GenericEmailWorm.YR (Lavasoft MAS)Behaviour: Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: d1b67949929ac3d4f6d50720a1759012
SHA1: 7ce80262d54193186f908206efbafa098ae740ee
SHA256: 517de8266b2bf936f5966b269df7050e5aa8e9dcd3aab47b1aa886acb5d2ae49
SSDeep: 98304:jahVFk1Pr3EnKInR1S/VEKY2jA0CqTDk4h7W 78I6/O3xYeSOwqDNgUxqS7w2nxc:wzktFyRUVEKY2juUNMt/O3bRB/dZ
Size: 6606311 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UnknownSFXArchiveIDSKA32, BorlandDelphi30, UPolyXv05_v6
Company: no certificate found
Created at: 1992-06-20 01:22:17
Analyzed on: Windows7Ada SP1 64-bit
Summary: Worm. A program that is primarily replicating on networks or removable drives.
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| EmailWorm | Worm can send e-mails. |
Process activity
The Worm creates the following process(es):
TPAutoConnSvc.exe:1776
flash.exe:1596
%original file name%.exe:1868
The Great Lake.exe:1188
regsvr32.exe:3680
wallpaper.exe:3756
is-GCI02.tmp:3728
The Worm injects its code into the following process(es):
swfplayer.exe:2352
swfplayer.exe:2312
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process flash.exe:1596 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\Flash9b.ocx (43265 bytes)
The process %original file name%.exe:1868 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-SFJRC.tmp\is-GCI02.tmp (1405 bytes)
The process The Great Lake.exe:1188 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\info.ini (998 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\flash.exe (350 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\product_preview (1523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\sysinfo.exe (151 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\splash (31 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\swfplayer.exe (1277 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper_tray.ico (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\product (1523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\product.ico (1764 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\settings.jpg (980 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper.dll (57 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\empty (31 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\settings (1921 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\enable_product_sound (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\text_en.ini (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\disable_product_sound (2 bytes)
C:\Windows\SysWOW64\Flash9b.ocx (522 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper_loader (549 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper.exe (196 bytes)
The process regsvr32.exe:3680 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Windows\SysWOW64\Flash9b.ocx (146 bytes)
The process wallpaper.exe:3756 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper.dll (57 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\swfplayer.exe (49 bytes)
The process is-GCI02.tmp:3728 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EleFun Desktops\Animated Wallpapers\The Great Lake\Uninstall The Great Lake.lnk (2 bytes)
%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\is-G59LQ.tmp (40 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Desktop Membership.url (198 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EleFun Desktops\Animated Wallpapers\The Great Lake\New Products.url (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-QNRQU.tmp\_isetup\_shfoldr.dll (47 bytes)
%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\is-UEHRE.tmp (6912 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-QNRQU.tmp\_isetup\_setup64.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Wallpaper The Great Lake.lnk (1 bytes)
%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\unins000.dat (2508 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EleFun Desktops\Animated Wallpapers\The Great Lake\News Archive.url (171 bytes)
%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\unins000.exe (712 bytes)
%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\is-S9MP4.tmp (53570 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EleFun Desktops\Animated Wallpapers\The Great Lake\Run The Great Lake.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EleFun Desktops\Animated Wallpapers\The Great Lake\Desktop Membership.url (198 bytes)
%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\The Great Lake.exe (1018 bytes)
%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\is-J2JEG.tmp (40 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Site EleFun Desktops.url (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-QNRQU.tmp\_isetup\_RegDLL.tmp (3 bytes)
Registry activity
The process TPAutoConnSvc.exe:1776 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]
"TrayData" = "2,Tray 3, 3,Tray 2, 1,Tray 1, 4,Manual Feed, 7,Auto Select"
"FormData" = "1,2159,2794,Letter¶40,40,2086,2712, 5,2159,3556,Legal¶40,40,2086,3474, 9,2100,2970,A4¶39,39,2032,2890, 7,1842,2667,Executive¶40,40,1761,2585, 258,2159,3302,8.5 x 13 (custom)¶40,40,2086,3220, 11,1480,2100,A5¶39,39,1408,2020, 70,1050,1480,A6¶39,39,975,1399, 13,1820,2570,B5 (JIS)¶39,39,1747,2490, 264,1950,2700,16K 195x270¶39,39,1882,2620, 263,1840,2600,16K 184x260¶39,39,1761,2520, 257,1970,2730,16K 197x273¶39,39,1896,2650, 43,1000,1480,Japanese Postcard¶39,39,921,1399, 82,1480,2000,Double Japan Postcard Rotated¶39,39,1408,1919, 20,1046,2413,Envelope #10¶40,40,975,2331, 37,983,1905,Envelope Monarch¶40,40,907,1823, 34,1760,2500,Envelope B5¶39,39,1693,2420, 28,1620,2290,Envelope C5¶39,39,1544,2209, 27,1100,2200,Envelope DL¶39,39,1029,2120"
"DelAfterCreate" = "1"
[HKU\.DEFAULT\Printers\DevModes2]
"NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1" = "4E 00 50 00 49 00 34 00 35 00 36 00 41 00 42 00"
The Worm deletes the following registry key(s):
[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]
The process swfplayer.exe:2352 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\EleFun Multimedia\swfplayer\V1.0\Settings]
"crc" = "F0 F8 89 62 E7 83 A0 0E 28 20 20 0A DE C4 C5 46"
"Options" = "12 00 00 00 45 00 6C 00 65 00 66 00 75 00 6E 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
"AutoDetect" = "1"
[HKCU\Software\EleFun Desktops\The Great Lake Wallpaper]
"language_index" = "0"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process swfplayer.exe:2312 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process The Great Lake.exe:1188 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\EleFun Desktops]
"SystemFolder" = "C:\Windows\system32"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process regsvr32.exe:3680 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
"(Default)" = "0"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
"(Default)" = "C:\Windows\SysWow64\Flash9b.ocx"
[HKCR\MIME\Database\Content Type\application/futuresplash]
"Extension" = ".spl"
[HKCR\FlashProp.FlashProp.1]
"(Default)" = "FlashProp Class"
[HKCR\MacromediaFlashPaper.MacromediaFlashPaper]
"(Default)" = "Macromedia Flash Paper"
[HKCR\ShockwaveFlash.ShockwaveFlash]
"(Default)" = "Shockwave Flash Object"
[HKCR\Wow6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib]
"Version" = "1.0"
[HKLM\SOFTWARE\Wow6432Node\Macromedia\FlashPlayer\SafeVersions]
"8.0" = "33"
[HKCR\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\ShockwaveFlash.ShockwaveFlash\CurVer]
"(Default)" = "ShockwaveFlash.ShockwaveFlash.9"
[HKCR\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}]
"(Default)" = "IShockwaveFlash"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
"(Default)" = "Macromedia Flash Factory Object"
[HKCR\ShockwaveFlash.ShockwaveFlash.1]
"(Default)" = "Shockwave Flash Object"
[HKCR\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\Wow6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib]
"(Default)" = "{D27CDB6B-AE6D-11CF-96B8-444553540000}"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
"(Default)" = "1.0"
[HKCR\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCR\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR]
"(Default)" = "C:\Windows\SysWow64\"
[HKCR\MacromediaFlashPaper.MacromediaFlashPaper\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
"(Default)" = "1.0"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
"(Default)" = "{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKCR\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\FLAGS]
"(Default)" = "0"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
"(Default)" = "131473"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
"(Default)" = "ShockwaveFlash.ShockwaveFlash"
[HKCR\Wow6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib]
"(Default)" = "{D27CDB6B-AE6D-11CF-96B8-444553540000}"
[HKLM\SOFTWARE\Wow6432Node\Macromedia\FlashPlayer\SafeVersions]
"9.0" = "28"
[HKCR\MIME\Database\Content Type\application/x-shockwave-flash]
"CLSID" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\FlashFactory.FlashFactory.1]
"(Default)" = "Macromedia Flash Factory Object"
[HKCR\ShockwaveFlash.ShockwaveFlash.8]
"(Default)" = "Shockwave Flash Object"
[HKCR\FlashFactory.FlashFactory\CurVer]
"(Default)" = "FlashFactory.FlashFactory.1"
[HKCR\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
"(Default)" = "C:\Windows\SysWow64\Flash9b.ocx"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
"(Default)" = "C:\Windows\SysWow64\Flash9b.ocx"
[HKCR\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib]
"(Default)" = "{D27CDB6B-AE6D-11CF-96B8-444553540000}"
[HKCR\.mfp]
"(Default)" = "MacromediaFlashPaper.MacromediaFlashPaper"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\FlashProp.FlashProp.1\CLSID]
"(Default)" = "{1171A62F-05D2-11D1-83FC-00A0C9089C5A}"
[HKCR\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
"(Default)" = "Shockwave Flash"
[HKCR\.spl]
"Content Type" = "application/futuresplash"
[HKCR\FlashProp.FlashProp]
"(Default)" = "FlashProp Class"
[HKCR\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\0\win32]
"(Default)" = "C:\Windows\SysWow64\Flash9b.ocx"
[HKCR\Wow6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}]
"(Default)" = "IShockwaveFlash"
[HKCR\.swf]
"Content Type" = "application/x-shockwave-flash"
[HKCR\FlashFactory.FlashFactory.1\CLSID]
"(Default)" = "{D27CDB70-AE6D-11cf-96B8-444553540000}"
[HKLM\SOFTWARE\Wow6432Node\Macromedia\FlashPlayer\SafeVersions]
"6.0" = "88"
[HKCR\ShockwaveFlash.ShockwaveFlash.8\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
"(Default)" = "FlashFactory.FlashFactory.1"
[HKCR\ShockwaveFlash.ShockwaveFlash.6]
"(Default)" = "Shockwave Flash Object"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
"(Default)" = "C:\Windows\SysWow64\Flash9b.ocx, 1"
[HKCR\Wow6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"
[HKCR\ShockwaveFlash.ShockwaveFlash.3]
"(Default)" = "Shockwave Flash Object"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
"ThreadingModel" = "Apartment"
[HKCR\ShockwaveFlash.ShockwaveFlash.7]
"(Default)" = "Shockwave Flash Object"
[HKCR\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib]
"Version" = "1.0"
[HKCR\Wow6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}]
"(Default)" = "_IShockwaveFlashEvents"
[HKCR\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib]
"Version" = "1.0"
[HKCR\FlashFactory.FlashFactory]
"(Default)" = "Macromedia Flash Factory Object"
[HKCR\ShockwaveFlash.ShockwaveFlash.5]
"(Default)" = "Shockwave Flash Object"
[HKCR\ShockwaveFlash.ShockwaveFlash.7\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
"(Default)" = "C:\Windows\SysWow64\Flash9b.ocx, 1"
[HKCR\ShockwaveFlash.ShockwaveFlash.9]
"(Default)" = "Shockwave Flash Object"
[HKCR\ShockwaveFlash.ShockwaveFlash.4\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\ShockwaveFlash.ShockwaveFlash\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\.sol]
"Content Type" = "text/plain"
[HKCR\Wow6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib]
"Version" = "1.0"
[HKCR\MIME\Database\Content Type\application/x-shockwave-flash]
"Extension" = ".swf"
[HKCR\.sor]
"Content Type" = "text/plain"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
"(Default)" = "{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
"(Default)" = "Shockwave Flash Object"
[HKLM\SOFTWARE\Wow6432Node\Macromedia\FlashPlayer\SafeVersions]
"7.0" = "65"
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
"(Default)" = "ShockwaveFlash.ShockwaveFlash.9"
[HKCR\FlashProp.FlashProp\CurVer]
"(Default)" = "FlashProp.FlashProp.1"
[HKCR\MIME\Database\Content Type\application/futuresplash]
"CLSID" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\.swf]
"(Default)" = "ShockwaveFlash.ShockwaveFlash"
[HKCR\.spl]
"(Default)" = "ShockwaveFlash.ShockwaveFlash"
[HKCR\Wow6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\ShockwaveFlash.ShockwaveFlash.6\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\ShockwaveFlash.ShockwaveFlash.4]
"(Default)" = "Shockwave Flash Object"
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
"(Default)" = "FlashFactory.FlashFactory"
[HKCR\.mfp]
"Content Type" = "application/x-shockwave-flash"
[HKCR\ShockwaveFlash.ShockwaveFlash.5\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\ShockwaveFlash.ShockwaveFlash.1\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib]
"(Default)" = "{D27CDB6B-AE6D-11CF-96B8-444553540000}"
[HKCR\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}]
"(Default)" = "_IShockwaveFlashEvents"
[HKCR\ShockwaveFlash.ShockwaveFlash.3\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\FlashFactory.FlashFactory\CLSID]
"(Default)" = "{D27CDB70-AE6D-11cf-96B8-444553540000}"
[HKCR\ShockwaveFlash.ShockwaveFlash.9\CLSID]
"(Default)" = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"
[HKCR\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
"(Default)" = "FlashProp Class"
The Worm deletes the following registry key(s):
[HKCR\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
[HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
The process wallpaper.exe:3756 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\EleFun Desktops\Wallpaper Player]
"WindowHandle" = "16 03 0D 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"
To automatically run itself each time Windows is booted, the Worm adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Amazing3DAquariumWallpaper" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"EleFunAnimatedWallpaper" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper.exe STARTUP"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
The process is-GCI02.tmp:3728 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ENW3139F-4DD5-81C6-2F0E-624AC34560110}_is1]
"Inno Setup: Selected Tasks" = "desktopicon"
"Inno Setup: App Path" = "%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake"
"Inno Setup: Icon Group" = "EleFun Desktops\Animated Wallpapers\The Great Lake"
"UninstallString" = "%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\unins000.exe"
"DisplayName" = "The Great Lake"
"Inno Setup: Setup Version" = "5.1.13"
"URLInfoAbout" = "http://www.elefun-desktops.com"
"URLUpdateInfo" = "http://www.elefun-desktops.com"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ENW3139F-4DD5-81C6-2F0E-624AC34560110}_is1]
"Publisher" = "EleFun Desktops"
"Inno Setup: User" = "%CurrentUserName%"
"Inno Setup: Deselected Tasks" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{17FE9752-0B5A-4665-84CD-569794602F5C} {7F9185B0-CB92-43C5-80A9-92277A4F7B54} 0xFFFF" = "01 00 00 00 00 00 00 00 D4 69 5D 03 76 1A D0 01"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ENW3139F-4DD5-81C6-2F0E-624AC34560110}_is1]
"NoModify" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ENW3139F-4DD5-81C6-2F0E-624AC34560110}_is1]
"HelpLink" = "http://www.elefun-desktops.com"
"InstallLocation" = "%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\"
"QuietUninstallString" = "%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\unins000.exe /SILENT"
"InstallDate" = "20141218"
"NoRepair" = "1"
[HKLM\SOFTWARE\Wow6432Node\EleFun Desktops\The Great Lake Wallpaper]
"language_index" = "0"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
Dropped PE files
| MD5 | File path |
|---|---|
| 72920973b2c9301b47ba26b18501e102 | c:\Program Files (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\The Great Lake.exe |
| dc27867907109d2edd4b04f7db802c33 | c:\Program Files (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\unins000.exe |
| f3b3ee66ca76c94510555abe9d00a353 | c:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\Flash9b.ocx |
| 2520208faed1e76583d71361e676eb0e | c:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\flash.exe |
| 0933cc89f5ecb3e2b424d5e012bf94c9 | c:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\swfplayer.exe |
| e7426a129d335389add77aa35c32296b | c:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\sysinfo.exe |
| e7ba14c4aacece99765276b1be9c7e2e | c:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper.dll |
| cbdb39d8fe2e6d09291c891edb9295c7 | c:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper.exe |
| f3b3ee66ca76c94510555abe9d00a353 | c:\Windows\SysWOW64\Flash9b.ocx |
| f3b3ee66ca76c94510555abe9d00a353 | c:\Windows\System32\Flash9b.ocx |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
TPAutoConnSvc.exe:1776
flash.exe:1596
%original file name%.exe:1868
The Great Lake.exe:1188
regsvr32.exe:3680
wallpaper.exe:3756
is-GCI02.tmp:3728 - Delete the original Worm file.
- Delete or disinfect the following files created/modified by the Worm:
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\Flash9b.ocx (43265 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-SFJRC.tmp\is-GCI02.tmp (1405 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\info.ini (998 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\flash.exe (350 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\product_preview (1523 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\sysinfo.exe (151 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\splash (31 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\swfplayer.exe (1277 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper_tray.ico (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\product.ico (1764 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\settings.jpg (980 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper.dll (57 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\empty (31 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\enable_product_sound (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\text_en.ini (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\disable_product_sound (2 bytes)
C:\Windows\SysWOW64\Flash9b.ocx (522 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper_loader (549 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper.exe (196 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EleFun Desktops\Animated Wallpapers\The Great Lake\Uninstall The Great Lake.lnk (2 bytes)
%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\is-G59LQ.tmp (40 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Desktop Membership.url (198 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EleFun Desktops\Animated Wallpapers\The Great Lake\New Products.url (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-QNRQU.tmp\_isetup\_shfoldr.dll (47 bytes)
%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\is-UEHRE.tmp (6912 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-QNRQU.tmp\_isetup\_setup64.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Wallpaper The Great Lake.lnk (1 bytes)
%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\unins000.dat (2508 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EleFun Desktops\Animated Wallpapers\The Great Lake\News Archive.url (171 bytes)
%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\unins000.exe (712 bytes)
%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\is-S9MP4.tmp (53570 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EleFun Desktops\Animated Wallpapers\The Great Lake\Run The Great Lake.lnk (1 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EleFun Desktops\Animated Wallpapers\The Great Lake\Desktop Membership.url (198 bytes)
%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\The Great Lake.exe (1018 bytes)
%Program Files% (x86)\EleFun Desktops\Animated Wallpapers\The Great Lake\is-J2JEG.tmp (40 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Site EleFun Desktops.url (166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-QNRQU.tmp\_isetup\_RegDLL.tmp (3 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Amazing3DAquariumWallpaper" = ""
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"EleFunAnimatedWallpaper" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper.exe STARTUP" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: EleFun Desktops
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description: The Great Lake - Full Version Setup
Comments: This installation was built with Inno Setup.
Language: English (United States)
Company Name: EleFun Desktops Product Name: Product Version: Legal Copyright: Legal Trademarks: Original Filename: Internal Name: File Version: File Description: The Great Lake - Full Version Setup Comments: This installation was built with Inno Setup.Language: English (United States)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| CODE | 4096 | 36848 | 36864 | 4.56726 | 083e077c314dfe6832fadef9f8dbac29 |
| DATA | 40960 | 584 | 1024 | 1.88293 | 7b967885fdd6cf034d6bbacee6d60fd9 |
| BSS | 45056 | 3640 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .idata | 49152 | 2384 | 2560 | 3.07153 | bd5bdc394dd9459844ea032b48349bc1 |
| .tls | 53248 | 8 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .rdata | 57344 | 24 | 512 | 0.138011 | d293bf8d4ebe9826d58e1d27c25fe4b6 |
| .reloc | 61440 | 2216 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .rsrc | 65536 | 36832 | 36864 | 3.24144 | fcf6131b8c7c983259e977d89c2d42a2 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://elefun-desktops.com/installs/The Great Lake_wallpaper_full | |
| hxxp://elefun-desktops.com/offers-show-1227196368/Membership | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/javascript.js | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/style-sheet.css | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/spacer.gif | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/top_h1_header_right.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/logo.jpg | |
| hxxp://pagead46.l.doubleclick.net/pagead/show_ads.js | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/BGEleFunDesktops.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/ButtonMembershipEnter.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/top2_bg_right.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/top2_bg.jpg | |
| hxxp://www.google.com/coop/cse/brand?form=cse-search-box&lang=en | 173.194.113.212 |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/IconScreensavers.jpg | |
| hxxp://www.google.com/fusion/add.gif | 173.194.113.212 |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/IconWallpapers.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandBlueTitleLeft.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/IconSmall0.jpg | |
| hxxp://elefun-desktops.com/sys_data/img/products/ad_Pharaohs_Gallery.jpg | |
| hxxp://elefun-desktops.com/sys_data/img/products/ad_Night_of_Reflections.jpg | |
| hxxp://elefun-desktops.com/sys_data/img/products/ss_Underwater_Clock.jpg | |
| hxxp://a943.g.akamai.net/us.yimg.com/i/us/my/addtomyyahoo4.gif | |
| hxxp://elefun-desktops.com/sys_data/img/products/ss_Babylon_Gates.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/IconSmall1.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandGreenTitleLeft.jpg | |
| hxxp://www-google-analytics.l.google.com/ga.js | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/IconSmallWallpaper.gif | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/IconSmallScreensaver.gif | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandOrangeTitleLeft.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/BGbodytop.jpg | |
| hxxp://elefun-desktops.com/modules/promo/tmpl/default/images/screen_small_en.jpg | |
| hxxp://elefun-desktops.com/modules/promo/tmpl/default/images/Untitled-1_03.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandarchive.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/ButtonSubscribeLHOk.jpg | |
| hxxp://www-google-analytics.l.google.com/r/__utm.gif?utmwv=5.6.1&utms=1&utmn=644796950&utmhn=www.elefun-desktops.com&utmcs=utf-8&utmsr=1716x901&utmvp=1716x804&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=EleFun Desktops: free Animated Wallpapers, Animated Screensavers, 3D desktop themes&utmhid=1608851308&utmr=-&utmp=/offers-show-1227196368/Membership&utmht=1418874740907&utmac=UA-927919-3&utmcc=__utma=1.668409717.1418874741.1418874741.1418874741.1;+__utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1343724813&utmredir=1&utmu=DhAAAAAAAAAAAAAAAAAAAAAE~ | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/BGmembershiplogin.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/top_h1_header_left.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/top1_bg.jpg | |
| hxxp://pagead46.l.doubleclick.net/pagead/js/r20141209/r20141212/show_ads_impl.js | |
| hxxp://www.google.com/cse/intl/en/images/google_custom_search_watermark.gif | 173.194.113.212 |
| hxxp://www.gstatic.com/pub-config/ca-pub-0884532287246801.js | 173.194.113.223 |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandBlueTitleRight.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandGreenTitleRight.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/BGGrayMenu.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandOrangeTitleRight.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandtitle.jpg | |
| hxxp://counter.yadro.ru/hit?t26.1;r;s1716*901*24;uhttp://www.elefun-desktops.com/offers-show-1227196368/Membership;i??EleFun Desktops: free Animated Wallpapers, Animated Screensavers, 3D desktop the;0.1374597159806235 | 88.212.196.104 |
| hxxp://pagead46.l.doubleclick.net/pagead/html/r20141209/r20141212/zrt_lookup.html | |
| hxxp://counter.yadro.ru/hit?q;t26.1;r;s1716*901*24;uhttp://www.elefun-desktops.com/offers-show-1227196368/Membership;i??EleFun Desktops: free Animated Wallpapers, Animated Screensavers, 3D desktop the;0.1374597159806235 | 88.212.196.104 |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/bgDownloadProductList.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/bgInfoProductList.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/bgOrderProductList.jpg | |
| hxxp://elefun-desktops.com/modules/general/tmpl/default/images/bottom.jpg | |
| hxxp://pagead46.l.doubleclick.net/pagead/osd.js | |
| hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-0884532287246801&output=html&h=90&slotname=7839509899&adk=2506318246&w=728&lmt=1418874541&flash=0&url=http://www.elefun-desktops.com/offers-show-1227196368/Membership&dt=1418874740945&bpp=22&bdt=735&shv=r20141209&cbv=r20141212&saldr=sa&correlator=2660386479433&frm=20&ga_vid=2104447498.1418874741&ga_sid=1418874741&ga_hid=1608851308&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=10&adx=486&ady=187&biw=1700&bih=804&eid=317150304&oid=3&rx=0&eae=0&fc=8&docm=10&brdim=0,53,-4,-4,1716,,1724,865,1716,804&vis=1&abl=CS&ppjl=u&srr=1&fu=0&bc=1&ifi=1&xpc=qLRz9rAmJn&p=http://www.elefun-desktops.com&dtd=225 | |
| hxxp://pagead46.l.doubleclick.net/pagead/js/r20141209/r20141212/expansion_embed.js | |
| hxxp://pagead46.l.doubleclick.net/simgad/3083507136474604452 | |
| hxxp://pagead46.l.doubleclick.net/pagead/js/r20141209/r20110914/abg.js | |
| hxxp://pagead46.l.doubleclick.net/pagead/images/ad_choices_i.png | |
| hxxp://pagead46.l.doubleclick.net/pagead/images/ad_choices_en.png | |
| hxxp://pagead46.l.doubleclick.net/pagead/drt/s?v=r20120211 | |
| hxxp://pagead46.l.doubleclick.net/bg/As1rs6ZBldneBCLw2AxLEKkOIlt-mIA122l0HUMtT-g.js | |
| hxxp://elefun-desktops.com/favicon.ico | |
| hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f86c1d729ad77f65 | |
| hxxp://e6845.ce.akamaiedge.net/crls/secureca.crl | |
| hxxp://pagead46.l.doubleclick.net/activeview?id=osdim&avi=BGstodU-SVP6lDcKtigbMuICIBgCdh8uo1wEAABABOAHIAQLIA8EEoAYCqBOAAQ&ti=1&adk=2506318246&p=187,486,277,1214&tos=1211,0,0,0,0&mtos=1211,1211,1211,1211,1211&rs=1&ht=0&tfs=238&tls=1449&fp=client=ca-pub-0884532287246801&url=http%3A%2F%2Fwww.elefun-desktops.com%2Foffers-show-1227196368%2FMembership&correlator=2660386479433&eid=317150304&oid=3&afp=&output=html&slotname=7839509899&flash=0&dt=1418874740945&adx=486&ady=187&ifi=1&tdl=487&abd=2-0-4&r=u&bs=1700,804&bos=1724,865&ps=1716,1474&ss=1716,901&tt=1012&pt=440&deb=1-1-1-5-6-5&tvt=1214&iframe_loc=http://www.elefun-desktops.com/offers-show-1227196368/Membership&is=728,90&uc=4 | |
| hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== | |
| hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAWXeLAc38Ey | |
| hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHj3S83xBK9k | |
| hxxp://a1363.g.akamai.net/pki/crl/products/microsoftrootcert.crl | |
| hxxp://a1363.g.akamai.net/pki/crl/products/WinPCA.crl | |
| hxxp://a1363.g.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl | |
| hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b00cc72c3b8bcef8 | |
| hxxp://gs1.wac.v2cdn.net/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnqkc= | |
| hxxp://hostedocsp.globalsign.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | |
| hxxp://e6845.ce.akamaiedge.net/pca3.crl | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= | |
| hxxp://a1363.g.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | |
| hxxp://www.elefun-desktops.com/sys_data/img/products/ss_Underwater_Clock.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/bgInfoProductList.jpg | 37.195.64.159 |
| hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?b00cc72c3b8bcef8 | 88.221.132.207 |
| hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f86c1d729ad77f65 | 88.221.132.207 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandarchive.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/favicon.ico | 37.195.64.159 |
| hxxp://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211 | 173.194.113.218 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/BGmembershiplogin.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/BGbodytop.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandOrangeTitleLeft.jpg | 37.195.64.159 |
| hxxp://www.google-analytics.com/ga.js | 173.194.113.201 |
| hxxp://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68= | 108.162.232.198 |
| hxxp://www.elefun-desktops.com/sys_data/img/products/ad_Night_of_Reflections.jpg | 37.195.64.159 |
| hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHj3S83xBK9k | 173.194.113.192 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/BGGrayMenu.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandGreenTitleRight.jpg | 37.195.64.159 |
| hxxp://pagead2.googlesyndication.com/pagead/osd.js | 173.194.113.217 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/spacer.gif | 37.195.64.159 |
| hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAWXeLAc38Ey | 173.194.113.192 |
| hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0884532287246801&output=html&h=90&slotname=7839509899&adk=2506318246&w=728&lmt=1418874541&flash=0&url=http://www.elefun-desktops.com/offers-show-1227196368/Membership&dt=1418874740945&bpp=22&bdt=735&shv=r20141209&cbv=r20141212&saldr=sa&correlator=2660386479433&frm=20&ga_vid=2104447498.1418874741&ga_sid=1418874741&ga_hid=1608851308&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=10&adx=486&ady=187&biw=1700&bih=804&eid=317150304&oid=3&rx=0&eae=0&fc=8&docm=10&brdim=0,53,-4,-4,1716,,1724,865,1716,804&vis=1&abl=CS&ppjl=u&srr=1&fu=0&bc=1&ifi=1&xpc=qLRz9rAmJn&p=http://www.elefun-desktops.com&dtd=225 | 173.194.113.218 |
| hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl | 88.221.132.175 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandBlueTitleLeft.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/bgOrderProductList.jpg | 37.195.64.159 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | 23.43.139.27 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/IconSmallWallpaper.gif | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/BGEleFunDesktops.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/ButtonSubscribeLHOk.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/top_h1_header_left.jpg | 37.195.64.159 |
| hxxp://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png | 173.194.113.217 |
| hxxp://www.elefun-desktops.com/sys_data/img/products/ss_Babylon_Gates.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandtitle.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/IconWallpapers.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/bottom.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandOrangeTitleRight.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/installs/The Great Lake_wallpaper_full | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/sys_data/img/products/ad_Pharaohs_Gallery.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/top1_bg.jpg | 37.195.64.159 |
| hxxp://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo4.gif | 88.221.132.161 |
| hxxp://www.elefun-desktops.com/modules/promo/tmpl/default/images/Untitled-1_03.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/bgDownloadProductList.jpg | 37.195.64.159 |
| hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl | 88.221.132.175 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/javascript.js | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/top2_bg.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/promo/tmpl/default/images/screen_small_en.jpg | 37.195.64.159 |
| hxxp://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png | 173.194.113.217 |
| hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== | 23.43.139.27 |
| hxxp://pagead2.googlesyndication.com/pagead/show_ads.js | 173.194.113.217 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/IconSmallScreensaver.gif | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandGreenTitleLeft.jpg | 37.195.64.159 |
| hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl | 88.221.132.175 |
| hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl | 88.221.132.175 |
| hxxp://pagead2.googlesyndication.com/pagead/js/r20141209/r20141212/expansion_embed.js | 173.194.113.217 |
| hxxp://pagead2.googlesyndication.com/pagead/js/r20141209/r20110914/abg.js | 173.194.113.217 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/IconSmall0.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/BGlefthandBlueTitleRight.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/IconScreensavers.jpg | 37.195.64.159 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= | 23.43.139.27 |
| hxxp://pagead2.googlesyndication.com/pagead/js/r20141209/r20141212/show_ads_impl.js | 173.194.113.217 |
| hxxp://crl.geotrust.com/crls/secureca.crl | 23.43.133.163 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/ButtonMembershipEnter.jpg | 37.195.64.159 |
| hxxp://pagead2.googlesyndication.com/simgad/3083507136474604452 | 173.194.113.217 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | 23.43.139.27 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/IconSmall1.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/top_h1_header_right.jpg | 37.195.64.159 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/logo.jpg | 37.195.64.159 |
| hxxp://pagead2.googlesyndication.com/bg/As1rs6ZBldneBCLw2AxLEKkOIlt-mIA122l0HUMtT-g.js | 173.194.113.217 |
| hxxp://crl.verisign.com/pca3.crl | 23.43.133.163 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/style-sheet.css | 37.195.64.159 |
| hxxp://ocsp.omniroot.com/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnqkc= | 93.184.220.20 |
| hxxp://googleads.g.doubleclick.net/pagead/html/r20141209/r20141212/zrt_lookup.html | 173.194.113.218 |
| hxxp://buttons.googlesyndication.com/fusion/add.gif | 173.194.113.210 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= | 23.43.139.27 |
| hxxp://www.elefun-desktops.com/modules/general/tmpl/default/images/top2_bg_right.jpg | 37.195.64.159 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | 23.43.139.27 |
| hxxp://www.google-analytics.com/r/__utm.gif?utmwv=5.6.1&utms=1&utmn=644796950&utmhn=www.elefun-desktops.com&utmcs=utf-8&utmsr=1716x901&utmvp=1716x804&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=EleFun Desktops: free Animated Wallpapers, Animated Screensavers, 3D desktop themes&utmhid=1608851308&utmr=-&utmp=/offers-show-1227196368/Membership&utmht=1418874740907&utmac=UA-927919-3&utmcc=__utma=1.668409717.1418874741.1418874741.1418874741.1;+__utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1343724813&utmredir=1&utmu=DhAAAAAAAAAAAAAAAAAAAAAE~ | 173.194.113.201 |
| hxxp://www.elefun-desktops.com/offers-show-1227196368/Membership | 37.195.64.159 |
| ieonline.microsoft.com | 204.79.197.200 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnqkc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.omniroot.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/ocsp-response
Date: Thu, 18 Dec 2014 03:53:21 GMT
Last-Modified: Tue, 16 Dec 2014 18:51:02 GMT
Server: ECS (ams/D1C2)
X-Cache: HIT
Content-Length: 1406
0..z......s0..o.. .....0.....`0..\0......`;.l.uZ..k.F..^|A.Tb..20141216094607Z0g0e0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M....'.G....20141203203011Z....20150303203511Z0...*.H...............n...(F.....Wq;......w.e.I~5.,...(.....wmn.L......@..A...[..7.Z.@...bwN2%$R2.......0..B..&TKa.S...P..D.&g.~,Y.(e...5...-e......&...P.@..Z..3.......C.@K.=.6..1...q7..Z.%....5..3.XPAG...{..Lk..\H...DI.. ..<. ..`.!....I..0..C.}~....;'VI..J.p....SN.(.....$E=z....0...0...0...........'..0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....CyberTrust1"0 ..U....Baltimore CyberTrust Root0...140122184236Z..150122184140Z0G1.0...U....US1.0...U....Cybertrust1#0!..U....Cybertrust-Validation-20110.."0...*.H.............0.........?....(Fb....G... ..=..(L..wK...04..I......C...1.Z......U.$b.f..Pa.....S...#..B.........^T..IP8..........h8GM..*.4.MP..../D4n.=ZTeH.B=kOT.v..2@F.2L..A...yn.4......fP...L...2.x....$..@@....q2...Uby.e......D....lf...C....ZP}O......7...mM..c.g..j.\.>.O....G.A........0..0... .....0......0...U.......0.0...U...........0...U.%..0... .......0...U.#..0.....Y0.GX....T6.{:..M.0...U......`;.l.uZ..k.F..^|A.Tb0...*.H.............. .p.)...09W..Z.......]....}.:..Vr.....c..U..:V^.O.....<...b*5.c.\.fF./....5'.>./ iS..R0..)..*.!..q.h.T..ul.}&.......`.1".~.U....rB.BR.s..x..o..Y.......).4:.[.9.=....x...'.f..\ kC......@I....G:J!.hRH..!z2DtL.s2.r.....Yi~..E..AzO..i.."N.$j...b...o..i."{(3....
<<< skipped >>>
GET /modules/general/tmpl/default/images/top_h1_header_right.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c0686-24f-4e321e9e47c10"
Accept-Ranges: bytes
Content-Length: 591
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d...................................................................................................................................................;.............`.................................................................!..1Q..A2$...............................?..N...]..&.q....g..*&C...7.....{...u......P..)......KB.bF 1.......>...~....M.4\..m[....a...t.H%r......`f..$..j...Zk.d..2.,_......d'%v.....!....6U/n.[...[p.B.........6.d.$.$....FC.8 .....2.x.3~.m>.".V..q.R.!f..{.. ...9\.=@F..9.k...5.[.^.E3..........(..........`0.......`.......
GET /modules/general/tmpl/default/images/ButtonMembershipEnter.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c068e-45c-4e321e9dad368"
Accept-Ranges: bytes
Content-Length: 1116
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d...................................................................................................................................................P........................................................................................!Q...1A.."R.a$.q.23..C....................!..b#..1Qa...q.."............?..u)).N..s...@...........s{.h.9..4........o...f...].....Q.u........)8.....~.............D9.3]#.O...=..2...D%...4..--..HuD...T../M.>....t.F,.fD..[ql...H%a...Z...p..m...);j..$...Fbdj..\...B..RJ.I.0.B.f..F..,~?Kmq.C..i.Z.u......d[..7..J...r.%.O..5: ..m.G.'Q..!..!.....),g...v..4.#...M).u.EZl..S..c....).Q\SO...-'....U.R.....Q]..k..qN....n/.XRRT..6...,q8..@W.._.......x.tNaq.......L..i-f.....\K............&4...rK.....[}._.uSdq u.h2..XCW%I.~..E.H..0.o....cVq...vU._.6..wT.C7B.j;.,es.d!..<d..F...L`.>.'e.x..-.mQ4...K......X....7cOS.. .....e..sd....oe....jt..t ^.....jd)..u...J.Y.B..I8.*.ID:a....}qN....._.P#.s30.......R..!Y.f....H..U.[.c....1.i....n..l........L.Lb.AoL}.G...[.1[ ..>.#..S-....[..v..|....V.-...H..T.t. dI...\Z?..;..........uV....4..<_..N..;;.#c......
GET /modules/general/tmpl/default/images/IconScreensavers.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c067d-342-4e321e9df01b8"
Accept-Ranges: bytes
Content-Length: 834
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................0.&.......................................................................................!AQ..1a."2.q....b..#........................!1A.Q".#..............?....P..@(.........(. ......<Z..)k!(H%J=.......... z.Hq..........R.#.....1....V.)...~..... ....mN......1r...-)..n. )R.V[ .V...W..0_...Z....?.9L....0....Z...(.3..u.......Jn8(.....%..y..4:#.t.KK..........Y.....E.X....4...r..rl.]........yf...[7...O..sT.&..>..W.t...S...0.Fj..c`..q.C..Z.g......j..9....x.<...<......i.~..K...K..W..}.mc.B..'.MMJ.....j..n.y.-......a.P.|.m...........n?.q.............0.._3...o....\..dOI:...r.i..HS.Z[-.......{.*.4.........m............qy.ow\G.V.J....P..@.......
GET /sys_data/img/products/ss_Babylon_Gates.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 06 Aug 2013 05:41:37 GMT
ETag: "1c6fc9-9dd2-4e340e0e5c001"
Accept-Ranges: bytes
Content-Length: 40402
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......Exif..II*.................Ducky.......<......hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A7A8F52DFE5A11E2B4C4982BD49F65B2" xmpMM:InstanceID="xmp.iid:A7A8F52CFE5A11E2B4C4982BD49F65B2" xmp:CreatorTool="Adobe Photoshop CS6 Windows"> <xmpMM:DerivedFrom stRef:instanceID="A88E2EAC41344369BE6D720E0D0D7438" stRef:documentID="A88E2EAC41344369BE6D720E0D0D7438"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...&Adobe.d...............#...8...at..................................................................................................................................................[........................................................................................ .!1.0".@A2#3.PB4$.....................!.1A.Qaq"2.......BRb...r#3. 0..C.....@S.$4.................!.0.@..1 `aPp.."Q....................!1A.Qaq. .......0.@.................vOeP*.t.jG.t..4g....,...^.....k...H@@HHJ$$u..."j..=4L.e.{C...=../T.Oi..$(..n ...s......l.zU..>.g..Z>..u..C.~...7..z3.x<..S..e.0.M1...Y..<...eK.j.#....H1..............xx.l.5..$....X..g
<<< skipped >>>
GET /modules/general/tmpl/default/images/BGlefthandtitle.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
Cookie: __utma=1.668409717.1418874741.1418874741.1418874741.1; __utmb=1.1.10.1418874741; __utmc=1; __utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c0674-231-4e321e9dcea90"
Accept-Ranges: bytes
Content-Length: 561
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................................i......................................................................S1....!r..4..................................?....#..V9..>GUD)~|...R...U....:.!K..uTB....../...Q._.#....>GUD)~|...R...U....:.!K..uTB..=.....w"..az......8..l..A::..Us...].r.....w....?].],.h.................@.~w.N.;&v.....#.6DV..sU.v.....7~.& ...u....B..............g..#.!.1.xl....HTTP/1.0 200 OK..Date: Thu, 18 Dec 2014 03:49:02 GMT..Server: Apache/2.2.15 (CentOS)..Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT..ETag: "1c0674-231-4e321e9dcea90"..Accept-Ranges: bytes..Content-Length: 561..Content-Type: image/jpeg..X-Cache: MISS from localhost..X-Cache-Lookup: MISS from localhost:3128..Via: 1.0 localhost (squid/3.1.22)..Connection: keep-alive........JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................................i......................................................................S1....!r..4..................................?....#..V9..>GUD)~|...R...U....:.!K..uTB....../...Q._.#....>GUD)~|...R...U....:.!K..uTB..=.....w"..az......8..l..A::..Us...].r.....w....?].],.h.................@.~w.N.;&v.....#.6DV..sU.v.....7~.& ...u....B..............g..#.!.1.xl......
<<< skipped >>>
GET /installs/The Great Lake_wallpaper_full HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 302 Moved Temporarily
Date: Thu, 18 Dec 2014 03:49:00 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Expires: Sat, 1 Jan 2005 06:00:00 GMT
Last-Modified: Thu, 18 Dec 2014 03:49:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Location: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"."http://VVV.w3.org/TR/html4/loose.dtd">.<html>.<head>.<TITLE>EleFun Desktops: free Animated Wallpapers, Animated Screensavers, 3D desktop themes</TITLE>.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.<META NAME="TITLE" CONTENT="EleFun Desktops: free Animated Wallpapers, Animated Screensavers, 3D desktop themes">.<META NAME="DESCRIPTION" CONTENT="EleFun Desktops is a world-wide leader in the production of Animated Wallpapers and Animated Screensavers for the PC desktops. Our huge collection includes: free screensavers and animated themes, holiday and season screen savers, 3D Aquarium, Animals">.<META NAME="KEYWORDS" CONTENT="screensavers, screen saver, screensaver, screen savers, free screensavers, wallpaper, animated wallpaper, free screen savers, desktop, aquarium, 3d screensavers, 3D wallpapers, animated screensaver, animated screen savers, free screen saver, animated screensavers, aquarium screensaver, halloween screensavers, christmas screensavers, 3d aquarium, , animated, desktops, elefun, screensavers, wallpapers, christmas, order, screen, users, themes, desktop,">.<META NAME="OWNER" CONTENT="contact@elefun-desktops.com">.<META NAME="AUTHOR" CONTENT="Shubeikin Dmitriy">.<META HTTP-EQUIV="CHARSET" CONTENT="utf-8">.<META HTTP-EQUIV="CONTENT-LANGUAGE" CONTENT="English">.<META NAME="RATING" CONTENT="General">.<META NAME="REVISIT-AFTER" C
<<< skipped >>>
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 812
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 23 Oct 2014 05:05:32 GMT
If-None-Match: "a2f3ff97eeecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Thu, 23 Oct 2014 05:05:32 GMT
ETag: "a2f3ff97eeecf1:0"
Cache-Control: max-age=900
Date: Thu, 18 Dec 2014 03:52:53 GMT
Connection: keep-alive
....
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 06 Oct 2014 05:06:02 GMT
If-None-Match: "3e1c83923e1cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Mon, 06 Oct 2014 05:06:02 GMT
ETag: "3e1c83923e1cf1:0"
Cache-Control: max-age=900
Date: Thu, 18 Dec 2014 03:52:53 GMT
Connection: keep-alive
....
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 04 Oct 2014 05:06:12 GMT
If-None-Match: "58cddbea90dfcf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 304 Not Modified
Content-Type: application/pkix-crl
Last-Modified: Sat, 04 Oct 2014 05:06:12 GMT
ETag: "58cddbea90dfcf1:0"
Cache-Control: max-age=900
Date: Thu, 18 Dec 2014 03:52:53 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/pkix-crl..Last-Modified: Sat, 04 Oct 2014 05:06:12 GMT..ETag: "58cddbea90dfcf1:0"..Cache-Control: max-age=900..Date: Thu, 18 Dec 2014 03:52:53 GMT..Connection: keep-alive..
GET /pagead/ads?client=ca-pub-0884532287246801&output=html&h=90&slotname=7839509899&adk=2506318246&w=728&lmt=1418874541&flash=0&url=http://VVV.elefun-desktops.com/offers-show-1227196368/Membership&dt=1418874740945&bpp=22&bdt=735&shv=r20141209&cbv=r20141212&saldr=sa&correlator=2660386479433&frm=20&ga_vid=2104447498.1418874741&ga_sid=1418874741&ga_hid=1608851308&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=10&adx=486&ady=187&biw=1700&bih=804&eid=317150304&oid=3&rx=0&eae=0&fc=8&docm=10&brdim=0,53,-4,-4,1716,,1724,865,1716,804&vis=1&abl=CS&ppjl=u&srr=1&fu=0&bc=1&ifi=1&xpc=qLRz9rAmJn&p=http://VVV.elefun-desktops.com&dtd=225 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4
HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Thu, 18 Dec 2014 03:52:21 GMT
Server: cafe
Cache-Control: private
Content-Length: 27901
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
............i{.H.(......qK....Y..6.....?.....$........Z...9....33]XJ....eD.........k.=....5..c..?l.......!U..ts?sz.....?J...)..;^.7..o...t3.......O......"o.....g}.[#.J..Q.9&n.P.v..[j.N..M...[9.tZ....L..TU.....o..x>qt.Vw].!..?r.........Jx...`;..R.............c.tb.......A........D.Z.}Kd.......g..L.^.!.l......0r...qLCX..z......BG....4..Tl.D.!.B..Q`.........s..7.Y...P....C...S....OuF.G.)..0.@@..j...5..zJ..R.*...j..2.X...8.m.u].].y.[.L......R......3.SK..V.....T...`..A..`.D........$;...n..F2..\5.Pb...o... -...UH...........(.......-...II..6..[Ioc.."k8a.#F.......<..x..2r|5q3..(U.2.ij..?W...=K.K^.../E*V......*v...KO...L.......L...?.....T........V0.M].$h...R.`$...-........./.....o..q.c.J..c@\.......K5.-D..0.D.B....*.. ....n...Uu..K....*.Q...|A..........M...:-... .=O.."...'...{..H.....8.m.l.VL.D....T.....S.U.gIy..g.....K..d..T.R{5@[#.cSQ.....'.`vfr(.Cj....s.X#U}:U.L.....H..5.%[..X..............2....F.....~.5,....h....0..8.I.p.zj................T....B....i..gA%U-. ..L@..._..D..B..A.4K..rI.................{T..$W.......J.4.a4..p..|.1]..y.D...h.|..r.A.*...@c9..i3X:..<...~}Q...7].u..I...k..-...,..h.m..}..H x.N.?2?`../uCRtL%v.V^.....a.r..N].`...C.z./..p.......0...|..gI.o........p.A....$.0.cJ2.....y.........U.N$....$V..k...".O.6.@W"z.J..y.,1,e.i](...(z6<I?!Ki*....1..b_...PP.".M....R..ZW.A.F....4.......j....t.~.5[dd..t.... wK...C....e.(A.9..;..cm...<^.2.p.`...=...).B4y.V.&.,...\.f.....)...I".&....$Y......../.........@n>..x..........V.,".c..4.........e$U..]..T....%e...6.D...Hn.....}B...R...|..-..\v.k[r.&...4G1..6
<<< skipped >>>
GET /pagead/drt/s?v=r20120211 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0884532287246801&output=html&h=90&slotname=7839509899&adk=2506318246&w=728&lmt=1418874541&flash=0&url=http://VVV.elefun-desktops.com/offers-show-1227196368/Membership&dt=1418874740945&bpp=22&bdt=735&shv=r20141209&cbv=r20141212&saldr=sa&correlator=2660386479433&frm=20&ga_vid=2104447498.1418874741&ga_sid=1418874741&ga_hid=1608851308&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=10&adx=486&ady=187&biw=1700&bih=804&eid=317150304&oid=3&rx=0&eae=0&fc=8&docm=10&brdim=0,53,-4,-4,1716,,1724,865,1716,804&vis=1&abl=CS&ppjl=u&srr=1&fu=0&bc=1&ifi=1&xpc=qLRz9rAmJn&p=http://VVV.elefun-desktops.com&dtd=225
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4
HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Thu, 18 Dec 2014 03:43:19 GMT
Server: safe
Content-Length: 145
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 542
Alternate-Protocol: 80:quic,p=0.002
..........%....0.Ew...]....h..F....x.$-....o..=..9..t..g{.Kwk.}..k]e.fk....$...-...<o....RxzyZ...ML..bwX.).g.#..r..2....,U.....Q......M./6PzR....HTTP/1.1 200 OK..X-Frame-Options: ALLOWALL..Content-Type: text/html; charset=UTF-8..X-Content-Type-Options: nosniff..Content-Encoding: gzip..Date: Thu, 18 Dec 2014 03:43:19 GMT..Server: safe..Content-Length: 145..X-XSS-Protection: 1; mode=block..Cache-Control: public, max-age=3600..Age: 542..Alternate-Protocol: 80:quic,p=0.002............%....0.Ew...]....h..F....x.$-....o..=..9..t..g{.Kwk.}..k]e.fk....$...-...<o....RxzyZ...ML..bwX.).g.#..r..2....,U.....Q......M./6PzR......
GET /pca3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.verisign.com
HTTP/1.1 200 OK
Server: Apache
ETag: "8f6b3bcd9bb64555001fba64f5b01b92:1411517716"
Last-Modified: Wed, 24 Sep 2014 00:15:16 GMT
Date: Thu, 18 Dec 2014 03:56:27 GMT
Content-Length: 933
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140922000000Z..141231235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H............M....s#..Lo...TU...tM.3...'.U......:Z...w.x.=....K.0;...!....D....9...,!....B.t. <..........-.....k.$<i{O.<.E...*.......Ow _..J.HTTP/1.1 200 OK..Server: Apache..ETag: "8f6b3bcd9bb64555001fba64f5b01b92:1411517716"..Last-Modified: Wed, 24 Sep 2014 00:15:16 GMT..Date: Thu, 18 Dec 2014 03:56:27 GMT..Content-Length: 933..Connection: keep-alive..Content-Type: application/pkix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140922000000Z..141231235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....0209231715
<<< skipped >>>
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Thu, 13 Nov 2014 06:02:42 GMT
Accept-Ranges: bytes
ETag: "88cab6f7ffcf1:0"
Server: Microsoft-IIS/8.0
VTag: 438246244800000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Thu, 18 Dec 2014 03:56:32 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..141112173206Z..150211055206Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......W0... .....7......150210174206Z0...*.H................].`...D..9.>LO.ey...Qx%.^.P.& ...D.......b}.K..[.....5.m....).....H..6R....G/ju.........:..A.#.9!......D5...|".w.x..=.u..X6.7{..).XN....g......B.8.!&...........<7fS$..........t<X)%.b(0.L@..i..Kn.......fX... ,...K\....U1cp).........y.T..?rm.t..Y.}.E..-@...
GET /hit?t26.1;r;s1716*901*24;uhttp://VVV.elefun-desktops.com/offers-show-1227196368/Membership;iЖжEleFun Desktops: free Animated Wallpapers, Animated Screensavers, 3D desktop the;0.1374597159806235 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: counter.yadro.ru
DNT: 1
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Date: Thu, 18 Dec 2014 03:52:21 GMT
Server: 0W/0.8c
Content-Type: text/html
Location: hXXp://counter.yadro.ru/hit?q;t26.1;r;s1716*901*24;uhttp://VVV.elefun-desktops.com/offers-show-1227196368/Membership;iЖжEleFun Desktops: free Animated Wallpapers, Animated Screensavers, 3D desktop the;0.1374597159806235
Content-Length: 32
Expires: Tue, 17 Dec 2013 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: FTID=1Kaazr3tWqbI1Kaazr; path=/; expires=Thu, 17 Dec 2015 21:00:00 GMT; domain=.yadro.ru
<html><body>Moved</body></html>.....
GET /hit?q;t26.1;r;s1716*901*24;uhttp://VVV.elefun-desktops.com/offers-show-1227196368/Membership;iЖжEleFun Desktops: free Animated Wallpapers, Animated Screensavers, 3D desktop the;0.1374597159806235 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: counter.yadro.ru
DNT: 1
Connection: Keep-Alive
Cookie: FTID=1Kaazr3tWqbI1Kaazr
HTTP/1.1 200 OK
Date: Thu, 18 Dec 2014 03:52:21 GMT
Server: 0W/0.8c
Connection: Close
Content-Type: image/gif
Content-Length: 133
Expires: Tue, 17 Dec 2013 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Set-Cookie: VID=25hvGj1AdYrI1Kaazr; path=/; expires=Thu, 17 Dec 2015 21:00:00 GMT; domain=.yadro.ru
GIF89aX............!.......,....X.....\......_.......g...Hr`..d3...cl.R@..H.........Q.....S...9..O..MN.S...J*.....5..A...........G..;..
GET /modules/general/tmpl/default/images/IconSmall0.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c0675-21d-4e321e9dd11a0"
Accept-Ranges: bytes
Content-Length: 541
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................................q....................................................................1.".AQ..a2BR#.......................!.1.".Q............?..L.8.......\....M. q..q.`...N-...Y....?.4q4~...e..._..ok...=8........<g_MF.yf..3......jQKE#Fl.....5..Q..P.H........w..>(]DQ....)..H6Pn.\... W....)._' . g.....8!.P....2...,.'.q.T.j.s./$.s.V.,$.......@.........
GET /modules/general/tmpl/default/images/BGlefthandGreenTitleLeft.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c0693-1a5-4e321e9e1c4c0"
Accept-Ranges: bytes
Content-Length: 421
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................................c...............................................................1A...!QR.......................1A.............?..w...J..Da.b.s&..U.. b"T..J.....T..W......wg_t~c...X....5...R.....v)-.J....o. ...G.".x....,..eg.......
GET /modules/general/tmpl/default/images/BGlefthandOrangeTitleLeft.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c0696-1b5-4e321e9e35ee8"
Accept-Ranges: bytes
Content-Length: 437
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................................f................................................................1..!AQR.........................!..q............?.....>O.~ ....)M. ..)6ß.......).W....L*k4....s|..J...!..vlO....S..Qs..}.F...8.OKF...Y.......R.).iP..V.F..T A......
GET /modules/promo/tmpl/default/images/Untitled-1_03.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 08:53:55 GMT
ETag: "1c0aff-4c5-4e31b54ee0550"
Accept-Ranges: bytes
Content-Length: 1221
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d...................................................................................................................................................p.............o..................................................................!....1.ª"2Q..3q..RS.#................................?..k.Z....$f<..PO.t.z:........"q.1.oM]Z*.<.*". ..!w.o..t.X....h..F..5.mG...M.^wdty.t]...`..m.O.f.E.....[K!.Xx#.i.........x.E^...6{.. .K:.\.... ".f..cw..X.|..~..M....p&..?RI."\X....T.....V.U./.O....jwOo..G.......IY....E..$.'...x..4...X.w`..&...."....X..Y..."o.......$...u0c,................S.Rx..\F.A...#&...._7..S......y.Fy...}....h4..0.jB.XT..9..0..*px.C.]O......O.G.W..K..](... .].(.....L.^..$,...........=..N.u..b..B.....*...nO.A...s.h1.n@......4.4S4.Z...."v.#...0'.o.......{w.j....<3..e.H..C....z...1....:.Z...M.gi..D..W.. $\..-Iq..H.d.8..$.......;.b.-S......Ux.`........V_.....8>...vV.B.&.-|.J...%p\Z.(.D................rV.Hq...Sl}.qx..@JeIA2.\1....7......G.]...*..^|..;L*J..!;I....._.....a.s..VpBJ.n...J8...$...^..d.....sp...=Whb...\..X.d.M....q..o........m...CwA.U....d..Q~{..M.OP=7?..~......._...............=...O@{...........=...:z...t.............=...O@{......9=A.<..c..[n~.........
<<< skipped >>>
GET /modules/general/tmpl/default/images/top1_bg.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
Cookie: __utma=1.668409717.1418874741.1418874741.1418874741.1; __utmb=1.1.10.1418874741; __utmc=1; __utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c0682-107c-4e321e9e19db0"
Accept-Ranges: bytes
Content-Length: 4220
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................".....................................................................................a..S.....!..1A.Q"2q...B..3...Rr.c.4C.%...................Q........!A.aq."C.1............?......yM.%......=.*.....Q..<../#...2.r.:.........N.'x.p..^.6..9..zl..s8v..X..'=..d......z...9... ..... .7...F...x.p..^..6Nz7..;.3.oJ....s..6A.9.;zW.o.............c~l..oM.w.c......d..zl..s8v..X..'=..d......z...9... ..... .7...F...x.0..^..6Nz7..;.3.oJ....s..6A.9.;zW.o.............c~l..oM.w.c................a...c~l..oM.w.c......d..zl..s.v..X..'=..d......z...9... ..... .7...F...x.p..^..6Nz7..;.3.oJ....s..6A.9.;zW.o.........a...c~l..oM.w.g......d..zl..s.v..X..'=..d......z...9... ..... .7...F...x.0..^..6Nz7..;.3.oJ....s..6A.9.;zW.o.............c~l..oM.w.c......d..zl..s.v..X..'=..d......z...9... ..... .7...F...x.0..^..6Nz7..;.3.oJ....s..6A.9.;zW.o.............c~l..oM.w.c......d..zl..s8v..X..'=..d......z...9... ..... .7...F...x.0..^..6Nz7..;.1.oJ....s..6A.9.;zW.o.........a...c~l..oM.w.g......d..zl..s8v..X..'=..d......z...9... ..... .7...F...x.p..^..6Nz7..;.3.oJ....s..6A.9.;zW.o.........a...c~l..oM.w.g......d..zl..s.v..X..'=..d......z...9... ..... .7...F...x.p..^..6Nz7..;.1.oJ....s..6A.9.;zW.o.............c~l..oM.w.c......d..zl..s.v..X..'=..d......z...9... ..... .7...F...x.0..^..6Nz7..;.3.oJ....s..6A.9.;zW.o.........a...c~l..oM.w.g......d..zl..s.v..X.
<<< skipped >>>
GET /modules/general/tmpl/default/images/BGGrayMenu.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
Cookie: __utma=1.668409717.1418874741.1418874741.1418874741.1; __utmb=1.1.10.1418874741; __utmc=1; __utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c066a-16c-4e321e9da0460"
Accept-Ranges: bytes
Content-Length: 364
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................................P.........................................................q.2..............................?....W ............................ ..............................
GET /modules/general/tmpl/default/images/bgDownloadProductList.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
Cookie: __utma=1.668409717.1418874741.1418874741.1418874741.1; __utmb=1.1.10.1418874741; __utmc=1; __utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c066d-1f6-4e321e9da94e8"
Accept-Ranges: bytes
Content-Length: 502
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d...................................................................................................................................................p.............`................................................................T.A.1."..45$..............................?..\f7.'e.......W:6...z..W....m...b.p[e.qX....@.V/g..P.......l.. ....(..........{8-........m....^.N.l.. ....(.........O.......ac.....QS..Q.....{.J.`....@...|. ..I...}.$.:..............HTTP/1.0 200 OK..Date: Thu, 18 Dec 2014 03:49:02 GMT..Server: Apache/2.2.15 (CentOS)..Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT..ETag: "1c066d-1f6-4e321e9da94e8"..Accept-Ranges: bytes..Content-Length: 502..Content-Type: image/jpeg..X-Cache: MISS from localhost..X-Cache-Lookup: MISS from localhost:3128..Via: 1.0 localhost (squid/3.1.22)..Connection: keep-alive........JFIF.....d.d......Ducky.......<......Adobe.d...................................................................................................................................................p.............`................................................................T.A.1."..45$..............................?..\f7.'e.......W:6...z..W....m...b.p[e.qX....@.V/g..P.......l.. ....(..........{8-........m....^.N.l.. ....(.........O.......ac.....QS..Q.....{.J.`....@...|. ..I...}.$.:................
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1697
content-transfer-encoding: binary
Cache-Control: max-age=349085, public, no-transform, must-revalidate
Last-Modified: Mon, 15 Dec 2014 04:54:07 GMT
Expires: Mon, 22 Dec 2014 04:54:07 GMT
Date: Thu, 18 Dec 2014 03:56:27 GMT
Connection: keep-alive
0..........0..... .....0......0...0...A0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCSP Responder..20141215045407Z0s0q0I0... ........?.@..w.........Y.!......Q...==d6|h.[x....7..`..........cV.!.....20141215045407Z....20141222045407Z0...*.H.............O.1.P*........i..]w.. ..P.Z.....4....t#..LzE8>.4".....:..t9..eUg.U....1..J\=.'...I....?,.mr. |4<I..!..........Vd...m. ......H[x.1H./........f).........}....W8..bv?.CHZ2.hK..wx..ia....z@.f-o8.l....)>..Z..`$.p9.E..p...y..;4.n^.o.........Q....p..3.,..Lz>...3.....0...0...0..{.........[..I|.....Zm..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA0...140428000000Z..150729235959Z0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCSP Responder0.."0...*.H.............0.........Y....h..@..>.....%.-.....O...' y.........x..Gw.xF.....?..Z..u,.X.&..........3C..H.l.....f..;]s!.\"v...|....].@.....K7m2...N......-S.I......5n...G7. ..W....n..*..-f?EY.......UN...r...........-_.%..,P;b.....)(.P.4...,.%....<..6.....[r^X.EV..S...5#'Y.. .TD...........0...0...U.......0.0...U.%..0... .......0...U...........0... .....0......0f..U. ._0]0[..`.H...E....0L0#.. .........hXXps://d.symcb.com/cps0%.. .......0...hXXps://d.symcb.com/rpa0!..U....0...0.1.0...U....TGV-B-1080...U......"...?....`>q..i1o...0...U.#..0.....Q...==d6|h.[x....70...*.H.............B8@.$..wo......E.....P52"b*@'C\.y.(...n....h.f..7f.....v...pb<...]..|..
<<< skipped >>>
GET /offers-show-1227196368/Membership HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Expires: Sat, 1 Jan 2005 06:00:00 GMT
Last-Modified: Thu, 18 Dec 2014 03:49:01 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"."http://VVV.w3.org/TR/html4/loose.dtd">.<html>.<head>.<TITLE>EleFun Desktops: free Animated Wallpapers, Animated Screensavers, 3D desktop themes</TITLE>.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.<META NAME="TITLE" CONTENT="EleFun Desktops: free Animated Wallpapers, Animated Screensavers, 3D desktop themes">.<META NAME="DESCRIPTION" CONTENT="EleFun Desktops is a world-wide leader in the production of Animated Wallpapers and Animated Screensavers for the PC desktops. Our huge collection includes: free screensavers and animated themes, holiday and season screen savers, 3D Aquarium, Animals">.<META NAME="KEYWORDS" CONTENT="screensavers, screen saver, screensaver, screen savers, free screensavers, wallpaper, animated wallpaper, free screen savers, desktop, aquarium, 3d screensavers, 3D wallpapers, animated screensaver, animated screen savers, free screen saver, animated screensavers, aquarium screensaver, halloween screensavers, christmas screensavers, 3d aquarium,animated, elefun, desktops,  , screensavers, wallpapers, desktop, order, membership, download, christmas,">.<META NAME="OWNER" CONTENT="contact@elefun-desktops.com">.<META NAME="AUTHOR" CONTENT="Shubeikin Dmitriy">.<META HTTP-EQUIV="CHARSET" CONTENT="utf-8">.<META HTTP-EQUIV="CONTENT-LANGUAGE" CONTENT="English">.<META NAME="RATING" CONTENT="General">.<META NAME="REVISIT-AFTER" CO
<<< skipped >>>
GET /modules/general/tmpl/default/style-sheet.css HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
<<< skipped >>>
GET /sys_data/img/products/ad_Night_of_Reflections.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 06 Aug 2013 05:41:36 GMT
ETag: "1c6f7c-42c1-4e340e0d88549"
Accept-Ranges: bytes
Content-Length: 17089
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......Exif..II*.................Ducky.......<......hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:99B9E6E2FE5A11E2AAA594B165B804A9" xmpMM:InstanceID="xmp.iid:99B9E6E1FE5A11E2AAA594B165B804A9" xmp:CreatorTool="Adobe Photoshop CS6 Windows"> <xmpMM:DerivedFrom stRef:instanceID="51835FEB2E96DDA253C5FAB7FC7FDBE8" stRef:documentID="51835FEB2E96DDA253C5FAB7FC7FDBE8"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...&Adobe.d.......................(...B...............................................................................................................................................[....................................................................................... 1A..@!"0P2.B.`3.p#C......................!A. 1..0@a.."Qq..P.2B...Rb.#3.r.C.................P....`p.!1Aq.....................!.1A Qa0q.@.....P..................i.(.!...q...@....d!.h..(...A....b.Q.....BYD!.74.f...VU.P...&.K`.*.z.T .q..>.J.B......Q.A....ld..Q..'SFi.m.;...Avf.(...,X.8.....,U.e.QD..pr...=.YBu=...&.[<.g...H...a.(p .#-....W.@..,....pR......(X5.<
<<< skipped >>>
GET /modules/general/tmpl/default/images/IconSmallWallpaper.gif HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c06ad-e3-4e321e9e24d78"
Accept-Ranges: bytes
Content-Length: 227
Content-Type: image/gif
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
GIF89a...............x...............t.e|.n...p.a}.ps.dn._......t.f......z.m......|.o...k.\f.V...............!.......,..........` '.di...el.B.&.. ..&c...2CM..m...lC.....F...7..D6....D....6....].7.ul)..e..i).....{2....2...).#!.;....
GET /modules/promo/tmpl/default/images/screen_small_en.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 08:53:55 GMT
ETag: "1c0afd-39f9-4e31b54edede0"
Accept-Ranges: bytes
Content-Length: 14841
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................l...................................................................................................!..1".AQ.#3aq.B...2%............................!1.A".Qaq2...#.....BRb...3..CS.$............?.......).S..)LR..1Jb..).S..)LR..1Jb..).S..)LR..1Jb..).S..)LR..1Jb..).S..)LR..1Jb..).S..)LR..1Jb..).S..)LR..1J.@.E.O..U2z.>..z....y......>.9......z.X.kl'.[...,.*...X@..8r....'l8..Z..T![7L.....b.N..M..............J..mQM.&.A..../v=.j..T.7.u..=p.Q.....u.8..j.....d.......t.G.*...T.)..1{L:..F...m.6.n..q$h...n.....]1Jb..).S..)LR..1Jb....5.P~.U3....#..,......0?CR.._....j....,....G>b.d|.)...:k:.U.S....t."..U...u.......;...Q..n.....Rm.||(.G.........Z.-......3x.....u.n.8!...$...f..d........$S(t)..z.Q.f^K.9.......6S.X......u.LR.G.Y....S.;q....V....x..x.Hl*.=..oUj....(.......l ,..^:..ubH.h,.y...|.I8.'*..m..m.:U...}..e}.t..i...E..h.....Cu.kV..Yh..e.n..5X)yW.Q..vW.@.....%...je#...6.bw....1..sm..*....w./....:LI....6....F!..o.P..v...{...U..U..N.....>A......;.(5T..b....6h.H..b.*x.`(....eb.z....4....Z.?..C....|.i..O.j}.}o..5.\}.M.....`%.t...'..S...Q..Ig.!..Ig....lg..!*v........&.........=...>.[......1Jb..).S..)LR..H..........-7ZBGNAk |....D.rx....h.I.K.R.......G....c......_FD...v....{.......H.y>.t.6S. .b....M..5....KY..9..._ J......QAW............3&A/.n.|....EJc.L&...O;J%.Bw..=.....0Sl;zKc..z...*-.......t;....x....bR}.KX.....iUa.
<<< skipped >>>
GET /modules/general/tmpl/default/images/top_h1_header_left.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
Cookie: __utma=1.668409717.1418874741.1418874741.1418874741.1; __utmb=1.1.10.1418874741; __utmc=1; __utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c0651-316-4e321e9d541a0"
Accept-Ranges: bytes
Content-Length: 790
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d...................................................................................................................................................U.............k.................................................................!..AQa"1q..2#....BR.................................?..H..................m. o..x..v ....bf"...Ou..m..n.......Y.#......e......f.....x.<nr...&.-..'..F.m9yQ..o............................................................0.8l.......#.....n....$Lh.."g.8.._f.o..Y37..4.5..S......Oy[n.6.'.[..1.1.. ....?.o..6,.k...U)>.DP..'6L.;.L.[.&&g..1_..............................................-..r.F.}......N...Wf.x:.......4....^.a.y.b..^N.....4.w..@...z....h.'.s..]~.Ts.|^...i...l....4S....0........................................
GET /modules/general/tmpl/default/images/BGlefthandBlueTitleRight.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
Cookie: __utma=1.668409717.1418874741.1418874741.1418874741.1; __utmb=1.1.10.1418874741; __utmc=1; __utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c0699-1b7-4e321e9e508b0"
Accept-Ranges: bytes
Content-Length: 439
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d...................................................................................................................................................u.............Z.................................................................S.12...............................?..F.!.....*.U.;..N.6...N.....u.......7...D)..$.!M..'Q.o.I:.S{.I.B...N.....u.......7...D)..$.!T.............................?......
GET /modules/general/tmpl/default/images/bottom.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
Cookie: __utma=1.668409717.1418874741.1418874741.1418874741.1; __utmb=1.1.10.1418874741; __utmc=1; __utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c067f-d0a-4e321e9df5b90"
Accept-Ranges: bytes
Content-Length: 3338
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<.....C..............................................#....!!!..$'$ &. ! ...C........... ... ..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...Q..5...h....q....gm..y....].'.E..>.zt...6...y.;;X.........y.3...Q....Oc..~..sOl..j6.......}.w........{z..=...y......>....k..{.v.oS...?.5.c..Vg....k..j.c....w4.....l..j.._.T}...=.;.............y.3...Q.....0....sOl..j6.........G........{z..=...y......>....k..j.c....w4.........Y.j..9..A..0..s.^..`..;.Pym...:....U....L..q...A....0............,<Q..Ij.....Y.T.&...[$}.zU.vC|.........Os~.c..'..;c<nj....Z!........q.rOz#F....FjC.R>......X....j..Q.k..6]Ec\n.T.Pob.... ...WsqF.......f,O&...>.Z...{y.5.....d~.....T.....O...{z..=...y......>....k..j.c....w4.....d~..>....k..j.c....w4.....l..j.._.T}...=.;.............y.3...Q.....0....sOl..j6.........G........{z..=...y......>....k..j.c....w4.....l..j.._.T}...=.;.............y.3...Q.....0....sOl..j6.........G........{z..=...y......>....k......{z..=...y......>....k..j.c....w4.....l..j.._.T}...=.;.............y.3.
<<< skipped >>>
GET /ga.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.google-analytics.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 18 Dec 2014 03:47:33 GMT
Expires: Thu, 18 Dec 2014 05:47:33 GMT
Last-Modified: Thu, 13 Nov 2014 21:10:00 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 16068
Age: 287
Cache-Control: public, max-age=7200
Alternate-Protocol: 80:quic,p=0.002
...........}kW.:..w~....c...pk..f....--..M..dY.!Wb.KK.o.gF.-'..9...vob{t..Fs..O.".........9..@.#......?... e!...qg.I...A"..N_.').x.I.........I.Dr6}...|$].B..X...`...Ao.. .fQ.....x8..\..8....a..0............{...a}x.W|..:l..}.. ...u4....#.%O.AO....k.N[..a....&....tx..;.....'..:.N!y..Gg....9..a...7....cH>.bw...0..a.a..p5.1d.o|4.=8l.1&.D..,.X.5f..`...s.....[....&p:.H.........x......A.9h#.^..>. ...:...N...,H.1...;.....b..&a.;....o;.b......v.....N.wr..... ...z.......o..,Wjj8......j.r./.Y..RI.6.(........T....Dq....l.0.c.[1.o..h.R....ju..........,;...i....^.....T....|tV.L....;..i^S...-q........[Wup...~.......}.r .W.x..{-...Cd..k.V....A..^;.n...?.N...^.|..bc{.._...h.w=...f..}.U}...|...........[..62...Q....Cw.EV1..>..`..Q.cC.`..0...\v.:.'.....L.$.1.\O.C........B..A^2b..<..%....A%|.E...@N:I*.Y5.A.F.."h..... .^Y)|..L.2D...pqYc.......@..#Y(...J..#w...S.....70.. .;...Y....3..k.........@....&c..J.;....Q....R5.M...x.=`.<.f.U....C.{..>....{...t.....i>..Yk..@e..v.Cf5........o`.Z..V.....V)..9.....^u...X.....}.N.O....~...-......D..V.2o.F.......,Le.."J9.....k...r...#.w.i.!.......oe...a..QA.u.......4.X....{5...Vs..t.0. ...n<..j.y...`-^....uBtf.Gu. S[[.YU...T.._.lP.....(o@=1.-N....?....V>&."...'..d..:.sS..Kq....].UySz5..3..$.<.{..".%.Iar\Y.WVt\....;k..h...O..b...2.....=H.@...v0l)....x.7k..T..Di..T......q..4.5..h....N...... T;.T5SB=.f0.....k............Vh..E.b...Dz....V....u....5...F...A...CX7.e..R9.....Ym5..e|......5..-..]W.u..H...m..J.5k..nT...t!...._|.{<I..!F...j{..-..........).s~g.j....$T.-!.....Z
<<< skipped >>>
GET /r/__utm.gif?utmwv=5.6.1&utms=1&utmn=644796950&utmhn=VVV.elefun-desktops.com&utmcs=utf-8&utmsr=1716x901&utmvp=1716x804&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=EleFun Desktops: free Animated Wallpapers, Animated Screensavers, 3D desktop themes&utmhid=1608851308&utmr=-&utmp=/offers-show-1227196368/Membership&utmht=1418874740907&utmac=UA-927919-3&utmcc=__utma=1.668409717.1418874741.1418874741.1418874741.1;+__utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1343724813&utmredir=1&utmu=DhAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.google-analytics.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Thu, 18 Dec 2014 03:52:20 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-Allow-Origin: *..Date: Thu, 18 Dec 2014 03:52:20 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-store, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-Content-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2..Content-Length: 35..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............,...........D..;..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1453
content-transfer-encoding: binary
Cache-Control: max-age=493019, public, no-transform, must-revalidate
Last-Modified: Tue, 16 Dec 2014 20:49:17 GMT
Expires: Tue, 23 Dec 2014 20:49:17 GMT
Date: Thu, 18 Dec 2014 03:56:27 GMT
Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....20141216204917Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a..eR&.....Y.)..".\....20141216204917Z....20141223204917Z0...*.H..................8*.6....l...7.y.......P.j..(.V"L........]/.o%.P..A.Z.Etv...C.....{......BC|R..tD..T. ....IbA......`...7..`....).. |Q\.....|~...U..z,m.@...).`.Z.8.Trky. ..r...TUg.h*....Z.&......,8r.../.2..,E....V..D..}'.]....8Lt...........}Jc..s{..|.!..b_.^..._..E`.......0...0...0..3......./...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1 OCSP Responder Certificate 30.."0...*.H.............0..........'......Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; ).....0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|o....S..v.).).....r.v.qo$......C.V!....@.h#qh...u1T.].G0.]E...=._...... ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D...........e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=508856, public, no-transform, must-revalidate
Last-Modified: Wed, 17 Dec 2014 01:14:37 GMT
Expires: Wed, 24 Dec 2014 01:14:37 GMT
Date: Thu, 18 Dec 2014 03:56:27 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20141217011437Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5........M.s.Q~...@?j.......20141217011437Z....20141224011437Z0...*.H.............@.v..Q.[k.2......."7..".m...".=....z.C.........(....F-Q\#.....P.....;.....":W.......'(........3...r.....OB..............JV5...7X.*..QM....Uf...6.....g.p.#....98..&...<.......I.@.|../!.qT.....W..qB..o.x.^(..3.#....}.....o...Lq...Y.~...X.\.?......~..opF.u......#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>
GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1363
content-transfer-encoding: binary
Cache-Control: max-age=451357, public, no-transform, must-revalidate
Last-Modified: Tue, 16 Dec 2014 09:14:19 GMT
Expires: Tue, 23 Dec 2014 09:14:19 GMT
Date: Thu, 18 Dec 2014 03:52:22 GMT
Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....20141216091419Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U....... ...:v....20141216091419Z....20141223091419Z0...*.H.............;......Fm8.....|U....}..ax......"..n.L..gB.......wF,...b.G=./$........Q.'.`.........9...(...O..&.Dzd..&j...z.5o.}..T....,.A...v..(...%.B..-"...h..K...M.>....i......6.......;..~..XoRk..(\..q..;ZJ...b...d....Z&.5..i..b%z..H....!^.<........,\. &d.L.."..J...n.....0...0..}0..e........:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Global CA0...141201130534Z..151216130534Z02100...U...'GeoTrust Global CA TGV OCSP Responder 30.."0...*.H.............0............\.hpc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. syd.....x..YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>x..............6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|'....o...A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S.............0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-2830...*.H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L...Dk$a...nR9_......B......m....Y....U.5....'.....<{....v&=.2].....j*.r(7...=..w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f...v.....\.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i..%....
<<< skipped >>>
GET /modules/general/tmpl/default/javascript.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 08:53:45 GMT
ETag: "1c064c-12ef-4e31b545ad5a0"
Accept-Ranges: bytes
Content-Length: 4847
Content-Type: text/javascript
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
function getCookie(name) {...var cookie = " " document.cookie;...var search = " " name "=";...var setStr = null;...var offset = 0;...var end = 0;...if (cookie.length > 0) {....offset = cookie.indexOf(search);....if (offset != -1) {.....offset = search.length;.....end = cookie.indexOf(";", offset).....if (end == -1) {......end = cookie.length;.....}.....setStr = unescape(cookie.substring(offset, end));....}...}...return(setStr);..}..../***********************************************..* Sticky Note script- . Dynamic Drive DHTML code library (VVV.dynamicdrive.com)..* Visit DynamicDrive.com for hundreds of DHTML scripts..* This notice must stay intact for legal use..* Go to hXXp://VVV.dynamicdrive.com/ for full source code..***********************************************/..//Specify display mode. 3 possible values are:..//1) "always"- This makes the fade-in box load each time the page is displayed..//2) "oncepersession"- This uses cookies to display the fade-in box only once per browser session..//3) integer (ie: 5)- Finally, you can specify an integer to display the box randomly via a frequency of 1/integer.....// For example, 2 would display the box about (1/2) 50% of the time the page loads...var displaymode="always"..var enablefade="no" //("yes" to enable fade in effect, "no" to disable)..var autohidebox=["yes", 50] //Automatically hide box after x seconds? [yes/no, if_yes_hide_after_seconds]..var showonscroll="yes" //Should box remain visible even when user scrolls page? ("yes"/"no)..var IEfadelength
<<< skipped >>>
GET /modules/general/tmpl/default/images/top2_bg_right.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c0659-2cf-4e321e9d6a900"
Accept-Ranges: bytes
Content-Length: 719
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................u.......................................................................................1..A"..E!Q2....aq..BRr#3C%..'....................A...#..D...."R..C............?..J.".".".1....v.......pV;j...%.=..9.[>....;...,.B.Z.....z..V.V..uc...g:Em...3'.\._0..L`.xfN....a ........s.|.@.1....8.."....c.;.2p%.E...$..w.d.K.......fLk.. & hkw9...?F...R.g.a...9/.k...J`P.l.ogEn...|P..... ejz.d...m......ZF.?...O(.!.Cr.|....'..B....5..vZ...X....0....PG..o:.e...&..Ns........"<....l.....w....i...qi.....vEN............<1Cw%..m.....~.I.........
GET /modules/general/tmpl/default/images/IconWallpapers.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c06a6-348-4e321e9df8688"
Accept-Ranges: bytes
Content-Length: 840
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................0.&.......................................................................................!1..".AQq.2.c.a..b..#......................!...1A.Q.#............?..M.P..P..P. ...s4.#...v.B0w..y.W.^..._.8. ......M..G*..(...{.....o..Q.[)u..t.$..d......../......C..g.b#.9..d2....{j......YN..fS...O....?p..6.TG.....JB.TJo...s..h...<[.-.....z.D.B,}.|!m.G...)'......ZT..../!3.[.S.:5..H).iUG...k.....}..LV...$%.4..lz.h.'..[..T.%..h`zN.g...F...uJ."...Ra......q........z.:........X........g/....[..-.....p.9....R@[...I.....<..j.2j..2..q.......a(...%.I..O..._.=..'......7).(M....>.....lWV[......l_.}z....^~5.tFm..]..../...yW2n.'.q....Bu^.<7........O<j..F...(.......
GET /sys_data/img/products/ss_Underwater_Clock.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 06 Aug 2013 05:41:38 GMT
ETag: "1c702e-9b64-4e340e0f446c1"
Accept-Ranges: bytes
Content-Length: 39780
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......Exif..II*.................Ducky.......<......hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:BA059195FE5A11E295D3C19A8C94B561" xmpMM:InstanceID="xmp.iid:BA059194FE5A11E295D3C19A8C94B561" xmp:CreatorTool="Adobe Photoshop CS6 Windows"> <xmpMM:DerivedFrom stRef:instanceID="51E6BA97A97D9F195353C14779C6D46C" stRef:documentID="51E6BA97A97D9F195353C14779C6D46C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...&Adobe.d...............!...7j.._4...b..............................................................................................................................................[....................................................................................... .0!.@1".A#23PB$......................!.1AQ.a"2.q.B....R#...b3. ...C.r..S$0.c.4...................!....................!1A.Qaq. .......0.@.................b..T......7Sn........W4.;..._$.1b....Q..`.j}..........{;^d....x...<....7Y..5.H...b\.~.....jv...1.5...;..\.f.|.....=.z...".i..B.%3.E.f....x...`..4.4...?,.^S.Jt......](|.....s....R{........>*.kz.K.....:.Q5...
<<< skipped >>>
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
Cookie: __utma=1.668409717.1418874741.1418874741.1418874741.1; __utmb=1.1.10.1418874741; __utmc=1; __utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:03 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 09:11:25 GMT
ETag: "c53e5-9f6-4e31b9383b800"
Accept-Ranges: bytes
Content-Length: 2550
Content-Type: image/vnd.microsoft.icon
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
..............h...&......... .h.......(....... ...........@...................................".......................N...............................................................................j... ...........W.......................................................Z...................,...........................z...................................f.......................................(...A...........}.........|...............................................0...t.........................@...........].........!.................b...B...................-................._.........H.......................D...................=...................2...H.......................S.......................O...........A.......~...........)...................?...2.......................................................................................................................................@w@..................................................................................................................................................................................m...R...m..`i....P.`i.....3.........3...............3...............B.3................................xyz{.|}~........hijklmnopqrstuvw..]^_`ab.c..defgQ.FRS.TUVWXYQZ[\B.CDEFGHIJKLMNOP3.456789:;<=>?@A&'().* ,-../012..... !"#.$%.....................................................................................................................(....... ..... .....@...............................................?...2...................................
<<< skipped >>>
GET /us.yimg.com/i/us/my/addtomyyahoo4.gif HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: us.i1.yimg.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 765
Content-Type: image/gif
ETag: "YM:1:a7bd8e41-25b9-44bf-917e-b7efec483bac0004ce780c98c874"
Last-Modified: Wed, 14 Nov 2012 17:41:49 GMT
Server: ATS
x-ysws-request-id: 253ccbd3-d45e-4536-9eab-35c12c2b146e
x-ysws-visited-replicas: gops.use44.mobstor.vip.bf1.yahoo.com
Cache-Control: public, max-age=286647262
Expires: Wed, 17 Jan 2024 20:06:42 GMT
Date: Thu, 18 Dec 2014 03:52:20 GMT
Connection: keep-alive
GIF89a[....6..>..@..$.....P..>.............. ..>.....0.......lll....`.....Q..p.....%.!_.d.........Q.```..."`.......wwwAw.....Q.......c.....Bx.Bw....%K.......UUU{...P.fff....................................!.....6.,....[......@.pH,....r.d.h..tJ.Z...v......xL.p..4....Q......1..ZJ...{..1.Sl52..b....2%.yT..R..5.R.......5.~}X.1..V...11..5..._..a.2.5,..a.zQ.0...05)0..0"R..R....Q....Q1.5.........5.......`(...5$.....h.......tXv...).b..... .....A...Z5&..Va.....L.W...E..,.Aa..f0.!.......TD.h.@...Rd)...[HB1JJ9.R.K.#J.2A....&f.06%...0N.."B..*..F99..8..-.........M 0.._).d`..h.W.....P...............(.0 " [1.8.5...q....u.....1.....0F7-.4.....(..XU.....kE........i.....1.!..MVJ..Q6.............t.-.[,...Q...U.V..La.}......\ @..>....%ha..\....6.... ....6.`..(....,....0....;HTTP/1.1 200 OK..Accept-Ranges: bytes..Content-Length: 765..Content-Type: image/gif..ETag: "YM:1:a7bd8e41-25b9-44bf-917e-b7efec483bac0004ce780c98c874"..Last-Modified: Wed, 14 Nov 2012 17:41:49 GMT..Server: ATS..x-ysws-request-id: 253ccbd3-d45e-4536-9eab-35c12c2b146e..x-ysws-visited-replicas: gops.use44.mobstor.vip.bf1.yahoo.com..Cache-Control: public, max-age=286647262..Expires: Wed, 17 Jan 2024 20:06:42 GMT..Date: Thu, 18 Dec 2014 03:52:20 GMT..Connection: keep-alive..GIF89a[....6..>..@..$.....P..>.............. ..>.....0.......lll....`.....Q..p.....%.!_.d.........Q.```..."`.......wwwAw.....Q.......c.....Bx.Bw....%K.......UUU{...P.fff....................................!.....6.,....[......@.pH,....r.d.h..tJ.Z...v......xL.p..4....Q......1..
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=368600, public, no-transform, must-revalidate
Last-Modified: Mon, 15 Dec 2014 10:19:02 GMT
Expires: Mon, 22 Dec 2014 10:19:02 GMT
Date: Thu, 18 Dec 2014 03:56:33 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20141215101902Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......A..2.....:...:......20141215101902Z....20141222101902Z0...*.H.............A.?v....x...R..IV..........9.%...OQ.&lm..L81!.l4......v,.....:e.......m.2\$K.I.GS..E95.J.G;...T...lj.....f.=.5!$..cM..0'....F.k.n.$.6s...V.<.xbrT....).nC...`Q.m18d.....V...?9O..X.$...bZ...[.....%z^.....'...l..e....b.(q..CH. .........T.M.d.:...@4.Sk.d!..-,....#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>
GET /pagead/show_ads.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: pagead2.googlesyndication.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 17505132066848985518
Date: Thu, 18 Dec 2014 03:41:07 GMT
Expires: Thu, 18 Dec 2014 04:41:07 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 7529
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=3600
Age: 673
Alternate-Protocol: 80:quic,p=0.002
...........\ys.F.._...KQ.....5...v..I|.g.......".@...".....N..f_.....\===}.......B....I `..OM.Y..U....XD^.[..k.}!.Lc.6..>....i.C..=O.~k$"[%...E........Z.E.8LA.q.e......Y.......kI.&...W?t..)0q..r...$:..z....-...[..".e.v[[....P..a.......Z.h,...uz..E...}..7...L3viS".*.}...e...O(.T.B..k.....C...X..D......4X...C).{c.u&3m.1..F5...8..y....<...0K......J....It.:M.(.%....q.. n.L2D..R:....!..(...'.?.oX..Va:..,..c.r...h7....;.j......,Y.E.........}..]...^..;.u.3.J.......l>rx..2..........Cq...g...D.._...5]5..g1OR.*.xF.<..O...x_...|....q..7.Mc..mz.g.J...f".Y...Q.o..c......r..[..]?.v.....x747.~6...>.v...=S.....m.,.]....n..3v&.)..]<..t...<..s....x../..o.].oC</8..5..f.......;.p`..-....A.o...MkD..K.X......#..Vi..X6;<..6..!..D...4O.gD#......E...}.N._...#)....<...@.Eq.h../.._..>||..g.n.!...a....%4.c.B\0...~.......B.R.t..6."b..r....D.t,...d...'...H....Z.6.D.. ..r......W.(....S..v.-...R....-......nw.6ji....K..|.gH...U..b.B-;....c...E...x9.C.p.t........J.[.......4Q"..;B...<..t<:.u...z.....h.`t.v....>......gj?..-.>.,l=..LZ....f..b...O...)..WL.....q&../.':..@H!.............3,.K..Ki......x.8....,.r........{....'.M...7...~W.=.......i.............GO>z..$=.......3....M..|._.H;....iGh8.`.l._...|=..m~..K..9..Z.....<}w.....\..t..zQ"..LM.....7.9..$$..Ba...9Tj~c^.....dGu.%.l`....-.XX..c..Y..J..G.w...t...^...~..P$.]..A)...*.......\vi...0.../V.i.nm.E.@.......T"....z{.!..1..I.{:.7....l.H...U1b... q..Vi.m..c>.o.o..RN`.L.L......@...<.<....8..%.mKt:..7..>~btt..dh@.8s...).<.tm?.>{....
<<< skipped >>>
GET /pagead/js/r20141209/r20141212/show_ads_impl.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: pagead2.googlesyndication.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 14148960368062276995
Date: Thu, 18 Dec 2014 03:52:21 GMT
Expires: Thu, 18 Dec 2014 03:52:21 GMT
Cache-Control: private, max-age=1209600
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 49924
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
............g{...0...B..u...%.....l..W..d'Nl-=l*.ZD.%......$X..}.s..w....m0.......Y.<.._...0.g.~.Fv......l>....}.P^.mg..G..\.....)..A..k%..<.[,..s[n.G..^.J.S.5.i.2[,...a.Z.3.Vg<.1.[Ni........c..~g...e..)#.5.....]........k.d..U...yNbpN...NF...y..S..)..*.1..=......'k.....y..;...wtm.~...f...A....}..d.M........hV:..U"2.\...l.[.L..1.Y....i..-y.`.mQ.ny.._.#.....x.5..D6...Z...F...L!$..M.6..A.?.|m=N....U...I0.=..u.8.:.....'...L3.....XL>.....,...P....Cr..e0......!.E1..(..@..v...E...d..m(&..}.".,..DJ.R.\...(.G..x..~.....).....e.T.d......P.p2.m.........'..8.%g2.<.N...g...k8..0S.lIX.u......B}:..C[g{?*'.....i.(./D@..N.a.r..)...Qy.J.......y...pD..f......L..M....si.....S...YY_..! .(A0x....9..CP..>l.j.1.r..S..\...}O...2m..j.]..%`u..d..r.#=.t..8K..}....h..Xd...'../.,{&:.k..9'.....%...-C..O,/.....p:..TD..{..1%o...t...S........5.u.iq.v.......m...m.2[....F..r..(.....Y..[.%.).....6.]..3.............s.3...> ..{..........8.A..R.T....Ey...`...[.Y.b...es....8^.....~8..?....f.xW2^.._.li.w.my.].hT_l.i.-..R..S.:3.......iSnA[.%t....K.m...6.A.=$..e.\......g......&..Q. N9.?....|..{.``.b..8..T.......S..S>E.A.4..w.,..s...\(ub.....'.6.{..T.0m..`.D.h...,].M.....v...d.....|..31_217.....o..!}..d/......C.Ni...x.......%.<....|x_..3.p.....NU.8](.]...........x......28.z..}....B.N..j^.(E7.fn.4...@.[....wON.U\D_/..L.....fs.dVd..e..3.X...u0n0S....MD.0..|...c....S..S\...<....J.!w.c....'..f.....F:.~&w<.L........_j/....g.~....dMNJ&...l.t.x..I.........l.~...............%.~._..>.....7..k/[[l......j...CL..uX......_..0.V.i
<<< skipped >>>
GET /pagead/osd.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: pagead2.googlesyndication.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 9604784682434440633
Date: Thu, 18 Dec 2014 03:41:03 GMT
Expires: Thu, 18 Dec 2014 04:41:03 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 18569
X-XSS-Protection: 1; mode=block
Age: 678
Cache-Control: public, max-age=3600
Alternate-Protocol: 80:quic,p=0.002
............yW...8.?...tq.F..:..5.R...h..!.K..$%S3.i..g....,'........Y[{...M...3....k1Z...vg...6B.X.%\T..ng.{U/`)....Z.._O....*oer..:..|..|.s{.L.D.`.._FI. ..I{s..<....l..A.....z.I.k......B6.......P.x.b....1...r....... .!.......4.....'..`...H....LG}O......R!:.z..AQ...h0.`....l2..[.Dt.P.5.B.`.s...n.......VHF..T.....b9.....8o.Oe......cq..yW,4t(G.......#.w!..Fy.....`uplk_..7....G..k..M.........;..:.?.4..`Sm"X..V.b..'.L..%e.,.8.....`......5..6,......q./...t ....,..wl...e}Y.;.8........gni.&...%.V=.U1.vg........`...1.![....!.I{4.Y?...R.........&........T..3Y.....%`....A..j.'X.....V t..f.X.u%.3 .6]..)7[...Grss..qW..@~P...=.......\O.)....af.y}...s...9j....j..w.{...s.....t.......c).Q".{SX....h,_t.b.o....D...>.....=..Z(T.m.o|.^..A....j.!x...o.tM..xz...y.n..)......h$...&....]..1......S.Q.7..f,.3.\...Y2....[...c.`..F... `...sq9....fen]..[..`v_......P.....4..&.....pb...r-..)z..`.r.......;)K.t%.3L.*K....r..L.s:(-.....c.....,..m.....2.(.........!....|...)|.....9|...!|.XpN.y......_.m..jy..4).5..&..;.&.E......2~,&.jO.....L...Z...b.ln....U.....,...(........d..v.{..ez?......y-.....Q:.b'.O.....x.%..&;..*.[.G......hQ..... .I..'.)T....=N...?.1..k....I.u.....c..l...`<..`q...6....X.,....4Ke/nl.C.4n........r4x....a.{^../.........)-:...q......T]..~]v..}.P......./.......{Qi...........qyIU{....^.....D....Bp..h......]"..*~..`. q.kV..@Q..t...*..2.gE...@..bo...o.k:g..}...1W...3OF35\..c..!,.S...A.n{$...R.7.SU...N3.Q.he.w..2i.p./ ......OM. j......b.~...)mbX....}`N.B(64........c.?.?.......(.j2..'.jKN>P.O.;.ch.l..6.....w..V../.e.!.(8.
<<< skipped >>>
GET /pagead/js/r20141209/r20141212/expansion_embed.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: pagead2.googlesyndication.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 15330149891054740749
Date: Wed, 17 Dec 2014 17:12:24 GMT
Expires: Wed, 31 Dec 2014 17:12:24 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 51194
X-XSS-Protection: 1; mode=block
Age: 38397
Cache-Control: public, max-age=1209600
Alternate-Protocol: 80:quic,p=0.002
...........}iW....w~.hr.)n...,R.?.%...%.....l...m......zQ.$2......V.KuUum.f..x...]......Y/.t.cv.........Q..n.Mf.sa...s...y}<.u'.Sw. ..\l/.{,.b..t....^7s....\....^D...7Nge/......EFG..)...E/..a:.fy..;..2.'N.F.....g.....c,.2..GOt.p.p.b.=j.S....8....h0.`....p2......z....T.`.K.....a$..M..*F..ROON..:JG...T.....3?....4......sq....\..0.M.....p:.Q...Ug..h...k3c.vC...pe.......M.#R[.L..q.d..D8T].@..Eh...)9.. ._....C..%U.HyA.B....%...M..aU.c.1..........IU9c}.\.....Se...A.a.33W{.:..s....?=..7....i.C'.........\85......>..G......}....6...k.."....n..p.{ty=.c....0......rM..9.M:.....h.......]On.X.$.Cj..1..y.U....~..W._....R.}..rj1Kt.\..l..r..b..L.miAnCu...q%..g..s..j..zu.L.......{.....pI...K.B..r<.>....=.o..5.[v8....nT...;..Q\Q.....]..'i.?..z*-m....b...W..$.,.{A|.8..g......>..a<..'OO...`m...s:.....n.......\.s.F^ 9M...OB.A_>%...=....fc$.q..a...fx..J.FA\..L.......x2...r...^c.A.rZ...n..-,y.*\..J.1.........y..N..5....|.B....I$..FO....u.s..83..a..J......:^..>O.s..5.1......<.sM.......5......[x...y.. .K.o..^.$\..n...C,#..{b9...q8...........t...........~....r..(...ItJ.Yo......N<.......c..b.....aP..=}...[8.Ch!=....h...{&]...."$.r.$....X...J.O...\.\..1o...R.....{.....7&...u.:..........H....VL.o..nU.<.... 3G...S[...l|.....'...b.9.......M..t<.y...D.<......G.\.r..3.....Q..oJ...toRU.m..=.nW.....X......*.....#..m....g..F..w.....8.[........7...............w....b..s.?O.........lf.......3I.1ws.3.~jdEvV&..5.p.y.X.N.........|.M.t...._....'.8.&L....A.^....{v..........6..... .P...~'".^yOO..$...].pMd.X...`x...D.
<<< skipped >>>
GET /simgad/3083507136474604452 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0884532287246801&output=html&h=90&slotname=7839509899&adk=2506318246&w=728&lmt=1418874541&flash=0&url=http://VVV.elefun-desktops.com/offers-show-1227196368/Membership&dt=1418874740945&bpp=22&bdt=735&shv=r20141209&cbv=r20141212&saldr=sa&correlator=2660386479433&frm=20&ga_vid=2104447498.1418874741&ga_sid=1418874741&ga_hid=1608851308&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=10&adx=486&ady=187&biw=1700&bih=804&eid=317150304&oid=3&rx=0&eae=0&fc=8&docm=10&brdim=0,53,-4,-4,1716,,1724,865,1716,804&vis=1&abl=CS&ppjl=u&srr=1&fu=0&bc=1&ifi=1&xpc=qLRz9rAmJn&p=http://VVV.elefun-desktops.com&dtd=225
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: pagead2.googlesyndication.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Thu, 27 Nov 2014 09:35:45 GMT
Date: Tue, 09 Dec 2014 04:59:01 GMT
Expires: Wed, 09 Dec 2015 04:59:01 GMT
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28502
X-XSS-Protection: 1; mode=block
Age: 773600
Cache-Control: public, max-age=31536000
Alternate-Protocol: 80:quic,p=0.002
......Exif..II*.................Ducky.......A.....*hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="http://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:47C6D35E22CA11E49AEBEFA297227D38" xmpMM:DocumentID="xmp.did:47C6D35F22CA11E49AEBEFA297227D38"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:47C6D35C22CA11E49AEBEFA297227D38" stRef:documentID="xmp.did:47C6D35D22CA11E49AEBEFA297227D38"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................................Z...............................................................................................!1.A".Qaq.....2B#..V....TU....Rr.S.$tb..34...5E.Cs...%'7.d.&.......................!..1A..R.Qa."...S..q..2........T..B.#.4&.br.3C5.$.D%............?...R....x.......q.?..OO:..\..,.2..k.NRs..s........3<A.....h......O...~#..}.5.... ..3....._v.ny~.H......>.W..[._.R.?3<A.....h......O...~#..}.5.... ..3....._v.ny~.H......>.W..[._.R.?3<A.....h......O...~#..}.5..
<<< skipped >>>
GET /pagead/images/ad_choices_en.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0884532287246801&output=html&h=90&slotname=7839509899&adk=2506318246&w=728&lmt=1418874541&flash=0&url=http://VVV.elefun-desktops.com/offers-show-1227196368/Membership&dt=1418874740945&bpp=22&bdt=735&shv=r20141209&cbv=r20141212&saldr=sa&correlator=2660386479433&frm=20&ga_vid=2104447498.1418874741&ga_sid=1418874741&ga_hid=1608851308&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=10&adx=486&ady=187&biw=1700&bih=804&eid=317150304&oid=3&rx=0&eae=0&fc=8&docm=10&brdim=0,53,-4,-4,1716,,1724,865,1716,804&vis=1&abl=CS&ppjl=u&srr=1&fu=0&bc=1&ifi=1&xpc=qLRz9rAmJn&p=http://VVV.elefun-desktops.com&dtd=225
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: pagead2.googlesyndication.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/png
ETag: 3514261995661079078
Date: Thu, 18 Dec 2014 03:48:58 GMT
Expires: Fri, 19 Dec 2014 03:48:58 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 776
X-XSS-Protection: 1; mode=block
Age: 203
Cache-Control: public, max-age=86400
Alternate-Protocol: 80:quic,p=0.002
.PNG........IHDR...M...........B.....IDATX....k.A.........O..?..'..C.."z........"A.j.9Y....Z..-.DwMm.66.vKCmk.H*.._.[...t......._o.|..7......J{bt....-..w....l..-..=`R.M/...B@.49g....T.....g..-...F".5...........w6.}......p1/.N..\....6.}....n~l...#C.Kh.w..wk.9.....d...d........9.:...m'<MB;..r..W......x...8_.Ro..mA.wa.,e;@.....J..:.....a|*..BI.h.7. .gb...~.g.4.u..[........v...c....7.........Xn".H..P...C..F...../.....WB..].O.~........6x.L.:hU.5...]_..cN.M.......$......Ss.......<..Nhj........!..u...a..T..i.!...Rm......M`g.zEB..K.\...0$..J5$......A.m.GB.u..^...W......~...1..=.7..q...L...7...v,H)6......g.E.M.Ak'<.[....u..X.va....................^....O...0.oAn@&\y......{rH........"..04..\[w....R.}e.[...}.....h.w.$...N|......Ao2.4.~O.u....?...Q....z..h...._...(V.....IEND.B`.....
GET /bg/As1rs6ZBldneBCLw2AxLEKkOIlt-mIA122l0HUMtT-g.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0884532287246801&output=html&h=90&slotname=7839509899&adk=2506318246&w=728&lmt=1418874541&flash=0&url=http://VVV.elefun-desktops.com/offers-show-1227196368/Membership&dt=1418874740945&bpp=22&bdt=735&shv=r20141209&cbv=r20141212&saldr=sa&correlator=2660386479433&frm=20&ga_vid=2104447498.1418874741&ga_sid=1418874741&ga_hid=1608851308&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=10&adx=486&ady=187&biw=1700&bih=804&eid=317150304&oid=3&rx=0&eae=0&fc=8&docm=10&brdim=0,53,-4,-4,1716,,1724,865,1716,804&vis=1&abl=CS&ppjl=u&srr=1&fu=0&bc=1&ifi=1&xpc=qLRz9rAmJn&p=http://VVV.elefun-desktops.com&dtd=225
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: pagead2.googlesyndication.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Last-Modified: Tue, 02 Dec 2014 17:50:02 GMT
Date: Mon, 15 Dec 2014 15:21:04 GMT
Expires: Tue, 15 Dec 2015 15:21:04 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 5719
X-XSS-Protection: 1; mode=block
Age: 217877
Cache-Control: public, max-age=31536000
Alternate-Protocol: 80:quic,p=0.002
.............{.......<.....6.....c{.).....4..c.....ft.....{.k.u...\.....U.&......S......*.~S.D.....Y.. ..>_.N.T..../{..`.&;k.,......G..:H............o..I.Mf.M~. .....ieL/..e.R.9K.qL/....A.X.M...].&a.I}...).q..,.e7sA..|NN}.3..2M*....n...}..\....h@C*...qg1.'.m9..!....9.$.p.......wA:.g.U.f[..UG`..f...N,.q..j.`...&..&.#.c...c.....1......s.....laI~NF..p..Q.Sk...Af1......W&.".I.0.>DQ..X..m.Wr..T..?`.qCY'....I2v.......j...I.....E`V.x.T9.DEB.VV..."...KN.k..b4IDhU7...@...X.E..<]...".~.......&..m....j..|w....?..Sm.2\......[Q.,O. .9.p... c.......u.....]9....y6K..!H....B.,."}8.I.]........~Q....fYk....:*j..?.W.g..7.H.....Pt..t....s..w_.{z.J...[.............G.K../.....?..w..E#X...N8......q..xf. }%.v.I....A..E...p.).#...&4.)]J....}..>$.'j...4`z..'N*.1..}....|q~..7..U....cjY.la....x.^.,r...m...u...kzM)....F.:...`0..@[4.....{ .'.....>?....>.G,j.a..o..p.4JY.8...j....!].L...v@.....>...:."....-.]..ov%..&....m.*...Yj.X[..2`jT^...M......('...5.Y...9.!.sv..(}..m..{....s.6...O.Q..9:...t.I..>b.C.:..'..R8..tN....c......9..u....AY|.R}..c|p.{g..{.X.....>::>9}....?..x................`8....E<Mf..t.-.....h....~.......r....3..G..t.8=.?L...)N.i...S.h.....%k.x...$.p...x~...'.n....l0.]...a..U^...0..8...:!.n.......^.2..[.v.....r.Z]{...V.V.. j....C.6..1.4...e.....P..e...&...`.,..4.....c.1........e..N.....]..}..'..`.:..( ...).k.M{....&.[..\......F*b.C.x...\.M3C.]..M._f.,Q.E..... ......8 Vt.l4Z...*..........F...^^....di..K5....`........%_.x..4.2}h..\.V p...$.....FMgp.......q.Q:.j...^.......f...dLh6..K....-....-...
<<< skipped >>>
GET /activeview?id=osdim&avi=BGstodU-SVP6lDcKtigbMuICIBgCdh8uo1wEAABABOAHIAQLIA8EEoAYCqBOAAQ&ti=1&adk=2506318246&p=187,486,277,1214&tos=1211,0,0,0,0&mtos=1211,1211,1211,1211,1211&rs=1&ht=0&tfs=238&tls=1449&fp=client=ca-pub-0884532287246801&url=http%3A%2F%2FVVV.elefun-desktops.com%2Foffers-show-1227196368%2FMembership&correlator=2660386479433&eid=317150304&oid=3&afp=&output=html&slotname=7839509899&flash=0&dt=1418874740945&adx=486&ady=187&ifi=1&tdl=487&abd=2-0-4&r=u&bs=1700,804&bos=1724,865&ps=1716,1474&ss=1716,901&tt=1012&pt=440&deb=1-1-1-5-6-5&tvt=1214&iframe_loc=http://VVV.elefun-desktops.com/offers-show-1227196368/Membership&is=728,90&uc=4 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0884532287246801&output=html&h=90&slotname=7839509899&adk=2506318246&w=728&lmt=1418874541&flash=0&url=http://VVV.elefun-desktops.com/offers-show-1227196368/Membership&dt=1418874740945&bpp=22&bdt=735&shv=r20141209&cbv=r20141212&saldr=sa&correlator=2660386479433&frm=20&ga_vid=2104447498.1418874741&ga_sid=1418874741&ga_hid=1608851308&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=10&adx=486&ady=187&biw=1700&bih=804&eid=317150304&oid=3&rx=0&eae=0&fc=8&docm=10&brdim=0,53,-4,-4,1716,,1724,865,1716,804&vis=1&abl=CS&ppjl=u&srr=1&fu=0&bc=1&ifi=1&xpc=qLRz9rAmJn&p=http://VVV.
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Date: Thu, 18 Dec 2014 03:52:22 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"..Access-Control-Allow-Origin: *..Content-Type: image/gif..Date: Thu, 18 Dec 2014 03:52:22 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..X-Content-Type-Options: nosniff..Server: cafe..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............!.......,...........D.;..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H.............P.j.EA .\.w.ur.....1........]^.....rG....8..Q..d.j..t....H...9.i......=s..;(oq.A.....A.......5w......s..=.....4......Q....kR..<.Qcx.....4..|b..^..e=.......41.^.?.Stn...i....L.G..:W...8 .Wq........5..NK.lmg<q.6~(.*.......}...5.b..........@.....w.:....80|N..
GET /coop/cse/brand?form=cse-search-box&lang=en HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.google.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 17 Dec 2014 02:56:44 GMT
Expires: Fri, 19 Dec 2014 02:56:44 GMT
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: pfe
Content-Length: 1129
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 89736
Cache-Control: public, max-age=172800
Alternate-Protocol: 80:quic,p=0.002
...........V.o.6.....A.P...1lE.....@....l..y..'Y.L.$e;X......I..@.....{...7"5..~...6.b9..L......0......M..T...X...D.x.ye.........P.>..$.G....#.....;.k..8.....xS.....*dU2....d.iu..c...5cX...@......C`.P. GDo........&./.,..#/......[.U.7...4J...rh...#8.....@...He.......Z.D..|a..<e...O)#............].s..rvu4.l...0>....G..W..Gj. .)E...B.;H}...{.i..=C.....A.&..\...v...$.......]w.D.N.Y.`..&.F....b'...Q..f..z..{.{..F...-V.0.g...R..bo]!zKt.[s.V...[.Yc....K]W..[@.v.D>Z2.#...M.0.f/5(.S]..6.h.....m&k...M.>....d.J$..^...,'.........}=3..F...gY......6,...Z\ip..5.G;'8...TI-s.n..%.0..J*P....@X..k..k..43Di.#....s...#.m..6....~.....P.r........8..^.>V06X..1.g\......u..K..5.t.....1.._......n.B......8...=5...XdW..j..2...*...WI0...)7..........x...#.,Po..#N.......a7.L.{.[.....P..s.go....V.C..\...FU.......?..2...#y.^..}X.P.u.g...=.. ...q....|..M.......F.c..]C.`...N..........s).f|..&...p.SW......g).....u...u..w.....T..Kv^...U.....&K.D.........E<z..........T.a.%.e..=>8.........T....".....K...#...."M.tY(........a...5mn.Ja*:A..*.@.......Z......FU.X-.... .....DA.?....EC....~%..~.4.f...9..].Q.J.F!'.....tvt5_O..|~..j2~..(F #..a....................
<<< skipped >>>
GET /cse/intl/en/images/google_custom_search_watermark.gif HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.google.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Wed, 08 Feb 2012 18:07:38 GMT
Date: Wed, 17 Dec 2014 02:46:16 GMT
Expires: Fri, 19 Dec 2014 02:46:16 GMT
X-Content-Type-Options: nosniff
Server: pfe
Content-Length: 2024
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 90364
Cache-Control: public, max-age=172800
Alternate-Protocol: 80:quic,p=0.002
GIF89aw......................................................................................................................................................................................................................................................................................................................................................................................................!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh" xmpMM:InstanceID="xmp.iid:9ECF1E2B459411E1981CECE3D05E7624" xmpMM:DocumentID="xmp.did:9ECF1E2C459411E1981CECE3D05E7624"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:69F7EFF4455511E1981CECE3D05E7624" stRef:documentID="xmp.did:9ECF1E2A459411E1981CECE3D05E7624"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..................................................................................................................................~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876543210/.-, *)('&%$#"! .................................!.......,....w...@.........
<<< skipped >>>
GET /fusion/add.gif HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: buttons.googlesyndication.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT
Date: Thu, 18 Dec 2014 03:52:20 GMT
Expires: Thu, 18 Dec 2014 03:52:20 GMT
Cache-Control: private, max-age=31536000
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 2068
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
GIF89ah......'..`u..............$/.....B.....0.....g...3...............r...g..............:....X..=lU..........B........\...4f...>...s.......t.y..k................Gl.....}.................;r......................p..............t..d.......i...........f............u......k....... 9Y..........................C..............n.................................................................................................................................................................|............Y...&g............ c........8....~<`..D................k..n....^k.....5t....Y.......................v.....{..O...............w..................:......b..{...........M..W..... .......pO.^_H...p.....'Y......1..........................4.Y.:Cp......h.....!.G.............................!.......,....h..........B......*\......#J..P.@..3Z<..... C.....E.(1TpT.G..R".......i.......}@%H.2...O..dy....R.".....!Dd.@...I.6x...s.......M..-.-k...s...|x...2f.....y....JG...x!....7..I.G'P}..v...N.*........[Q.Z...O&7n.0..G..>|..R4G..Do.......<_.|.... 5.....xpJ....P..1M.8q..L..K...Q8..Ft........*.rd..... m@..A......#...E..|..\x..W.c.....Q'.?...R..|.X.2..Yd9If.P)....T..^{=.R.@..`....b.......M01[-.,..'.*bI*.....[.a%.y.........f......S..,....0E....E..>....PC9AE3..gE....@,`..E=d`s.'d(p.1L$....P.....1.,.... ...F.V..E#...j>c.2F j...a..m.&.4.0.......;.t..D....-40Z{.Xq.,U.R...XpA.d.fD.m,!.m...G.s0...*.`A[l....v..esc..._.j8X.j.....L@..r.W...qF..-8.H{h,S...0PE$u.q...\.........8..:..1........-.F.......J(H c.........Q,.....s"e~....-...
<<< skipped >>>
GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.msocsp.com
HTTP/1.1 200 OK
Date: Thu, 18 Dec 2014 03:53:21 GMT
Content-Type: application/ocsp-response
Content-Length: 1757
Connection: keep-alive
Set-Cookie: __cfduid=d8e4a3f7ff625ed3f50800c624bb3948c1418874801; expires=Fri, 18-Dec-15 03:53:21 GMT; path=/; domain=.msocsp.com; HttpOnly
Last-Modified: Tue, 16 Dec 2014 22:10:03 GMT
Expires: Mon, 22 Dec 2014 03:53:20 GMT
ETag: "60fab6421fedec14660baa3e5d30c79cff97684c"
Cache-Control: public, max-age=345599
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 19a869b8780905db-WAW
0..........0..... .....0......0...0..........<.|7...@N6p.I.e|..20141216221003Z0..0..0L0... ........&."f........{5.....t..Q.$&..h"W.& ;Fb.{.....Z..w...d..\.-....w.....20141216221003Z....20141220221003Z."0 0... .....0......20131216221003Z0...*.H.............1..O.zw.Z.....6....T........y....X..p'....M.j.q.0......~....G...<. -a.~....5v/z.V..N...(.....3....R..#...#".}.....{...Z..p.5.`...}..{..w...0....A.C....,EoN......-.w............MP.*.0.....<..6....!..I.t.QC....N....T.2..)H...z&.cp..8..v.q..... .N.......x..(.....0...0...0..........Z..UGx.`..p.{....UG0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0...U....Microsoft IT SSL SHA20...141023182829Z..150106182829Z0!1.0...U....Should be ignore by CA0.."0...*.H.............0...........&!(..$.K...."=f....x.d.._s.....j....9`..l.Z..............^f..u......-e.&.bG.(i.Q...........bEy...^7A...A..c....CF-&...e.7..7F....."..w...y.:..`.w{~..D.x*.......x3Os......q...... S.fB .ig.....L..3......4E..}..7...M....e ...6.M.O.....<5:......r.....]..A.5........0..0...U..........<.|7...@N6p.I.e|0...U.#..0...Q.$&..h"W.& ;Fb.{...0...U...........0...U.%..0... .......0... .....7....0.0... .......0... .....0......0...*.H.............G...`./%.9...K........5.c....<.0....zV...uRkj..%..&99....GPr........kkfA{}{z..Vz0.S'.j.R...d.0...'........!.3......h8?.v..[FH0 \..q...x..)T^^1..p....4.rZ.w.EF.....wI._E...-. .;........4....?.H......U~q?..*.!?.d.).FE.a$......H^wV.6..\s...q^D......Y..>......#..C...s-...e.
<<< skipped >>>
GET /modules/general/tmpl/default/images/logo.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c0681-cbd-4e321e9e114f8"
Accept-Ranges: bytes
Content-Length: 3261
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................u.Z...........................................................................................!1AQaq...2..."BRbr#......3ST.....Cc..5........................!1Q.Aa...."B.q..R..2.#..............?..S@(..gV.K.k..f',Q....~z..?q...9q|...;]..zW....r...].........8....u{....-../.~...........gE..6.....6(..<..5#...e..sZ.....fU.J.i..V.E....3..TbM..&.p..J...F&.....M.a.XP...\.n.A......._..._..3.....8.P....w.s...}.tg>Z=[u.$=...`9.......m.y.8.]..........m.R.....F.....V.2.D....EIa.fRxyG/.....uK.O..V\z...S_%..Ko....c.|...6 ).~/..d.........b....T ...O.......s..X..ph.V&J... ..[i#_i...........e.e..7..@LP..@p...............@.ql....~y...{...p...1..<s..I..*.PY.)i...".$.\)...T.e..........Jk.......[..J?.l4z.....Y]#....;3.J...$.[......%V~.g>_.....8.f8.4.Crj,'.(......-%.......kV............8....W.V.jW:m..s{.........@..e..............e..k...VOv.MF..O.....1..r|.......{*.pT^...&.o'.86k..@a...~2 -...@a[.c............j.......@<.....c...g...\.....u.?-Em...8./5..Y(...j...#f..#o..(.T...i.E.0Q~\=..........\...a...r....I..@.....r..qQ.....3._V....R....e5.P7.,-d....s.1.~.2.O.W.f........j.k;.e.g{F..f.dS.<.0..0..cTVi....t..&..v..L...w*..6.qh..........i.j..&.2Q@(...........m..w...>].G.HG3.W..:jZk..Cu.#....F.v.......QI...9.? &=]-.F...n....E].... .......(c.c..UQ... 9..i`.........%..Q.H..V...6........I.O.M...._C.o*..6g....s`..........4.FQ..
<<< skipped >>>
GET /modules/general/tmpl/default/images/top2_bg.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c0688-81c-4e321e9e5b878"
Accept-Ranges: bytes
Content-Length: 2076
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d..........................................................................................................................................................................................................................................c...'.!1A..Qa..q.."2b.#d..B...$....C4Te....................#...1a.!A...."b............?..R... .....Xg....6. .....h...<.r.\gQ....Gm...e...m..bz/f.4..s.-N._>....8.....................................&..g..:I.....l.f....G."v...pe1\..ju...L.m..bA..::......$.m..aI..tw..TO......)...Hv..3.z-#,...F......]7.h..l..b....7....-6..Z.EG16.. \..0.S..........................k=.d.Z:..\.op.jV..%.S<...~J.!.m..<........).....;.r.Y...f.K...\..{...._.{...9.z.....P~.s.Z...6..dMh.i.Q=i{..'...q._G..~~\zz.I.s\.r \..j.TS..ph................................/0..RK{W...F..\.;.ID.Z.^."..o.Q..k...&.B.'.N.!.e.n...*F....3................sQ..T...B....lS.-}......R..~.R.....-.t..*..*.- ..%._.Z.....x.<..Z@.................................9b..#...m"...'.........3.?.y.~~..{.q. .N..../.=......... .?iy4.WX.S..].t&.<KE.x................q[5..hn.Ut.y..;N..<}.w.y{2-?.?V..K.....9.#.k.{....o...G={3'..y"<n_i.....O*.Z..~...Z.S.*l...9...T..)0.h.....................................b.H.9._.%..IR.....o.L....%L..k..TX.6.......s.(.7U.j....Z..qO6yh...........................;..6b..W.&....nD...tR_.L.Q.{.......66...z..........p.4V.(.\v@.6.....X...=.. _$o...s?..{....... ..O......c.x...1*.... ..?.9...)|.....gvo..Q.....6.....wcEc..C\8q..,.U..V|...e]....or..].=%..;...
<<< skipped >>>
GET /modules/general/tmpl/default/images/BGlefthandBlueTitleLeft.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c068f-1a5-4e321e9dfad98"
Accept-Ranges: bytes
Content-Length: 421
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................................c.................................................................1...!AQR.......................A............?.........a.}lA..2.l..(:T.....S..KzO.[y....c.Y....)..Sp..I..*z......V..u%v....4MgF/&..)G.4=J,....3......
GET /modules/general/tmpl/default/images/IconSmall1.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c066c-1f9-4e321e9da6dd8"
Accept-Ranges: bytes
Content-Length: 505
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................................f..................................................................Q...1Aa........................!q1............?......G..so..d'....7...}.Y>.t:...W.uN....Y.m)..Y.yh2].#.c.r8\RKKJ.HRI*..kX...........L..t.G....2.[L...Q31.~/...*.-.y.W.D...,.R..Z..6..c...1..`..6.. ....RM.cKLxS:..1S(....}.s...@.......
GET /modules/general/tmpl/default/images/IconSmallScreensaver.gif HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c0653-da-4e321e9d59f60"
Accept-Ranges: bytes
Content-Length: 218
Content-Type: image/gif
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
GIF89a.....................................z.................{..........................x..s.................!.......,..........W '.di...el....Y.f.....a...&v..4....)n...L...~6..)..~.ei:u2.$M........k;. '.#..9$..)...!.;....
GET /modules/general/tmpl/default/images/BGbodytop.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c069c-44a-4e321e9e6a6c0"
Accept-Ranges: bytes
Content-Length: 1098
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................".{.........................................................................................!1AQq...a..".#.Bbr...5.....................1..!AQa..R............?................................................<J..&U....Y%..59.I..Rr....Z....{]j.I.e../g...b n.ClZ..;.....G3;.........Z..f........I..L......m......c...>...........N.1......h.=.V......p3c...]....I......x.s.xH)@.........................................W.[ ..\..g.......V...NrP.\.....o..8....d....T....W....6._w..|....=.....2..t....k:z..gV....d..........W..W..`..../...o..2...7.~Sz....@..i)..Y8..T..........o_q/.z...E..vM..WBV/.....<.\s.7..1..{...5^b...O..._.K....;Y..6.g7.F.]..\l.ju.k.....4z%......................................A...mF...;....S..|......<u..r..}.n...4)...-d.d...=y..<G.8..&............L.j.......D....s/1....p.s.......\.....g.|..)8.L.I....j)M.K.......r.............................................................................nt>....
GET /modules/general/tmpl/default/images/ButtonSubscribeLHOk.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c0670-234-4e321e9dbae28"
Accept-Ranges: bytes
Content-Length: 564
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d...................................................................................................................................................$.............t.................................................................!..1."....Qq2B.d&.Aa...#S.$4D5F..............................?.....x..Nd..5m..P8......X.4......s2pgL...':0.b.wx.X..{......\...6.G...?....v...j.gmA.L.Qoj.z>t.W._....M..<.y.4..Y...k..l..y.{ua.mD.9./Uc8uH2..m.p}B:....m.";..a....7../........L.94..................}.... .....`<=...r..d...u.......
GET /modules/general/tmpl/default/images/BGlefthandOrangeTitleRight.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
Cookie: __utma=1.668409717.1418874741.1418874741.1418874741.1; __utmb=1.1.10.1418874741; __utmc=1; __utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c0665-1d4-4e321e9d90a60"
Accept-Ranges: bytes
Content-Length: 468
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d...................................................................................................................................................u.............]................................................................R...q2....................Q............?..#9..J........=...M...v..u..3...N.W.a.[..j..;ky:.^..mo'Q..0....5zf....F.L........v..u..3...N.W.a.[..j..;ky:.^..mo'Q..1S..............T.K...................
GET /modules/general/tmpl/default/images/bgOrderProductList.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
Cookie: __utma=1.668409717.1418874741.1418874741.1418874741.1; __utmb=1.1.10.1418874741; __utmc=1; __utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c06a3-1ae-4e321e9ddf430"
Accept-Ranges: bytes
Content-Length: 430
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d...................................................................................................................................................-.............k...............................................................!1.2...4.AQs.a."Bb.3C..E..............................?..&.)q..e............[.......Wj.....1W|.q.@DK..#..y.....F.v.T.7w..Z.3....x........9..J..g..=V.Ck@...HTTP/1.0 200 OK..Date: Thu, 18 Dec 2014 03:49:02 GMT..Server: Apache/2.2.15 (CentOS)..Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT..ETag: "1c06a3-1ae-4e321e9ddf430"..Accept-Ranges: bytes..Content-Length: 430..Content-Type: image/jpeg..X-Cache: MISS from localhost..X-Cache-Lookup: MISS from localhost:3128..Via: 1.0 localhost (squid/3.1.22)..Connection: keep-alive........JFIF.....d.d......Ducky.......<......Adobe.d...................................................................................................................................................-.............k...............................................................!1.2...4.AQs.a."Bb.3C..E..............................?..&.)q..e............[.......Wj.....1W|.q.@DK..#..y.....F.v.T.7w..Z.3....x........9..J..g..=V.Ck@.....
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?b00cc72c3b8bcef8 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Mar 2014 20:20:10 GMT
If-None-Match: "0b96c77303ecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
Accept-Ranges: bytes
ETag: "805a83f2b9cecf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 56928
Date: Thu, 18 Dec 2014 03:52:53 GMT
Connection: keep-alive
MSCF....`.......,...................I.................,E.Y .authroot.stl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.....................@.....L.........KNAy8/"...f.......k..Jm7j....R.5q....Rz..!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m..._.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|.@.M.._.....7._6...C.0...A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?...........WE.Or..O>..{.'W2.........3m.O.u..Z8....H4@.w}.o:?~....]<!...%....}@.d...L.p.a.g ..K."..N1!%..S.bT.H.-.....e..`.0$...0t..DX..{.....#./...8.5..M...T.......D......V\C.zy.....3E:..>.{..).QW......q....9..n..1....8%,.........r.p@.>. ...Q.?.p..7.?..7...&..!.........`. .=....Sf..q.l.A.....L...t.}g..;...f....=.e.~.z....C..*R....H-..=...f..(t'.."....F...g._....n.J..U.4vr`}.....1..o@.....@.#...R. L8....z..].|......3..y..-./....K..6{...s.<R`.}6....?.......-..@.g..S....
<<< skipped >>>
GET /pub-config/ca-pub-0884532287246801.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.gstatic.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/javascript
Last-Modified: Wed, 17 Dec 2014 15:47:27 GMT
Date: Wed, 17 Dec 2014 22:43:17 GMT
Expires: Thu, 18 Dec 2014 10:43:17 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: sffe
Content-Length: 109
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=43200
Age: 18544
Alternate-Protocol: 80:quic,p=0.002
...........H..O.I.O,..K.O..K.LW.U(..K./..&YS.P]......[P..k`aabjlddandbfa`....^.T\..........d...S.Zk.../..l...HTTP/1.1 200 OK..Vary: Accept-Encoding..Content-Type: text/javascript..Last-Modified: Wed, 17 Dec 2014 15:47:27 GMT..Date: Wed, 17 Dec 2014 22:43:17 GMT..Expires: Thu, 18 Dec 2014 10:43:17 GMT..X-Content-Type-Options: nosniff..Content-Encoding: gzip..Server: sffe..Content-Length: 109..X-XSS-Protection: 1; mode=block..Cache-Control: public, max-age=43200..Age: 18544..Alternate-Protocol: 80:quic,p=0.002.............H..O.I.O,..K.O..K.LW.U(..K./..&YS.P]......[P..k`aabjlddandbfa`....^.T\..........d...S.Zk.../..l.....
GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com
HTTP/1.1 200 OK
Server: Apache
ETag: "9872464df9cf3e431f02d5be8de67e54:1418873424"
Last-Modified: Thu, 18 Dec 2014 03:30:24 GMT
Date: Thu, 18 Dec 2014 03:52:22 GMT
Content-Length: 966
Connection: keep-alive
Content-Type: application/pkix-crl
0...0.. 0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..141218032300Z..141228032300Z0...0....X...140427081922Z0....v...140618150003Z0........140429180917Z0........140709194633Z0........140416233935Z0........140521155053Z0.....)..140617185515Z0....Bf..120627171053Z0.....3..020515130611Z0........140811090836Z0.....#..140606204021Z0........100729164439Z0....x...140507204001Z0........140606222139Z0....%...020514181157Z0....S...140423105438Z0........120627171058Z0........140725020038Z0........100729164732Z0....M\..140430000442Z0.....-..140617185011Z0....V...140624123102Z0....t6..140425041720Z0........120627171025Z0........100301134531Z0........140618143256Z0........120627171017Z0.....>..140711125531Z0....[...100730213120Z0........120627171058Z0....j...140226123519Z0...*.H............wN.$WI(...A..,.....&h..bnGW.(.y3a{:2..E_q..I.i........".6...P~dvT'..T...Q..._..[.mq.........yi..i.lv2......U*...F..U..D...;.@vv.HTTP/1.1 200 OK..Server: Apache..ETag: "9872464df9cf3e431f02d5be8de67e54:1418873424"..Last-Modified: Thu, 18 Dec 2014 03:30:24 GMT..Date: Thu, 18 Dec 2014 03:52:22 GMT..Content-Length: 966..Connection: keep-alive..Content-Type: application/pkix-crl..0...0.. 0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..141218032300Z..141228032300Z0...0....X...140427081922Z0....v...140618150003Z0........140429180917Z0........140709194633Z0........140416233935Z0........140521155053Z0.....)..140617185515Z0....Bf..120627171053Z0...
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f86c1d729ad77f65 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Thu, 18 Dec 2014 03:52:22 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..Cache-Control: max-age=86400..Date: Thu, 18 Dec 2014 03:52:22 GMT..Connection: keep-alive..
GET /pagead/js/r20141209/r20110914/abg.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0884532287246801&output=html&h=90&slotname=7839509899&adk=2506318246&w=728&lmt=1418874541&flash=0&url=http://VVV.elefun-desktops.com/offers-show-1227196368/Membership&dt=1418874740945&bpp=22&bdt=735&shv=r20141209&cbv=r20141212&saldr=sa&correlator=2660386479433&frm=20&ga_vid=2104447498.1418874741&ga_sid=1418874741&ga_hid=1608851308&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=10&adx=486&ady=187&biw=1700&bih=804&eid=317150304&oid=3&rx=0&eae=0&fc=8&docm=10&brdim=0,53,-4,-4,1716,,1724,865,1716,804&vis=1&abl=CS&ppjl=u&srr=1&fu=0&bc=1&ifi=1&xpc=qLRz9rAmJn&p=http://VVV.elefun-desktops.com&dtd=225
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: pagead2.googlesyndication.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 4058474734652203665
Date: Wed, 17 Dec 2014 17:12:24 GMT
Expires: Wed, 31 Dec 2014 17:12:24 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 13641
X-XSS-Protection: 1; mode=block
Age: 38397
Cache-Control: public, max-age=1209600
Alternate-Protocol: 80:quic,p=0.002
...........}i[.:..w~Ep...'$...\..P(..r......i........d.K(.9.}...b-...h4..........n<..A....a.=4...,f.<..Yy...C] k.....9.4...7..ze..wO.A....jL...VD`.j.......;~.*l........v3...2d.x|...B..m.............&..NLG%.x`eOI0..~8....|...O...=...&..K.F.\;...A...vS.......Pa@.`.o......"..`...^..0.Yi.#B"....%.S..A..Xg9.N.A.wUvY..u.......v..n.@.#k..%.............H.".k...7.=..f..(....S.Q.P.......>`......l~..qd...ND. !|Ipn.(...$D..$.^...._.....X...F@...*.$..F..=1....`Cji....Y..R.. }b6...t.-GJ...........lp....!...(9CE..Yf..Ap[.......-nF........a........"..!..23....V.j.#.!xsL/...4.f2....S$21.fd...Z.T..../Ug.eF.W7.....@wz,l...7........I...rP..m..{,....v<.pQD.....:m.e.........8l...k.$SbHD..)e7.36..a0.....j......Uo.....SZ4.k{.....u],.....b......Q...9w.R...4.......T.....g...?......9.......?....;Vi..Q.....i.8...}....a.Qi...z.b5.........c.6..}..Q.z3.. t'........*....".......\./2....li#....R...R...K.L.....A..|7.....|..W..../.;./..`........^4...QZ.%.M.^....[..*..&...D_eF...%...~5..NU....}.S.F.]6.A.@.n.....].....q=.yI7../...b.e...?c..ls........W5....:O..f. 0....b.=..........u......[..E...[....fjW..%,...............s..5.Q..........R..,..c..=.0...y.7.........z6.-.9[5..ca......'.....i....{fk.. .....w,..B{x,-.Q...4... ....*S.v.p.:#(.I......1..6...oW-?k.}....b...9.N..k......iD.s..X..{..YM@......03>e._>.....J.8.n.ir.V0xU..qg..$....K#..r...4..?......t-..8...F...H.rxk.$|{...o...r...z.0............:.ng...5..(....8Lj*Q.....@.r.............Y.....a.!.X.....2. ......WW...`Q^M.}.....c#8.f...4p.bX\...l.t......f=.X...vp.d...c.|.......z@.#h
<<< skipped >>>
GET /pagead/images/ad_choices_i.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0884532287246801&output=html&h=90&slotname=7839509899&adk=2506318246&w=728&lmt=1418874541&flash=0&url=http://VVV.elefun-desktops.com/offers-show-1227196368/Membership&dt=1418874740945&bpp=22&bdt=735&shv=r20141209&cbv=r20141212&saldr=sa&correlator=2660386479433&frm=20&ga_vid=2104447498.1418874741&ga_sid=1418874741&ga_hid=1608851308&ga_fc=0&u_tz=120&u_his=1&u_java=1&u_h=901&u_w=1716&u_ah=857&u_aw=1716&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=10&adx=486&ady=187&biw=1700&bih=804&eid=317150304&oid=3&rx=0&eae=0&fc=8&docm=10&brdim=0,53,-4,-4,1716,,1724,865,1716,804&vis=1&abl=CS&ppjl=u&srr=1&fu=0&bc=1&ifi=1&xpc=qLRz9rAmJn&p=http://VVV.elefun-desktops.com&dtd=225
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: pagead2.googlesyndication.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: image/png
ETag: 14036706360268997840
Date: Thu, 18 Dec 2014 03:49:50 GMT
Expires: Fri, 19 Dec 2014 03:49:50 GMT
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 365
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 151
Alternate-Protocol: 80:quic,p=0.002
.PNG........IHDR..............D.,...4IDAT8.c....fja.l.l...eXw.....W(6.d.2.|..Y..k......w..#..[..8B.a3..>.,....{.8..../}...l...^........}...4.$.....G.~.$....^.A.....2..Ig..&..{_....f...'.......f A..o<..b......{.wA....`..^|t..a5@...G.~9......q..i.!&.........0[.....~... .zHB..~.3z.#......s.o...}...........#..t.x#.a...}.......@8..0R...a0...."R.@........I.....IEND.B`.HTTP/1.1 200 OK..P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"..Content-Type: image/png..ETag: 14036706360268997840..Date: Thu, 18 Dec 2014 03:49:50 GMT..Expires: Fri, 19 Dec 2014 03:49:50 GMT..X-Content-Type-Options: nosniff..Server: cafe..Content-Length: 365..X-XSS-Protection: 1; mode=block..Cache-Control: public, max-age=86400..Age: 151..Alternate-Protocol: 80:quic,p=0.002...PNG........IHDR..............D.,...4IDAT8.c....fja.l.l...eXw.....W(6.d.2.|..Y..k......w..#..[..8B.a3..>.,....{.8..../}...l...^........}...4.$.....G.~.$....^.A.....2..Ig..&..{_....f...'.......f A..o<..b......{.wA....`..^|t..a5@...G.~9......q..i.!&.........0[.....~... .zHB..~.3z.#......s.o...}...........#..t.x#.a...}.......@8..0R...a0...."R.@........I.....IEND.B`...
<<< skipped >>>
GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.msocsp.com
HTTP/1.1 200 OK
Date: Thu, 18 Dec 2014 03:53:22 GMT
Content-Type: application/ocsp-response
Content-Length: 1757
Connection: keep-alive
Set-Cookie: __cfduid=dc9dbd41c579956ba127ca5ad82c0e8411418874802; expires=Fri, 18-Dec-15 03:53:22 GMT; path=/; domain=.msocsp.com; HttpOnly
Last-Modified: Tue, 16 Dec 2014 22:10:03 GMT
Expires: Mon, 22 Dec 2014 03:53:21 GMT
ETag: "60fab6421fedec14660baa3e5d30c79cff97684c"
Cache-Control: public, max-age=345599
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 19a869b8caa30afc-WAW
0..........0..... .....0......0...0..........<.|7...@N6p.I.e|..20141216221003Z0..0..0L0... ........&."f........{5.....t..Q.$&..h"W.& ;Fb.{.....Z..w...d..\.-....w.....20141216221003Z....20141220221003Z."0 0... .....0......20131216221003Z0...*.H.............1..O.zw.Z.....6....T........y....X..p'....M.j.q.0......~....G...<. -a.~....5v/z.V..N...(.....3....R..#...#".}.....{...Z..p.5.`...}..{..w...0....A.C....,EoN......-.w............MP.*.0.....<..6....!..I.t.QC....N....T.2..)H...z&.cp..8..v.q..... .N.......x..(.....0...0...0..........Z..UGx.`..p.{....UG0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0...U....Microsoft IT SSL SHA20...141023182829Z..150106182829Z0!1.0...U....Should be ignore by CA0.."0...*.H.............0...........&!(..$.K...."=f....x.d.._s.....j....9`..l.Z..............^f..u......-e.&.bG.(i.Q...........bEy...^7A...A..c....CF-&...e.7..7F....."..w...y.:..`.w{~..D.x*.......x3Os......q...... S.fB .ig.....L..3......4E..}..7...M....e ...6.M.O.....<5:......r.....]..A.5........0..0...U..........<.|7...@N6p.I.e|0...U.#..0...Q.$&..h"W.& ;Fb.{...0...U...........0...U.%..0... .......0... .....7....0.0... .......0... .....0......0...*.H.............G...`./%.9...K........5.c....<.0....zV...uRkj..%..&99....GPr........kkfA{}{z..Vz0.S'.j.R...d.0...'........!.3......h8?.v..[FH0 \..q...x..)T^^1..p....4.rZ.w.EF.....wI._E...-. .;........4....?.H......U~q?..*.!?.d.).FE.a$......H^wV.6..\s...q^D......Y..>......#..C...s-...e.
<<< skipped >>>
GET /modules/general/tmpl/default/images/spacer.gif HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c0650-2b-4e321e9d51a90"
Accept-Ranges: bytes
Content-Length: 43
Content-Type: image/gif
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
GIF89a.............!.......,...........D..;....
GET /modules/general/tmpl/default/images/BGEleFunDesktops.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c069e-27de-4e321e9e7e710"
Accept-Ranges: bytes
Content-Length: 10206
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................X.y.........................................................................................!..1AQ..aq"2.....B..Rr#3..b....C...TtU...Ss.457.....%6......................!1Q.A...aq"2..3.......B.Rb.#............?.....BB..D)$[...D........`......Bb....H=...P..t&.Ki^....@xs..........>;.j...Uhh.4.@..@..@..@..@..@..@..@..@..@..@..@p.....gA..#T.-EJ7&.R;.........=h..(..(..(..(..(..(..(.....[N.....{..{...=L.@...[.oR4.;....1...M.....n=...FS.}~.C(B. _].ESz......PUeQ.3..r..<..Q!!.....U..4e=.4e...l_!y.a..ja!k/%..M.....w...-.}O!....f.....G...7...._{r......:....\.^.......r.00.<..KfC..%..%..*..KI....wQ......0tu#.\.o.4..5.mW.CFC.....s....r1..2.QB\.,mQI.IP.;.U.......*.B.L(..(...d|.b.VN98..;.E*-.okkk_.......-..(q...7....L.~...H.....V....'..<U.ti1.GC..K..7!....A.CT4'\...B.(...d93.yt..YJ......;..9..?..#n.r)..MGR.U..y.C..GnD.)-...;....?...9dBw.UY)P&..i......@'..8......9....'T...q...m=S..@*.P...b.a@u@..@..@r.....qA...-j ....h......g..<.Lr..Mn...x.C.......R..h..r..=._"...O......b<w..-..`.$...I...(K.T..|...S*......"...v7..q.M..d.Y...e.4.Z..,}=.....%....7bll=.{(.*J.E....A.3.7......Y/....p.....^f-.......m;[..J{....Z...}M=Xj...Y,t..P.3)( (....=/..T.5,.I)'.)~V..p.`%\....c......i..`...1.r...-x0..,....K.O[..4.'...n\~....ro.....9N.3....).N>.i....{...@..=..H..$.><N...$....3*4_6 .).0.#.........R....M.}7....&............5.j...
<<< skipped >>>
GET /sys_data/img/products/ad_Pharaohs_Gallery.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 06 Aug 2013 05:41:36 GMT
ETag: "1c6f81-86d6-4e340e0d93ce1"
Accept-Ranges: bytes
Content-Length: 34518
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......Exif..II*.................Ducky.......<......hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:9A9E9BE8FE5A11E2991ED20FD3B49CAF" xmpMM:InstanceID="xmp.iid:9A9E9BE7FE5A11E2991ED20FD3B49CAF" xmp:CreatorTool="Adobe Photoshop CS6 Windows"> <xmpMM:DerivedFrom stRef:instanceID="6E308B28F489545F757AC33DEE62AD4D" stRef:documentID="6E308B28F489545F757AC33DEE62AD4D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...&Adobe.d................(..2z..T...................................................................................................................................................[.......................................................................................... !.01@"#.A23$45P%B`p.DE......................!.1A.Q"2aq..B.3.....Rr#...b... .s...CS.@.$`.c.4..................P..!..0@1 `Aap.......................!1A.Qaq...... .0..@P`.................00 a.."....c..... @..... @.....C.......h`@.0..0&.l......4...... @......H..8Z......Pc... .Q...........008.$Y...n$.h... p@.....Zf..b .[gSI....00 ``@.@.M0 @....!5...... p@.$.... ..i.
<<< skipped >>>
GET /modules/general/tmpl/default/images/BGlefthandarchive.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c0690-2e6-4e321e9e03268"
Accept-Ranges: bytes
Content-Length: 742
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................................m......................................................................R.!1..s5Q2..4A"B#................................?..J........:....S.0...1m...!g).|........96.r.C..M.....s.lw t:........96.r.C..M.....s.lw t:........96.r..X.w...03....~...a,J(.?,.,.4..........xE...._.z.....X?v.g.i.)..dx.......,3vv.PQ.L.u..G.\.*..&....!FW.G7q.q.q4....A..1B:..w..0....$.(...../.N/......A.h.....E..Z....B.X.8.&b3;7.3......T...R.%d./.q....<.\...#/.....K.....E.3.A.1..a...".7......9.A...Es......!.}._W..m. .......(,P.........Es......!.}._W..m. ......
GET /modules/general/tmpl/default/images/BGmembershiplogin.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
Cookie: __utma=1.668409717.1418874741.1418874741.1418874741.1; __utmb=1.1.10.1418874741; __utmc=1; __utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c0694-a2e-4e321e9e28fe0"
Accept-Ranges: bytes
Content-Length: 2606
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d.................................................................................................................................................X. ........................................................................................Qa...R..S..!.1A.s4D...."q.2r3..B#.........................1!.AQa.".q................?...,XP......F....T.'..d.H....{.**.^.[5]r....4i....Q...Q...Q...Q...Q...Q...Q...Q...q9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...93.Q....s..kb.UW-.f..W.G....t.S.q]..<8..k........<..Y5.5.D.....b..K[w...S...=.{...VbkS...E.Vb(...E...,..Qef". 1.YY....E.Vb(...E...,..Qef". 1.YY....E.Vb(...E...,..Qef". 1.YY....E.Vb(...NYY..l..Qef". 1.YY...g...I..D...qS...:...........OJ[.[..*. .......]j{mK,..&....~...$....g..A....MQ.k...D..j.08_^...*n#]..(....?....Z..DMk..?...de.VF.S....3.RTVq.r..3.PY.}..8..Ag..(,.>...g.......q.r..3.PY.}..8..Ag..(,.>...g...8..Ag..(,.>...g......Qg..(,.>...g...8..E.q.r..3.QE.g...8..Ag..(,.>..=..4G....=..kZ.......H.t..].nY.i..".sb=....3..........gv6FS..i..N1s.]....._Q..O%.p=.=..`)Lt.8..TV9|UX.[..".2{Q4.@;...M)...'..Jd....D....2{Q4.@;...M)...'..Jd....D....2{Q4.@;...M)...'..Jd....D....2{Q4.@;...M)...'..Jd....D....2{Q4.@;...M)...'..Jd....D....2{Q4.@;...M)...'..Jd....D....2{Q4.@;...M)...'..Jd....D....2{Q4.@;...M)...'..Jd...mD...z.......k}x...$...}G..<....l.P................................./.....y/......................................._5..n.._.....@&.......................
<<< skipped >>>
GET /modules/general/tmpl/default/images/BGlefthandGreenTitleRight.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
Cookie: __utma=1.668409717.1418874741.1418874741.1418874741.1; __utmb=1.1.10.1418874741; __utmc=1; __utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:04 GMT
ETag: "1c0697-1b4-4e321e9e39598"
Accept-Ranges: bytes
Content-Length: 436
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d...................................................................................................................................................u.............Y................................................................S.Q2...............................?..Fs..K.~/.J....'QJmwI:.Sk.I.R.].N.....u...t...6...E)..$.)M..'QJmwI:.Sk.I.R.].N.....u...t...P...............T...................
GET /modules/general/tmpl/default/images/bgInfoProductList.jpg HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.elefun-desktops.com
DNT: 1
Connection: Keep-Alive
Cookie: __utma=1.668409717.1418874741.1418874741.1418874741.1; __utmb=1.1.10.1418874741; __utmc=1; __utmz=1.1418874741.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
HTTP/1.0 200 OK
Date: Thu, 18 Dec 2014 03:49:02 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT
ETag: "1c0660-185-4e321e9d7e950"
Accept-Ranges: bytes
Content-Length: 389
Content-Type: image/jpeg
X-Cache: MISS from localhost
X-Cache-Lookup: MISS from localhost:3128
Via: 1.0 localhost (squid/3.1.22)
Connection: keep-alive
......JFIF.....d.d......Ducky.......<......Adobe.d...................................................................................................................................................).............a.................................................................!..1Qq.B...5..............................?......wy(.....H....AI}X..EU.7...'0&......Z....Wtif....pp8..~.........HTTP/1.0 200 OK..Date: Thu, 18 Dec 2014 03:49:02 GMT..Server: Apache/2.2.15 (CentOS)..Last-Modified: Sun, 04 Aug 2013 16:45:03 GMT..ETag: "1c0660-185-4e321e9d7e950"..Accept-Ranges: bytes..Content-Length: 389..Content-Type: image/jpeg..X-Cache: MISS from localhost..X-Cache-Lookup: MISS from localhost:3128..Via: 1.0 localhost (squid/3.1.22)..Connection: keep-alive........JFIF.....d.d......Ducky.......<......Adobe.d...................................................................................................................................................).............a.................................................................!..1Qq.B...5..............................?......wy(.....H....AI}X..EU.7...'0&......Z....Wtif....pp8..~...........
GET /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnqkc= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.omniroot.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/ocsp-response
Date: Thu, 18 Dec 2014 03:53:21 GMT
Last-Modified: Tue, 16 Dec 2014 18:51:02 GMT
Server: ECS (ams/D1C2)
X-Cache: HIT
Content-Length: 1406
0..z......s0..o.. .....0.....`0..\0......`;.l.uZ..k.F..^|A.Tb..20141216094607Z0g0e0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M....'.G....20141203203011Z....20150303203511Z0...*.H...............n...(F.....Wq;......w.e.I~5.,...(.....wmn.L......@..A...[..7.Z.@...bwN2%$R2.......0..B..&TKa.S...P..D.&g.~,Y.(e...5...-e......&...P.@..Z..3.......C.@K.=.6..1...q7..Z.%....5..3.XPAG...{..Lk..\H...DI.. ..<. ..`.!....I..0..C.}~....;'VI..J.p....SN.(.....$E=z....0...0...0...........'..0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....CyberTrust1"0 ..U....Baltimore CyberTrust Root0...140122184236Z..150122184140Z0G1.0...U....US1.0...U....Cybertrust1#0!..U....Cybertrust-Validation-20110.."0...*.H.............0.........?....(Fb....G... ..=..(L..wK...04..I......C...1.Z......U.$b.f..Pa.....S...#..B.........^T..IP8..........h8GM..*.4.MP..../D4n.=ZTeH.B=kOT.v..2@F.2L..A...yn.4......fP...L...2.x....$..@@....q2...Uby.e......D....lf...C....ZP}O......7...mM..c.g..j.\.>.O....G.A........0..0... .....0......0...U.......0.0...U...........0...U.%..0... .......0...U.#..0.....Y0.GX....T6.{:..M.0...U......`;.l.uZ..k.F..^|A.Tb0...*.H.............. .p.)...09W..Z.......]....}.:..Vr.....c..U..:V^.O.....<...b*5.c.\.fF./....5'.>./ iS..R0..)..*.!..q.h.T..ul.}&.......`.1".~.U....rB.BR.s..x..o..Y.......).4:.[.9.=....x...'.f..\ kC......@I....G:J!.hRH..!z2DtL.s2.r.....Yi~..E..AzO..i.."N.$j...b...o..i."{(3....
<<< skipped >>>
GET /pagead/html/r20141209/r20141212/zrt_lookup.html HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Referer: hXXp://VVV.elefun-desktops.com/offers-show-1227196368/Membership
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4
HTTP/1.1 200 OK
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
ETag: 8281997907193036559
Date: Wed, 17 Dec 2014 17:12:24 GMT
Expires: Wed, 31 Dec 2014 17:12:24 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 5099
X-XSS-Protection: 1; mode=block
Age: 38397
Cache-Control: public, max-age=1209600
Alternate-Protocol: 80:quic,p=0.002
...........;.w...... z}.UT..~..(.n.~l.6.t..^`sd[....mB....f$..@.{?.9......f<..q{...?....Yc....#..S.z.)..^[.yIp....Hr......2..<.q....s.H.(..'....^LS..<]J....2?....#k...|......ic...4c.^......v!.qC...E....s..Ga.0.oc.g..}.{.....2_.1.8 ...{u..jx.......i.'.....<.....(.\.......4....(..l...."GA..$^.=...x$;.q.O.M....i,.r.]...............38X........E.a....$...}A.A.....Ix......FF.l..x.0...BZK(.....N......a. 2.<-e>W.U....en>...8.X.......}....g/.....Etky..]..fMI.G7.%.iM...i...].i..9^A.w...yz.I......h6.....-.....T.i.(....8I.p~.q.T.Y#...?.|....M.>=...j..4.... J....;.s..G].9..G....T......'N......e......P.UL*m.A.......4:....x.(.........p.u.Ij!x..c..4...A.\D...mY.<_d}g.....6..1l;...0hY}.^.c...O..<..dle.0n<l...Q.MI.@.6[& j.y..Jt.....Q.7.....J..~M|.I...n...%M.....FtF.u.....$...})......#N.~..h.........6......._...8.mcx!....21.G.g.hyZ...x..V j......x.IWro..Z#...lP.\^.}...S..H...).[F..&..2......=0........v[..z.8.c... ......k....6..."x.@k.......D.&..*g.J=.K..@.....4...R..o.T......D`..)..P1.NP7......1p.....2@..*"...N....GTQ......g.Y<.@X....u2....U ...=...$..M....3..Y..X1#ZI...V..B.-......4....1w7..@..=...)(y.....l...ka.M...pohU.:CZa..!:..s..6...*[z...........#.....n...1.........i..._>....N.Ac.....4..>.'.:......s.w6...^..?.....-H.F.,o..;]ZxD.^.=.A;...I...4..2@.....P@.4....D};..W['...O.>!......6g..a....n.`j..d...........=..........T~^.,..k.....Z.$.TXR......H..".y....}.s.>.....k...0O..x.5...K.vTa9.8..._..h.....I..*|^..E.p.....a...h._..V3...\P./.... ....Q.E..$..E8^r%.2....$..|x.,./..h..O.BGf.
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAWXeLAc38Ey HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 17 Dec 2014 21:03:29 GMT
Expires: Sun, 21 Dec 2014 21:03:29 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 24534
Cache-Control: public, max-age=345600
Alternate-Protocol: 80:quic,p=0.002
0..........0..... .....0......0...0......J......h.v....b..Z./..20141217190216Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....x....2....20141217190216Z....20141224190216Z0...*.H.................. r....]O./.0...j,.M.<....~..8...{.ch.C2.rl..$d.wY............!l..i......v.e.z.-E.b..K ...S~ZZ..h.u.w..^...^.G....J.-./.J .'HCJ.E.3...sP.~.....j.`e ...... 6..f66.`v..U-).V2[_.hLC.J...)Vl....lG.V.?...b.R.o....R;?@.......3....i..EO.."..Z.......t..j%K^0..HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Wed, 17 Dec 2014 21:03:29 GMT..Expires: Sun, 21 Dec 2014 21:03:29 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Age: 24534..Cache-Control: public, max-age=345600..Alternate-Protocol: 80:quic,p=0.002..0..........0..... .....0......0...0......J......h.v....b..Z./..20141217190216Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....x....2....20141217190216Z....20141224190216Z0...*.H.................. r....]O./.0...j,.M.<....~..8...{.ch.C2.rl..$d.wY............!l..i......v.e.z.-E.b..K ...S~ZZ..h.u.w..^...^.G....J.-./.J .'HCJ.E.3...sP.~.....j.`e ...... 6..f66.`v..U-).V2[_.hLC.J...)Vl....lG.V.?...b.R.o....R;?@.......3....i..EO.."..Z.......t..j%K^0......
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCHj3S83xBK9k HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 15 Dec 2014 07:45:43 GMT
Expires: Fri, 19 Dec 2014 07:45:43 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 245200
Cache-Control: public, max-age=345600
Alternate-Protocol: 80:quic,p=0.002
0..........0..... .....0......0...0......J......h.v....b..Z./..20141215010635Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..x.K....d....20141215010635Z....20141222010635Z0...*.H.............2.dqW.q..... 0..ay..q...6.zF.2..b.28T.:...{..'2...^........L..1cQ.B.{.........q..%D...?....bI.".......ZF|....O...o".n.E.Z..*H....NL.B....4..}....x4B..,..........ey.Oug...........|.I..[B...V.C..ac"c}..T.......Y6\B.lv.d.>.yBZ.WN...h.l7........J...>*0..h.u.=.HTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Mon, 15 Dec 2014 07:45:43 GMT..Expires: Fri, 19 Dec 2014 07:45:43 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Age: 245200..Cache-Control: public, max-age=345600..Alternate-Protocol: 80:quic,p=0.002..0..........0..... .....0......0...0......J......h.v....b..Z./..20141215010635Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..x.K....d....20141215010635Z....20141222010635Z0...*.H.............2.dqW.q..... 0..ay..q...6.zF.2..b.28T.:...{..'2...^........L..1cQ.B.{.........q..%D...?....bI.".......ZF|....O...o".n.E.Z..*H....NL.B....4..}....x4B..,..........ey.Oug...........|.I..[B...V.C..ac"c}..T.......Y6\B.lv.d.>.yBZ.WN...h.l7........J...>*0..h.u.=...
<<< skipped >>>
Map
The Worm connects to the servers at the folowing location(s):
Strings from Dumps
IEXPLORE.EXE_3708:
.text
.text
`.data
`.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
u\j.Xf9
u\j.Xf9
j.Xf9
j.Xf9
USER32.dll
USER32.dll
api-ms-win-downlevel-shell32-l1-1-0.dll
api-ms-win-downlevel-shell32-l1-1-0.dll
IEFRAME.dll
IEFRAME.dll
SHELL32.dll
SHELL32.dll
iexplore.pdb
iexplore.pdb
api-ms-win-downlevel-shlwapi-l1-1-0.dll
api-ms-win-downlevel-shlwapi-l1-1-0.dll
iertutil.dll
iertutil.dll
api-ms-win-downlevel-advapi32-l1-1-0.dll
api-ms-win-downlevel-advapi32-l1-1-0.dll
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
_wcmdln
_wcmdln
_amsg_exit
_amsg_exit
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
name="Microsoft.InternetExplorer"
name="Microsoft.InternetExplorer"
true
true
KEYW
KEYW
.ENNNG.
.ENNNG.
a.ry.v
a.ry.v
l.igM4
l.igM4
?1%SGf
?1%SGf
xh.JW^
xh.JW^
.97777"7" " " !
.97777"7" " " !
3.... ))
3.... ))
8888888888888
8888888888888
8888888888
8888888888
.lPV)
.lPV)
úW1
úW1
.ApX/
.ApX/
H.ZAf
H.ZAf
ð[U
ð[U
%s!FK
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
888777777
Y.hilkRROMLK=C,
Y.hilkRROMLK=C,
..(((($$
..(((($$
3...((((%
3...((((%
3....(.''$
3....(.''$
3.2...((((%
3.2...((((%
33.2....(,'
33.2....(,'
55323222...
55323222...
(%&'00443445?
(%&'00443445?
00.,,,4(
00.,,,4(
000.,,9(
000.,,9(
0020..9(
0020..9(
003200;(
003200;(
(#'( (''''!'!
(#'( (''''!'!
Microsoft.InternetExplorer.Default
Microsoft.InternetExplorer.Default
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
{28fb17e0-d393-439d-9a21-9474a070473a}
imm32.dll
imm32.dll
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}
Kernel32.dll
Kernel32.dll
"%s" %s
"%s" %s
kernel32.dll
kernel32.dll
IEXPLORE.EXE
IEXPLORE.EXE
{00000000-0000-0000-0000-000000000000}
{00000000-0000-0000-0000-000000000000}
\\?\Volume
\\?\Volume
Imaging_CreateWebPagePreview_Perftrack
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows_TabProc
Browseui_Tabs_Tearoff_BetweenWindows_TabProc
Frame_URLEntered
Frame_URLEntered
Imaging_CreateWebPagePreview
Imaging_CreateWebPagePreview
WS_ExecuteQuery
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
IdleTask_Execution_Time
Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute
Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute
IMTravelLogMVC_TravelURL
IMTravelLogMVC_TravelURL
10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
Windows
Windows
10.00.9200.16521
10.00.9200.16521
wallpaper.exe_3756:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
\swfplayer.exe"
\swfplayer.exe"
\swfplayer.exe
\swfplayer.exe
\info.ini
\info.ini
"%s" "STARTUP"
"%s" "STARTUP"
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
KERNEL32.DLL
KERNEL32.DLL
mscoree.dll
mscoree.dll
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
operator
operator
kernel32.dll
kernel32.dll
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
WS2_32.dll
WS2_32.dll
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
RegCloseKey
RegCloseKey
RegCreateKeyA
RegCreateKeyA
RegOpenKeyExA
RegOpenKeyExA
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
ole32.dll
ole32.dll
Wallpaper.dll
Wallpaper.dll
GetProcessHeap
GetProcessHeap
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper.exe
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\wallpaper.exe
swfplayer.exe_2352:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
u2SSShY
u2SSShY
1SSShY
1SSShY
8SSSSSh
8SSSSSh
uDPW
uDPW
SSSSSh
SSSSSh
.PWuF
.PWuF
YYu.VW
YYu.VW
%uWVW
%uWVW
.FG;}
.FG;}
Ht.Ht!
Ht.Ht!
]`uk9UDt%9U(ua9UDt
]`uk9UDt%9U(ua9UDt
.QPWR
.QPWR
.tgPV
.tgPV
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRVj
C.PjRVj
u.hl^U
u.hl^U
u.VV3
u.VV3
L$XSSh
L$XSSh
uùr
uùr
.SSSSSSh4
.SSSSSSh4
HHCTRL.OCX
HHCTRL.OCX
\\.\REGMON
\\.\REGMON
\\.\REGVXD
\\.\REGVXD
1.1.3
1.1.3
SWFKit.BK
SWFKit.BK
kernel32.dll
kernel32.dll
shlwapi.dll
shlwapi.dll
comctl32.dll
comctl32.dll
------%s will be expired on d-d-d------
------%s will be expired on d-d-d------
------%s will be expired after %d days after installed!------
------%s will be expired after %d days after installed!------
f%d_%s
f%d_%s
function f%d_%s() { return _call('%s', arguments);}
function f%d_%s() { return _call('%s', arguments);}
comdlg32.dll
comdlg32.dll
urlmon.dll
urlmon.dll
user32.dll
user32.dll
%sX%d.cab
%sX%d.cab
"%s" /Q /S
"%s" /Q /S
%sX%d.tmp
%sX%d.tmp
Failed to initialize the WIndows Socket!
Failed to initialize the WIndows Socket!
%d%% Free
%d%% Free
Physical memory available to Windows:
Physical memory available to Windows:
%d KB
%d KB
0xX
0xX
SCRNSAVE.EXE
SCRNSAVE.EXE
SYSTEM.INI
SYSTEM.INI
hXXp://VVV.swfbuddy.com
hXXp://VVV.swfbuddy.com
TOPURL
TOPURL
TWAIN_32.DLL
TWAIN_32.DLL
.main
.main
oleaut32.dll
oleaut32.dll
Src: %s
Src: %s
Line:%d Error:%d Scode:%x
Line:%d Error:%d Scode:%x
%s\DefaultIcon
%s\DefaultIcon
%s\shell\open\%s
%s\shell\open\%s
windowShape
windowShape
$EKHOTKEY
$EKHOTKEY
$KPDISABLEWINDOWKEYS
$KPDISABLEWINDOWKEYS
hotKey
hotKey
exitKeys
exitKeys
keyPress
keyPress
expiryMsg
expiryMsg
~paste01.bmp
~paste01.bmp
windowSize
windowSize
cmdItems
cmdItems
cmdLine
cmdLine
join
join
%s.%s
%s.%s
%s.%d
%s.%d
msgBox
msgBox
winio.sys
winio.sys
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
FtpGetFileSize
FtpGetFileSize
FtpRenameFileA
FtpRenameFileA
FtpDeleteFileA
FtpDeleteFileA
FtpRemoveDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpCreateDirectoryA
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpOpenFileA
FtpOpenFileA
FtpFindFirstFileA
FtpFindFirstFileA
wininet.dll
wininet.dll
Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
_InetFtp_
_InetFtp_
@F_%u
@F_%u
.tiff
.tiff
.jpeg
.jpeg
VVV.swfkit.com
VVV.swfkit.com
onGetUrl
onGetUrl
openFtp
openFtp
getHttpFileHeader
getHttpFileHeader
getHttpFileStatus
getHttpFileStatus
getHttpFileLastModifiedTime
getHttpFileLastModifiedTime
getHttpFileSize
getHttpFileSize
getUrl
getUrl
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
_FFish_MCI_%d
_FFish_MCI_%d
errorMsg
errorMsg
sendCmdString
sendCmdString
OK %d %s
OK %d %s
%d %s
%d %s
UIDL %d
UIDL %d
TOP %d %d
TOP %d %d
RETR %d
RETR %d
OK %d %d
OK %d %d
%d %d
%d %d
LIST %d
LIST %d
DELE %d
DELE %d
password
password
port
port
RegKey
RegKey
key not found
key not found
deleteKey
deleteKey
getSubkeyNames
getSubkeyNames
\StringFileInfo\X\SpecialBuild
\StringFileInfo\X\SpecialBuild
\StringFileInfo\X\productVersion
\StringFileInfo\X\productVersion
\StringFileInfo\X\ProductName
\StringFileInfo\X\ProductName
\StringFileInfo\X\PrivateBuild
\StringFileInfo\X\PrivateBuild
\StringFileInfo\X\OriginalFilename
\StringFileInfo\X\OriginalFilename
\StringFileInfo\X\LegalTrademarks
\StringFileInfo\X\LegalTrademarks
\StringFileInfo\X\LegalCopyright
\StringFileInfo\X\LegalCopyright
\StringFileInfo\X\InternalName
\StringFileInfo\X\InternalName
\StringFileInfo\X\FileVersion
\StringFileInfo\X\FileVersion
\StringFileInfo\X\FileDescription
\StringFileInfo\X\FileDescription
\StringFileInfo\X\CompanyName
\StringFileInfo\X\CompanyName
\StringFileInfo\X\Comments
\StringFileInfo\X\Comments
Shell32.dll
Shell32.dll
software\microsoft\windows\currentversion
software\microsoft\windows\currentversion
windows
windows
findExecutable
findExecutable
windowStyle
windowStyle
URLShortcut
URLShortcut
Microsoft Windows Millennium Edition
Microsoft Windows Millennium Edition
Microsoft Windows 98
Microsoft Windows 98
Microsoft Windows 95
Microsoft Windows 95
%s (Build %d)
%s (Build %d)
Service Pack 6a (Build %d)
Service Pack 6a (Build %d)
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
%d.%d
%d.%d
Web Edition
Web Edition
Microsoft Windows NT
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows XP
Microsoft Windows Server 2003,
Microsoft Windows Server 2003,
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 "R2"
Microsoft Windows Server 2003 "R2"
Windows Server "Longhorn"
Windows Server "Longhorn"
Windows Vista
Windows Vista
getWindowsByName
getWindowsByName
windowState
windowState
getExeName
getExeName
processMsg
processMsg
- deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
- deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetOpenUrlA
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
illegal character '%s%c%c'
illegal character '%s%c%c'
illegal unicode character '%s%c%c%c%c'
illegal unicode character '%s%c%c%c%c'
unterminated %s constant
unterminated %s constant
unknown escape sequence '%c%c'
unknown escape sequence '%c%c'
ECMAScript don't allow line terminators in %s constants
ECMAScript don't allow line terminators in %s constants
syntax error: %s
syntax error: %s
invalid alias name of the imported function
invalid alias name of the imported function
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
Corrupt JPEG data: found marker 0xx instead of RST%d
Corrupt JPEG data: found marker 0xx instead of RST%d
Warning: unknown JFIF revision number %d.d
Warning: unknown JFIF revision number %d.d
Corrupt JPEG data: %u extraneous bytes before marker 0xx
Corrupt JPEG data: %u extraneous bytes before marker 0xx
Inconsistent progression sequence for component %d coefficient %d
Inconsistent progression sequence for component %d coefficient %d
Unknown Adobe color transform code %d
Unknown Adobe color transform code %d
Obtained XMS handle %u
Obtained XMS handle %u
Freed XMS handle %u
Freed XMS handle %u
Unrecognized component IDs %d %d %d, assuming YCbCr
Unrecognized component IDs %d %d %d, assuming YCbCr
JFIF extension marker: RGB thumbnail image, length %u
JFIF extension marker: RGB thumbnail image, length %u
JFIF extension marker: palette thumbnail image, length %u
JFIF extension marker: palette thumbnail image, length %u
JFIF extension marker: JPEG-compressed thumbnail image, length %u
JFIF extension marker: JPEG-compressed thumbnail image, length %u
Opened temporary file %s
Opened temporary file %s
Closed temporary file %s
Closed temporary file %s
Ss=%d, Se=%d, Ah=%d, Al=%d
Ss=%d, Se=%d, Ah=%d, Al=%d
Component %d: dc=%d ac=%d
Component %d: dc=%d ac=%d
Start Of Scan: %d components
Start Of Scan: %d components
Component %d: %dhx%dv q=%d
Component %d: %dhx%dv q=%d
Start Of Frame 0xx: width=%u, height=%u, components=%d
Start Of Frame 0xx: width=%u, height=%u, components=%d
Smoothing not supported with nonstandard sampling ratios
Smoothing not supported with nonstandard sampling ratios
RST%d
RST%d
At marker 0xx, recovery action %d
At marker 0xx, recovery action %d
Selected %d colors for quantization
Selected %d colors for quantization
Quantizing to %d colors
Quantizing to %d colors
Quantizing to %d = %d*%d*%d colors
Quantizing to %d = %d*%d*%d colors
%4u %4u %4u %4u %4u %4u %4u %4u
%4u %4u %4u %4u %4u %4u %4u %4u
Unexpected marker 0xx
Unexpected marker 0xx
Miscellaneous marker 0xx, length %u
Miscellaneous marker 0xx, length %u
with %d x %d thumbnail image
with %d x %d thumbnail image
JFIF extension marker: type 0xx, length %u
JFIF extension marker: type 0xx, length %u
Warning: thumbnail image size does not match data length %u
Warning: thumbnail image size does not match data length %u
JFIF APP0 marker: version %d.d, density %dx%d %d
JFIF APP0 marker: version %d.d, density %dx%d %d
= = = = = = = =
= = = = = = = =
Obtained EMS handle %u
Obtained EMS handle %u
Freed EMS handle %u
Freed EMS handle %u
Define Restart Interval %u
Define Restart Interval %u
Define Quantization Table %d precision %d
Define Quantization Table %d precision %d
Define Huffman Table 0xx
Define Huffman Table 0xx
Define Arithmetic Table 0xx: 0xx
Define Arithmetic Table 0xx: 0xx
Unknown APP14 marker (not Adobe), length %u
Unknown APP14 marker (not Adobe), length %u
Unknown APP0 marker (not JFIF), length %u
Unknown APP0 marker (not JFIF), length %u
Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d
Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d
Unsupported marker type 0xx
Unsupported marker type 0xx
Failed to create temporary file %s
Failed to create temporary file %s
Unsupported JPEG process: SOF type 0xx
Unsupported JPEG process: SOF type 0xx
Cannot quantize to more than %d colors
Cannot quantize to more than %d colors
Cannot quantize to fewer than %d colors
Cannot quantize to fewer than %d colors
Cannot quantize more than %d color components
Cannot quantize more than %d color components
Insufficient memory (case %d)
Insufficient memory (case %d)
Not a JPEG file: starts with 0xx 0xx
Not a JPEG file: starts with 0xx 0xx
Quantization table 0xx was not defined
Quantization table 0xx was not defined
Huffman table 0xx was not defined
Huffman table 0xx was not defined
Backing store not supported
Backing store not supported
Cannot transcode due to multiple use of quantization table %d
Cannot transcode due to multiple use of quantization table %d
Maximum supported image dimension is %u pixels
Maximum supported image dimension is %u pixels
Empty JPEG image (DNL not supported)
Empty JPEG image (DNL not supported)
Bogus DQT index %d
Bogus DQT index %d
Bogus DHT index %d
Bogus DHT index %d
Bogus DAC value 0x%x
Bogus DAC value 0x%x
Bogus DAC index %d
Bogus DAC index %d
Unsupported color conversion request
Unsupported color conversion request
Too many color components: %d, max %d
Too many color components: %d, max %d
Buffer passed to JPEG library is too small
Buffer passed to JPEG library is too small
JPEG parameter struct mismatch: library thinks size is %u, caller expects %u
JPEG parameter struct mismatch: library thinks size is %u, caller expects %u
Improper call to JPEG library in state %d
Improper call to JPEG library in state %d
Invalid scan script at entry %d
Invalid scan script at entry %d
Invalid progressive parameters at scan script entry %d
Invalid progressive parameters at scan script entry %d
Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d
Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d
Unsupported JPEG data precision %d
Unsupported JPEG data precision %d
Invalid memory pool code %d
Invalid memory pool code %d
Wrong JPEG library version: library is %d, caller expects %d
Wrong JPEG library version: library is %d, caller expects %d
IDCT output block size %d not supported
IDCT output block size %d not supported
Invalid component ID %d in SOS
Invalid component ID %d in SOS
Bogus message code %d
Bogus message code %d
%ld%c
%ld%c
dllimport
dllimport
import
import
export
export
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
attachment %d
attachment %d
====_SWFKIT_MAIL_PART_%X.%X.%X_====
====_SWFKIT_MAIL_PART_%X.%X.%X_====
Content-Transfer-Encoding: %s
Content-Transfer-Encoding: %s
Content-Type: %s; charset="%s"
Content-Type: %s; charset="%s"
Content-Type: %s; name="%s"
Content-Type: %s; name="%s"
Content-Disposition: attachment; filename="%s"
Content-Disposition: attachment; filename="%s"
Content-ID:
Content-ID:
--%s--
--%s--
boundary="%s"
boundary="%s"
X-Priority: %d
X-Priority: %d
X-Mailer: SWFKit.FFish
X-Mailer: SWFKit.FFish
Date: %s
Date: %s
Subject: =?%s?B?
Subject: =?%s?B?
Bcc: %s
Bcc: %s
Cc: %s
Cc: %s
Reply-To: %s
Reply-To: %s
To: %s
To: %s
From: %s
From: %s
boundary="%s";
boundary="%s";
login
login
AUTH PLAIN %s
AUTH PLAIN %s
AUTH LOGIN
AUTH LOGIN
%s %s
%s %s
MAIL FROM:
MAIL FROM:
HELO %s
HELO %s
EHLO %s
EHLO %s
can't connect to the smtp server
can't connect to the smtp server
PASS %s
PASS %s
USER %s
USER %s
@F_%d
@F_%d
Reply from %d.%d.%d.%d: bytes=%d time=%dms TTL=%d
Reply from %d.%d.%d.%d: bytes=%d time=%dms TTL=%d
Unkown host %s
Unkown host %s
ICMP.DLL
ICMP.DLL
Reply from %s: bytes=%d time=%dms TTL=%d icmp_seq=%u
Reply from %s: bytes=%d time=%dms TTL=%d icmp_seq=%u
Pinging %s [%s]: with %d bytes of data:
Pinging %s [%s]: with %d bytes of data:
1.2.5
1.2.5
0123456789ABCDEFlibpng error: %s
0123456789ABCDEFlibpng error: %s
libpng error: %s, offset=%d
libpng error: %s, offset=%d
libpng error no. %s: %s
libpng error no. %s: %s
libpng warning: %s
libpng warning: %s
libpng warning no. %s: %s
libpng warning no. %s: %s
NULL row buffer for row %ld, pass %d
NULL row buffer for row %ld, pass %d
Unknown zTXt compression type %d
Unknown zTXt compression type %d
Incomplete compressed datastream in %s chunk
Incomplete compressed datastream in %s chunk
Data error in compressed datastream in %s chunk
Data error in compressed datastream in %s chunk
Buffer error in compressed datastream in %s chunk
Buffer error in compressed datastream in %s chunk
'7gamma = (%d/100000)
'7gamma = (%d/100000)
gx=%f, gy=%f, bx=%f, by=%f
gx=%f, gy=%f, bx=%f, by=%f
wx=%f, wy=%f, rx=%f, ry=%f
wx=%f, wy=%f, rx=%f, ry=%f
incorrect gamma=(%d/100000)
incorrect gamma=(%d/100000)
?iTXt chunk not supported.
?iTXt chunk not supported.
Unknown compression type %d
Unknown compression type %d
zero length keyword
zero length keyword
keyword length must be 1 - 79 characters
keyword length must be 1 - 79 characters
Zero length keyword
Zero length keyword
extra interior spaces removed from keyword
extra interior spaces removed from keyword
leading spaces removed from keyword
leading spaces removed from keyword
trailing spaces removed from keyword
trailing spaces removed from keyword
invalid keyword character 0xX
invalid keyword character 0xX
Empty keyword in tEXt chunk
Empty keyword in tEXt chunk
Empty keyword in zTXt chunk
Empty keyword in zTXt chunk
Empty keyword in iCCP chunk
Empty keyword in iCCP chunk
Empty keyword in sPLT chunk
Empty keyword in sPLT chunk
white_x=%f, white_y=%f
white_x=%f, white_y=%f
.yMax
.yMax
.xMax
.xMax
.yMin
.yMin
.xMin
.xMin
inetmib1.dll
inetmib1.dll
SYSTEM\CurrentControlSet\Services\VxD\MSTCP
SYSTEM\CurrentControlSet\Services\VxD\MSTCP
SYSTEM\CurrentControlSet\Services\Tcpip\parameters
SYSTEM\CurrentControlSet\Services\Tcpip\parameters
SYSTEM\CurrentControlSet\Services\Tcpip\parameters\Transient
SYSTEM\CurrentControlSet\Services\Tcpip\parameters\Transient
%s compression support is not configured
%s compression support is not configured
Compression algorithm does not support random access
Compression algorithm does not support random access
Compression scheme %u %s encoding is not implemented
Compression scheme %u %s encoding is not implemented
%s %s encoding is not implemented
%s %s encoding is not implemented
%s %s encoding is no longer implemented due to Unisys patent enforcement
%s %s encoding is no longer implemented due to Unisys patent enforcement
Compression scheme %u %s decoding is not implemented
Compression scheme %u %s decoding is not implemented
%s %s decoding is not implemented
%s %s decoding is not implemented
%s: Invalid InkNames value; expecting %d names, found %d
%s: Invalid InkNames value; expecting %d names, found %d
%f: Bad value for "%s"
%f: Bad value for "%s"
%s: Invalid %stag "%s" (not supported by codec)
%s: Invalid %stag "%s" (not supported by codec)
%ld: Bad value for "%s"
%ld: Bad value for "%s"
Nonstandard tile length %d, convert file
Nonstandard tile length %d, convert file
Nonstandard tile width %d, convert file
Nonstandard tile width %d, convert file
%d: Bad value for "%s"
%d: Bad value for "%s"
Bad value %ld for "%s" tag ignored
Bad value %ld for "%s" tag ignored
%s: Cannot modify tag "%s" while writing
%s: Cannot modify tag "%s" while writing
%s: Unknown %stag %u
%s: Unknown %stag %u
%s: Error fetching directory count
%s: Error fetching directory count
%s: Error fetching directory link
%s: Error fetching directory link
Internal error, unknown tag 0x%x
Internal error, unknown tag 0x%x
No space %s
No space %s
TIFF directory is missing required "%s" field
TIFF directory is missing required "%s" field
incorrect count for field "%s" (%lu, expecting %lu); tag ignored
incorrect count for field "%s" (%lu, expecting %lu); tag ignored
Error fetching data for field "%s"
Error fetching data for field "%s"
%s: Rational with zero denominator (num = %lu)
%s: Rational with zero denominator (num = %lu)
Cannot read TIFF_ANY type %d for field "%s"
Cannot read TIFF_ANY type %d for field "%s"
Cannot handle different per-sample values for field "%s"
Cannot handle different per-sample values for field "%s"
Bogus "%s" field, ignoring and calculating from imagelength
Bogus "%s" field, ignoring and calculating from imagelength
TIFF directory is missing required "%s" field, calculating from imagelength
TIFF directory is missing required "%s" field, calculating from imagelength
unknown field with tag %d (0x%x) ignored
unknown field with tag %d (0x%x) ignored
wrong data type %d for "%s"; tag ignored
wrong data type %d for "%s"; tag ignored
Error writing data for field "%s"
Error writing data for field "%s"
%s: Error writing SubIFD directory link
%s: Error writing SubIFD directory link
A"%s": Information lost writing value (%g) as (unsigned) RATIONAL
A"%s": Information lost writing value (%g) as (unsigned) RATIONAL
DumpModeDecode: Not enough data for scanline %d
DumpModeDecode: Not enough data for scanline %d
%s: Bad code word at scanline %d (x %lu)
%s: Bad code word at scanline %d (x %lu)
%s: Uncompressed data (not supported) at scanline %d (x %lu)
%s: Uncompressed data (not supported) at scanline %d (x %lu)
%s: %s at scanline %d (got %lu, expected %lu)
%s: %s at scanline %d (got %lu, expected %lu)
%s: Premature EOF at scanline %d (x %lu)
%s: Premature EOF at scanline %d (x %lu)
%s: No space for Group 3/4 reference line
%s: No space for Group 3/4 reference line
%s: No space for Group 3/4 run arrays
%s: No space for Group 3/4 run arrays
Fax SubAddress: %s
Fax SubAddress: %s
(%u = 0x%x)
(%u = 0x%x)
%suncompressed data
%suncompressed data
%sEOL padding
%sEOL padding
%s2-d encoding
%s2-d encoding
%s: No space for state block
%s: No space for state block
Sorry, can not handle YCbCr images with %s=%d
Sorry, can not handle YCbCr images with %s=%d
Sorry, LogL data must have %s=%d
Sorry, LogL data must have %s=%d
Sorry, can not handle LogLuv images with %s=%d
Sorry, can not handle LogLuv images with %s=%d
Sorry, LogLuv data must have %s=%d or %d
Sorry, LogLuv data must have %s=%d or %d
Sorry, can not handle image with %s=%d
Sorry, can not handle image with %s=%d
Sorry, can not handle separated image with %s=%d
Sorry, can not handle separated image with %s=%d
Sorry, can not handle RGB image with %s=%d
Sorry, can not handle RGB image with %s=%d
Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d
Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d
Missing needed %s tag
Missing needed %s tag
Sorry, can not image with %d-bit samples
Sorry, can not image with %d-bit samples
LogL16Decode: Not enough data at row %d (short %d pixels)
LogL16Decode: Not enough data at row %d (short %d pixels)
LogLuvDecode24: Not enough data at row %d (short %d pixels)
LogLuvDecode24: Not enough data at row %d (short %d pixels)
LogLuvDecode32: Not enough data at row %d (short %d pixels)
LogLuvDecode32: Not enough data at row %d (short %d pixels)
?%s: No space for SGILog translation buffer
?%s: No space for SGILog translation buffer
No support for converting user data format to LogL
No support for converting user data format to LogL
No support for converting user data format to LogLuv
No support for converting user data format to LogLuv
Inappropriate photometric interpretation %d for SGILog compression; %s
Inappropriate photometric interpretation %d for SGILog compression; %s
SGILog compression supported only for %s, or raw data
SGILog compression supported only for %s, or raw data
Unknown data format %d for LogLuv compression
Unknown data format %d for LogLuv compression
Unknown encoding %d for LogLuv compression
Unknown encoding %d for LogLuv compression
%s: No space for LogLuv state block
%s: No space for LogLuv state block
LZWDecode: Bogus encoding, loop in the code table; scanline %d
LZWDecode: Bogus encoding, loop in the code table; scanline %d
LZWDecode: Not enough data at scanline %d (short %d bytes)
LZWDecode: Not enough data at scanline %d (short %d bytes)
LZWDecode: Strip %d not terminated with EOI code
LZWDecode: Strip %d not terminated with EOI code
LZWDecodeCompat: Not enough data at scanline %d (short %d bytes)
LZWDecodeCompat: Not enough data at scanline %d (short %d bytes)
"%s": Bad mode
"%s": Bad mode
Not a TIFF file, bad version number %d (0x%x)
Not a TIFF file, bad version number %d (0x%x)
Not a TIFF file, bad magic number %d (0x%x)
Not a TIFF file, bad magic number %d (0x%x)
%s: Out of memory (TIFF structure)
%s: Out of memory (TIFF structure)
PackBitsDecode: discarding %d bytes to avoid buffer overrun
PackBitsDecode: discarding %d bytes to avoid buffer overrun
Horizontal differencing "Predictor" not supported with %d-bit samples
Horizontal differencing "Predictor" not supported with %d-bit samples
"Predictor" value %d not supported
"Predictor" value %d not supported
%u (0x%x)
%u (0x%x)
%s: Read error at scanline %lu, strip %lu; got %lu bytes, expected %lu
%s: Read error at scanline %lu, strip %lu; got %lu bytes, expected %lu
%s: Read error at scanline %lu; got %lu bytes, expected %lu
%s: Read error at scanline %lu; got %lu bytes, expected %lu
%s: Seek error at scanline %lu, strip %lu
%s: Seek error at scanline %lu, strip %lu
%s: Read error at row %ld, col %ld, tile %ld; got %lu bytes, expected %lu
%s: Read error at row %ld, col %ld, tile %ld; got %lu bytes, expected %lu
%s: Read error at row %ld, col %ld; got %lu bytes, expected %lu
%s: Read error at row %ld, col %ld; got %lu bytes, expected %lu
%s: Seek error at row %ld, col %ld, tile %ld
%s: Seek error at row %ld, col %ld, tile %ld
%s: No space for data buffer at scanline %ld
%s: No space for data buffer at scanline %ld
%s: Data buffer too small to hold strip %lu
%s: Data buffer too small to hold strip %lu
%s: Read error on strip %lu; got %lu bytes, expected %lu
%s: Read error on strip %lu; got %lu bytes, expected %lu
%s: Data buffer too small to hold tile %ld
%s: Data buffer too small to hold tile %ld
%u: Sample out of range, max %u
%u: Sample out of range, max %u
ThunderDecode: %s data at scanline %ld (%lu != %lu)
ThunderDecode: %s data at scanline %ld (%lu != %lu)
Sample %d out of range, max %u
Sample %d out of range, max %u
LIBTIFF, Version 3.5.7
LIBTIFF, Version 3.5.7
%s: Cannot open
%s: Cannot open
%s Warning
%s Warning
%s Error
%s Error
%s: Write error at scanline %lu
%s: Write error at scanline %lu
%s: Seek error at scanline %lu
%s: Seek error at scanline %lu
%s: %s
%s: %s
%s: zlib error: %s
%s: zlib error: %s
%s: Not enough data at scanline %d (short %d bytes)
%s: Not enough data at scanline %d (short %d bytes)
%s: Decoding error at scanline %d, %s
%s: Decoding error at scanline %d, %s
%s: Encoder error: %s
%s: Encoder error: %s
Runtime error: %s
Runtime error: %s
Warning: unknown method "%s"
Warning: unknown method "%s"
Warning: invalid index for operator []
Warning: invalid index for operator []
hook break %d
hook break %d
Warning: can't set property "%s" with a wrong type
Warning: can't set property "%s" with a wrong type
Warning: using undefined property "%s"
Warning: using undefined property "%s"
Warning: using undefined variable "%s"
Warning: using undefined variable "%s"
CNotSupportedException
CNotSupportedException
COMCTL32.DLL
COMCTL32.DLL
Afx:%p:%x:%p:%p:%p
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
Afx:%p:%x
hhctrl.ocx
hhctrl.ocx
commctrl_DragListMsg
commctrl_DragListMsg
CCmdTarget
CCmdTarget
CHotKeyCtrl
CHotKeyCtrl
msctls_hotkey32
msctls_hotkey32
GDI32.DLL
GDI32.DLL
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
File%d
File%d
ntdll.dll
ntdll.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
%s.dll
%s.dll
CMDIChildWnd
CMDIChildWnd
CMDIFrameWnd
CMDIFrameWnd
ddeexec
ddeexec
%s\ShellNew
%s\ShellNew
%s\shell\printto\%s
%s\shell\printto\%s
%s\shell\print\%s
%s\shell\print\%s
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
olepro32.dll
olepro32.dll
ole32.dll
ole32.dll
mscoree.dll
mscoree.dll
?#%X.y
?#%X.y
Please contact the application's support team for more information.
Please contact the application's support team for more information.
internal state. The program cannot safely continue execution and must
internal state. The program cannot safely continue execution and must
continue execution and must now be terminated.
continue execution and must now be terminated.
portuguese-brazilian
portuguese-brazilian
GetProcessWindowStation
GetProcessWindowStation
0123456789
0123456789
right-curly-bracket
right-curly-bracket
left-curly-bracket
left-curly-bracket
OLEAUT32.dll
OLEAUT32.dll
OLEACC.dll
OLEACC.dll
WINMM.dll
WINMM.dll
WSOCK32.dll
WSOCK32.dll
VERSION.dll
VERSION.dll
GetWindowsDirectoryA
GetWindowsDirectoryA
CreatePipe
CreatePipe
GetProcessHeaps
GetProcessHeaps
WinExec
WinExec
GetCPInfo
GetCPInfo
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
GetKeyNameTextA
GetKeyNameTextA
MapVirtualKeyA
MapVirtualKeyA
EnumThreadWindows
EnumThreadWindows
ExitWindowsEx
ExitWindowsEx
EnumWindows
EnumWindows
EnumChildWindows
EnumChildWindows
CreateDialogIndirectParamA
CreateDialogIndirectParamA
USER32.dll
USER32.dll
GetViewportExtEx
GetViewportExtEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportOrgEx
GetViewportOrgEx
GDI32.dll
GDI32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
RegOpenKeyA
RegOpenKeyA
RegEnumKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyA
RegEnumKeyA
RegCreateKeyA
RegCreateKeyA
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
FindExecutableA
FindExecutableA
SHELL32.dll
SHELL32.dll
COMCTL32.dll
COMCTL32.dll
SHLWAPI.dll
SHLWAPI.dll
oledlg.dll
oledlg.dll
.PAVCFileException@@
.PAVCFileException@@
.PAVCObject@@
.PAVCObject@@
.PAVCException@@
.PAVCException@@
.PAVCTopBaseException@@
.PAVCTopBaseException@@
.PAVCZipException@@
.PAVCZipException@@
This executable file was created by an UNREGISTERED copy of SWFKit!
This executable file was created by an UNREGISTERED copy of SWFKit!
.PAVCOleException@@
.PAVCOleException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCHotKeyCtrl@@
.?AVCHotKeyCtrl@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.?AVCStatusCmdUI@@
.?AVCStatusCmdUI@@
.?AVCMDIFrameWnd@@
.?AVCMDIFrameWnd@@
.?AVCMDIChildWnd@@
.?AVCMDIChildWnd@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
zcÁ
zcÁ
c:\users\"%CurrentUserName%"\appdata\local\microsoft\windows\temporary internet files
c:\users\"%CurrentUserName%"\appdata\local\microsoft\windows\temporary internet files
install_flash_player_active_x.exe
install_flash_player_active_x.exe
empty.swf
empty.swf
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\swfplayer.exe
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\swfplayer.exe
5L.uhH
5L.uhH
/.LzC
/.LzC
d.rbg
d.rbg
%S
%S
stdole2.tlbWWW
stdole2.tlbWWW
bstrMsgW
bstrMsgW
Created by MIDL version 6.00.0347 at Thu Aug 30 16:09:49 2007
Created by MIDL version 6.00.0347 at Thu Aug 30 16:09:49 2007
%d
%d
%s
%s
%s:%s. See also: %s.
%s:%s. See also: %s.
%s %s d d:d:d GMT% 04d %s%sd B.C.
%s %s d d:d:d GMT% 04d %s%sd B.C.
%s %s d d:d:d GMT% 04d %s%sd
%s %s d d:d:d GMT% 04d %s%sd
%s, d %s d d:d:d GMT B.C.
%s, d %s d d:d:d GMT B.C.
%s, d %s d d:d:d GMT
%s, d %s d d:d:d GMT
x%s.%s
x%s.%s
%s.length
%s.length
[object Inet.Ftp]
[object Inet.Ftp]
[object RegKey]
[object RegKey]
d[object URLShortcut]
d[object URLShortcut]
[object Sound.playback]
[object Sound.playback]
[object Sound.recording]
[object Sound.recording]
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
;/?:@&= $,#
;/?:@&= $,#
accKeyboardShortcut
accKeyboardShortcut
SUPPORT
SUPPORT
Key Press
Key Press
Disable Windows keys
Disable Windows keys
Exit Keys
Exit Keys
HotKey1
HotKey1
Custom Hot Key
Custom Hot Key
%s Registration
%s Registration
Please enter your name, a serial number and a registration code to register %s.
Please enter your name, a serial number and a registration code to register %s.
Enter the World Wide Web location (URL) or specify the local file you would like to open.
Enter the World Wide Web location (URL) or specify the local file you would like to open.
WEBSITE
WEBSITE
Port :
Port :
Prj.Document
Prj.Document
Invalid projector window size!Invalid projector window position5Flash (*.swf,*.spl)|*.swf;*.spl|All Files (*.*)|*.*||
Invalid projector window size!Invalid projector window position5Flash (*.swf,*.spl)|*.swf;*.spl|All Files (*.*)|*.*||
%s has expired!D%s
%s has expired!D%s
Press Register button to register %s, press OK button to exit.
Press Register button to register %s, press OK button to exit.
'This copy of program is licensed to: %s
'This copy of program is licensed to: %s
Serial Number: %s
Serial Number: %s
Replace%Select the entire document
Replace%Select the entire document
All Files (*.*)
All Files (*.*)
No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.
No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.
Page %u
Page %u
Pages %u-%u
Pages %u-%u
Output.prn1Printer Files (*.prn)|*.prn|All Files (*.*)|*.*||
Output.prn1Printer Files (*.prn)|*.prn|All Files (*.*)|*.*||
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.
#Unable to load mail system support.
#Unable to load mail system support.
Access to %1 was denied..An invalid file handle was associated with %1.
Access to %1 was denied..An invalid file handle was associated with %1.
Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.
Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.
Disk full while accessing %1..An attempt was made to access %1 past its end.
Disk full while accessing %1..An attempt was made to access %1 past its end.
No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.
No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.
swfplayer.exe
swfplayer.exe
swfplayer.exe_2312:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
u2SSShY
u2SSShY
1SSShY
1SSShY
8SSSSSh
8SSSSSh
uDPW
uDPW
SSSSSh
SSSSSh
.PWuF
.PWuF
YYu.VW
YYu.VW
%uWVW
%uWVW
.FG;}
.FG;}
Ht.Ht!
Ht.Ht!
]`uk9UDt%9U(ua9UDt
]`uk9UDt%9U(ua9UDt
.QPWR
.QPWR
.tgPV
.tgPV
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRVj
C.PjRVj
u.hl^U
u.hl^U
u.VV3
u.VV3
L$XSSh
L$XSSh
uùr
uùr
.SSSSSSh4
.SSSSSSh4
HHCTRL.OCX
HHCTRL.OCX
\\.\REGMON
\\.\REGMON
\\.\REGVXD
\\.\REGVXD
1.1.3
1.1.3
SWFKit.BK
SWFKit.BK
kernel32.dll
kernel32.dll
shlwapi.dll
shlwapi.dll
comctl32.dll
comctl32.dll
------%s will be expired on d-d-d------
------%s will be expired on d-d-d------
------%s will be expired after %d days after installed!------
------%s will be expired after %d days after installed!------
f%d_%s
f%d_%s
function f%d_%s() { return _call('%s', arguments);}
function f%d_%s() { return _call('%s', arguments);}
comdlg32.dll
comdlg32.dll
urlmon.dll
urlmon.dll
user32.dll
user32.dll
%sX%d.cab
%sX%d.cab
"%s" /Q /S
"%s" /Q /S
%sX%d.tmp
%sX%d.tmp
Failed to initialize the WIndows Socket!
Failed to initialize the WIndows Socket!
%d%% Free
%d%% Free
Physical memory available to Windows:
Physical memory available to Windows:
%d KB
%d KB
0xX
0xX
SCRNSAVE.EXE
SCRNSAVE.EXE
SYSTEM.INI
SYSTEM.INI
hXXp://VVV.swfbuddy.com
hXXp://VVV.swfbuddy.com
TOPURL
TOPURL
TWAIN_32.DLL
TWAIN_32.DLL
.main
.main
oleaut32.dll
oleaut32.dll
Src: %s
Src: %s
Line:%d Error:%d Scode:%x
Line:%d Error:%d Scode:%x
%s\DefaultIcon
%s\DefaultIcon
%s\shell\open\%s
%s\shell\open\%s
windowShape
windowShape
$EKHOTKEY
$EKHOTKEY
$KPDISABLEWINDOWKEYS
$KPDISABLEWINDOWKEYS
hotKey
hotKey
exitKeys
exitKeys
keyPress
keyPress
expiryMsg
expiryMsg
~paste01.bmp
~paste01.bmp
windowSize
windowSize
cmdItems
cmdItems
cmdLine
cmdLine
join
join
%s.%s
%s.%s
%s.%d
%s.%d
msgBox
msgBox
winio.sys
winio.sys
\\.\PhysicalDrive%d
\\.\PhysicalDrive%d
\\.\Scsi%d:
\\.\Scsi%d:
FtpGetFileSize
FtpGetFileSize
FtpRenameFileA
FtpRenameFileA
FtpDeleteFileA
FtpDeleteFileA
FtpRemoveDirectoryA
FtpRemoveDirectoryA
FtpCreateDirectoryA
FtpCreateDirectoryA
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpOpenFileA
FtpOpenFileA
FtpFindFirstFileA
FtpFindFirstFileA
wininet.dll
wininet.dll
Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
_InetFtp_
_InetFtp_
@F_%u
@F_%u
.tiff
.tiff
.jpeg
.jpeg
VVV.swfkit.com
VVV.swfkit.com
onGetUrl
onGetUrl
openFtp
openFtp
getHttpFileHeader
getHttpFileHeader
getHttpFileStatus
getHttpFileStatus
getHttpFileLastModifiedTime
getHttpFileLastModifiedTime
getHttpFileSize
getHttpFileSize
getUrl
getUrl
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
_FFish_MCI_%d
_FFish_MCI_%d
errorMsg
errorMsg
sendCmdString
sendCmdString
OK %d %s
OK %d %s
%d %s
%d %s
UIDL %d
UIDL %d
TOP %d %d
TOP %d %d
RETR %d
RETR %d
OK %d %d
OK %d %d
%d %d
%d %d
LIST %d
LIST %d
DELE %d
DELE %d
password
password
port
port
RegKey
RegKey
key not found
key not found
deleteKey
deleteKey
getSubkeyNames
getSubkeyNames
\StringFileInfo\X\SpecialBuild
\StringFileInfo\X\SpecialBuild
\StringFileInfo\X\productVersion
\StringFileInfo\X\productVersion
\StringFileInfo\X\ProductName
\StringFileInfo\X\ProductName
\StringFileInfo\X\PrivateBuild
\StringFileInfo\X\PrivateBuild
\StringFileInfo\X\OriginalFilename
\StringFileInfo\X\OriginalFilename
\StringFileInfo\X\LegalTrademarks
\StringFileInfo\X\LegalTrademarks
\StringFileInfo\X\LegalCopyright
\StringFileInfo\X\LegalCopyright
\StringFileInfo\X\InternalName
\StringFileInfo\X\InternalName
\StringFileInfo\X\FileVersion
\StringFileInfo\X\FileVersion
\StringFileInfo\X\FileDescription
\StringFileInfo\X\FileDescription
\StringFileInfo\X\CompanyName
\StringFileInfo\X\CompanyName
\StringFileInfo\X\Comments
\StringFileInfo\X\Comments
Shell32.dll
Shell32.dll
software\microsoft\windows\currentversion
software\microsoft\windows\currentversion
windows
windows
findExecutable
findExecutable
windowStyle
windowStyle
URLShortcut
URLShortcut
Microsoft Windows Millennium Edition
Microsoft Windows Millennium Edition
Microsoft Windows 98
Microsoft Windows 98
Microsoft Windows 95
Microsoft Windows 95
%s (Build %d)
%s (Build %d)
Service Pack 6a (Build %d)
Service Pack 6a (Build %d)
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
%d.%d
%d.%d
Web Edition
Web Edition
Microsoft Windows NT
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows XP
Microsoft Windows Server 2003,
Microsoft Windows Server 2003,
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 "R2"
Microsoft Windows Server 2003 "R2"
Windows Server "Longhorn"
Windows Server "Longhorn"
Windows Vista
Windows Vista
getWindowsByName
getWindowsByName
windowState
windowState
getExeName
getExeName
processMsg
processMsg
- deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
- deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpOpenRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetOpenUrlA
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
illegal character '%s%c%c'
illegal character '%s%c%c'
illegal unicode character '%s%c%c%c%c'
illegal unicode character '%s%c%c%c%c'
unterminated %s constant
unterminated %s constant
unknown escape sequence '%c%c'
unknown escape sequence '%c%c'
ECMAScript don't allow line terminators in %s constants
ECMAScript don't allow line terminators in %s constants
syntax error: %s
syntax error: %s
invalid alias name of the imported function
invalid alias name of the imported function
inflate 1.1.3 Copyright 1995-1998 Mark Adler
inflate 1.1.3 Copyright 1995-1998 Mark Adler
Corrupt JPEG data: found marker 0xx instead of RST%d
Corrupt JPEG data: found marker 0xx instead of RST%d
Warning: unknown JFIF revision number %d.d
Warning: unknown JFIF revision number %d.d
Corrupt JPEG data: %u extraneous bytes before marker 0xx
Corrupt JPEG data: %u extraneous bytes before marker 0xx
Inconsistent progression sequence for component %d coefficient %d
Inconsistent progression sequence for component %d coefficient %d
Unknown Adobe color transform code %d
Unknown Adobe color transform code %d
Obtained XMS handle %u
Obtained XMS handle %u
Freed XMS handle %u
Freed XMS handle %u
Unrecognized component IDs %d %d %d, assuming YCbCr
Unrecognized component IDs %d %d %d, assuming YCbCr
JFIF extension marker: RGB thumbnail image, length %u
JFIF extension marker: RGB thumbnail image, length %u
JFIF extension marker: palette thumbnail image, length %u
JFIF extension marker: palette thumbnail image, length %u
JFIF extension marker: JPEG-compressed thumbnail image, length %u
JFIF extension marker: JPEG-compressed thumbnail image, length %u
Opened temporary file %s
Opened temporary file %s
Closed temporary file %s
Closed temporary file %s
Ss=%d, Se=%d, Ah=%d, Al=%d
Ss=%d, Se=%d, Ah=%d, Al=%d
Component %d: dc=%d ac=%d
Component %d: dc=%d ac=%d
Start Of Scan: %d components
Start Of Scan: %d components
Component %d: %dhx%dv q=%d
Component %d: %dhx%dv q=%d
Start Of Frame 0xx: width=%u, height=%u, components=%d
Start Of Frame 0xx: width=%u, height=%u, components=%d
Smoothing not supported with nonstandard sampling ratios
Smoothing not supported with nonstandard sampling ratios
RST%d
RST%d
At marker 0xx, recovery action %d
At marker 0xx, recovery action %d
Selected %d colors for quantization
Selected %d colors for quantization
Quantizing to %d colors
Quantizing to %d colors
Quantizing to %d = %d*%d*%d colors
Quantizing to %d = %d*%d*%d colors
%4u %4u %4u %4u %4u %4u %4u %4u
%4u %4u %4u %4u %4u %4u %4u %4u
Unexpected marker 0xx
Unexpected marker 0xx
Miscellaneous marker 0xx, length %u
Miscellaneous marker 0xx, length %u
with %d x %d thumbnail image
with %d x %d thumbnail image
JFIF extension marker: type 0xx, length %u
JFIF extension marker: type 0xx, length %u
Warning: thumbnail image size does not match data length %u
Warning: thumbnail image size does not match data length %u
JFIF APP0 marker: version %d.d, density %dx%d %d
JFIF APP0 marker: version %d.d, density %dx%d %d
= = = = = = = =
= = = = = = = =
Obtained EMS handle %u
Obtained EMS handle %u
Freed EMS handle %u
Freed EMS handle %u
Define Restart Interval %u
Define Restart Interval %u
Define Quantization Table %d precision %d
Define Quantization Table %d precision %d
Define Huffman Table 0xx
Define Huffman Table 0xx
Define Arithmetic Table 0xx: 0xx
Define Arithmetic Table 0xx: 0xx
Unknown APP14 marker (not Adobe), length %u
Unknown APP14 marker (not Adobe), length %u
Unknown APP0 marker (not JFIF), length %u
Unknown APP0 marker (not JFIF), length %u
Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d
Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d
Unsupported marker type 0xx
Unsupported marker type 0xx
Failed to create temporary file %s
Failed to create temporary file %s
Unsupported JPEG process: SOF type 0xx
Unsupported JPEG process: SOF type 0xx
Cannot quantize to more than %d colors
Cannot quantize to more than %d colors
Cannot quantize to fewer than %d colors
Cannot quantize to fewer than %d colors
Cannot quantize more than %d color components
Cannot quantize more than %d color components
Insufficient memory (case %d)
Insufficient memory (case %d)
Not a JPEG file: starts with 0xx 0xx
Not a JPEG file: starts with 0xx 0xx
Quantization table 0xx was not defined
Quantization table 0xx was not defined
Huffman table 0xx was not defined
Huffman table 0xx was not defined
Backing store not supported
Backing store not supported
Cannot transcode due to multiple use of quantization table %d
Cannot transcode due to multiple use of quantization table %d
Maximum supported image dimension is %u pixels
Maximum supported image dimension is %u pixels
Empty JPEG image (DNL not supported)
Empty JPEG image (DNL not supported)
Bogus DQT index %d
Bogus DQT index %d
Bogus DHT index %d
Bogus DHT index %d
Bogus DAC value 0x%x
Bogus DAC value 0x%x
Bogus DAC index %d
Bogus DAC index %d
Unsupported color conversion request
Unsupported color conversion request
Too many color components: %d, max %d
Too many color components: %d, max %d
Buffer passed to JPEG library is too small
Buffer passed to JPEG library is too small
JPEG parameter struct mismatch: library thinks size is %u, caller expects %u
JPEG parameter struct mismatch: library thinks size is %u, caller expects %u
Improper call to JPEG library in state %d
Improper call to JPEG library in state %d
Invalid scan script at entry %d
Invalid scan script at entry %d
Invalid progressive parameters at scan script entry %d
Invalid progressive parameters at scan script entry %d
Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d
Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d
Unsupported JPEG data precision %d
Unsupported JPEG data precision %d
Invalid memory pool code %d
Invalid memory pool code %d
Wrong JPEG library version: library is %d, caller expects %d
Wrong JPEG library version: library is %d, caller expects %d
IDCT output block size %d not supported
IDCT output block size %d not supported
Invalid component ID %d in SOS
Invalid component ID %d in SOS
Bogus message code %d
Bogus message code %d
%ld%c
%ld%c
dllimport
dllimport
import
import
export
export
?456789:;
?456789:;
!"#$%&'()* ,-./0123
!"#$%&'()* ,-./0123
attachment %d
attachment %d
====_SWFKIT_MAIL_PART_%X.%X.%X_====
====_SWFKIT_MAIL_PART_%X.%X.%X_====
Content-Transfer-Encoding: %s
Content-Transfer-Encoding: %s
Content-Type: %s; charset="%s"
Content-Type: %s; charset="%s"
Content-Type: %s; name="%s"
Content-Type: %s; name="%s"
Content-Disposition: attachment; filename="%s"
Content-Disposition: attachment; filename="%s"
Content-ID:
Content-ID:
--%s--
--%s--
boundary="%s"
boundary="%s"
X-Priority: %d
X-Priority: %d
X-Mailer: SWFKit.FFish
X-Mailer: SWFKit.FFish
Date: %s
Date: %s
Subject: =?%s?B?
Subject: =?%s?B?
Bcc: %s
Bcc: %s
Cc: %s
Cc: %s
Reply-To: %s
Reply-To: %s
To: %s
To: %s
From: %s
From: %s
boundary="%s";
boundary="%s";
login
login
AUTH PLAIN %s
AUTH PLAIN %s
AUTH LOGIN
AUTH LOGIN
%s %s
%s %s
MAIL FROM:
MAIL FROM:
HELO %s
HELO %s
EHLO %s
EHLO %s
can't connect to the smtp server
can't connect to the smtp server
PASS %s
PASS %s
USER %s
USER %s
@F_%d
@F_%d
Reply from %d.%d.%d.%d: bytes=%d time=%dms TTL=%d
Reply from %d.%d.%d.%d: bytes=%d time=%dms TTL=%d
Unkown host %s
Unkown host %s
ICMP.DLL
ICMP.DLL
Reply from %s: bytes=%d time=%dms TTL=%d icmp_seq=%u
Reply from %s: bytes=%d time=%dms TTL=%d icmp_seq=%u
Pinging %s [%s]: with %d bytes of data:
Pinging %s [%s]: with %d bytes of data:
1.2.5
1.2.5
0123456789ABCDEFlibpng error: %s
0123456789ABCDEFlibpng error: %s
libpng error: %s, offset=%d
libpng error: %s, offset=%d
libpng error no. %s: %s
libpng error no. %s: %s
libpng warning: %s
libpng warning: %s
libpng warning no. %s: %s
libpng warning no. %s: %s
NULL row buffer for row %ld, pass %d
NULL row buffer for row %ld, pass %d
Unknown zTXt compression type %d
Unknown zTXt compression type %d
Incomplete compressed datastream in %s chunk
Incomplete compressed datastream in %s chunk
Data error in compressed datastream in %s chunk
Data error in compressed datastream in %s chunk
Buffer error in compressed datastream in %s chunk
Buffer error in compressed datastream in %s chunk
'7gamma = (%d/100000)
'7gamma = (%d/100000)
gx=%f, gy=%f, bx=%f, by=%f
gx=%f, gy=%f, bx=%f, by=%f
wx=%f, wy=%f, rx=%f, ry=%f
wx=%f, wy=%f, rx=%f, ry=%f
incorrect gamma=(%d/100000)
incorrect gamma=(%d/100000)
?iTXt chunk not supported.
?iTXt chunk not supported.
Unknown compression type %d
Unknown compression type %d
zero length keyword
zero length keyword
keyword length must be 1 - 79 characters
keyword length must be 1 - 79 characters
Zero length keyword
Zero length keyword
extra interior spaces removed from keyword
extra interior spaces removed from keyword
leading spaces removed from keyword
leading spaces removed from keyword
trailing spaces removed from keyword
trailing spaces removed from keyword
invalid keyword character 0xX
invalid keyword character 0xX
Empty keyword in tEXt chunk
Empty keyword in tEXt chunk
Empty keyword in zTXt chunk
Empty keyword in zTXt chunk
Empty keyword in iCCP chunk
Empty keyword in iCCP chunk
Empty keyword in sPLT chunk
Empty keyword in sPLT chunk
white_x=%f, white_y=%f
white_x=%f, white_y=%f
.yMax
.yMax
.xMax
.xMax
.yMin
.yMin
.xMin
.xMin
inetmib1.dll
inetmib1.dll
SYSTEM\CurrentControlSet\Services\VxD\MSTCP
SYSTEM\CurrentControlSet\Services\VxD\MSTCP
SYSTEM\CurrentControlSet\Services\Tcpip\parameters
SYSTEM\CurrentControlSet\Services\Tcpip\parameters
SYSTEM\CurrentControlSet\Services\Tcpip\parameters\Transient
SYSTEM\CurrentControlSet\Services\Tcpip\parameters\Transient
%s compression support is not configured
%s compression support is not configured
Compression algorithm does not support random access
Compression algorithm does not support random access
Compression scheme %u %s encoding is not implemented
Compression scheme %u %s encoding is not implemented
%s %s encoding is not implemented
%s %s encoding is not implemented
%s %s encoding is no longer implemented due to Unisys patent enforcement
%s %s encoding is no longer implemented due to Unisys patent enforcement
Compression scheme %u %s decoding is not implemented
Compression scheme %u %s decoding is not implemented
%s %s decoding is not implemented
%s %s decoding is not implemented
%s: Invalid InkNames value; expecting %d names, found %d
%s: Invalid InkNames value; expecting %d names, found %d
%f: Bad value for "%s"
%f: Bad value for "%s"
%s: Invalid %stag "%s" (not supported by codec)
%s: Invalid %stag "%s" (not supported by codec)
%ld: Bad value for "%s"
%ld: Bad value for "%s"
Nonstandard tile length %d, convert file
Nonstandard tile length %d, convert file
Nonstandard tile width %d, convert file
Nonstandard tile width %d, convert file
%d: Bad value for "%s"
%d: Bad value for "%s"
Bad value %ld for "%s" tag ignored
Bad value %ld for "%s" tag ignored
%s: Cannot modify tag "%s" while writing
%s: Cannot modify tag "%s" while writing
%s: Unknown %stag %u
%s: Unknown %stag %u
%s: Error fetching directory count
%s: Error fetching directory count
%s: Error fetching directory link
%s: Error fetching directory link
Internal error, unknown tag 0x%x
Internal error, unknown tag 0x%x
No space %s
No space %s
TIFF directory is missing required "%s" field
TIFF directory is missing required "%s" field
incorrect count for field "%s" (%lu, expecting %lu); tag ignored
incorrect count for field "%s" (%lu, expecting %lu); tag ignored
Error fetching data for field "%s"
Error fetching data for field "%s"
%s: Rational with zero denominator (num = %lu)
%s: Rational with zero denominator (num = %lu)
Cannot read TIFF_ANY type %d for field "%s"
Cannot read TIFF_ANY type %d for field "%s"
Cannot handle different per-sample values for field "%s"
Cannot handle different per-sample values for field "%s"
Bogus "%s" field, ignoring and calculating from imagelength
Bogus "%s" field, ignoring and calculating from imagelength
TIFF directory is missing required "%s" field, calculating from imagelength
TIFF directory is missing required "%s" field, calculating from imagelength
unknown field with tag %d (0x%x) ignored
unknown field with tag %d (0x%x) ignored
wrong data type %d for "%s"; tag ignored
wrong data type %d for "%s"; tag ignored
Error writing data for field "%s"
Error writing data for field "%s"
%s: Error writing SubIFD directory link
%s: Error writing SubIFD directory link
A"%s": Information lost writing value (%g) as (unsigned) RATIONAL
A"%s": Information lost writing value (%g) as (unsigned) RATIONAL
DumpModeDecode: Not enough data for scanline %d
DumpModeDecode: Not enough data for scanline %d
%s: Bad code word at scanline %d (x %lu)
%s: Bad code word at scanline %d (x %lu)
%s: Uncompressed data (not supported) at scanline %d (x %lu)
%s: Uncompressed data (not supported) at scanline %d (x %lu)
%s: %s at scanline %d (got %lu, expected %lu)
%s: %s at scanline %d (got %lu, expected %lu)
%s: Premature EOF at scanline %d (x %lu)
%s: Premature EOF at scanline %d (x %lu)
%s: No space for Group 3/4 reference line
%s: No space for Group 3/4 reference line
%s: No space for Group 3/4 run arrays
%s: No space for Group 3/4 run arrays
Fax SubAddress: %s
Fax SubAddress: %s
(%u = 0x%x)
(%u = 0x%x)
%suncompressed data
%suncompressed data
%sEOL padding
%sEOL padding
%s2-d encoding
%s2-d encoding
%s: No space for state block
%s: No space for state block
Sorry, can not handle YCbCr images with %s=%d
Sorry, can not handle YCbCr images with %s=%d
Sorry, LogL data must have %s=%d
Sorry, LogL data must have %s=%d
Sorry, can not handle LogLuv images with %s=%d
Sorry, can not handle LogLuv images with %s=%d
Sorry, LogLuv data must have %s=%d or %d
Sorry, LogLuv data must have %s=%d or %d
Sorry, can not handle image with %s=%d
Sorry, can not handle image with %s=%d
Sorry, can not handle separated image with %s=%d
Sorry, can not handle separated image with %s=%d
Sorry, can not handle RGB image with %s=%d
Sorry, can not handle RGB image with %s=%d
Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d
Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d
Missing needed %s tag
Missing needed %s tag
Sorry, can not image with %d-bit samples
Sorry, can not image with %d-bit samples
LogL16Decode: Not enough data at row %d (short %d pixels)
LogL16Decode: Not enough data at row %d (short %d pixels)
LogLuvDecode24: Not enough data at row %d (short %d pixels)
LogLuvDecode24: Not enough data at row %d (short %d pixels)
LogLuvDecode32: Not enough data at row %d (short %d pixels)
LogLuvDecode32: Not enough data at row %d (short %d pixels)
?%s: No space for SGILog translation buffer
?%s: No space for SGILog translation buffer
No support for converting user data format to LogL
No support for converting user data format to LogL
No support for converting user data format to LogLuv
No support for converting user data format to LogLuv
Inappropriate photometric interpretation %d for SGILog compression; %s
Inappropriate photometric interpretation %d for SGILog compression; %s
SGILog compression supported only for %s, or raw data
SGILog compression supported only for %s, or raw data
Unknown data format %d for LogLuv compression
Unknown data format %d for LogLuv compression
Unknown encoding %d for LogLuv compression
Unknown encoding %d for LogLuv compression
%s: No space for LogLuv state block
%s: No space for LogLuv state block
LZWDecode: Bogus encoding, loop in the code table; scanline %d
LZWDecode: Bogus encoding, loop in the code table; scanline %d
LZWDecode: Not enough data at scanline %d (short %d bytes)
LZWDecode: Not enough data at scanline %d (short %d bytes)
LZWDecode: Strip %d not terminated with EOI code
LZWDecode: Strip %d not terminated with EOI code
LZWDecodeCompat: Not enough data at scanline %d (short %d bytes)
LZWDecodeCompat: Not enough data at scanline %d (short %d bytes)
"%s": Bad mode
"%s": Bad mode
Not a TIFF file, bad version number %d (0x%x)
Not a TIFF file, bad version number %d (0x%x)
Not a TIFF file, bad magic number %d (0x%x)
Not a TIFF file, bad magic number %d (0x%x)
%s: Out of memory (TIFF structure)
%s: Out of memory (TIFF structure)
PackBitsDecode: discarding %d bytes to avoid buffer overrun
PackBitsDecode: discarding %d bytes to avoid buffer overrun
Horizontal differencing "Predictor" not supported with %d-bit samples
Horizontal differencing "Predictor" not supported with %d-bit samples
"Predictor" value %d not supported
"Predictor" value %d not supported
%u (0x%x)
%u (0x%x)
%s: Read error at scanline %lu, strip %lu; got %lu bytes, expected %lu
%s: Read error at scanline %lu, strip %lu; got %lu bytes, expected %lu
%s: Read error at scanline %lu; got %lu bytes, expected %lu
%s: Read error at scanline %lu; got %lu bytes, expected %lu
%s: Seek error at scanline %lu, strip %lu
%s: Seek error at scanline %lu, strip %lu
%s: Read error at row %ld, col %ld, tile %ld; got %lu bytes, expected %lu
%s: Read error at row %ld, col %ld, tile %ld; got %lu bytes, expected %lu
%s: Read error at row %ld, col %ld; got %lu bytes, expected %lu
%s: Read error at row %ld, col %ld; got %lu bytes, expected %lu
%s: Seek error at row %ld, col %ld, tile %ld
%s: Seek error at row %ld, col %ld, tile %ld
%s: No space for data buffer at scanline %ld
%s: No space for data buffer at scanline %ld
%s: Data buffer too small to hold strip %lu
%s: Data buffer too small to hold strip %lu
%s: Read error on strip %lu; got %lu bytes, expected %lu
%s: Read error on strip %lu; got %lu bytes, expected %lu
%s: Data buffer too small to hold tile %ld
%s: Data buffer too small to hold tile %ld
%u: Sample out of range, max %u
%u: Sample out of range, max %u
ThunderDecode: %s data at scanline %ld (%lu != %lu)
ThunderDecode: %s data at scanline %ld (%lu != %lu)
Sample %d out of range, max %u
Sample %d out of range, max %u
LIBTIFF, Version 3.5.7
LIBTIFF, Version 3.5.7
%s: Cannot open
%s: Cannot open
%s Warning
%s Warning
%s Error
%s Error
%s: Write error at scanline %lu
%s: Write error at scanline %lu
%s: Seek error at scanline %lu
%s: Seek error at scanline %lu
%s: %s
%s: %s
%s: zlib error: %s
%s: zlib error: %s
%s: Not enough data at scanline %d (short %d bytes)
%s: Not enough data at scanline %d (short %d bytes)
%s: Decoding error at scanline %d, %s
%s: Decoding error at scanline %d, %s
%s: Encoder error: %s
%s: Encoder error: %s
Runtime error: %s
Runtime error: %s
Warning: unknown method "%s"
Warning: unknown method "%s"
Warning: invalid index for operator []
Warning: invalid index for operator []
hook break %d
hook break %d
Warning: can't set property "%s" with a wrong type
Warning: can't set property "%s" with a wrong type
Warning: using undefined property "%s"
Warning: using undefined property "%s"
Warning: using undefined variable "%s"
Warning: using undefined variable "%s"
CNotSupportedException
CNotSupportedException
COMCTL32.DLL
COMCTL32.DLL
Afx:%p:%x:%p:%p:%p
Afx:%p:%x:%p:%p:%p
Afx:%p:%x
Afx:%p:%x
hhctrl.ocx
hhctrl.ocx
commctrl_DragListMsg
commctrl_DragListMsg
CCmdTarget
CCmdTarget
CHotKeyCtrl
CHotKeyCtrl
msctls_hotkey32
msctls_hotkey32
GDI32.DLL
GDI32.DLL
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
File%d
File%d
ntdll.dll
ntdll.dll
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
%s.dll
%s.dll
CMDIChildWnd
CMDIChildWnd
CMDIFrameWnd
CMDIFrameWnd
ddeexec
ddeexec
%s\ShellNew
%s\ShellNew
%s\shell\printto\%s
%s\shell\printto\%s
%s\shell\print\%s
%s\shell\print\%s
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
olepro32.dll
olepro32.dll
ole32.dll
ole32.dll
mscoree.dll
mscoree.dll
?#%X.y
?#%X.y
Please contact the application's support team for more information.
Please contact the application's support team for more information.
internal state. The program cannot safely continue execution and must
internal state. The program cannot safely continue execution and must
continue execution and must now be terminated.
continue execution and must now be terminated.
portuguese-brazilian
portuguese-brazilian
GetProcessWindowStation
GetProcessWindowStation
0123456789
0123456789
right-curly-bracket
right-curly-bracket
left-curly-bracket
left-curly-bracket
OLEAUT32.dll
OLEAUT32.dll
OLEACC.dll
OLEACC.dll
WINMM.dll
WINMM.dll
WSOCK32.dll
WSOCK32.dll
VERSION.dll
VERSION.dll
GetWindowsDirectoryA
GetWindowsDirectoryA
CreatePipe
CreatePipe
GetProcessHeaps
GetProcessHeaps
WinExec
WinExec
GetCPInfo
GetCPInfo
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
GetKeyNameTextA
GetKeyNameTextA
MapVirtualKeyA
MapVirtualKeyA
EnumThreadWindows
EnumThreadWindows
ExitWindowsEx
ExitWindowsEx
EnumWindows
EnumWindows
EnumChildWindows
EnumChildWindows
CreateDialogIndirectParamA
CreateDialogIndirectParamA
USER32.dll
USER32.dll
GetViewportExtEx
GetViewportExtEx
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportOrgEx
GetViewportOrgEx
GDI32.dll
GDI32.dll
WINSPOOL.DRV
WINSPOOL.DRV
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
RegOpenKeyA
RegOpenKeyA
RegEnumKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteKeyA
RegEnumKeyA
RegEnumKeyA
RegCreateKeyA
RegCreateKeyA
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
FindExecutableA
FindExecutableA
SHELL32.dll
SHELL32.dll
COMCTL32.dll
COMCTL32.dll
SHLWAPI.dll
SHLWAPI.dll
oledlg.dll
oledlg.dll
.PAVCFileException@@
.PAVCFileException@@
.PAVCObject@@
.PAVCObject@@
.PAVCException@@
.PAVCException@@
.PAVCTopBaseException@@
.PAVCTopBaseException@@
.PAVCZipException@@
.PAVCZipException@@
This executable file was created by an UNREGISTERED copy of SWFKit!
This executable file was created by an UNREGISTERED copy of SWFKit!
.PAVCOleException@@
.PAVCOleException@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCHotKeyCtrl@@
.?AVCHotKeyCtrl@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
.?AVCStatusCmdUI@@
.?AVCStatusCmdUI@@
.?AVCMDIFrameWnd@@
.?AVCMDIFrameWnd@@
.?AVCMDIChildWnd@@
.?AVCMDIChildWnd@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
zcÁ
zcÁ
c:\users\"%CurrentUserName%"\appdata\local\microsoft\windows\temporary internet files
c:\users\"%CurrentUserName%"\appdata\local\microsoft\windows\temporary internet files
install_flash_player_active_x.exe
install_flash_player_active_x.exe
empty.swf
empty.swf
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\swfplayer.exe
C:\Users\"%CurrentUserName%"\AppData\Roaming\elefundesktops\thegreatlake_wallpaper\swfplayer.exe
5L.uhH
5L.uhH
/.LzC
/.LzC
d.rbg
d.rbg
%S
%S
stdole2.tlbWWW
stdole2.tlbWWW
bstrMsgW
bstrMsgW
Created by MIDL version 6.00.0347 at Thu Aug 30 16:09:49 2007
Created by MIDL version 6.00.0347 at Thu Aug 30 16:09:49 2007
%d
%d
%s
%s
%s:%s. See also: %s.
%s:%s. See also: %s.
%s %s d d:d:d GMT% 04d %s%sd B.C.
%s %s d d:d:d GMT% 04d %s%sd B.C.
%s %s d d:d:d GMT% 04d %s%sd
%s %s d d:d:d GMT% 04d %s%sd
%s, d %s d d:d:d GMT B.C.
%s, d %s d d:d:d GMT B.C.
%s, d %s d d:d:d GMT
%s, d %s d d:d:d GMT
x%s.%s
x%s.%s
%s.length
%s.length
[object Inet.Ftp]
[object Inet.Ftp]
[object RegKey]
[object RegKey]
d[object URLShortcut]
d[object URLShortcut]
[object Sound.playback]
[object Sound.playback]
[object Sound.recording]
[object Sound.recording]
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
%s
;/?:@&= $,#
;/?:@&= $,#
accKeyboardShortcut
accKeyboardShortcut
SUPPORT
SUPPORT
Key Press
Key Press
Disable Windows keys
Disable Windows keys
Exit Keys
Exit Keys
HotKey1
HotKey1
Custom Hot Key
Custom Hot Key
%s Registration
%s Registration
Please enter your name, a serial number and a registration code to register %s.
Please enter your name, a serial number and a registration code to register %s.
Enter the World Wide Web location (URL) or specify the local file you would like to open.
Enter the World Wide Web location (URL) or specify the local file you would like to open.
WEBSITE
WEBSITE
Port :
Port :
Prj.Document
Prj.Document
Invalid projector window size!Invalid projector window position5Flash (*.swf,*.spl)|*.swf;*.spl|All Files (*.*)|*.*||
Invalid projector window size!Invalid projector window position5Flash (*.swf,*.spl)|*.swf;*.spl|All Files (*.*)|*.*||
%s has expired!D%s
%s has expired!D%s
Press Register button to register %s, press OK button to exit.
Press Register button to register %s, press OK button to exit.
'This copy of program is licensed to: %s
'This copy of program is licensed to: %s
Serial Number: %s
Serial Number: %s
Replace%Select the entire document
Replace%Select the entire document
All Files (*.*)
All Files (*.*)
No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.
No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.
Page %u
Page %u
Pages %u-%u
Pages %u-%u
Output.prn1Printer Files (*.prn)|*.prn|All Files (*.*)|*.*||
Output.prn1Printer Files (*.prn)|*.prn|All Files (*.*)|*.*||
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.
#Unable to load mail system support.
#Unable to load mail system support.
Access to %1 was denied..An invalid file handle was associated with %1.
Access to %1 was denied..An invalid file handle was associated with %1.
Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.
Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.
Disk full while accessing %1..An attempt was made to access %1 past its end.
Disk full while accessing %1..An attempt was made to access %1 past its end.
No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.
No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.
swfplayer.exe
swfplayer.exe