
<<< skipped >>>
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1199375/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "404a5898c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "404a5898c6fd01:0"
Cache-Control: private, max-age=8088
Expires: Wed, 24 Dec 2014 09:39:41 GMT
Date: Wed, 24 Dec 2014 07:24:53 GMT
Connection: keep-alive
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/1199375/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "404a5898c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "404a5898c6fd01:0"
Cache-Control: private, max-age=8087
Expires: Wed, 24 Dec 2014 09:39:41 GMT
Date: Wed, 24 Dec 2014 07:24:54 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: image/png..Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT..ETag: "404a5898c6fd01:0"..Cache-Control: private, max-age=8087..Expires: Wed, 24 Dec 2014 09:39:41 GMT..Date: Wed, 24 Dec 2014 07:24:54 GMT..Connection: keep-alive......
GET /DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 174691
Cache-Control: private, max-age=18000
Expires: Wed, 24 Dec 2014 12:24:58 GMT
Date: Wed, 24 Dec 2014 07:24:58 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html> <![endif]-->..<head>.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. <meta charset="utf-8" />.. .. <title>installation</title>.. <style>./* =============================================================================.. HTML5 Boilerplate CSS: h5bp.com/css.. ========================================================================== */..article, aside, details, figcaption, figure, footer, header, hgroup, nav, section { display: block; }..audio, canvas, video { display: inline-block; *display: inline; *zoom: 1; }..audio:not([controls]) { display: none; }..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-size-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, select, textarea { font-family: sans-serif; color: #222; }..body { margin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-shadow: none; }..::selection { text-shadow: none; }..a { color: #00e; outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..a:focus { outline: none ; }..a:hover, a:active { outline: none;border: none; }...ie7 a:focus, *:focus {.. noFocusLine: expression(th
<<< skipped >>>
GET /CmsThemes/Default/Images/X.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "0c67198c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "0c67198c6fd01:0"
Cache-Control: private, max-age=9207
Expires: Wed, 24 Dec 2014 09:58:26 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/images/SmallLoader.gif HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "ce177098c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/gif
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "ce177098c6fd01:0"
Cache-Control: private, max-age=8876
Expires: Wed, 24 Dec 2014 09:52:55 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/-.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "ac4d4d98c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "ac4d4d98c6fd01:0"
Cache-Control: private, max-age=7784
Expires: Wed, 24 Dec 2014 09:34:43 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/button.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "404a5898c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "404a5898c6fd01:0"
Cache-Control: private, max-age=8082
Expires: Wed, 24 Dec 2014 09:39:41 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
....
GET /CmsThemes/Default/Images/NextButton_Sprite wide.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:29:01 GMT
If-None-Match: "ea23644c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
Accept-Ranges: bytes
ETag: "98a6d98c6fd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 2779
Cache-Control: private, max-age=8111
Expires: Wed, 24 Dec 2014 09:40:10 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
.PNG........IHDR.......}........R....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:72B2EB22C3E111E3AEC3EB792256C508" xmpMM:DocumentID="xmp.did:72B2EB23C3E111E3AEC3EB792256C508"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72B2EB20C3E111E3AEC3EB792256C508" stRef:documentID="xmp.did:72B2EB21C3E111E3AEC3EB792256C508"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.x.I...MIDATx....k]i...s..i..j....n.bq.2.c.Zq....("..A......tQ.S..8. h..af1.....f3.XZ.J[.T.i3.Mnnn.9..7..L.].C.......dw6_....v..y=E=y...P.)........s..........#UU.8_.4A..k.Vk...{..........b......w....,.E./.3.@..e....G..];z......f....34...v[...H1....g......'.......bss.H......699y...^..0...TU....h.V ..x.sOL.?r..@JYX...:4...$...?!.@.. .B......t&.H3.KM..d.... ..... ..... .&(..H6..C.H5..C....@...T.... ..... ..... .&(..H6..C.H5..C.H...A.. ..............4B0....,g....,..n..;......G.|r........r.1..o..b..........mp.)...B.u....l......../.\..`~~......P...C{.... ..Fh.W/].t....7..N,.1....'..D..z..c.......
<<< skipped >>>
GET /CmsThemes/Default/images/SmallLoader.gif HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 04 Dec 2014 13:31:22 GMT
If-None-Match: "ce177098c6fd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/gif
Last-Modified: Thu, 04 Dec 2014 13:31:22 GMT
ETag: "ce177098c6fd01:0"
Cache-Control: private, max-age=8876
Expires: Wed, 24 Dec 2014 09:52:55 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
GET /ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: storage.stgbssint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Length: 35920
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Thu, 21 Aug 2014 07:42:36 GMT
Accept-Ranges: bytes
ETag: "03ea67913bdcf1:ded"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private, max-age=86400
Expires: Thu, 25 Dec 2014 07:24:58 GMT
Date: Wed, 24 Dec 2014 07:24:58 GMT
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Max-Age: 604800
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: origin, content-type
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
...............7.(._.^...Lk..".......QlY....e.%..f...H.*.d&....\......s3k......8...d".@..CI..3k..b./..........>.>.....^<.\.M:x..g_>{<..ON.{......'...x......d....2QI..........70.. ...........8/.O^}sr.@O...<V...J..3......Y)z..~..''.E.....7R...|,..%oD.8..........K....7.JO....(..;.>.#.S.J...'.....M.@..SrY..s..N....o..|.j`.'....]......!..._}..|..4........2.K..l.S<./d.c^n....".\.\]q........E.J..M\\&Y4.n..*...k.CS..W..N&.>}#..,..8N..,.\.. ..4.).......L6.w.y..E....q...D./.4..%.._S..x-.r.*...k>.......u...../U.F....z[.\....F..Jv.A.;l..........(?x....|......%...M...,.w...A0.......-.!..........b..I.(H.JV .M.. .\^)l.......j.IFE.8eB......}.\..4..L......'.......?.......A......D.dW.......5......E~.,..U.QX..?..f..A..o..a....2OwJN]b*....'.o{c.....`.Q..*6_?J.Lc`&.4.5j...x...]Q.E......alG..b0..-.<..?...BB..w....o\...~8.gza2..|...h..@... vP..G.<z.Q...NV...8.3....E..V.......S..%.....[.o...x._.p)..L..P.C.........1..u?XBm...o.......f........{..0.05C.A..NX.N.).<E..`M....'...t0~PN..V..g...m4...o.%I.I. ...A..S.N...7.....m...N.WI.3....oi....F.-..a.e|.....v...E.X.3.V ..w!.n*[..|....u....q...x....]....Uk.....~.-:...m.\..q..d....e!ev.......?H...............~]...{.xp).x..0>.".S/...u._.c.N.=b.........G..*)D...%.O@.q..t2.$.....A.......0....t.}..7N2d.n....g..N(..~.I....H....... `.[.....S.&.?lo...`=.....\.<....N{[...4...] `..}n.,.....i...6[.eE...]?.D..[....a=|..}.[(.._@!"..C.~.Q.w...\.|.t....q".o!....R'1sG....z..2..M^.n'...`...Nz'.....!..6... v....,.S\.R.}b.?&.....,.....ep..........dL.L>.{G...!...
<<< skipped >>>
GET /ps/OptimizerPro/offerscreen/global/1/index.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/919447/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: storage.stgbssint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Length: 4506
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Thu, 11 Dec 2014 13:59:41 GMT
Accept-Ranges: bytes
ETag: "804477b54a15d01:528"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private, max-age=31536000
Expires: Thu, 24 Dec 2015 07:24:59 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Max-Age: 604800
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: origin, content-type
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
...........Z...7...z.........;.....o..Hb.n..,..U<R1."kH...#.......'.s.I..V.$;.U.P./... )_......?.y%.........{!&'...........?....{.hz*...AG..4....'b.....f..z.>.:..].....G.9?....S..........r.J,......?..>....f...%LC\.C.6N....0..|.@...y...''H..n;c..#.=....g.dru..TW..D)h...e......F...z..D4...$.m....i......... T...:.......2.....B......~f...x....kQ^g...Q.>......n..}=...z.|W.}..@.km.!.F.......u.s.u.ul..j.W<^vx....I.......Ji....C=.. .?:=....|..4'...=.s.....7D.>....T.t..4w^.?..gq...y..q..>...t.gP..YgB.....B...y...5C...D..zZi..P.`.)..;Pz..u..'k.b{Nl....xa.Q.7.V....^...\."x.)..\L....Co...0.......b{A.......V....kA/.Hz.O......D...L...O.';........q...).....g...x...W.w.......x..._.'a$.<y..^lG.D.8..NX.p. .3Z..jA.;Kds..n..\.......o\2z.x...=.X.N.TYz-.8G..0n}BSCt.La....wQ../..qU.?....(/F.S<..X....}F.."e6U.H...:{$r...Q...e....]#|u..gO..we>..z.0z.S.V...#.........L..:\.]....o...>...".C........c.....(m-..h..~V...'.wqT..Q.#^.....J........D...b...Cr..B.X<J.y..d.;.q2w1..Q..{.5...a./.s...-=L$G.=.,%[.9.w.....:..u......n....{br....i......2...HV...hi..t.......t.u..........?....t....]e..M....}.~..q2.b...nR....Mq.(.](.%......_r.hT..T~.......]....W.?.E.H~..hD......55..N..r....*...K....{9.......R]R....... .......\U..a.nruI.... z..p..[..-.Zz...(..t .........N,!..}............@x...,.1n..R..w>J..".Q............ I..p..r..].P.=...I.;.=...J<..t.!....er..AG.o^.....s ....b$0...n{.!....\"..lDJ..i]......b....hn1..Th.]....i..9.N*..E....~..k..[0?..q..$r.4..._..h..<.?N.u..........cN.........V.i..5....'...5..d..NnD
<<< skipped >>>
GET /LMS/PS_searchprotect/PS_searchprotect.json HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://storage.stgbssint.com/ps/SearchProtector/SP_UI_AD/prod/nonadwords_trip.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie#cms.dmccint.com/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: storage.stgbssint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Length: 250005
Content-Type: application/json
Last-Modified: Wed, 17 Dec 2014 11:45:53 GMT
Accept-Ranges: bytes
ETag: "a8cc23ef19d01:ded"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private, max-age=7200
Expires: Wed, 24 Dec 2014 09:24:59 GMT
Date: Wed, 24 Dec 2014 07:24:59 GMT
Connection: keep-alive
Access-Control-Max-Age: 604800
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: origin, content-type
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
{"Product":"PS_SearchProtect","LastUpdate":1345880,"Translations":{"ar":{"Keys":{"@@AcceptAndInstallButton@@":{"Text":"\u0623\u0648\u0627\u0641\u0642 & \u0648\u0642\u0645 \u0628\u0627\u0644\u062a\u062b\u0628\u064a\u062a"},"@@Body_text_1st_paragraph@@":{"Text":"\u064a\u064f\u0631\u062c\u0649 \u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0648\u0627\u0644\u0634\u0631\u0648\u0637 \u0627\u0644\u0647\u0627\u0645\u0629 \u0627\u0644\u062a\u0627\u0644\u064a\u0629 \u0642\u0628\u0644 \u0627\u0644\u0645\u062a\u0627\u0628\u0639\u0629."},"@@Body_text_1st_paragraph_2@@":{"Text":"\u0643\u062c\u0632\u0621 \u0645\u0646 \u062a\u062b\u0628\u064a\u062a \u0627\u0644\u0628\u0631\u0646\u0627\u0645\u062c\u060c \u064a\u0645\u0643\u0646\u0643 \u0623\u064a\u0636\u064b\u0627 \u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0645\u064a\u0632\u0629 \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0628\u062d\u062b. \u064a\u064f\u0631\u062c\u0649 \u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0648\u0627\u0644\u0634\u0631\u0648\u0637 \u0642\u0628\u0644 \u0627\u0644\u0627\u0633\u062a\u0645\u0631\u0627\u0631."},"@@Body_text_2nd_paragraph@@":{"Text":"\u0642\u0645 \u0628\u062a\u062b\u0628\u064a\u062a \u0645\u064a\u0632\u0629 \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0628\u062d\u062b \u0644\u062a\u0639\u064a\u064a\u0646 \u0627\u0644\u0635\u0641\u062d\u0629 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629 \u0648\u0627\u0644\u0628\u062d\u062b \u0627\u0644\u0627\u
<<< skipped >>>
POST / HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 738
Cache-Control: no-cache
{ "send_attempt" : "1" , "phase_type" : "technical" , "installation_session_id" : "080914f4-46db-47a1-8d6d-2e1070d7fb1f" , "json_send_time" : "2014-12-24.4:15:21:341" , "result" : "Success" , "error_details" : "" , "general_status_code" : "" , "phase" : "SmallStub_WaitForDMInitComplete" , "attempt_number" : "1" , "internal_error_number" : "" , "bundle_id" : "5a97c212-9d8d-4368-bcfc-7f7b8f3c3752" , "stub_version" : "1.3.9.0.140504.01" , "publisher_internal_id" : "265" , "publisher_account_id" : "A-3330836" , "publisher_id" : "URSoftware" , "download_url" : "hXXp://resolver.dmccint.com/DMResolver/ResolveByBundleID/" , "tracking_id" : "" , "file_name" : "%original file name%.exe" , "extra_data" : "" , "Is_Test" : "0" }
HTTP/1.1 202 Accepted
Date: Wed, 24 Dec 2014 07:24:58 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
....
POST / HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: ude.databssint.com
Content-Length: 727
Cache-Control: no-cache
{ "send_attempt" : "1" , "phase_type" : "regular" , "installation_session_id" : "080914f4-46db-47a1-8d6d-2e1070d7fb1f" , "json_send_time" : "2014-12-24.4:15:21:420" , "result" : "Success" , "error_details" : "" , "general_status_code" : "" , "phase" : "SmallStub_EndOfSession" , "attempt_number" : "1" , "internal_error_number" : "" , "bundle_id" : "5a97c212-9d8d-4368-bcfc-7f7b8f3c3752" , "stub_version" : "1.3.9.0.140504.01" , "publisher_internal_id" : "265" , "publisher_account_id" : "A-3330836" , "publisher_id" : "URSoftware" , "download_url" : "hXXp://resolver.dmccint.com/DMResolver/ResolveByBundleID/" , "tracking_id" : "" , "file_name" : "%original file name%.exe" , "extra_data" : "" , "Is_Test" : "0" }
HTTP/1.1 202 Accepted
Date: Wed, 24 Dec 2014 07:24:57 GMT
P3P: CP="NOI ADM DEV COM NAV OUR STP"
Server: Apache-Coyote/1.1
Content-Length: 0
Connection: keep-alive
HTTP/1.1 202 Accepted..Date: Wed, 24 Dec 2014 07:24:57 GMT..P3P: CP="NOI ADM DEV COM NAV OUR STP"..Server: Apache-Coyote/1.1..Content-Length: 0..Connection: keep-alive..
GET ///img/Logos/r_41/r_27/9ff4d7d9-e509-4157-9272-672e770a13c4.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/1199375/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141214.03&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Sun, 09 Mar 2014 09:08:21 GMT
Accept-Ranges: bytes
ETag: "9e6f411e773bcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 5253
Cache-Control: private, max-age=18000
Expires: Wed, 24 Dec 2014 12:24:52 GMT
Date: Wed, 24 Dec 2014 07:24:52 GMT
Connection: keep-alive
.PNG........IHDR................/....tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:EA751F92A50111E3BCC1DD2AE70EC44D" xmpMM:DocumentID="xmp.did:EA751F93A50111E3BCC1DD2AE70EC44D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EA751F90A50111E3BCC1DD2AE70EC44D" stRef:documentID="xmp.did:EA751F91A50111E3BCC1DD2AE70EC44D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.L......IDATx..[.pT.y.....v%...@.$$....B..6.......6!..........[;.gR;$v..=yP..Lk;.[.nhp.....l...0.#@H..._......;.g.;...H ....7.}....|....?W...?NF #..N.T.dY&I.(.......;.M......Y........D.._.=|....D".3...r:..p82..L&..L[...$uuu........&....'EQH..)..............pY,.;&...K..u N{8.^388....._...p.......6r0..T............z..\.. ..z.U..u...w....8y....`.Y\...ps.................~Q..'.H.b...(....T.M..a..r7.*=$...P.Bu..9.;G..]~....h..s.?..`. gL......z...uuuS..H...%:~z.......HQ.....L.\.%....y..Z.1..:..U.%..Z.`.=...s..=wCs..Z...r..|H...'.,./.1..\..i.cJ..FG...g.....@R}?....d.HKk...(..L.......aZ4t.V..R...L.mmm
<<< skipped >>>
GET ///img/Logos/r_41/r_27/9ff4d7d9-e509-4157-9272-672e770a13c4.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/1199375/1201760/?mainofferId=1201545&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141214.03&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Sun, 09 Mar 2014 09:08:21 GMT
If-None-Match: "9e6f411e773bcf1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive
HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Sun, 09 Mar 2014 09:08:21 GMT
ETag: "9e6f411e773bcf1:0"
Cache-Control: private, max-age=17994
Expires: Wed, 24 Dec 2014 12:24:52 GMT
Date: Wed, 24 Dec 2014 07:24:58 GMT
Connection: keep-alive
Map
The Backdoor connects to the servers at the folowing location(s):
Strings from Dumps
Your_Uninstaller.exe_1576:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ndata
.ndata
.rsrc
.rsrc
@.reloc
@.reloc
RegDeleteKeyExW
RegDeleteKeyExW
Kernel32.DLL
Kernel32.DLL
PSAPI.DLL
PSAPI.DLL
%s=%s
%s=%s
GetWindowsDirectoryW
GetWindowsDirectoryW
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
GetAsyncKeyState
GetAsyncKeyState
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
SHFileOperationW
SHFileOperationW
ShellExecuteW
ShellExecuteW
SHELL32.dll
SHELL32.dll
RegDeleteKeyW
RegDeleteKeyW
RegCloseKey
RegCloseKey
RegEnumKeyW
RegEnumKeyW
RegOpenKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyExW
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
H#.Mx
H#.Mx
dWi7.wU
dWi7.wU
zcÃ
zcÃ
.?AVfsURL@@
.?AVfsURL@@
.?AVfsInternetURLFile@@
.?AVfsInternetURLFile@@
.?AVfsInternetURLFileDownloader@@
.?AVfsInternetURLFileDownloader@@
.?AVfsHttpFile@@
.?AVfsHttpFile@@
.?AVfsFtpConnection@@
.?AVfsFtpConnection@@
.?AVfsFtpFile@@
.?AVfsFtpFile@@
.?AVfsHttpConnection@@
.?AVfsHttpConnection@@
6'6,60646]6
6'6,60646]6
2(2F2i2
2(2F2i2
Thawte Certification1
Thawte Certification1
hXXp://ocsp.thawte.com0
hXXp://ocsp.thawte.com0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-ocsp.ws.symantec.com07
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
hXXps://VVV.verisign.com/cps0
hXXps://VVV.verisign.com/cps0
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0q
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0q
hXXp://ocsp.verisign.com0;
hXXp://ocsp.verisign.com0;
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/rpa0
hXXps://VVV.verisign.com/rpa0
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://crl.verisign.com/pca3-g5.crl04
#hXXp://crl.verisign.com/pca3-g5.crl04
hXXp://ocsp.verisign.com0
hXXp://ocsp.verisign.com0
Nullsoft Install System v2.46.5-Unicode
Nullsoft Install System v2.46.5-Unicode
logging set to %d
logging set to %d
settings logging to %d
settings logging to %d
created uninstaller: %d, "%s"
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: success ("%s")
Exec: command="%s"
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack
Exch: stack
RMDir: "%s"
RMDir: "%s"
MessageBox: %d,"%s"
MessageBox: %d,"%s"
Delete: "%s"
Delete: "%s"
File: wrote %d to "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename failed: %s
Rename on reboot: %s
Rename on reboot: %s
Rename: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
SetFileAttributes: "%s":X
Sleep(%d)
Sleep(%d)
detailprint: %s
detailprint: %s
Call: %d
Call: %d
Aborting: "%s"
Aborting: "%s"
Jump: %d
Jump: %d
verifying installer: %d%%
verifying installer: %d%%
unpacking data: %d%%
unpacking data: %d%%
... %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
~nsu.tmp
install.log
install.log
%u.%u%s%s
%u.%u%s%s
Skipping section: "%s"
Skipping section: "%s"
Section: "%s"
Section: "%s"
New install of "%s" to "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
*?|/":
*?|/":
invalid registry key
invalid registry key
HKEY_DYN_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
x%c
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
%s: failed opening file "%s"
LOCALS~1\Temp\nsvB4.tmp\webapphost.dll
LOCALS~1\Temp\nsvB4.tmp\webapphost.dll
n Data\Google\Chrome\User Data\Default
n Data\Google\Chrome\User Data\Default
=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
conPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
conPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsvB4.tmp\webapphost.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsvB4.tmp\webapphost.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsvB4.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsvB4.tmp
n\App Paths\IEXPLORE.EXE
n\App Paths\IEXPLORE.EXE
geDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
geDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
0d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
0d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
1.0.0.1
1.0.0.1
Download.dll
Download.dll
nsvB4.tmp
nsvB4.tmp
File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsvB4.tmp\webapphost.dll" (overwriteflag=1)
File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsvB4.tmp\webapphost.dll" (overwriteflag=1)
\webapphost.dll"
\webapphost.dll"
PLORE.EXE
PLORE.EXE
gle\Chrome\User Data\Default
gle\Chrome\User Data\Default
dleIDGuid=5a97c212-9d8d-4368-bcfc-7f7b8f3c3752 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
dleIDGuid=5a97c212-9d8d-4368-bcfc-7f7b8f3c3752 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
BundleIDGuid=5a97c212-9d8d-4368-bcfc-7f7b8f3c3752 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
BundleIDGuid=5a97c212-9d8d-4368-bcfc-7f7b8f3c3752 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
ByStub BundleIDGuid=5a97c212-9d8d-4368-bcfc-7f7b8f3c3752 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
ByStub BundleIDGuid=5a97c212-9d8d-4368-bcfc-7f7b8f3c3752 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\080914f4-46db-47a1-8d6d-2e1070d7fb1f\Your_Uninstaller.exe /ByStub BundleIDGuid=5a97c212-9d8d-4368-bcfc-7f7b8f3c3752 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\080914f4-46db-47a1-8d6d-2e1070d7fb1f\Your_Uninstaller.exe /ByStub BundleIDGuid=5a97c212-9d8d-4368-bcfc-7f7b8f3c3752 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\080914f4-46db-47a1-8d6d-2e1070d7fb1f
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\080914f4-46db-47a1-8d6d-2e1070d7fb1f
Your_Uninstaller.exe
Your_Uninstaller.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nslB2.tmp
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nslB2.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\080914f4-46db-47a1-8d6d-2e1070d7fb1f\Your_Uninstaller.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\080914f4-46db-47a1-8d6d-2e1070d7fb1f\Your_Uninstaller.exe
LORE.EXE
LORE.EXE
IEXPLORE.EXE
IEXPLORE.EXE
080914f4-46db-47a1-8d6d-2e1070d7fb1f
080914f4-46db-47a1-8d6d-2e1070d7fb1f
hXXp://ude.databssint.com
hXXp://ude.databssint.com
hXXp://engine.dmccint.com/DecisionEngine.ashx
hXXp://engine.dmccint.com/DecisionEngine.ashx
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico
Icons\icon.png
Icons\icon.png
5a97c212-9d8d-4368-bcfc-7f7b8f3c3752
5a97c212-9d8d-4368-bcfc-7f7b8f3c3752
1201545
1201545
hXXp://cms.dmccint.com/MainOffer/1199375/
hXXp://cms.dmccint.com/MainOffer/1199375/
Setup.exe
Setup.exe
hXXp://cms.dmccint.com/Global/GlobalPage/1199375/
hXXp://cms.dmccint.com/Global/GlobalPage/1199375/
hXXp://business.va.conduit.com/chrome/inline/instafeed/shell.html
hXXp://business.va.conduit.com/chrome/inline/instafeed/shell.html
d-4368-bcfc-7f7b8f3c3752 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
d-4368-bcfc-7f7b8f3c3752 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
G/moc.tniccmd.smc//:ptth=lrUegaPlabolG
G/moc.tniccmd.smc//:ptth=lrUegaPlabolG
1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
se MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
se MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
yStub BundleIDGuid=5a97c212-9d8d-4368-bcfc-7f7b8f3c3752 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
yStub BundleIDGuid=5a97c212-9d8d-4368-bcfc-7f7b8f3c3752 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
1.3.9.0.140504.01
1.3.9.0.140504.01
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsvB4.tmp\webapp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsvB4.tmp\webapp\
1511843
1511843
Naive_recommender_Bayesian_adjust_2014-12-24.csv
Naive_recommender_Bayesian_adjust_2014-12-24.csv
Microsoft Windows XP
Microsoft Windows XP
6.0.2900.5512
6.0.2900.5512
%Documents and Settings%\%current user%\Local Settings\Application Data
%Documents and Settings%\%current user%\Local Settings\Application Data
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default
/ByStub BundleIDGuid=5a97c212-9d8d-4368-bcfc-7f7b8f3c3752 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
/ByStub BundleIDGuid=5a97c212-9d8d-4368-bcfc-7f7b8f3c3752 ShowLanguageDialog=False StubVersion=1.3.9.0.140504.01 /RunID=080914f4-46db-47a1-8d6d-2e1070d7fb1f MainOfferUrl=hXXp://cms.dmccint.com/MainOffer/1199375/ ServiceURL=hXXp://engine.dmccint.com/DecisionEngine.ashx ServiceVAURL=hXXp://engine.va.dmccint.com/DecisionEngine.ashx ServiceAMSURL=hXXp://engine.ams.dmccint.com/DecisionEngine.ashx BIUrl=hXXp://ude.databssint.com Environment=Prod PublisherID=265 PublisherName=URSoftware AcountId=A-3330836 MainOfferKey=1201545 MainOfferName=Your Uninstaller DynamicOfferCount=0 IsSilent=true Lang=en GlobalPageUrl=hXXp://cms.dmccint.com/Global/GlobalPage/1199375/ MOBrowserInline=false MOInstallationType=1 IconPath=C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0\icon.ico UserSelectedLanguage=NotRequired
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsvB4.tmp\client_xml.xml
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsvB4.tmp\client_xml.xml
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsvB4.tmp\offer.xml
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsvB4.tmp\offer.xml
no_dynamic_main_offer_url_supported_in_this_version
no_dynamic_main_offer_url_supported_in_this_version
%Program Files%\Internet Explorer\iexplore.exe
%Program Files%\Internet Explorer\iexplore.exe
GenericDM.exe
GenericDM.exe
1.4.0.4.141214.03
1.4.0.4.141214.03
svchost.exe_340:
.text
.text
`.data
`.data
.rsrc
.rsrc
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
NTDLL.DLL
NTDLL.DLL
RPCRT4.dll
RPCRT4.dll
NETAPI32.dll
NETAPI32.dll
ole32.dll
ole32.dll
ntdll.dll
ntdll.dll
RegCloseKey
RegCloseKey
RegOpenKeyExW
RegOpenKeyExW
GetProcessHeap
GetProcessHeap
NtOpenKey
NtOpenKey
svchost.pdb
svchost.pdb
\PIPE\
\PIPE\
Software\Microsoft\Windows NT\CurrentVersion\Svchost
Software\Microsoft\Windows NT\CurrentVersion\Svchost
\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\
\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\
5.1.2600.5512 (xpsp.080413-2111)
5.1.2600.5512 (xpsp.080413-2111)
svchost.exe
svchost.exe
Windows
Windows
Operating System
Operating System
5.1.2600.5512
5.1.2600.5512