WormAutoItGen.YR (Lavasoft MAS)Behaviour: Worm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: ddbacc89dfd4a2c00602501454102d63
SHA1: af99d469f2c705247e2a3e03a489ff82be8c172b
SHA256: d42cf6403220c2801760d8e910fca411cb84c1d5e6b60657264c92598cd5401a
SSDeep: 98304:vfYs3YSgpg1m2 MDGoqfW UCkTgfuDN6Wi0EMpI3G8FuN:nYgYS2g1mE5qfYEfuR6WilMpyG80N
Size: 4520456 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: PC Drivers HeadQuarters LP
Created at: 2014-10-07 07:40:17
Analyzed on: Windows7Ada SP1 64-bit
Summary: Worm. A program that is primarily replicating on networks or removable drives.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Worm creates the following process(es):
TPAutoConnSvc.exe:1844
DriverSupport.exe:2788
csc.exe:988
csc.exe:3824
csc.exe:1220
csc.exe:3636
csc.exe:3536
csc.exe:3628
csc.exe:4020
csc.exe:1840
csc.exe:3040
csc.exe:4044
csc.exe:1884
csc.exe:3456
csc.exe:2780
csc.exe:1636
csc.exe:2056
csc.exe:1732
csc.exe:1960
csc.exe:2480
csc.exe:3180
csc.exe:2360
csc.exe:3916
csc.exe:2620
csc.exe:3600
csc.exe:3744
csc.exe:2424
csc.exe:148
csc.exe:3332
csc.exe:168
csc.exe:3172
csc.exe:2044
csc.exe:3464
csc.exe:3380
csc.exe:3460
csc.exe:2896
csc.exe:2144
csc.exe:3820
%original file name%.exe:1812
cvtres.exe:2476
cvtres.exe:3900
cvtres.exe:1144
cvtres.exe:1228
cvtres.exe:3320
cvtres.exe:3004
cvtres.exe:3660
cvtres.exe:4040
cvtres.exe:1964
cvtres.exe:2380
cvtres.exe:308
cvtres.exe:2460
cvtres.exe:3568
cvtres.exe:3748
cvtres.exe:2060
cvtres.exe:3392
cvtres.exe:1496
cvtres.exe:4036
cvtres.exe:2976
cvtres.exe:1644
cvtres.exe:3560
cvtres.exe:800
cvtres.exe:3448
cvtres.exe:3152
cvtres.exe:2028
cvtres.exe:3036
cvtres.exe:968
cvtres.exe:1972
cvtres.exe:2236
cvtres.exe:3844
cvtres.exe:1668
cvtres.exe:3760
cvtres.exe:3220
cvtres.exe:1380
cvtres.exe:2160
cvtres.exe:2512
netsh.exe:1300
netsh.exe:2612
netsh.exe:948
netsh.exe:2936
netsh.exe:2680
netsh.exe:1724
netsh.exe:1932
netsh.exe:2824
netsh.exe:1836
netsh.exe:1144
netsh.exe:1884
netsh.exe:256
Agent.CPU.exe:1776
The Worm injects its code into the following process(es):No processes have been created.
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process DriverSupport.exe:2788 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\btwnxq8x.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\kqticehf.0.cs (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\y53pgf1q.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-qkd3atn.0.cs (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r2q3etsq.cmdline (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\acr0gobf.0.cs (37988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pjzrg_vp.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\km9wtnkl.0.cs (676 bytes)
C:\ProgramData\Driver Support\Driver Support\dd.lic (144 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\btwnxq8x.out (560 bytes)
C:\ProgramData\Driver Support\Driver Support\UXState.dat (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lobok9e-.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r2q3etsq.out (783 bytes)
C:\ProgramData\Driver Support\Driver Support\RuleEngine\GlobalEnvironmentEvents.dat (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lobok9e-.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-la1ps6l.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\c7l3csrz.0.cs (37988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r1ultjq8.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rg79px7n.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\km9wtnkl.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\c7l3csrz.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\f56vwv71.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rz4g_caw.cmdline (499 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F6DEB9C1F3251400F7D6EB743CB14FB4 (452 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5vmchgql.out (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rg79px7n.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\2ggppmsk.newcfg (6034 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rg79px7n.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\evxwrpqu.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aiapy1ka.cmdline (704 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lobok9e-.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rdh1agrv.out (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mo609oh-.0.cs (7332 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r1ultjq8.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\xk2_nzqf.newcfg (11487 bytes)
C:\ProgramData\Driver Support\Driver Support\WL.dat (2 bytes)
C:\ProgramData\Driver Support\Driver Support\RuleEngine\GlobalEnvironmentProperties.dat (1242 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rpsktij-.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rdh1agrv.0.cs (24148 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lczz4avd.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-tuext67.out (562 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\6a884bdb6f1f42e19fe3a05771ed3944 (1924 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rz4g_caw.0.cs (6740 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\da037491005146f6a957b4ecb5bfed63 (5572 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lczz4avd.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\z-6zuk8l.0.cs (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\csp1icue.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ley4w52l.cmdline (457 bytes)
C:\ProgramData\Driver Support\Driver Support\DDSM\ScanManager.dat (34726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\i1qoptw_.0.cs (196 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\5800b95cecc34f8ba843cca0d25491ef (2500 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\DownloadResourceManager.dat (8006 bytes)
C:\ProgramData\Driver Support\Driver Support\RuleEngine\GlobalRules.dat (24016 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\f56vwv71.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5vmchgql.cmdline (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5edh4fjc.0.cs (388 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\csp1icue.cmdline (405 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\c7l3csrz.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jlb4na-p.0.cs (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\kqticehf.cmdline (516 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-qkd3atn.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\i1qoptw_.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mo609oh-.out (562 bytes)
C:\ProgramData\Driver Support\Driver Support\RuleEngine\RuleHistoryController.dat (986 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\20a37524b482440fb80dfbd16a6165e8 (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\bdjoku1t.newcfg (7500 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jlb4na-p.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F6DEB9C1F3251400F7D6EB743CB14FB4 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\btwnxq8x.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aoem7hgj.cmdline (460 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\z-6zuk8l.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\m5kls75s.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\f56vwv71.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\y53pgf1q.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\acr0gobf.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q__4mcj_.0.cs (2500 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1212 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\i1qoptw_.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\evxwrpqu.0.cs (2500 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\90d20744044b4080bc23bdb2e638d531 (5572 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rdh1agrv.cmdline (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\haqckqxh.newcfg (1854 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\m5kls75s.cmdline (704 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pjzrg_vp.out (508 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aiapy1ka.out (807 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_40F159D44D8C605036811A9D469F7AD9 (696 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\2pez68hb.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q__4mcj_.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\qilxnnaj.newcfg (14095 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\95y96zfk.newcfg (7500 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\evxwrpqu.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\m5kls75s.out (807 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q__4mcj_.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab8DBE.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\y53pgf1q.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lczz4avd.0.cs (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\2pez68hb.cmdline (457 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\fdd99775b9b54cd68b3752a8ed712bea (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-tuext67.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tfq1wl8u.out (807 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\z-6zuk8l.out (562 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\92e9a03209c04b85b8cfe19cb34337bc (7332 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tfq1wl8u.cmdline (704 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rz4g_caw.out (602 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\xfqebjqb.newcfg (2519 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\csp1icue.out (508 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\naqutiwk.newcfg (17322 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r1ultjq8.cmdline (457 bytes)
C:\ProgramData\Driver Support\Driver Support\RuleEngine\GlobalActions.dat (1100 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (141 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\88c6b75283d541b9a5bc732fd17b6423 (4708 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aoem7hgj.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mo609oh-.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\kqticehf.out (619 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_40F159D44D8C605036811A9D469F7AD9 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ley4w52l.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aiapy1ka.0.cs (388 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\acr0gobf.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\oiqmwd4e.newcfg (1456 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\w5_7cfef.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jlb4na-p.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 (370 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\49f89b2b79014b868045d79d209a85a4 (388 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pjzrg_vp.cmdline (405 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tfq1wl8u.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r2q3etsq.0.cs (40972 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\km9wtnkl.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\2pez68hb.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5vmchgql.0.cs (44948 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5edh4fjc.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-tuext67.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (1104 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\4dc89ed7c3414aaf94db0dd16478f2b2 (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-la1ps6l.0.cs (196 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\5cbb170d9da74b06b83ca91f49997b76 (1444 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\18430981175c4821b4d675d4e9314558 (1176074 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar8DBF.tmp (2784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aoem7hgj.out (563 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-la1ps6l.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\w5_7cfef.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rpsktij-.0.cs (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\4rvn9fcx.newcfg (11527 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (448 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ley4w52l.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5edh4fjc.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (1058 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\w5_7cfef.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-qkd3atn.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rpsktij-.out (562 bytes)
The process csc.exe:988 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCE5BD.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aoem7hgj.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aoem7hgj.dll (3662 bytes)
The process csc.exe:3824 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCD346.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r1ultjq8.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r1ultjq8.dll (3646 bytes)
The process csc.exe:1220 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\evxwrpqu.dll (5228 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCEC71.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\evxwrpqu.out (396 bytes)
The process csc.exe:3636 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pjzrg_vp.dll (3646 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCC40.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pjzrg_vp.out (396 bytes)
The process csc.exe:3536 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5edh4fjc.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5edh4fjc.dll (3938 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCB08.tmp (664 bytes)
The process csc.exe:3628 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\c7l3csrz.dll (4662 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\c7l3csrz.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCD2A.tmp (664 bytes)
The process csc.exe:4020 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCDB03.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rg79px7n.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rg79px7n.dll (3192 bytes)
The process csc.exe:1840 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC9FF.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\z-6zuk8l.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\z-6zuk8l.dll (4548 bytes)
The process csc.exe:3040 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-qkd3atn.dll (4950 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-qkd3atn.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCA8B.tmp (664 bytes)
The process csc.exe:4044 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\2pez68hb.dll (3886 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCD9AC.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\2pez68hb.out (396 bytes)
The process csc.exe:1884 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\kqticehf.dll (3552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\kqticehf.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCE714.tmp (664 bytes)
The process csc.exe:3456 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\acr0gobf.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC26D2.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\acr0gobf.dll (4662 bytes)
The process csc.exe:2780 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC934.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rpsktij-.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rpsktij-.dll (4740 bytes)
The process csc.exe:1636 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCEA9D.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tfq1wl8u.out (198 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tfq1wl8u.dll (3854 bytes)
The process csc.exe:2056 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\km9wtnkl.dll (4950 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\km9wtnkl.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCB1A3.tmp (664 bytes)
The process csc.exe:1732 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rdh1agrv.dll (5166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rdh1agrv.out (198 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC92BE.tmp (664 bytes)
The process csc.exe:1960 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCB24E.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jlb4na-p.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jlb4na-p.dll (4548 bytes)
The process csc.exe:2480 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\m5kls75s.out (198 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\m5kls75s.dll (3742 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCEB87.tmp (664 bytes)
The process csc.exe:3180 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC2848.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\csp1icue.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\csp1icue.dll (3710 bytes)
The process csc.exe:2360 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mo609oh-.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCA9A7.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mo609oh-.dll (4806 bytes)
The process csc.exe:3916 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCD47E.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\y53pgf1q.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\y53pgf1q.dll (3790 bytes)
The process csc.exe:2620 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rz4g_caw.dll (4838 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rz4g_caw.out (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCAC27.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ey0upjyg.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCDDB2.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ey0upjyg.dll (4950 bytes)
The process csc.exe:3600 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCBB4.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q__4mcj_.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q__4mcj_.dll (5228 bytes)
The process csc.exe:3744 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ley4w52l.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCD3E2.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ley4w52l.dll (3694 bytes)
The process csc.exe:2424 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r2q3etsq.dll (4258 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r2q3etsq.out (198 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC57C.tmp (664 bytes)
The process csc.exe:148 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCB2DB.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lczz4avd.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lczz4avd.dll (4230 bytes)
The process csc.exe:3332 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aiapy1ka.out (198 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC2D57.tmp (652 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aiapy1ka.dll (3600 bytes)
The process csc.exe:168 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCAA82.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q1tyzd7j.out (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q1tyzd7j.dll (4838 bytes)
The process csc.exe:3172 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\btwnxq8x.dll (3032 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\btwnxq8x.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCB931.tmp (664 bytes)
The process csc.exe:2044 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCF2E6.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5vmchgql.out (198 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5vmchgql.dll (5394 bytes)
The process csc.exe:3464 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\f56vwv71.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCDA7.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\f56vwv71.dll (3224 bytes)
The process csc.exe:3380 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC8A8.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-tuext67.dll (3534 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-tuext67.out (396 bytes)
The process csc.exe:3460 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCEB0.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\i1qoptw_.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\i1qoptw_.out (396 bytes)
The process csc.exe:2896 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCD900.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lobok9e-.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lobok9e-.dll (3678 bytes)
The process csc.exe:2144 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC148A.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-la1ps6l.dll (3304 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-la1ps6l.out (396 bytes)
The process csc.exe:3820 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCD29A.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\w5_7cfef.dll (3000 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\w5_7cfef.out (396 bytes)
The process %original file name%.exe:1812 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp\DotNetChecker.dll (1597 bytes)
%Program Files% (x86)\Driver Support\ICSharpCode.SharpZipLib.dll (7192 bytes)
%Program Files% (x86)\Driver Support\Agent.Common.XmlSerializers.dll (11344 bytes)
%Program Files% (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll (2392 bytes)
%Program Files% (x86)\Driver Support\RuleEngine.dll (17848 bytes)
%Program Files% (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.Downloaders.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp\nsDialogs.dll (21 bytes)
%Program Files% (x86)\Driver Support\Common.dll (33536 bytes)
%Program Files% (x86)\Driver Support\ExceptionLogging.dll (784 bytes)
%Program Files% (x86)\Driver Support\Agent.CPU.exe (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp\LangDLL.dll (13 bytes)
%Program Files% (x86)\Driver Support\ISUninstall.exe (784 bytes)
%Program Files% (x86)\Driver Support\Interop.WUApiLib.dll (3312 bytes)
%Program Files% (x86)\Driver Support\Agent.ExceptionLogging.XmlSerializers.dll (1552 bytes)
%Program Files% (x86)\Driver Support\cpuidsdk.dll (28288 bytes)
%Program Files% (x86)\Driver Support\Agent.Common.dll (13368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp\modern-header.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp\Linker.dll (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support\Uninstall Driver Support.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz9D88.tmp (366997 bytes)
%Program Files% (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll (3312 bytes)
%Program Files% (x86)\Driver Support\DriverSupport.exe (190439 bytes)
%Program Files% (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll (4992 bytes)
%Program Files% (x86)\Driver Support\DriverSupport.Updater.exe.config (2 bytes)
%Program Files% (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll (5064 bytes)
%Program Files% (x86)\Driver Support\RuleEngine.XmlSerializers.dll (2392 bytes)
%Program Files% (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll (1856 bytes)
%Program Files% (x86)\Driver Support\config.dat (2 bytes)
%Program Files% (x86)\Driver Support\Uninstall.exe (2469 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp\modern-wizard.bmp (5520 bytes)
%Program Files% (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support\Driver Support.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp\UserInfo.dll (8 bytes)
%Program Files% (x86)\Driver Support\XPBurnComponent.dll (1856 bytes)
%Program Files% (x86)\Driver Support\DriverSupport.chm (1552 bytes)
%Program Files% (x86)\Driver Support\ThemePack.DriverSupport.dll (31856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp (4 bytes)
%Program Files% (x86)\Driver Support\Agent.ExceptionLogging.dll (1856 bytes)
%Program Files% (x86)\Driver Support\Agent.Communication.dll (15536 bytes)
%Program Files% (x86)\Driver Support\DriverSupport.exe.config (2 bytes)
%Program Files% (x86)\Driver Support\Agent.Communication.XmlSerializers.dll (16288 bytes)
%Program Files% (x86)\Driver Support\DriverSupport.Updater.exe (7192 bytes)
The process cvtres.exe:2476 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESDA8.tmp (3690 bytes)
The process cvtres.exe:3900 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESA8C.tmp (3690 bytes)
The process cvtres.exe:1144 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESAC37.tmp (3698 bytes)
The process cvtres.exe:1228 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESD901.tmp (3698 bytes)
The process cvtres.exe:3320 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES2D58.tmp (3666 bytes)
The process cvtres.exe:3004 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESE5CD.tmp (3698 bytes)
The process cvtres.exe:3660 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESC51.tmp (3690 bytes)
The process cvtres.exe:4040 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESDB04.tmp (3698 bytes)
The process cvtres.exe:1964 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESAA83.tmp (3698 bytes)
The process cvtres.exe:2380 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESE715.tmp (3698 bytes)
The process cvtres.exe:308 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESB1A4.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESEA9E.tmp (3698 bytes)
The process cvtres.exe:2460 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES935.tmp (3690 bytes)
The process cvtres.exe:3568 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESB09.tmp (3690 bytes)
The process cvtres.exe:3748 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESD3E3.tmp (3698 bytes)
The process cvtres.exe:2060 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESB24F.tmp (3698 bytes)
The process cvtres.exe:3392 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES26D3.tmp (3698 bytes)
The process cvtres.exe:1496 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESA00.tmp (3690 bytes)
The process cvtres.exe:4036 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESD9AD.tmp (3698 bytes)
The process cvtres.exe:2976 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES8A9.tmp (3690 bytes)
The process cvtres.exe:1644 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESEB1.tmp (3690 bytes)
The process cvtres.exe:3560 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESBB5.tmp (3690 bytes)
The process cvtres.exe:800 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESD3B.tmp (3690 bytes)
The process cvtres.exe:3448 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES148B.tmp (3698 bytes)
The process cvtres.exe:3152 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES2849.tmp (3698 bytes)
The process cvtres.exe:2028 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESEB88.tmp (3698 bytes)
The process cvtres.exe:3036 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES92BF.tmp (3698 bytes)
The process cvtres.exe:968 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESF2F7.tmp (3698 bytes)
The process cvtres.exe:1972 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESB2DC.tmp (3698 bytes)
The process cvtres.exe:2236 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESD47F.tmp (3698 bytes)
The process cvtres.exe:3844 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESD29B.tmp (3698 bytes)
The process cvtres.exe:1668 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES57D.tmp (3690 bytes)
The process cvtres.exe:3760 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESD357.tmp (3698 bytes)
The process cvtres.exe:3220 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESB932.tmp (3698 bytes)
The process cvtres.exe:1380 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESA9A8.tmp (3698 bytes)
The process cvtres.exe:2160 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESEC81.tmp (3698 bytes)
The process cvtres.exe:2512 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESDDC2.tmp (3698 bytes)
The process Agent.CPU.exe:1776 makes changes in the file system.
The Worm creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q1tyzd7j.out (598 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\cpuz136\cpuz136_x64.sys (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q1tyzd7j.cmdline (497 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q1tyzd7j.0.cs (6740 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ey0upjyg.0.cs (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_40F159D44D8C605036811A9D469F7AD9 (808 bytes)
C:\ProgramData\Driver Support\Driver Support\CPUID.dat (876 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ey0upjyg.out (558 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ey0upjyg.cmdline (457 bytes)
Registry activity
The process TPAutoConnSvc.exe:1844 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\ThinPrint\TPPrnUI\HP LaserJet Professional M1212nf MFP#:3]
"TrayData" = "2,Tray 3, 3,Tray 2, 1,Tray 1, 4,Manual Feed, 7,Auto Select"
"FormData" = "1,2159,2794,Letter¶40,40,2086,2712, 5,2159,3556,Legal¶40,40,2086,3474, 9,2100,2970,A4¶39,39,2032,2890, 7,1842,2667,Executive¶40,40,1761,2585, 258,2159,3302,8.5 x 13 (custom)¶40,40,2086,3220, 11,1480,2100,A5¶39,39,1408,2020, 70,1050,1480,A6¶39,39,975,1399, 13,1820,2570,B5 (JIS)¶39,39,1747,2490, 264,1950,2700,16K 195x270¶39,39,1882,2620, 263,1840,2600,16K 184x260¶39,39,1761,2520, 257,1970,2730,16K 197x273¶39,39,1896,2650, 43,1000,1480,Japanese Postcard¶39,39,921,1399, 82,1480,2000,Double Japan Postcard Rotated¶39,39,1408,1919, 20,1046,2413,Envelope #10¶40,40,975,2331, 37,983,1905,Envelope Monarch¶40,40,907,1823, 34,1760,2500,Envelope B5¶39,39,1693,2420, 28,1620,2290,Envelope C5¶39,39,1544,2209, 27,1100,2200,Envelope DL¶39,39,1029,2120"
"DelAfterCreate" = "1"
[HKU\.DEFAULT\Printers\DevModes2]
"HP LaserJet Professional M1212nf MFP#:3" = "48 00 50 00 20 00 4C 00 61 00 73 00 65 00 72 00"
The Worm deletes the following registry key(s):
[HKLM\SOFTWARE\ThinPrint\TPPrnUI\HP LaserJet Professional M1212nf MFP#:3]
The process DriverSupport.exe:2788 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASMANCS]
"ConsoleTracingMask" = "4294901760"
[HKCU\Software\DriverSupport\Install]
"DhqScanStatusDescription" = "Scanning Your Computer"
[HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASAPI32]
"MaxFileSize" = "1048576"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\DriverSupport\Install]
"DhqScanFinish" = "12/11/2014 4:35:54 PM"
[HKCU\Software\DriverSupport]
"APIPort" = "65411"
[HKCU\Software\DriverSupport\Install]
"DhqScanStart" = "12/11/2014 4:35:36 PM"
[HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASMANCS]
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\DriverSupport]
"uuid" = "13684600-ad88-4ba9-8423-494ed72da3ae"
[HKCU\Software\DriverSupport\Install]
"ScanProgress" = "15"
"VeloxumInstallStatus" = "-2"
[HKCU\Software\Microsoft\SystemCertificates\CA\Certificates\7C4656C3061F7F4C0D67B319A855F60EBC11FC44]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 7C 46 56 C3"
[HKLM\SOFTWARE\Wow6432Node\Veloxum\iPTE]
"DHQSessionID" = "S-1-5-21-2858020935-2156992550-3658131804-1003"
[HKCU\Software\DriverSupport\Install]
"uuid" = "13684600-ad88-4ba9-8423-494ed72da3ae"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASAPI32]
"FileTracingMask" = "4294901760"
[HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASMANCS]
"MaxFileSize" = "1048576"
"EnableFileTracing" = "0"
[HKCU\Software\DriverSupport\Install]
"DhqScanStatus" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASMANCS]
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\DriverSupport\Install]
"ScanStatus" = "0"
"ScanStatusDescription" = "Scanning Your Computer"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 91 DE 06 25"
[HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASAPI32]
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\DriverSupport\Install]
"ScanStart" = "12/11/2014 4:35:36 PM"
[HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASAPI32]
"ConsoleTracingMask" = "4294901760"
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASMANCS]
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\DriverSupport]
"APIPort" = "65411"
[HKLM\SOFTWARE\Microsoft\Tracing\DriverSupport_RASAPI32]
"EnableFileTracing" = "0"
To automatically run itself each time Windows is booted, the Worm adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Driver Support" = "%Program Files% (x86)\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false"
The Worm deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\SystemCertificates\CA\Certificates]
"7C4656C3061F7F4C0D67B319A855F60EBC11FC44"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"
[HKCU\Software\DriverSupport\Install]
"ScanFinish"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"2796BAE63F1801E277261BA0D77770028F20EEE4"
[HKCU\Software\DriverSupport\Install]
"DhqScanFinish"
The process %original file name%.exe:1812 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverSupport]
"InstallLocation" = "%Program Files% (x86)\Driver Support"
"Publisher" = "PC Drivers HeadQuarters LP"
"HelpTelephone" = "512.373.3518"
"DisplayName" = "Driver Support"
"NoModify" = "1"
"EstimatedSize" = "12120"
"UninstallString" = "%Program Files% (x86)\Driver Support\Uninstall.exe"
"InstallerLanguage" = "1033"
"URLInfoAbout" = "http://www.driversupport.com"
"HelpLink" = "http://account.driversupport.com/support/contact?wlid=30"
"DisplayVersion" = "9.1.4.66"
[HKCU\Software\DriverSupport\Install]
"UILevel" = "5"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverSupport]
"ProductID" = "{597FB4A5-DD86-4316-A410-7E8074CC2CCE}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\DriverSupport.exe]
"(Default)" = "%Program Files% (x86)\Driver Support\DriverSupport.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DriverSupport]
"NoRepair" = "1"
"DisplayIcon" = "%Program Files% (x86)\Driver Support\DriverSupport.exe,0"
[HKCU\Software\DriverSupport\Install]
"InstallStatus" = "0"
The process netsh.exe:1300 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"napipsec.dll,-1" = "IPsec Relying Party"
"eapqec.dll,-101" = "Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies."
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"eapqec.dll,-100" = "EAP Quarantine Enforcement Client"
[HKLM\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://127.0.0.1:65411/" = "01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
The process netsh.exe:2612 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://127.0.0.1:65411/tests/progress/" = "01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"napipsec.dll,-1" = "IPsec Relying Party"
"napipsec.dll,-2" = "Provides IPsec based enforcement for Network Access Protection"
"eapqec.dll,-100" = "EAP Quarantine Enforcement Client"
"dhcpqec.dll,-101" = "Provides DHCP based enforcement for NAP"
"dhcpqec.dll,-100" = "DHCP Quarantine Enforcement Client"
"dhcpqec.dll,-103" = "1.0"
"dhcpqec.dll,-102" = "Microsoft Corporation"
The process netsh.exe:948 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"napipsec.dll,-1" = "IPsec Relying Party"
"eapqec.dll,-101" = "Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies."
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"eapqec.dll,-100" = "EAP Quarantine Enforcement Client"
[HKLM\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://localhost:65411/media/status/" = "01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
The process netsh.exe:2936 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"eapqec.dll,-100" = "EAP Quarantine Enforcement Client"
"tsgqec.dll,-100" = "RD Gateway Quarantine Enforcement Client"
[HKLM\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://localhost:65411/license/status/" = "01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"napipsec.dll,-1" = "IPsec Relying Party"
"napipsec.dll,-3" = "Microsoft Corporation"
"napipsec.dll,-4" = "1.0"
"dhcpqec.dll,-100" = "DHCP Quarantine Enforcement Client"
The process netsh.exe:2680 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"eapqec.dll,-103" = "Microsoft Corporation"
"napipsec.dll,-1" = "IPsec Relying Party"
"eapqec.dll,-101" = "Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies."
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://127.0.0.1:65411/client/status/" = "01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
The process netsh.exe:1724 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://127.0.0.1:65411/client/reboot/" = "01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"eapqec.dll,-103" = "Microsoft Corporation"
"napipsec.dll,-1" = "IPsec Relying Party"
"eapqec.dll,-100" = "EAP Quarantine Enforcement Client"
"napipsec.dll,-4" = "1.0"
The process netsh.exe:1932 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://localhost:65411/client/reboot/" = "01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"tsgqec.dll,-100" = "RD Gateway Quarantine Enforcement Client"
"napipsec.dll,-1" = "IPsec Relying Party"
"napipsec.dll,-2" = "Provides IPsec based enforcement for Network Access Protection"
"eapqec.dll,-100" = "EAP Quarantine Enforcement Client"
The process netsh.exe:2824 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://127.0.0.1:65411/license/status/" = "01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"tsgqec.dll,-103" = "Microsoft Corporation"
"tsgqec.dll,-102" = "1.0"
"tsgqec.dll,-101" = "Provides RD Gateway enforcement for NAP"
"napipsec.dll,-1" = "IPsec Relying Party"
"napipsec.dll,-2" = "Provides IPsec based enforcement for Network Access Protection"
"eapqec.dll,-100" = "EAP Quarantine Enforcement Client"
"eapqec.dll,-101" = "Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies."
The process netsh.exe:1836 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"napipsec.dll,-1" = "IPsec Relying Party"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"eapqec.dll,-100" = "EAP Quarantine Enforcement Client"
[HKLM\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://localhost:65411/client/status/" = "01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
The process netsh.exe:1144 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"napipsec.dll,-1" = "IPsec Relying Party"
[HKLM\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://127.0.0.1:65411/media/status/" = "01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"tsgqec.dll,-100" = "RD Gateway Quarantine Enforcement Client"
"eapqec.dll,-102" = "1.0"
The process netsh.exe:1884 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"tsgqec.dll,-100" = "RD Gateway Quarantine Enforcement Client"
"eapqec.dll,-102" = "1.0"
"napipsec.dll,-1" = "IPsec Relying Party"
"napipsec.dll,-2" = "Provides IPsec based enforcement for Network Access Protection"
"eapqec.dll,-100" = "EAP Quarantine Enforcement Client"
"napipsec.dll,-4" = "1.0"
"eapqec.dll,-101" = "Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies."
[HKLM\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://localhost:65411/" = "01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
The process netsh.exe:256 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"napipsec.dll,-1" = "IPsec Relying Party"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E\@%SystemRoot%\system32]
"eapqec.dll,-100" = "EAP Quarantine Enforcement Client"
[HKLM\System\CurrentControlSet\Services\HTTP\Parameters\UrlAclInfo]
"http://localhost:65411/tests/progress/" = "01 00 04 80 00 00 00 00 00 00 00 00 00 00 00 00"
The process Agent.CPU.exe:1776 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:
[HKCU\Software\Classes\Local Settings\MuiCache\2B\52C64B7E]
"LanguageList" = "en-US, en"
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4]
"Blob" = "0F 00 00 00 01 00 00 00 14 00 00 00 5D 82 AD B9"
The Worm deletes the following value(s) in system registry:
[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"2796BAE63F1801E277261BA0D77770028F20EEE4"
Dropped PE files
| MD5 | File path |
|---|---|
| 800a695a3cfa228f8f0be3a6b9c17bf9 | c:\Program Files (x86)\Driver Support\Agent.CPU.exe |
| 8d271bf16b55ee1938a9436597c1d85b | c:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll |
| f3706e5a58730d14c0c9e609f254afdb | c:\Program Files (x86)\Driver Support\Agent.Common.dll |
| ce40f304aabccf7cb4d69ad03e56e0ff | c:\Program Files (x86)\Driver Support\Agent.Communication.XmlSerializers.dll |
| f297a7c79e40ecd015b566399ba3baba | c:\Program Files (x86)\Driver Support\Agent.Communication.dll |
| 8eea496a3b72a958f0bd4dfdf9ed6a04 | c:\Program Files (x86)\Driver Support\Agent.ExceptionLogging.XmlSerializers.dll |
| 8ca8174ccdfa5b38eb8ed17956b19813 | c:\Program Files (x86)\Driver Support\Agent.ExceptionLogging.dll |
| 346042ec3afb66af1c1b28d81356b5a6 | c:\Program Files (x86)\Driver Support\Common.dll |
| b9a129c8d0f87ce0d60b2eae266d8d03 | c:\Program Files (x86)\Driver Support\DriverSupport.Updater.exe |
| 53e6c89f0e004ca19fde4ac10349ea06 | c:\Program Files (x86)\Driver Support\DriverSupport.exe |
| ed868d44841cc9314955b4aa63ed17b1 | c:\Program Files (x86)\Driver Support\ExceptionLogging.dll |
| 6d3f048bb44cae29a5b602d99dc7660b | c:\Program Files (x86)\Driver Support\ICSharpCode.SharpZipLib.dll |
| f6f3a73d440745e5d05433765d0cd753 | c:\Program Files (x86)\Driver Support\ISUninstall.exe |
| 7cb7ec9528fed0b466b1c5de05865e64 | c:\Program Files (x86)\Driver Support\Interop.WUApiLib.dll |
| 6905a2910234e631014f6e7875dd8d53 | c:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.dll |
| 04a7046973198bb1b981724ac9e37a10 | c:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.Downloaders.dll |
| 012f8291780c495d9456393d67a7732c | c:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll |
| 88b8737a4110d1e75d9f0afd39cc78aa | c:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll |
| 1dba058a92e65e5fae61c0177bc7746a | c:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll |
| 3eb6e2b12a61e8bbb46da2c34458177f | c:\Program Files (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll |
| 90b2cba1679f60a05101953aa4cc29e5 | c:\Program Files (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll |
| 32d69b4f530afca4e77920664d24b266 | c:\Program Files (x86)\Driver Support\RuleEngine.XmlSerializers.dll |
| e436b1067ada37ef803b143bdd78b576 | c:\Program Files (x86)\Driver Support\RuleEngine.dll |
| 058fbd620db0121da5ce1bb9362e2db6 | c:\Program Files (x86)\Driver Support\ThemePack.DriverSupport.dll |
| abc445b1d45bcef314b319a99536a869 | c:\Program Files (x86)\Driver Support\Uninstall.exe |
| 4e752c12d4388cd0dce51db8ac696f8c | c:\Program Files (x86)\Driver Support\XPBurnComponent.dll |
| 75d978563d11f33c7e516d53900be7c9 | c:\Program Files (x86)\Driver Support\cpuidsdk.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
TPAutoConnSvc.exe:1844
DriverSupport.exe:2788
csc.exe:988
csc.exe:3824
csc.exe:1220
csc.exe:3636
csc.exe:3536
csc.exe:3628
csc.exe:4020
csc.exe:1840
csc.exe:3040
csc.exe:4044
csc.exe:1884
csc.exe:3456
csc.exe:2780
csc.exe:1636
csc.exe:2056
csc.exe:1732
csc.exe:1960
csc.exe:2480
csc.exe:3180
csc.exe:2360
csc.exe:3916
csc.exe:2620
csc.exe:3600
csc.exe:3744
csc.exe:2424
csc.exe:148
csc.exe:3332
csc.exe:168
csc.exe:3172
csc.exe:2044
csc.exe:3464
csc.exe:3380
csc.exe:3460
csc.exe:2896
csc.exe:2144
csc.exe:3820
%original file name%.exe:1812
cvtres.exe:2476
cvtres.exe:3900
cvtres.exe:1144
cvtres.exe:1228
cvtres.exe:3320
cvtres.exe:3004
cvtres.exe:3660
cvtres.exe:4040
cvtres.exe:1964
cvtres.exe:2380
cvtres.exe:308
cvtres.exe:2460
cvtres.exe:3568
cvtres.exe:3748
cvtres.exe:2060
cvtres.exe:3392
cvtres.exe:1496
cvtres.exe:4036
cvtres.exe:2976
cvtres.exe:1644
cvtres.exe:3560
cvtres.exe:800
cvtres.exe:3448
cvtres.exe:3152
cvtres.exe:2028
cvtres.exe:3036
cvtres.exe:968
cvtres.exe:1972
cvtres.exe:2236
cvtres.exe:3844
cvtres.exe:1668
cvtres.exe:3760
cvtres.exe:3220
cvtres.exe:1380
cvtres.exe:2160
cvtres.exe:2512
netsh.exe:1300
netsh.exe:2612
netsh.exe:948
netsh.exe:2936
netsh.exe:2680
netsh.exe:1724
netsh.exe:1932
netsh.exe:2824
netsh.exe:1836
netsh.exe:1144
netsh.exe:1884
netsh.exe:256
Agent.CPU.exe:1776 - Delete the original Worm file.
- Delete or disinfect the following files created/modified by the Worm:
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\btwnxq8x.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\kqticehf.0.cs (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\y53pgf1q.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-qkd3atn.0.cs (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r2q3etsq.cmdline (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\acr0gobf.0.cs (37988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pjzrg_vp.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\km9wtnkl.0.cs (676 bytes)
C:\ProgramData\Driver Support\Driver Support\dd.lic (144 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\btwnxq8x.out (560 bytes)
C:\ProgramData\Driver Support\Driver Support\UXState.dat (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lobok9e-.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r2q3etsq.out (783 bytes)
C:\ProgramData\Driver Support\Driver Support\RuleEngine\GlobalEnvironmentEvents.dat (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lobok9e-.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-la1ps6l.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\c7l3csrz.0.cs (37988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r1ultjq8.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rg79px7n.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\km9wtnkl.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\c7l3csrz.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\f56vwv71.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rz4g_caw.cmdline (499 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F6DEB9C1F3251400F7D6EB743CB14FB4 (452 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5vmchgql.out (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rg79px7n.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\2ggppmsk.newcfg (6034 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rg79px7n.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\evxwrpqu.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aiapy1ka.cmdline (704 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lobok9e-.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rdh1agrv.out (783 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mo609oh-.0.cs (7332 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r1ultjq8.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\xk2_nzqf.newcfg (11487 bytes)
C:\ProgramData\Driver Support\Driver Support\WL.dat (2 bytes)
C:\ProgramData\Driver Support\Driver Support\RuleEngine\GlobalEnvironmentProperties.dat (1242 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rpsktij-.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rdh1agrv.0.cs (24148 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lczz4avd.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-tuext67.out (562 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\6a884bdb6f1f42e19fe3a05771ed3944 (1924 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rz4g_caw.0.cs (6740 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\da037491005146f6a957b4ecb5bfed63 (5572 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lczz4avd.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\z-6zuk8l.0.cs (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\csp1icue.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ley4w52l.cmdline (457 bytes)
C:\ProgramData\Driver Support\Driver Support\DDSM\ScanManager.dat (34726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\i1qoptw_.0.cs (196 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\5800b95cecc34f8ba843cca0d25491ef (2500 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\DownloadResourceManager.dat (8006 bytes)
C:\ProgramData\Driver Support\Driver Support\RuleEngine\GlobalRules.dat (24016 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\f56vwv71.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5vmchgql.cmdline (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5edh4fjc.0.cs (388 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\csp1icue.cmdline (405 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\c7l3csrz.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jlb4na-p.0.cs (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\kqticehf.cmdline (516 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-qkd3atn.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\i1qoptw_.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mo609oh-.out (562 bytes)
C:\ProgramData\Driver Support\Driver Support\RuleEngine\RuleHistoryController.dat (986 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\20a37524b482440fb80dfbd16a6165e8 (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\bdjoku1t.newcfg (7500 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jlb4na-p.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F6DEB9C1F3251400F7D6EB743CB14FB4 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\btwnxq8x.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aoem7hgj.cmdline (460 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\z-6zuk8l.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\m5kls75s.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\f56vwv71.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\y53pgf1q.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\acr0gobf.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q__4mcj_.0.cs (2500 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 (1212 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\i1qoptw_.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\evxwrpqu.0.cs (2500 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\90d20744044b4080bc23bdb2e638d531 (5572 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rdh1agrv.cmdline (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\haqckqxh.newcfg (1854 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\m5kls75s.cmdline (704 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pjzrg_vp.out (508 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aiapy1ka.out (807 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_40F159D44D8C605036811A9D469F7AD9 (696 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\2pez68hb.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q__4mcj_.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\qilxnnaj.newcfg (14095 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\95y96zfk.newcfg (7500 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\evxwrpqu.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\m5kls75s.out (807 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q__4mcj_.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab8DBE.tmp (56 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\y53pgf1q.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lczz4avd.0.cs (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\2pez68hb.cmdline (457 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\fdd99775b9b54cd68b3752a8ed712bea (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-tuext67.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tfq1wl8u.out (807 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\z-6zuk8l.out (562 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\92e9a03209c04b85b8cfe19cb34337bc (7332 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tfq1wl8u.cmdline (704 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rz4g_caw.out (602 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\xfqebjqb.newcfg (2519 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\csp1icue.out (508 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\naqutiwk.newcfg (17322 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r1ultjq8.cmdline (457 bytes)
C:\ProgramData\Driver Support\Driver Support\RuleEngine\GlobalActions.dat (1100 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (141 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\88c6b75283d541b9a5bc732fd17b6423 (4708 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aoem7hgj.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mo609oh-.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\kqticehf.out (619 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_40F159D44D8C605036811A9D469F7AD9 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ley4w52l.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aiapy1ka.0.cs (388 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\acr0gobf.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\oiqmwd4e.newcfg (1456 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\w5_7cfef.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jlb4na-p.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 (370 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\49f89b2b79014b868045d79d209a85a4 (388 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pjzrg_vp.cmdline (405 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tfq1wl8u.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r2q3etsq.0.cs (40972 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\km9wtnkl.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\2pez68hb.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5vmchgql.0.cs (44948 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5edh4fjc.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-tuext67.cmdline (459 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (1104 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\4dc89ed7c3414aaf94db0dd16478f2b2 (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-la1ps6l.0.cs (196 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\5cbb170d9da74b06b83ca91f49997b76 (1444 bytes)
C:\ProgramData\Driver Support\Driver Support\DDRM\18430981175c4821b4d675d4e9314558 (1176074 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar8DBF.tmp (2784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aoem7hgj.out (563 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-la1ps6l.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\w5_7cfef.out (560 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rpsktij-.0.cs (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\9.1.4.66\4rvn9fcx.newcfg (11527 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (448 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ley4w52l.0.cs (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5edh4fjc.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (1058 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\w5_7cfef.cmdline (457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-qkd3atn.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rpsktij-.out (562 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCE5BD.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aoem7hgj.dll (3662 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCD346.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r1ultjq8.dll (3646 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\evxwrpqu.dll (5228 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCEC71.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\pjzrg_vp.dll (3646 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCC40.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5edh4fjc.dll (3938 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCB08.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\c7l3csrz.dll (4662 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCD2A.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCDB03.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rg79px7n.dll (3192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC9FF.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\z-6zuk8l.dll (4548 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-qkd3atn.dll (4950 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCA8B.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\2pez68hb.dll (3886 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCD9AC.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\kqticehf.dll (3552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCE714.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC26D2.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\acr0gobf.dll (4662 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC934.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rpsktij-.dll (4740 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCEA9D.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\tfq1wl8u.dll (3854 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\km9wtnkl.dll (4950 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCB1A3.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rdh1agrv.dll (5166 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC92BE.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCB24E.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jlb4na-p.dll (4548 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\m5kls75s.dll (3742 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCEB87.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC2848.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\csp1icue.dll (3710 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCA9A7.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\mo609oh-.dll (4806 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCD47E.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\y53pgf1q.dll (3790 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\rz4g_caw.dll (4838 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCAC27.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ey0upjyg.out (396 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCDDB2.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ey0upjyg.dll (4950 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCBB4.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q__4mcj_.dll (5228 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCD3E2.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ley4w52l.dll (3694 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\r2q3etsq.dll (4258 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC57C.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCB2DB.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lczz4avd.dll (4230 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC2D57.tmp (652 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\aiapy1ka.dll (3600 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCAA82.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q1tyzd7j.out (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q1tyzd7j.dll (4838 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\btwnxq8x.dll (3032 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCB931.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCF2E6.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\5vmchgql.dll (5394 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCDA7.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\f56vwv71.dll (3224 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC8A8.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-tuext67.dll (3534 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCEB0.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\i1qoptw_.dll (3726 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCD900.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\lobok9e-.dll (3678 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSC148A.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\-la1ps6l.dll (3304 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CSCD29A.tmp (664 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\w5_7cfef.dll (3000 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp\DotNetChecker.dll (1597 bytes)
%Program Files% (x86)\Driver Support\ICSharpCode.SharpZipLib.dll (7192 bytes)
%Program Files% (x86)\Driver Support\Agent.Common.XmlSerializers.dll (11344 bytes)
%Program Files% (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll (2392 bytes)
%Program Files% (x86)\Driver Support\RuleEngine.dll (17848 bytes)
%Program Files% (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.Downloaders.dll (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp\nsDialogs.dll (21 bytes)
%Program Files% (x86)\Driver Support\Common.dll (33536 bytes)
%Program Files% (x86)\Driver Support\ExceptionLogging.dll (784 bytes)
%Program Files% (x86)\Driver Support\Agent.CPU.exe (1856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp\LangDLL.dll (13 bytes)
%Program Files% (x86)\Driver Support\ISUninstall.exe (784 bytes)
%Program Files% (x86)\Driver Support\Interop.WUApiLib.dll (3312 bytes)
%Program Files% (x86)\Driver Support\Agent.ExceptionLogging.XmlSerializers.dll (1552 bytes)
%Program Files% (x86)\Driver Support\cpuidsdk.dll (28288 bytes)
%Program Files% (x86)\Driver Support\Agent.Common.dll (13368 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp\modern-header.bmp (784 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp\Linker.dll (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support\Uninstall Driver Support.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsz9D88.tmp (366997 bytes)
%Program Files% (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll (3312 bytes)
%Program Files% (x86)\Driver Support\DriverSupport.exe (190439 bytes)
%Program Files% (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll (4992 bytes)
%Program Files% (x86)\Driver Support\DriverSupport.Updater.exe.config (2 bytes)
%Program Files% (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll (5064 bytes)
%Program Files% (x86)\Driver Support\RuleEngine.XmlSerializers.dll (2392 bytes)
%Program Files% (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll (1856 bytes)
%Program Files% (x86)\Driver Support\config.dat (2 bytes)
%Program Files% (x86)\Driver Support\Uninstall.exe (2469 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp\modern-wizard.bmp (5520 bytes)
%Program Files% (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.dll (3312 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support\Driver Support.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9F4D.tmp\UserInfo.dll (8 bytes)
%Program Files% (x86)\Driver Support\XPBurnComponent.dll (1856 bytes)
%Program Files% (x86)\Driver Support\DriverSupport.chm (1552 bytes)
%Program Files% (x86)\Driver Support\ThemePack.DriverSupport.dll (31856 bytes)
%Program Files% (x86)\Driver Support\Agent.ExceptionLogging.dll (1856 bytes)
%Program Files% (x86)\Driver Support\Agent.Communication.dll (15536 bytes)
%Program Files% (x86)\Driver Support\DriverSupport.exe.config (2 bytes)
%Program Files% (x86)\Driver Support\Agent.Communication.XmlSerializers.dll (16288 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESDA8.tmp (3690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESA8C.tmp (3690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESAC37.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESD901.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES2D58.tmp (3666 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESE5CD.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESC51.tmp (3690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESDB04.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESAA83.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESE715.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESB1A4.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESEA9E.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES935.tmp (3690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESB09.tmp (3690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESD3E3.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESB24F.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES26D3.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESA00.tmp (3690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESD9AD.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES8A9.tmp (3690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESEB1.tmp (3690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESBB5.tmp (3690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESD3B.tmp (3690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES148B.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES2849.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESEB88.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES92BF.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESF2F7.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESB2DC.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESD47F.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESD29B.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RES57D.tmp (3690 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESD357.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESB932.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESA9A8.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESEC81.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RESDDC2.tmp (3698 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\cpuz136\cpuz136_x64.sys (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q1tyzd7j.cmdline (497 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\q1tyzd7j.0.cs (6740 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ey0upjyg.0.cs (676 bytes)
C:\ProgramData\Driver Support\Driver Support\CPUID.dat (876 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ey0upjyg.cmdline (457 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Driver Support" = "%Program Files% (x86)\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false" - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name: PC Drivers HeadQuarters LP
Product Name: Driver Support
Product Version: 9.1.4.66
Legal Copyright: PC Drivers HeadQuarters LP
Legal Trademarks:
Original Filename: DriverSupport.exe
Internal Name:
File Version: 9.1.4.66
File Description:
Comments:
Language: English (United States)
Company Name: PC Drivers HeadQuarters LPProduct Name: Driver SupportProduct Version: 9.1.4.66Legal Copyright: PC Drivers HeadQuarters LPLegal Trademarks: Original Filename: DriverSupport.exeInternal Name: File Version: 9.1.4.66File Description: Comments: Language: English (United States)
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 23540 | 23552 | 4.49035 | 92032f5e50e74fe0fe80a33ba4ca92db |
| .rdata | 28672 | 4558 | 4608 | 3.6294 | 5801d712ecba58aa87d1e7d1aa24f3aa |
| .data | 36864 | 108536 | 1024 | 3.48334 | f2470ac8847791744aff280e7e2f5353 |
| .ndata | 147456 | 86016 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .rsrc | 233472 | 30416 | 30720 | 3.47553 | acf7e504e9fb2a428b5dbe5cafd328d8 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a5a65ff8a989e7eb | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= | |
| hxxp://e6845.ce.akamaiedge.net/pca3-g5.crl | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CECMkFlOTkMQ5KGdSAcojyz8= | |
| hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f44aaddf1e28b195 | |
| hxxp://e6845.ce.akamaiedge.net/CSC3-2010.crl | |
| hxxp://a1621.g.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl | |
| hxxp://a1621.g.akamai.net/pki/crl/products/microsoftrootcert.crl | |
| hxxp://gdcrl.godaddy.com.akadns.net/repository/gd_intermediate.crt | |
| hxxp://a1621.g.akamai.net/pki/crl/products/WinPCA.crl | |
| hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?bb767d4abad4985e | |
| hxxp://a1621.g.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl | |
| hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?98d988b27ac8444b | |
| hxxp://blob.by1prdstr01a.store.core.windows.net/ipte/iPTE.1.0.4.7683.msi | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= | |
| hxxp://e6845.ce.akamaiedge.net/pca3.crl | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= | |
| hxxp://www.drivershq.com/driverdetective/dd.html?whitelabel=driversupport&utm_source=ddloc&utm_medium=en&utm_campaign=ddtracking | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= | |
| hxxp://a1383.dscg10.akamai.net/cd-rom.png | |
| hxxp://a1383.dscg10.akamai.net/video.png | |
| hxxp://a1383.dscg10.akamai.net/monitor.png | |
| hxxp://a1383.dscg10.akamai.net/usb2.png | |
| hxxp://a1383.dscg10.akamai.net/input.png | |
| hxxp://a1383.dscg10.akamai.net/hardDrive.png | |
| hxxp://a20.dscg10.akamai.net/pro1000pf_dualport_preview.jpg.rendition.cq5dam.thumbnail.219.146.png | |
| hxxp://a1383.dscg10.akamai.net/scsi.png | |
| hxxp://a1383.dscg10.akamai.net/printer.png | |
| hxxp://a1383.dscg10.akamai.net/multimedia.png | |
| hxxp://a38.dscg10.akamai.net/input.png | |
| hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | |
| hxxp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults | 162.242.141.70 |
| hxxp://apps.driversupport.com/imagefactory.ashx?modelid=0 | 162.242.141.70 |
| hxxp://e5799.g.akamaiedge.net/359eb7b28b26c98a238e6cdedc877947afb6a2ef/satelliteLib-6d2ff207543454d05c23a4bcb6934a30b796a147.js | |
| hxxp://pagead.l.doubleclick.net/pagead/conversion.js | |
| hxxp://e6640.g.akamaiedge.net/js/176561969.js | |
| hxxp://apps.driversupport.com/content/themes/base/images/win7_compatible.png | 162.242.141.70 |
| hxxp://d1pmrmlzxdx671.cloudfront.net/Scripts/custom.js?v=1.0.0.13 | 54.192.231.66 |
| hxxp://d1pmrmlzxdx671.cloudfront.net/content/themes/reset.css?v=1.0.0.13 | 54.192.231.66 |
| hxxp://d1pmrmlzxdx671.cloudfront.net/content/themes/UI/Argon/ScanResults.css?v=1.0.0.13 | 54.192.231.66 |
| hxxp://d1pmrmlzxdx671.cloudfront.net/content/themes/base/images/ms-certified-partner.png?v=1.0.0.13 | 54.192.231.66 |
| hxxp://d1pmrmlzxdx671.cloudfront.net/content/themes/UI/Argon/images/dsLogoNoCogWithBreak.png?v=1.0.0.13 | 54.192.231.66 |
| hxxp://d1pmrmlzxdx671.cloudfront.net/content/themes/UI/Argon/AltHeader.css?v=1.0.0.13 | 54.192.231.66 |
| hxxp://d1pmrmlzxdx671.cloudfront.net/bundles/TSUIBase?v=1.0.0.13 | 54.192.231.66 |
| hxxp://d1pmrmlzxdx671.cloudfront.net/bundles/TSUIScanResults?v=1.0.0.13 | 54.192.231.66 |
| hxxp://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js | 54.192.230.39 |
| hxxp://d1pmrmlzxdx671.cloudfront.net/content/themes/UI/Argon/images/bigFixit.png | 54.192.231.66 |
| hxxp://d1pmrmlzxdx671.cloudfront.net/content/themes/UI/Argon/images/upcarrot.png | 54.192.231.66 |
| hxxp://d1pmrmlzxdx671.cloudfront.net/content/themes/UI/Argon/images/leftArrow.png | 54.192.231.66 |
| hxxp://d1pmrmlzxdx671.cloudfront.net/content/themes/UI/Argon/images/severityIcon.png | 54.192.231.66 |
| hxxp://d1pmrmlzxdx671.cloudfront.net/content/themes/UI/Argon/images/fititButtonSprite.gif | 54.192.231.66 |
| hxxp://g.msn.com.nsatc.net/bat.js | |
| hxxp://stats.l.doubleclick.net/dc.js | |
| hxxp://d1pmrmlzxdx671.cloudfront.net/content/themes/UI/Argon/images/rightArrow.png | 54.192.231.66 |
| hxxp://g.msn.com.nsatc.net/action/0?ti=4002897&Ver=2&mid=e203559b-83f9-ed19-5e6b-dac9ae7c7a43&evt=pageLoad&pi=0&lg=en-US&sw=1916&sh=902&sc=24&tl=DriverSupport - Available Driver Updates&p=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&r=&rn=196697 | |
| hxxp://stats.l.doubleclick.net/__utm.gif?utmwv=5.6.1dc&utms=1&utmn=763144801&utmhn=apps.driversupport.com&utmcs=utf-8&utmsr=1916x902&utmvp=1900x805&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=DriverSupport - Available Driver Updates&utmhid=230678626&utmr=-&utmp=/postinstall/ScanResultsMedia?cart=https%253a%252f%252fsecure.driversupport.com%252fregistration%252fcart%253faf%253dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&utmht=1418315760382&utmac=UA-2010741-4&utmcc=__utma=164611050.388424965.1418315760.1418315760.1418315760.1;+__utmz=164611050.1418315760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=qB~ | |
| hxxp://g.msn.com.nsatc.net/action-uic/0?ti=4002897&Ver=2&mid=e203559b-83f9-ed19-5e6b-dac9ae7c7a43&evt=pageLoad&pi=0&lg=en-US&sw=1916&sh=902&sc=24&tl=DriverSupport - Available Driver Updates&p=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&r=&rn=842334 | |
| hxxp://e6845.ce.akamaiedge.net/crls/secureca.crl | |
| hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== | |
| hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCv3k0jGH6Vn | |
| hxxp://pagead.l.doubleclick.net/pagead/conversion/996887577/?random=1418315763273&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1 | |
| hxxp://e5799.g.akamaiedge.net/359eb7b28b26c98a238e6cdedc877947afb6a2ef/s-code-contents-1ce25cd3cd6d4f446079f5924eec249f6b3d3a78.js | |
| hxxp://apps.driversupport.com/postinstall/LogUIDOMReady | 162.242.141.70 |
| hxxp://apps.driversupport.com/imagefactory.ashx?rguid=c5f07e3a-a197-4627-9438-974b57fd6373&catid=4d36e972-e325-11ce-bfc1-08002be10318 | 162.242.141.70 |
| hxxp://apps.driversupport.com/postinstall/LogUIPageLoaded | 162.242.141.70 |
| hxxp://pagead.l.doubleclick.net/pagead/viewthroughconversion/996887577/?random=672765864&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0 | |
| hxxp://pagead.l.doubleclick.net/pagead/viewthroughconversion/996887577/?random=1418315763277&cv=7&fst=1418315763273&num=2&fmt=1&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1 | |
| hxxp://www.google.com/ads/user-lists/996887577/?fmt=1&num=2&cv=7&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&random=4049257803 | 173.194.113.210 |
| hxxp://www.google.com/ads/conversion/996887577/?random=672765864&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&random=3688664412 | 173.194.113.210 |
| hxxp://www.google.com.ua/ads/user-lists/996887577/?fmt=1&num=2&cv=7&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&random=4049257803&ipr=y | 173.194.113.215 |
| hxxp://www.google.com.ua/ads/conversion/996887577/?random=672765864&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&random=3688664412&ipr=y | 173.194.113.215 |
| hxxp://d1pmrmlzxdx671.cloudfront.net/content/themes/base/images/favicon.ico?v=1.0.0.13 | 54.192.231.66 |
| hxxp://pcdrivers.sc.omtrdc.net/b/ss/pcdprod/1/JS-1.4.1-D4BD/s54367519855486?AQB=1&ndh=1&pf=1&t=11/11/2014 18:36:3 4 -120&D=D=&fid=5C2E8A6DAF4C6301-09B4EAC6DFF6EFE5&ce=UTF-8&pageName=apps.driversupport.com/postinstall/ScanResultsMedia&g=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&events=event7&c2=%Content: Category (p2)%&c3=%Content: Section (p3)%&c4=%Content: Sub-Section (p4)%&c6=ScanResults&c8=/postinstall/ScanResultsMedia&v11=%Content: Category (p2)%&v12=%Content: Section (p3)%&v13=%Content: Sub-Section (p4)%&v26=13684600-ad88-4ba9-8423-494ed72da3ae&v28=30&v30=media&v33=9.1.4.66&v34=9.1.4.66&v52=ScanResults&v53=ScanResults&s=1916x902&c=24&j=1.6&v=Y&k=Y&bw=1916&bh=805&ct=lan&AQE=1 | 66.235.138.210 |
| hxxp://a1363.g.akamai.net/j/roundtrip.js | |
| hxxp://www.upsellit.com/custom/drivershq.jsp | |
| hxxp://adservers-users-1-875229371.eu-west-1.elb.amazonaws.com/pixel/ID6YJCUG4BA7BHFUIYCHOX/MJDFCCTA3JETLDLZWCFYDD?pv=95008905058.17587&cookie=&keyw= | |
| hxxp://pcdrivers.sc.omtrdc.net/b/ss/pcdprod/1/JS-1.4.1-D4BD/s54367519855486?AQB=1&pccr=true&&ndh=1&pf=1&t=11/11/2014 18:36:3 4 -120&D=D=&fid=5C2E8A6DAF4C6301-09B4EAC6DFF6EFE5&ce=UTF-8&pageName=apps.driversupport.com/postinstall/ScanResultsMedia&g=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&events=event7&c2=%Content: Category (p2)%&c3=%Content: Section (p3)%&c4=%Content: Sub-Section (p4)%&c6=ScanResults&c8=/postinstall/ScanResultsMedia&v11=%Content: Category (p2)%&v12=%Content: Section (p3)%&v13=%Content: Sub-Section (p4)%&v26=13684600-ad88-4ba9-8423-494ed72da3ae&v28=30&v30=media&v33=9.1.4.66&v34=9.1.4.66&v52=ScanResults&v53=ScanResults&s=1916x902&c=24&j=1.6&v=Y&k=Y&bw=1916&bh=805&ct=lan&AQE=1 | 66.235.138.210 |
| hxxp://www.upsellit.com/hound/monitor.jsp?qs=222263239272274311291323337332321338325289311328311346277328329&siteID=10238 | |
| hxxp://a1363.g.akamai.net/pixel/ID6YJCUG4BA7BHFUIYCHOX/MJDFCCTA3JETLDLZWCFYDD/IBURATUZTNHBFDLWQBB66R.js | |
| hxxp://adservers-users-1-875229371.eu-west-1.elb.amazonaws.com/cm/r/out | |
| hxxp://pagead.l.doubleclick.net/pagead/conversion/933633792/?label=NtOJCPjf1hEQgL6YvQM&guid=ON&script=0&ord=6861940290426481 | |
| hxxp://pagead.l.doubleclick.net/pagead/conversion/933633792/?label=xn2YCKKm-1UQgL6YvQM&guid=ON&script=0&ord=6861940290426481 | |
| hxxp://adservers-users-1-875229371.eu-west-1.elb.amazonaws.com/cm/g/out?google_nid=adroll4 | |
| hxxp://adservers-users-1-875229371.eu-west-1.elb.amazonaws.com/cm/l/out | |
| hxxp://adservers-users-1-875229371.eu-west-1.elb.amazonaws.com/cm/b/out | |
| hxxp://adservers-users-1-875229371.eu-west-1.elb.amazonaws.com/cm/x/out | |
| hxxp://adservers-users-1-875229371.eu-west-1.elb.amazonaws.com/cm/f/out | |
| hxxp://pagead.l.doubleclick.net/pagead/viewthroughconversion/933633792/?label=NtOJCPjf1hEQgL6YvQM&guid=ON&script=0&ord=6861940290426481&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&random=1049230801 | |
| hxxp://pagead.l.doubleclick.net/pagead/viewthroughconversion/933633792/?label=xn2YCKKm-1UQgL6YvQM&guid=ON&script=0&ord=6861940290426481&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&random=30957904 | |
| hxxp://adservers-users-1-875229371.eu-west-1.elb.amazonaws.com/cm/w/out | |
| hxxp://ib.anycast.adnxs.com/seg?add=1602123&t=2 | |
| hxxp://ib.anycast.adnxs.com/seg?add=1973902&t=2 | |
| hxxp://www.google.com/ads/user-lists/933633792/?label=xn2YCKKm-1UQgL6YvQM&script=0&ct_cookie_present=false&random=2570465599 | 173.194.113.210 |
| hxxp://www.google.com/ads/user-lists/933633792/?label=NtOJCPjf1hEQgL6YvQM&script=0&ct_cookie_present=false&random=2712868772 | 173.194.113.210 |
| hxxp://ib.anycast.adnxs.com/bounce?/seg?add=1973902&t=2 | |
| hxxp://ib.anycast.adnxs.com/bounce?/seg?add=1602123&t=2 | |
| hxxp://www.google.com.ua/ads/user-lists/933633792/?label=NtOJCPjf1hEQgL6YvQM&script=0&ct_cookie_present=false&random=2712868772&ipr=y | 173.194.113.215 |
| hxxp://www.google.com.ua/ads/user-lists/933633792/?label=xn2YCKKm-1UQgL6YvQM&script=0&ct_cookie_present=false&random=2570465599&ipr=y | 173.194.113.215 |
| hxxp://ds-any-world.ngd.ysm.yahoodns.net/pixel?id=2498203&t=2&piggyback=http://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1 | |
| hxxp://pagead.l.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=JjApvv9WI0p6LzWifdhVEw&google_ula=1535926 | |
| hxxp://x.bidswitch.net/sync?dsp_id=44&user_id=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM | 23.251.139.154 |
| hxxp://star.c10r.facebook.com/fr/u.php?t=2592000&p=443937282305007&m=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM | |
| hxxp://ds-any-world.ngd.ysm.yahoodns.net/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1 | |
| hxxp://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM | 23.251.139.154 |
| hxxp://idsync-ext.rlcdn.com/377928.gif?partner_uid=263029beff56234a7a2f35a27dd85513 | |
| hxxp://adservers-users-1-875229371.eu-west-1.elb.amazonaws.com/cm/r/in?xid=KBgCC6FUe9PSyWP2DG4.yWXZ | |
| hxxp://idsync-ext.rlcdn.com/377928.gif?partner_uid=263029beff56234a7a2f35a27dd85513&redirect=1 | |
| hxxp://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=ee37b96e-98b7-465e-94e5-b1d77765b708 | 198.47.127.15 |
| hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= | |
| hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys= | |
| hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI20A== | |
| hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBQ/m36Fj2BE19VBYXRO62zrgIYp0gQUQnlUG2HNVSs+Y9U8SFf1n/tFzkoCAwJ35A== | |
| hxxp://adservers-users-1-875229371.eu-west-1.elb.amazonaws.com/cm/g/in?google_ula=1535926,0 | |
| hxxp://d.adroll.com/cm/g/in?google_ula=1535926,0 | 54.246.126.61 |
| hxxp://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=JjApvv9WI0p6LzWifdhVEw&google_ula=1535926 | 173.194.113.218 |
| hxxp://70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com/multimedia.png | 213.155.152.224 |
| hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys= | 93.184.220.29 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= | 23.43.139.27 |
| hxxp://idsync.rlcdn.com/377928.gif?partner_uid=263029beff56234a7a2f35a27dd85513&redirect=1 | 54.210.188.168 |
| hxxp://a.adroll.com/j/roundtrip.js | 87.245.202.48 |
| hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== | 23.43.139.27 |
| hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= | 93.184.220.29 |
| hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl | 87.245.202.48 |
| hxxp://d.adroll.com/cm/g/out?google_nid=adroll4 | 54.246.126.61 |
| hxxp://d.adroll.com/cm/f/out | 54.246.126.61 |
| hxxp://bat.bing.com/action/0?ti=4002897&Ver=2&mid=e203559b-83f9-ed19-5e6b-dac9ae7c7a43&evt=pageLoad&pi=0&lg=en-US&sw=1916&sh=902&sc=24&tl=DriverSupport - Available Driver Updates&p=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&r=&rn=196697 | 207.46.194.14 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= | 23.43.139.27 |
| hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCv3k0jGH6Vn | 173.194.113.198 |
| hxxp://crl.verisign.com/pca3.crl | 23.43.133.163 |
| hxxp://ib.adnxs.com/bounce?/seg?add=1602123&t=2 | 37.252.170.69 |
| hxxp://70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com/scsi.png | 213.155.152.224 |
| hxxp://googleads.g.doubleclick.net/pagead/viewthroughconversion/933633792/?label=xn2YCKKm-1UQgL6YvQM&guid=ON&script=0&ord=6861940290426481&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&random=30957904 | 173.194.113.205 |
| hxxp://70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com/input.png | 213.155.152.224 |
| hxxp://www.googleadservices.com/pagead/conversion.js | 173.194.113.205 |
| hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl | 87.245.202.48 |
| hxxp://googleads.g.doubleclick.net/pagead/viewthroughconversion/996887577/?random=1418315763277&cv=7&fst=1418315763273&num=2&fmt=1&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1 | 173.194.113.205 |
| hxxp://70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com/cd-rom.png | 213.155.152.224 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= | 23.43.139.27 |
| hxxp://ib.adnxs.com/seg?add=1602123&t=2 | 37.252.170.69 |
| hxxp://www.facebook.com/fr/u.php?t=2592000&p=443937282305007&m=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM | 173.252.100.27 |
| hxxp://cdn.optimizely.com/js/176561969.js | 23.64.228.211 |
| hxxp://ocsp.geotrust.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI20A== | 23.43.139.27 |
| hxxp://e49b30b1dab19bb21dcf-bce5d432a4997ec4ca1b037336914d84.r88.cf1.rackcdn.com/printer.png | 213.155.152.224 |
| hxxp://www.googleadservices.com/pagead/conversion/933633792/?label=xn2YCKKm-1UQgL6YvQM&guid=ON&script=0&ord=6861940290426481 | 173.194.113.205 |
| hxxp://1b168f054a2c3427459f-daaeafaf8ae4e7adccb47a82a8360bf0.r36.cf1.rackcdn.com/input.png | 213.155.152.195 |
| hxxp://cdn.driversupport.com/ipte/iPTE.1.0.4.7683.msi | |
| hxxp://ib.adnxs.com/seg?add=1973902&t=2 | 37.252.170.69 |
| hxxp://www.googleadservices.com/pagead/conversion/996887577/?random=1418315763273&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1 | 173.194.113.205 |
| hxxp://crl.verisign.com/pca3-g5.crl | 23.43.133.163 |
| hxxp://bat.r.msn.com/action-uic/0?ti=4002897&Ver=2&mid=e203559b-83f9-ed19-5e6b-dac9ae7c7a43&evt=pageLoad&pi=0&lg=en-US&sw=1916&sh=902&sc=24&tl=DriverSupport - Available Driver Updates&p=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&r=&rn=842334 | 1.103.192.18 |
| hxxp://9478ead64acb3b167847-1e1b59e1b8bb5e93fbebd0cc2fdbf9a2.r18.cf1.rackcdn.com/pro1000pf_dualport_preview.jpg.rendition.cq5dam.thumbnail.219.146.png | 213.155.152.226 |
| hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl | 87.245.202.48 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= | 23.43.139.27 |
| hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f44aaddf1e28b195 | 87.245.202.24 |
| hxxp://a.adroll.com/pixel/ID6YJCUG4BA7BHFUIYCHOX/MJDFCCTA3JETLDLZWCFYDD/IBURATUZTNHBFDLWQBB66R.js | 87.245.202.48 |
| hxxp://d.adroll.com/cm/x/out | 54.246.126.61 |
| hxxp://d.adroll.com/pixel/ID6YJCUG4BA7BHFUIYCHOX/MJDFCCTA3JETLDLZWCFYDD?pv=95008905058.17587&cookie=&keyw= | 54.246.126.61 |
| hxxp://assets.adobedtm.com/359eb7b28b26c98a238e6cdedc877947afb6a2ef/s-code-contents-1ce25cd3cd6d4f446079f5924eec249f6b3d3a78.js | 23.64.225.120 |
| hxxp://googleads.g.doubleclick.net/pagead/viewthroughconversion/996887577/?random=672765864&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0 | 173.194.113.205 |
| hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a5a65ff8a989e7eb | 87.245.202.24 |
| hxxp://www.googleadservices.com/pagead/conversion/933633792/?label=NtOJCPjf1hEQgL6YvQM&guid=ON&script=0&ord=6861940290426481 | 173.194.113.205 |
| hxxp://idsync.rlcdn.com/377928.gif?partner_uid=263029beff56234a7a2f35a27dd85513 | 54.210.188.168 |
| hxxp://d.adroll.com/cm/r/in?xid=KBgCC6FUe9PSyWP2DG4.yWXZ | 54.246.126.61 |
| hxxp://certificates.godaddy.com/repository/gd_intermediate.crt | 50.63.243.228 |
| hxxp://70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com/video.png | 213.155.152.224 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CECMkFlOTkMQ5KGdSAcojyz8= | 23.43.139.27 |
| hxxp://stats.g.doubleclick.net/__utm.gif?utmwv=5.6.1dc&utms=1&utmn=763144801&utmhn=apps.driversupport.com&utmcs=utf-8&utmsr=1916x902&utmvp=1900x805&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=DriverSupport - Available Driver Updates&utmhid=230678626&utmr=-&utmp=/postinstall/ScanResultsMedia?cart=https%253a%252f%252fsecure.driversupport.com%252fregistration%252fcart%253faf%253dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&utmht=1418315760382&utmac=UA-2010741-4&utmcc=__utma=164611050.388424965.1418315760.1418315760.1418315760.1;+__utmz=164611050.1418315760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=qB~ | 173.194.71.154 |
| hxxp://d.adroll.com/cm/w/out | 54.246.126.61 |
| hxxp://d.adroll.com/cm/r/out | 54.246.126.61 |
| hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl | 87.245.202.48 |
| hxxp://csc3-2010-crl.verisign.com/CSC3-2010.crl | 23.43.133.163 |
| hxxp://downloads.drivershq.com/driverdetective/dd.html?whitelabel=driversupport&utm_source=ddloc&utm_medium=en&utm_campaign=ddtracking | 192.237.193.236 |
| hxxp://ib.adnxs.com/bounce?/seg?add=1973902&t=2 | 37.252.170.69 |
| hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?bb767d4abad4985e | 87.245.202.24 |
| hxxp://70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com/hardDrive.png | 213.155.152.224 |
| hxxp://stats.g.doubleclick.net/dc.js | 173.194.71.154 |
| hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= | 23.43.139.27 |
| hxxp://d.adroll.com/cm/l/out | 54.246.126.61 |
| hxxp://gtssl-ocsp.geotrust.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBQ/m36Fj2BE19VBYXRO62zrgIYp0gQUQnlUG2HNVSs+Y9U8SFf1n/tFzkoCAwJ35A== | 23.43.139.27 |
| hxxp://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=http://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1 | 217.163.21.34 |
| hxxp://crl.geotrust.com/crls/secureca.crl | 23.43.133.163 |
| hxxp://d.adroll.com/cm/b/out | 54.246.126.61 |
| hxxp://70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com/usb2.png | 213.155.152.224 |
| hxxp://70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com/monitor.png | 213.155.152.224 |
| hxxp://assets.adobedtm.com/359eb7b28b26c98a238e6cdedc877947afb6a2ef/satelliteLib-6d2ff207543454d05c23a4bcb6934a30b796a147.js | 23.64.225.120 |
| hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?98d988b27ac8444b | 87.245.202.24 |
| webservices.drivershq.com | 64.49.225.72 |
| ajax.googleapis.com | 64.233.161.95 |
| analytics.twitter.com | 1.115.192.22 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /multimedia.png HTTP/1.1
Host: 70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com
Connection: Close
HTTP/1.1 200 OK
Last-Modified: Fri, 24 Oct 2014 17:06:39 GMT
ETag: 2d6190bacdcda0d53d288a8c669dccb0
Content-Length: 14750
Accept-Ranges: bytes
X-Timestamp: 1414170398.63064
Content-Type: image/png
X-Trans-Id: tx2d3ac838a31b4064bda40-00544a89e1ord1
Cache-Control: public, max-age=27
Expires: Thu, 11 Dec 2014 16:36:21 GMT
Date: Thu, 11 Dec 2014 16:35:54 GMT
Connection: close
.PNG........IHDR.......,......i......PLTE......'''...KKK===222&&&...HHH)))RRR * ...$$$!!!666444...:::000MMMlllCCC...BBB888???......iii...eeeVVV......ZZZ......]]]nnn...FFF...,,,```AAA...EEE.........OOO...kkkyyy.........ggg~~~......bbb...........................ttt......qqq...........................g.....8WIDATx....w.....$J.d.rQ.T.1(..(m.-....*...$h.....V..5...2....'I.66666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666_..T*uo.t.......h..[#..........sxt...6l1.C.;...H...Z..f.I.X$..)....5.e.-9lv..m.]0i%.J. ..,.j&..d2.*..(.....4.VZ.v....4.2<.......yS..tZ.#e..>.6.VS)./#s........6.6;...s...>%.....fR.O..6.fl'.....6.a]T..i;buX...Z&.....kX.V.=MyUQ...I...a....P7<9..(.6.S... `..3.(.y...r.a..CH...%b..S2...@=..Q9....3.....*(..< ....E.q.*...kaV....d......a-...j.m....TQE6.....m.yyY..M.W....<.).9.....H.^-.....B... ....M..@.oQ...T..SeQ.X...?...IU.$...d.:.^,...C..i.....k..9.! .H..G.zX....zSh.^....R:.t)Ljz....)2Q2/.....5..X*.......N.....i..h.2......>|.......V#...@%i.....k\.............ya?......r.....I........|F...g........ARh....C....$i.....cx..Aw.@p......".....2"..B...tA.B.|..n.`.)lD..F...qA.`X..o.GM.y.......1..........8 .j....fS..D.ry.W.j..y!..... U...........|m......m.j...1Px.F...$.GKAHW9..=VN...{e.......r.!....Q....1e3F.uh...I9.....}..R...ZmB.....E%........R._%F&.n.;.......tR.*.....K.G.E.......~T...S....Kz.."0....;...geU......#.n.{q~|v.?.J...`:....(..Y....M..."WW.....9.74..Z..*...j'.H$..OH.R.N.5].KW..K!N3...{vm.....3....>.Q.^Y`q...... ...... !..^..d..Dj.....u.
<<< skipped >>>
POST /postinstall/LogUIPageLoaded HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: apps.driversupport.com
Content-Length: 65
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: optimizelySegments={"176773665":"false","176809951":"direct","176875026":"ie"}; optimizelyEndUserId=oeu1418315759846r0.5595372060045518; optimizelyBuckets={}; optimizelyPendingLogEvents=[]; __utma=164611050.388424965.1418315760.1418315760.1418315760.1; __utmb=164611050.1.10.1418315760; __utmc=164611050; __utmz=164611050.1418315760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
uuid=13684600-ad88-4ba9-8423-494ed72da3ae×tamp=1418315763333
HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/8.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 11 Dec 2014 16:36:03 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/8.0..X-AspNetMvc-Version: 5.2..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Thu, 11 Dec 2014 16:36:03 GMT..Content-Length: 0..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1697
content-transfer-encoding: binary
Cache-Control: max-age=366938, public, no-transform, must-revalidate
Last-Modified: Mon, 8 Dec 2014 22:27:34 GMT
Expires: Mon, 15 Dec 2014 22:27:34 GMT
Date: Thu, 11 Dec 2014 16:35:34 GMT
Connection: keep-alive
0..........0..... .....0......0...0...A0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCSP Responder..20141208222734Z0s0q0I0... ........?.@..w.........Y.!......Q...==d6|h.[x....7..`..........cV.!.....20141208222734Z....20141215222734Z0...*.H............. @..w.r....|]w...J....x..u.W..<.(u.>..#...5.4T..~Y..4HkC.........Tw....v..G.....-....Gt........,b..W^..%.....d....t.dqT0y.............u.v.......D{A......>...*m..V.4Y.>.&|..L.....fi.....(.Y.Ag..B..$h...H..b.k...*U.Y..T..]].5.i.V...5.....We.9u.X..(vD.Te....)....0...0...0..{.........[..I|.....Zm..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA0...140428000000Z..150729235959Z0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCSP Responder0.."0...*.H.............0.........Y....h..@..>.....%.-.....O...' y.........x..Gw.xF.....?..Z..u,.X.&..........3C..H.l.....f..;]s!.\"v...|....].@.....K7m2...N......-S.I......5n...G7. ..W....n..*..-f?EY.......UN...r...........-_.%..,P;b.....)(.P.4...,.%....<..6.....[r^X.EV..S...5#'Y.. .TD...........0...0...U.......0.0...U.%..0... .......0...U...........0... .....0......0f..U. ._0]0[..`.H...E....0L0#.. .........hXXps://d.symcb.com/cps0%.. .......0...hXXps://d.symcb.com/rpa0!..U....0...0.1.0...U....TGV-B-1080...U......"...?....`>q..i1o...0...U.#..0.....Q...==d6|h.[x....70...*.H.............B8@.$..wo......E.....P52"b*@'C\.y.(...n....h.f..7f.....v...pb<...]..|..
<<< skipped >>>
GET /ads/conversion/996887577/?random=672765864&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&random=3688664412 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com
HTTP/1.1 302 Found
Location: hXXp://VVV.google.com.ua/ads/conversion/996887577/?random=672765864&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&random=3688664412&ipr=y
Cache-Control: private, max-age=43200
Date: Thu, 11 Dec 2014 16:36:03 GMT
Expires: Thu, 11 Dec 2014 16:36:03 GMT
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 943
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/ads/conversion/996887577/?random=672765864&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&random=3688664412&ipr=y">here</A>...</BODY></HTML>......
<<< skipped >>>
GET /ads/user-lists/933633792/?label=xn2YCKKm-1UQgL6YvQM&script=0&ct_cookie_present=false&random=2570465599 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com
HTTP/1.1 302 Found
Location: hXXp://VVV.google.com.ua/ads/user-lists/933633792/?label=xn2YCKKm-1UQgL6YvQM&script=0&ct_cookie_present=false&random=2570465599&ipr=y
Cache-Control: private, max-age=43200
Date: Thu, 11 Dec 2014 16:36:05 GMT
Expires: Thu, 11 Dec 2014 16:36:05 GMT
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 346
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/ads/user-lists/933633792/?label=xn2YCKKm-1UQgL6YvQM&script=0&ct_cookie_present=false&random=2570465599&ipr=y">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Location: hXXp://VVV.google.com.ua/ads/user-lists/933633792/?label=xn2YCKKm-1UQgL6YvQM&script=0&ct_cookie_present=false&random=2570465599&ipr=y..Cache-Control: private, max-age=43200..Date: Thu, 11 Dec 2014 16:36:05 GMT..Expires: Thu, 11 Dec 2014 16:36:05 GMT..Content-Type: text/html; charset=UTF-8..X-Content-Type-Options: nosniff..Server: adclick_server..Content-Length: 346..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="http://VVV.google.com.ua/ads/user-lists/933633792/?label=xn2YCKKm-1UQgL6YvQM&script=0&ct_cookie_present=false&random=2570465599&ipr=y">here</A>...</BODY></HTML>....
<<< skipped >>>
GET /pagead/viewthroughconversion/996887577/?random=672765864&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4
HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Thu, 11 Dec 2014 16:36:03 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://VVV.google.com/ads/conversion/996887577/?random=672765864&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&random=3688664412
Content-Type: image/gif
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............!.......,...........D.;HTTP/1.1 302 Found..P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Date: Thu, 11 Dec 2014 16:36:03 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Location: hXXp://VVV.google.com/ads/conversion/996887577/?random=672765864&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&random=3688664412..Content-Type: image/gif..X-Content-Type-Options: nosniff..Server: cafe..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............!.......,...........D.;....
<<< skipped >>>
GET /pagead/viewthroughconversion/933633792/?label=xn2YCKKm-1UQgL6YvQM&guid=ON&script=0&ord=6861940290426481&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&random=30957904 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4
HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Thu, 11 Dec 2014 16:36:04 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://VVV.google.com/ads/user-lists/933633792/?label=xn2YCKKm-1UQgL6YvQM&script=0&ct_cookie_present=false&random=2570465599
Content-Type: image/gif
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............!.......,...........D.;HTTP/1.1 302 Found..P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Date: Thu, 11 Dec 2014 16:36:04 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Location: hXXp://VVV.google.com/ads/user-lists/933633792/?label=xn2YCKKm-1UQgL6YvQM&script=0&ct_cookie_present=false&random=2570465599..Content-Type: image/gif..X-Content-Type-Options: nosniff..Server: cafe..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............!.......,...........D.;..
GET /pixel?id=2498203&t=2&piggyback=http://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Cookie: B=52qa5ah9dvsod&b=3&s=ur; RMBX=52qa5ah9dvsod&b=3&s=ur&t=33; ih="b!!!!#!C'Wg!!!!#>[b?c"
DNT: 1
Connection: Keep-Alive
Host: ads.yahoo.com
GET /cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Cookie: B=52qa5ah9dvsod&b=3&s=ur; RMBX=52qa5ah9dvsod&b=3&s=ur&t=33; ih="b!!!!#!C'Wg!!!!#>[b?c"
DNT: 1
Connection: Keep-Alive
Host: ads.yahoo.com
HTTP/1.1 302 Found
Date: Thu, 11 Dec 2014 16:36:05 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: RMBX=52qa5ah9dvsod&b=3&s=ur&t=33; path=/; expires=Sat, 10-Dec-2016 16:36:05 GMT
Set-Cookie: RMBX=52qa5ah9dvsod&b=3&s=ur&t=33; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT; domain=.yahoo.com
Location: hXXp://d.adroll.com/cm/r/in?xid=KBgCC6FUe9PSyWP2DG4.yWXZ
Cache-Control: private
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Age: 0
Connection: keep-alive
Server: ATS
HTTP/1.1 302 Found..Date: Thu, 11 Dec 2014 16:36:05 GMT..P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"..Set-Cookie: RMBX=52qa5ah9dvsod&b=3&s=ur&t=33; path=/; expires=Sat, 10-Dec-2016 16:36:05 GMT..Set-Cookie: RMBX=52qa5ah9dvsod&b=3&s=ur&t=33; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT; domain=.yahoo.com..Location: http://d.adroll.com/cm/r/in?xid=KBgCC6FUe9PSyWP2DG4.yWXZ..Cache-Control: private..Content-Length: 0..Content-Type: text/plain; charset=utf-8..Age: 0..Connection: keep-alive..Server: ATS..
GET /fr/u.php?t=2592000&p=443937282305007&m=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.facebook.com
HTTP/1.1 200 OK
Date: Thu, 11 Dec 2014 08:36:05 PST
Content-Type: image/gif
Pragma: public
Cache-Control: public, max-age=0
Expires: Thu, 11 Dec 2014 08:36:05 PST
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=edge,chrome=1
Content-Encoding: gzip
X-FB-Debug: vQTp7Lz UuWzi4lWGMR2N 3DkXjfhQOMCwZgFi8bMN0R1ib eZKLcKGqsIZhhn7HknKH6mrtdJ91GsuLiVYxSg==
Transfer-Encoding: chunked
Connection: keep-alive
2f............r.t..Ldd`dh`....,. Z.D.d...\...........a....v.h. .....0..HTTP/1.1 200 OK..Date: Thu, 11 Dec 2014 08:36:05 PST..Content-Type: image/gif..Pragma: public..Cache-Control: public, max-age=0..Expires: Thu, 11 Dec 2014 08:36:05 PST..X-XSS-Protection: 0..X-Content-Type-Options: nosniff..X-UA-Compatible: IE=edge,chrome=1..Content-Encoding: gzip..X-FB-Debug: vQTp7Lz UuWzi4lWGMR2N 3DkXjfhQOMCwZgFi8bMN0R1ib eZKLcKGqsIZhhn7HknKH6mrtdJ91GsuLiVYxSg==..Transfer-Encoding: chunked..Connection: keep-alive..2f............r.t..Ldd`dh`....,. Z.D.d...\...........a....v.h. .....0..
GET /ads/conversion/996887577/?random=672765864&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&cdct=2&convclickts=0&random=3688664412&ipr=y HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com.ua
HTTP/1.1 200 OK
Content-Type: image/gif
Date: Thu, 11 Dec 2014 16:36:03 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..Content-Type: image/gif..Date: Thu, 11 Dec 2014 16:36:03 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-store, must-revalidate..X-Content-Type-Options: nosniff..Server: adclick_server..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............!.......,...........D.;....
GET /ads/user-lists/933633792/?label=NtOJCPjf1hEQgL6YvQM&script=0&ct_cookie_present=false&random=2712868772&ipr=y HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com.ua
HTTP/1.1 200 OK
Content-Type: image/gif
Date: Thu, 11 Dec 2014 16:36:05 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..Content-Type: image/gif..Date: Thu, 11 Dec 2014 16:36:05 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-store, must-revalidate..X-Content-Type-Options: nosniff..Server: adclick_server..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............!.......,...........D.;..
GET /content/themes/UI/Argon/ScanResults.css?v=1.0.0.13 HTTP/1.1
Accept: text/css
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d1pmrmlzxdx671.cloudfront.net
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 13665
Connection: keep-alive
Cache-Control: public,max-age=3600
Last-Modified: Tue, 02 Dec 2014 20:43:09 GMT
Accept-Ranges: bytes
ETag: "3447e59470ed01:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Tue, 02 Dec 2014 21:23:07 GMT
Age: 3002
X-Cache: Hit from cloudfront
Via: 1.1 3d412ad301f6861db40352c43a580a9d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: E9WoX5ZYyWrYyUNZT7fqKOoRLc__bBbJrW5ZQ-UYc5tVL0SWyDTghg==
.../*General*/..html{min-width:100%; min-height:100%; margin:0px; padding:0px;}..body {.background: #747473; /* Old browsers */..background: -moz-linear-gradient(top, #747473 0%, #9d9e9e 100%); /* FF3.6 */..background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#747473), color-stop(100%,#9d9e9e)); /* Chrome,Safari4 */..background: -webkit-linear-gradient(top, #747473 0%,#9d9e9e 100%); /* Chrome10 ,Safari5.1 */..background: -o-linear-gradient(top, #747473 0%,#9d9e9e 100%); /* Opera 11.10 */..background: -ms-linear-gradient(top, #747473 0%,#9d9e9e 100%); /* IE10 */..background: linear-gradient(to bottom, #747473 0%,#9d9e9e 100%); /* W3C */..filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#747473', endColorstr='#9d9e9e',GradientType=0 ); /* IE6-9 */..min-height:100%;..min-width:100%;..position:relative;..margin:0px;..padding:0px;..}..#wrapper {width: 980px; margin: 0px auto; height:100%; padding:0px; box-shadow:0px 0px 20px #555;}..#header {height: 55px;.width: 100%; background-color:#eeeeee;}..#footer {height:75px; width:940px; background-color:#eeeeee; position:relative; min-height:100px;padding: 20px;}...logo-disclaimer{ width:100%; display:inline-block;padding: 5px 0;}...logo-disclaimer p{ color:#777; font-size:12px; text-align:center; line-height: 16px;}...price-disclaimer{ width:100%; display:inline-block;padding: 5px 0;}...price-disclaimer p{ color:#777; font-size:12px; text-align:center; line-height: 16px;}..#content { width: 940px; background: #f6f6f6; padd
<<< skipped >>>
GET /content/themes/UI/Argon/images/leftArrow.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d1pmrmlzxdx671.cloudfront.net
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 731
Connection: keep-alive
Cache-Control: public,max-age=3600
Last-Modified: Mon, 10 Nov 2014 19:19:03 GMT
Accept-Ranges: bytes
ETag: "b6821a301bfdcf1:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Thu, 13 Nov 2014 16:41:44 GMT
Age: 3002
X-Cache: Hit from cloudfront
Via: 1.1 3d412ad301f6861db40352c43a580a9d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: pNmcZlEWSwC823B5uzQZYt8TxsJaw2GcrV16QcrgfScG-UL1Cd_aMg==
.PNG........IHDR...%...G........R....pHYs................ cHRM...........|..y...V.......9=.."^.Ph....aIDATx....m.0.@_.....{.m..\...... ....._?..@....#d.......X..tG.`..e.......;.......-.............i..;X.......yn.*..e.....U.....b..B......E..%'T.f....9.X..jF.}ZFo.6e...1..s.K.N@.B8yA...5..1.p.Z.J...=.y@-n../j`.....%..u............../.:...A..F..G.1e...&Uy..n.M.R.(...P*....B......E.Pf...2u......B..h.....P...@..H...ER.,..@es.X......1fw....Z........r..4S...{k.k.'.Q..d.C...........!...&.k..U)a .r.(E*y....R$...H.}.x..C..'..7.j.zt.P.......m...X.b.qx....8dw..-VV.I6...&..gq..*..4. w.i.f....^ts..F...,Z....j..:.....a.Pf..>Z3q..!..a..v/(..r...r..i..ax..k.V{/..a.....9.V..#....}}..sX...!.n?...3'.Y..E.x.^p.<..........;.S..t..[W....IEND.B`.....
GET /content/themes/UI/Argon/images/rightArrow.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d1pmrmlzxdx671.cloudfront.net
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 1557
Connection: keep-alive
Cache-Control: public,max-age=3600
Last-Modified: Mon, 10 Nov 2014 19:19:03 GMT
Accept-Ranges: bytes
ETag: "86f61e301bfdcf1:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Thu, 13 Nov 2014 16:41:44 GMT
Age: 3002
X-Cache: Hit from cloudfront
Via: 1.1 3d412ad301f6861db40352c43a580a9d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 0u7Ya84RTwzXgknao-sYkJQhN0El4p2ft-mTCVMGgJPz66WjhZtE4g==
.PNG........IHDR...%...G........R....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:B1CFBE1C0D1E11E493398B825AF7DEE9" xmpMM:DocumentID="xmp.did:B1CFBE1D0D1E11E493398B825AF7DEE9"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:B1CFBE1A0D1E11E493398B825AF7DEE9" stRef:documentID="xmp.did:B1CFBE1B0D1E11E493398B825AF7DEE9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.h.T....IDATx....m.0.FSO.....E.P.A.A3.0A....,....`.F...T.).Br..w...Q.....;........z.S.......es....1a........u.-...{.z..:...zQz...7...7KF*..i.....:Q:v.m.,.z...(.&.6cn....(....i......'tP$...F.5...N..=...`M......J..........S)m ..k.c... .OJU..'y.............M.X.[.,O!.0..i..5.aA.).;,H.y;,H.z:, ......5wXP.ES.i.L..f.D.0I.6.*.H..........6V....x7..#..%T..;l.pI...a..T..hEk(........0 .Y...j...g*k..".-.1.zuTP.v..Zq...}s.i...4.....TZ*........P...Zm..39......^....G.?...i..h.g..pM.<.....Y...R.H..k.`.!9..*...Aq.......P.....':.A..r.......v."..Aq.......P.d."m.L].Cq.j."...Eb(O....]4....F..r.(.P..."..*.._d...
<<< skipped >>>
GET /content/themes/base/images/favicon.ico?v=1.0.0.13 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: d1pmrmlzxdx671.cloudfront.net
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/x-icon
Content-Length: 1150
Connection: keep-alive
Cache-Control: public,max-age=3600
Last-Modified: Mon, 10 Nov 2014 19:19:02 GMT
Accept-Ranges: bytes
ETag: "72c832f1bfdcf1:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Tue, 02 Dec 2014 21:23:16 GMT
X-Cache: RefreshHit from cloudfront
Via: 1.1 3d412ad301f6861db40352c43a580a9d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Sb9-NCpFztEF4eqHkKQ70d8_6piN8JxGSGqOicpxkrKfmWiq6jXBCQ==
............ .h.......(....... ..... ........................................F.......j.......5...$.............................................~|..~|......................................................~|...}.......~..~|..~|....M...........................p.~|..~|........8.......&.....~|........>.......................>..}........$.....................~|...~....&...................D.~|............................u.~|........(.....................~|............................~}{y....y.........................~|........$...........................T..b...L................3.....~|........>.......*.......y..................L....Z...........".....~|..~|...............N.......z....B..x............5.............~|.....}{y.......f.......t...............n........"...............P.......T......l........B...............F......x................................(......~...............|.......F................................>...........n...0...p......D........................................|.......................W..............................................,...F....Z...e.....................?...............'...........9...|...8...9............
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=532926, public, no-transform, must-revalidate
Last-Modified: Wed, 10 Dec 2014 20:37:53 GMT
Expires: Wed, 17 Dec 2014 20:37:53 GMT
Date: Thu, 11 Dec 2014 16:35:47 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20141210203753Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......l$.%t...............20141210203753Z....20141217203753Z0...*.H.............8.Y.....a.al..aR........zdZ..v.P..\W.5..e.<...@V.q.....{]..-...g}J.F......1....7r..z...._xK...,.H.JD..._...r3S.ua0...a A.1.xg.G.s.-...b....F..Tw....11U.....#....<.4".....@..'._)_.......A..(...`."...EXo.)} .........F...?....q.(....?3..3.R./z..M..Q.1.&...B.....#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H
<<< skipped >>>
GET /b/ss/pcdprod/1/JS-1.4.1-D4BD/s54367519855486?AQB=1&ndh=1&pf=1&t=11/11/2014 18:36:3 4 -120&D=D=&fid=5C2E8A6DAF4C6301-09B4EAC6DFF6EFE5&ce=UTF-8&pageName=apps.driversupport.com/postinstall/ScanResultsMedia&g=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&events=event7&c2=%Content: Category (p2)%&c3=%Content: Section (p3)%&c4=%Content: Sub-Section (p4)%&c6=ScanResults&c8=/postinstall/ScanResultsMedia&v11=%Content: Category (p2)%&v12=%Content: Section (p3)%&v13=%Content: Sub-Section (p4)%&v26=13684600-ad88-4ba9-8423-494ed72da3ae&v28=30&v30=media&v33=9.1.4.66&v34=9.1.4.66&v52=ScanResults&v53=ScanResults&s=1916x902&c=24&j=1.6&v=Y&k=Y&bw=1916&bh=805&ct=lan&AQE=1 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: pcdrivers.sc.omtrdc.net
DNT: 1
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Thu, 11 Dec 2014 16:36:04 GMT
Server: Omniture DC/2.0.0
Access-Control-Allow-Origin: *
Set-Cookie: s_vi_wdcwuhc=[CS]v4|0-0|5489C7F4[CE]; Expires=Sat, 10 Dec 2016 16:36:04 GMT; Domain=.omtrdc.net; Path=/
Location: hXXp://pcdrivers.sc.omtrdc.net/b/ss/pcdprod/1/JS-1.4.1-D4BD/s54367519855486?AQB=1&pccr=true&&ndh=1&pf=1&t=11/11/2014 18:36:3 4 -120&D=D=&fid=5C2E8A6DAF4C6301-09B4EAC6DFF6EFE5&ce=UTF-8&pageName=apps.driversupport.com/postinstall/ScanResultsMedia&g=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&events=event7&c2=%Content: Category (p2)%&c3=%Content: Section (p3)%&c4=%Content: Sub-Section (p4)%&c6=ScanResults&c8=/postinstall/ScanResultsMedia&v11=%Content: Category (p2)%&v12=%Content: Section (p3)%&v13=%Content: Sub-Section (p4)%&v26=13684600-ad88-4ba9-8423-494ed72da3ae&v28=30&v30=media&v33=9.1.4.66&v34=9.1.4.66&v52=ScanResults&v53=ScanResults&s=1916x902&c=24&j=1.6&v=Y&k=Y&bw=1916&bh=805&ct=lan&AQE=1
X-C: ms-4.9.2
Expires: Wed, 10 Dec 2014 16:36:04 GMT
Last-Modified: Fri, 12 Dec 2014 16:36:04 GMT
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www461
Content-Length: 0
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: text/plain
....
<<< skipped >>>
GET /b/ss/pcdprod/1/JS-1.4.1-D4BD/s54367519855486?AQB=1&pccr=true&&ndh=1&pf=1&t=11/11/2014 18:36:3 4 -120&D=D=&fid=5C2E8A6DAF4C6301-09B4EAC6DFF6EFE5&ce=UTF-8&pageName=apps.driversupport.com/postinstall/ScanResultsMedia&g=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&events=event7&c2=%Content: Category (p2)%&c3=%Content: Section (p3)%&c4=%Content: Sub-Section (p4)%&c6=ScanResults&c8=/postinstall/ScanResultsMedia&v11=%Content: Category (p2)%&v12=%Content: Section (p3)%&v13=%Content: Sub-Section (p4)%&v26=13684600-ad88-4ba9-8423-494ed72da3ae&v28=30&v30=media&v33=9.1.4.66&v34=9.1.4.66&v52=ScanResults&v53=ScanResults&s=1916x902&c=24&j=1.6&v=Y&k=Y&bw=1916&bh=805&ct=lan&AQE=1 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: pcdrivers.sc.omtrdc.net
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Thu, 11 Dec 2014 16:36:04 GMT
Server: Omniture DC/2.0.0
Access-Control-Allow-Origin: *
Set-Cookie: s_vi_wdcwuhc=[CS]v4|2A44E3FA05013406-60001605200000A1|5489C7F4[CE]; Expires=Sat, 10 Dec 2016 16:36:04 GMT; Domain=.omtrdc.net; Path=/
X-C: ms-4.9.2
Expires: Wed, 10 Dec 2014 16:36:04 GMT
Last-Modified: Fri, 12 Dec 2014 16:36:04 GMT
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Pragma: no-cache
ETag: "5489C7F4-67E2-113CE037"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www841
Content-Length: 43
Keep-Alive: timeout=15
Connection: Keep-Alive
Content-Type: image/gif
GIF89a.............!.......,............Q.;HTTP/1.1 200 OK..Date: Thu, 11 Dec 2014 16:36:04 GMT..Server: Omniture DC/2.0.0..Access-Control-Allow-Origin: *..Set-Cookie: s_vi_wdcwuhc=[CS]v4|2A44E3FA05013406-60001605200000A1|5489C7F4[CE]; Expires=Sat, 10 Dec 2016 16:36:04 GMT; Domain=.omtrdc.net; Path=/..X-C: ms-4.9.2..Expires: Wed, 10 Dec 2014 16:36:04 GMT..Last-Modified: Fri, 12 Dec 2014 16:36:04 GMT..Cache-Control: no-cache, no-store, max-age=0, no-transform, private..Pragma: no-cache..ETag: "5489C7F4-67E2-113CE037"..Vary: *..P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"..xserver: www841..Content-Length: 43..Keep-Alive: timeout=15..Connection: Keep-Alive..Content-Type: image/gif..GIF89a.............!.......,............Q.;..
GET /dc.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: stats.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4
HTTP/1.1 200 OK
Date: Thu, 11 Dec 2014 14:36:35 GMT
Expires: Thu, 11 Dec 2014 16:36:35 GMT
Last-Modified: Thu, 13 Nov 2014 21:10:00 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 15853
Cache-Control: public, max-age=7200
Age: 7165
Alternate-Protocol: 80:quic,p=0.02
X-Google-Cookies-Blocked: id=
...........={_.:...)....'.$..&.......-..Ms..e9..'...B.g.3#..........3z?F........z....n.h..@&b.....v.W.A"...<8H.^.....A*......3....~..X?8....<..t..)d.......Hf.Q...._. .,`.....a....>...?...v.Aq.G.........p.........a$y&.....sX7p........ ..M.d..l.K.....t...8..i6....C..XO.....@....!.....RG.l .}....b$c..B|8..C}!.8..=.e.K....{..K.9..a..nx......%..;..F...J...v..n!.L.....g.C@...~..|...=....q.9n_...P.....Tw.o...........k.....^:.....O!..b......=...B..,..j8......k.b./.Y..JE...({k.........(.L..@. ...b;...s.f...k../--..\..A.M..he.q..u.u.$..<.....$......eBf....,...r{.[.....h....Tup..$?F?2.... .qk...x..;.......}.Y.[)jL.........}.4.'..Z_...bms.._..I4.r=...f....U}...|......].FG..\.[9...hp......"..L..J...a..l.=.C..c.............i..2&.......{....T*w..%#ey....A..`.T..Q.w.....f2...,....J...y.qqA.........BTo....5.W..9]...]b$K%Z.V..b..x1t....]..&.P.Qo.A?..W.R..l.........'".. ..D. ..EA.......$US.t...w?.u*rn.:......?...a,.(..0....`.GL....Z...j[8.[.2k8N...4(.x..4j&..V..p.N)0.;k.......C..= .].;M.|..&..;........M'....Vy.6*..[J.7`n*...Q..O.%4T ...;.....'J.........xKK.&..^A...;...........a<.783[X......p...c...3j$.....Z....c.D.....BW................*.1]KQ].zb.... .?~....V>&."..Q$.....&.sS..Kq........).....{y.V....T...L.09.-.KK:..yH.....4./..Ni.oaM..X..X.R...l...[...n2.....6.v.Q.......v.C.0........55..z]__.a.j...fJh.....r.6a.6v3..!.}^0...,...I.w........i.......Q..q ..c;2.p2 .%..:0..14....z....b.*Z..*..>...v].....H...V...kVT.]....I ...._..}.f.....^U..a.V]..wd.N.....9....n1-0..`...B..Q.MB...7...%.!.L~.."H..xNV`?||.H.........
<<< skipped >>>
GET /__utm.gif?utmwv=5.6.1dc&utms=1&utmn=763144801&utmhn=apps.driversupport.com&utmcs=utf-8&utmsr=1916x902&utmvp=1900x805&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=DriverSupport - Available Driver Updates&utmhid=230678626&utmr=-&utmp=/postinstall/ScanResultsMedia?cart=https%253a%252f%252fsecure.driversupport.com%252fregistration%252fcart%253faf%253dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&utmht=1418315760382&utmac=UA-2010741-4&utmcc=__utma=164611050.388424965.1418315760.1418315760.1418315760.1;+__utmz=164611050.1418315760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=qB~ HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: stats.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4
HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Wed, 10 Dec 2014 05:24:05 GMT
Server: Golfe2
Content-Length: 35
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Age: 126715
Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;HTTP/1.1 200 OK..Pragma: no-cache..Expires: Wed, 19 Apr 2000 11:43:00 GMT..Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT..X-Content-Type-Options: nosniff..Content-Type: image/gif..Date: Wed, 10 Dec 2014 05:24:05 GMT..Server: Golfe2..Content-Length: 35..Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate..Age: 126715..Alternate-Protocol: 80:quic,p=0.02..GIF89a.............,...........D..;..
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=358896, public, no-transform, must-revalidate
Last-Modified: Mon, 8 Dec 2014 20:17:33 GMT
Expires: Mon, 15 Dec 2014 20:17:33 GMT
Date: Thu, 11 Dec 2014 16:35:57 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20141208201733Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5.......A..2.....:...:......20141208201733Z....20141215201733Z0...*.H.............eOm..JU......4.....3..x.9..n9.%.....O.H.o....3.........|....:.......E..'-.c.._g.8c..*...........a.Wu~...."`.w...j(......3(0.]...y.J]..K2.d........q..U^.(......[.....H......V...1.*~[~.:..K....."A.;..I..l....t.:."..Hb[oE.....P..q.A.h4!*:.... .b?wo.... .........#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H......
<<< skipped >>>
GET /sync?dsp_id=44&user_id=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: x.bidswitch.net
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.7.2
Date: Thu, 11 Dec 2014 16:36:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: tuuid=ee37b96e-98b7-465e-94e5-b1d77765b708; path=/; expires=Sat, 10-Dec-2016 16:36:05 GMT; domain=.bidswitch.net
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: hXXp://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
....
GET /ul_cb/sync?dsp_id=44&user_id=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Cookie: tuuid=ee37b96e-98b7-465e-94e5-b1d77765b708
DNT: 1
Connection: Keep-Alive
Host: x.bidswitch.net
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.7.2
Date: Thu, 11 Dec 2014 16:36:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: tuuid=ee37b96e-98b7-465e-94e5-b1d77765b708; path=/; expires=Sat, 10-Dec-2016 16:36:05 GMT; domain=.bidswitch.net
Set-Cookie: c=1418315765; path=/; expires=Sat, 10-Dec-2016 16:36:05 GMT; domain=.bidswitch.net
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=ee37b96e-98b7-465e-94e5-b1d77765b708
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
HTTP/1.1 302 Moved Temporarily..Server: nginx/1.7.2..Date: Thu, 11 Dec 2014 16:36:05 GMT..Content-Type: text/html; charset=UTF-8..Content-Length: 0..Connection: keep-alive..Set-Cookie: tuuid=ee37b96e-98b7-465e-94e5-b1d77765b708; path=/; expires=Sat, 10-Dec-2016 16:36:05 GMT; domain=.bidswitch.net..Set-Cookie: c=1418315765; path=/; expires=Sat, 10-Dec-2016 16:36:05 GMT; domain=.bidswitch.net..P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"..Location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=ee37b96e-98b7-465e-94e5-b1d77765b708..Cache-Control: no-cache, no-store, must-revalidate..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Pragma: no-cache..
GET /pca3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.verisign.com
HTTP/1.1 200 OK
Server: Apache
ETag: "8f6b3bcd9bb64555001fba64f5b01b92:1411517716"
Last-Modified: Wed, 24 Sep 2014 00:15:16 GMT
Date: Thu, 11 Dec 2014 16:35:27 GMT
Content-Length: 933
Connection: keep-alive
Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140922000000Z..141231235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2....{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I...Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1..7<.....e..010207211822Z0...*.H............M....s#..Lo...TU...tM.3...'.U......:Z...w.x.=....K.0;...!....D....9...,!....B.t. <..........-.....k.$<i{O.<.E...*.......Ow _..J.HTTP/1.1 200 OK..Server: Apache..ETag: "8f6b3bcd9bb64555001fba64f5b01b92:1411517716"..Last-Modified: Wed, 24 Sep 2014 00:15:16 GMT..Date: Thu, 11 Dec 2014 16:35:27 GMT..Content-Length: 933..Connection: keep-alive..Content-Type: application/pkix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Authority..140922000000Z..141231235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.......fh...020923171400Z0!...?A....a.nF`.P....0209231715
<<< skipped >>>
GET /ipte/iPTE.1.0.4.7683.msi HTTP/1.1
Host: cdn.driversupport.com
Connection: Close
HTTP/1.1 200 OK
Content-Length: 11792896
Content-Type: application/octet-stream
Content-MD5: 4z vSdVB7S0Y0okpNT6V5w==
Last-Modified: Mon, 24 Nov 2014 20:32:05 GMT
ETag: 0x8D1D63CD85013B3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 24363ea4-0001-0021-1a70-c23aeb000000
x-ms-version: 2009-09-19
x-ms-meta-CbModifiedTime: Thu, 20 Nov 2014 15:59:38 GMT
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Thu, 11 Dec 2014 16:34:16 GMT
Connection: close
........................>............................................6........................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*... ... ...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5..............................................hY.............................................................................. ...!..."...#...$...%...&...'...(...)...*... ...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...{...|...}...~...........R.o.o.t. .E.n.t.r.y............................................................................F............0............x......@H.A0C.;;B&F7B.B4FhD&B..................................................................................................0.......@H.A0C.?.?(E8B.A(H..................................................,...................................................<.......@H.A.E.F.A.E(?(E8B.A(H..............................................................................................
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1790
content-transfer-encoding: binary
Cache-Control: max-age=488296, public, no-transform, must-revalidate
Last-Modified: Wed, 10 Dec 2014 08:12:45 GMT
Expires: Wed, 17 Dec 2014 08:12:45 GMT
Date: Thu, 11 Dec 2014 16:35:41 GMT
Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..20141210081245Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5........M.s.Q~...@?j.......20141210081245Z....20141217081245Z0...*.H............./2.7jy.wVv.....8.....t7.[..O...C._..{...Ch.}...!...<..t..z.n....%...-S0..Nq..-.._`.....v.s. m..[1?LX...Y..?{.m.y.......W.lX..<Kg8^).p/...-...E. ....../..:(..H..X@....iZ?.6.o....Rx.%..OU..5..$.d..,......7e....R.F.s.f..\.SR$.MR..;%.....g.Sh.....)..;h....[L.X...#0...0...0..........<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Signing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{(..t....2.Vf.....&;6).i*FK....W@....F....jnb.w._p.E.6.|.mk....(..........p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1762
content-transfer-encoding: binary
Cache-Control: max-age=602154, public, no-transform, must-revalidate
Last-Modified: Thu, 11 Dec 2014 15:43:16 GMT
Expires: Thu, 18 Dec 2014 15:43:16 GMT
Date: Thu, 11 Dec 2014 16:31:55 GMT
Connection: keep-alive
0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..20141211154316Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...313..R...%V.......K3.....20141211154316Z....20141218154316Z0...*.H.............0~...7.Y...^.3..W.v.:D......h#.e.#.....evc....*..~;...i.J.R.....S......2.Y.G.uXk.l@B.%Lp.|....c.Ph....g.....i%..uW?...yM.qy..{...a?v.cN.G..$...8...o........:...<....R...Q\..x..?.@E*...a.$....P...z.K.n......q'.P. .s....x..`5..M...,...g~6...B.l.4.o........_.....0...0...0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G50...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certificate 30.."0...*.H.............0...............2&..PL...,..2....:..tH...`JG.%..*...s.c%...?t..J..0.q....~..k@X.l.i....0..kk..h.9"1.5?..s.....3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J.....@2HTTP/1.1 200 OK..Server: nginx/1.4.7..Content-Type: application/ocsp-response..Content-Length: 1762..content-transfer-encoding: binary..Cache-Control: max-age=602154, public, no-transform, must-revalidate..Last-Modified: Thu, 11 Dec 2014 15:43:16 GMT..Expires: Thu, 18 Dec 2014 15:43:16 GMT..Date: Thu, 11 Dec 2014 16:31:55 GMT..Connection: keep-alive..0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..201412
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CECMkFlOTkMQ5KGdSAcojyz8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1725
content-transfer-encoding: binary
Cache-Control: max-age=601698, public, no-transform, must-revalidate
Last-Modified: Thu, 11 Dec 2014 15:38:01 GMT
Expires: Thu, 18 Dec 2014 15:38:01 GMT
Date: Thu, 11 Dec 2014 16:32:09 GMT
Connection: keep-alive
0..........0..... .....0......0...0......u\..3Oo?U...H.....O!..20141211153801Z0s0q0I0... ...................F....0.yV......{&.K......&.......#$.S...9(gR..#.?....20141211153801Z....20141218153801Z0...*.H.............K..<.Z...0.'?.o}..p..V..1N_...D.w.F"X.....&`=...:.....[=.6l...x.nk..N......!i...qf..Dx.......K...... /.....w....._R=..\r.. v...u...ZGb.....2).h.C..&.....o....h.;.........^5kU.\..j ...h...........E.x.6hrei.r.......U.......2....7..U.....V...>....l.)'...._.......0...0...0........../...nj0...}..i..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...141204000000Z..150304235959Z0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSign Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0.........4.4...........o....?..f.........I.!.b.L...L..U.........rM.,.....=..cR4d.~*..k..x......=.WT.<.A2n1.qZyHTTP/1.1 200 OK..Server: nginx/1.4.7..Content-Type: application/ocsp-response..Content-Length: 1725..content-transfer-encoding: binary..Cache-Control: max-age=601698, public, no-transform, must-revalidate..Last-Modified: Thu, 11 Dec 2014 15:38:01 GMT..Expires: Thu, 18 Dec 2014 15:38:01 GMT..Date: Thu, 11 Dec 2014 16:32:09 GMT..Connection: keep-alive..0..........0..... .....0......0...0......u\..3Oo?U...H.....O!..20141211153801Z0s0q0I0... ...................F....0.yV......{&.K......&.......#$.S...9(gR..#.?....2014
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=514290
Content-Type: application/ocsp-response
Date: Thu, 11 Dec 2014 16:36:05 GMT
Etag: "54899de5-1d7"
Expires: Thu, 18 Dec 2014 04:36:05 GMT
Last-Modified: Thu, 11 Dec 2014 13:36:37 GMT
Server: ECS (ams/D1A6)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...20141210200000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ...._.M.[........?;....20141210200000Z....20141217200000Z0...*.H.............|.S..l........D........%.?..5v...H...t...B./.Uu....o.n.r....[...=....i......#.3".....rNd..W.5..E.4...F....b0D.... ....DI...8....ay.XOuh..F..~[_.}..Va.....cE.z??........c........wn.t...8.E..$.......\tlE&.Gv..3UQ.QV.....:..*.....\.QL..(... u...,G.zv.......vS....
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= HTTP/1.1
Cache-Control: max-age = 514290
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 11 Dec 2014 13:36:37 GMT
If-None-Match: "54899de5-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 304 Not Modified
Accept-Ranges: bytes
Cache-Control: max-age=514290
Date: Thu, 11 Dec 2014 16:36:05 GMT
Etag: "54899de5-1d7"
Expires: Thu, 18 Dec 2014 04:36:05 GMT
Last-Modified: Thu, 11 Dec 2014 13:36:37 GMT
Server: ECS (ams/D1A6)
X-Cache: HIT
....
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=509943
Content-Type: application/ocsp-response
Date: Thu, 11 Dec 2014 16:36:05 GMT
Etag: "5489966f-1d7"
Expires: Thu, 18 Dec 2014 04:36:05 GMT
Last-Modified: Thu, 11 Dec 2014 13:04:47 GMT
Server: ECS (ams/49CD)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......P.s..)...... ..y.H....20141211125000Z0s0q0I0... .........H...{....*.....04....P.s..)...... ..y.H.....p.x.f..7.L.%o. ....20141211125000Z....20141218130500Z0...*.H..............]....2..S`.C...R.....|*..x.Y8.`....B.K..L.h."e.j....P.g.a.6:./..:....|............(. 4V.k..0I...(.E|..Tw<@..o...&....]e..}.....m........jE7.=....$./.qB... ..Qj.O.S;%....J.......v).8..)....9I..g...I1W..../.W.eCUk_...;..~1..l...i.x?&.KO].;...u.."..I.t....XcHTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=509943..Content-Type: application/ocsp-response..Date: Thu, 11 Dec 2014 16:36:05 GMT..Etag: "5489966f-1d7"..Expires: Thu, 18 Dec 2014 04:36:05 GMT..Last-Modified: Thu, 11 Dec 2014 13:04:47 GMT..Server: ECS (ams/49CD)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......P.s..)...... ..y.H....20141211125000Z0s0q0I0... .........H...{....*.....04....P.s..)...... ..y.H.....p.x.f..7.L.%o. ....20141211125000Z....20141218130500Z0...*.H..............]....2..S`.C...R.....|*..x.Y8.`....B.K..L.h."e.j....P.g.a.6:./..:....|............(. 4V.k..0I...(.E|..Tw<@..o...&....]e..}.....m........jE7.=....$./.qB... ..Qj.O.S;%....J.......v).8..)....9I..g...I1W..../.W.eCUk_...;..~1..l...i.x?&.KO].;...u.."..I.t....Xc..
<<< skipped >>>
GET /ads/user-lists/996887577/?fmt=1&num=2&cv=7&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&random=4049257803&ipr=y HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com.ua
HTTP/1.1 200 OK
Date: Thu, 11 Dec 2014 16:36:03 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: adclick_server
Content-Length: 76
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`....h.?...HTTP/1.1 200 OK..Date: Thu, 11 Dec 2014 16:36:03 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-store, must-revalidate..Content-Type: text/html; charset=UTF-8..X-Content-Type-Options: nosniff..Content-Encoding: gzip..Server: adclick_server..Content-Length: 76..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`....h.?.......
GET /ads/user-lists/933633792/?label=xn2YCKKm-1UQgL6YvQM&script=0&ct_cookie_present=false&random=2570465599&ipr=y HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com.ua
HTTP/1.1 200 OK
Content-Type: image/gif
Date: Thu, 11 Dec 2014 16:36:05 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............!.......,...........D.;HTTP/1.1 200 OK..Content-Type: image/gif..Date: Thu, 11 Dec 2014 16:36:05 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-store, must-revalidate..X-Content-Type-Options: nosniff..Server: adclick_server..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............!.......,...........D.;..
GET /action/0?ti=4002897&Ver=2&mid=e203559b-83f9-ed19-5e6b-dac9ae7c7a43&evt=pageLoad&pi=0&lg=en-US&sw=1916&sh=902&sc=24&tl=DriverSupport - Available Driver Updates&p=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&r=&rn=196697 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: bat.bing.com
DNT: 1
Connection: Keep-Alive
Cookie: SRCHD=MS=3187714&SM=1&D=3093912&AF=MSN005; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20131118; MUID=1785AC2FD94664211AC0A9A6DD466620
HTTP/1.1 204 No Content
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/8.0
Access-Control-Allow-Origin: *
Date: Thu, 11 Dec 2014 16:36:00 GMT
HTTP/1.1 204 No Content..Cache-Control: no-cache, must-revalidate..Pragma: no-cache..Content-Length: 0..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Server: Microsoft-IIS/8.0..Access-Control-Allow-Origin: *..Date: Thu, 11 Dec 2014 16:36:00 GMT..
GET /j/roundtrip.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: a.adroll.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: faWcDW2Or4K/MxJu6HBovpddkEjKhZjg1MDJesq20bn5qCKJfFyqnWIny1eRnkpi
x-amz-request-id: CAAD8BD6A496BEB4
Last-Modified: Tue, 14 Oct 2014 18:17:00 GMT
ETag: "7fe20f624c256dfa94db3f8fd2a8c04b"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4804
Cache-Control: must-revalidate, max-age=101
Date: Thu, 11 Dec 2014 16:36:04 GMT
Connection: keep-alive
...........;k..6... $..I..#.. .....m\..]{RW[.Y......THj.s...v.$.>&..U]*e..F....X.c..(M,...O7..di.{..t.">.......?.....n...b... v..%A..l. .C.'..~O.&a.3....'9.1..Yz#.g....."...,v....n2...nn.b..\....Z.M..1.N...%..1K..(..C<. vQ>....Hy.[6.........A..{...P......?./Y....Ep..O.....W.....*?.....]..,:..gO.,...i ... ]....8......3...n..*.{.^d.y.6..y.qa.....`.....G.3...[........e/ .8...2..S%BS....".$..(..d..A..![..0d.........nI.......l.7.f...~..?S..... ...p...g..Hl.......i.#Kr...^.. ...<Mo"q.0?.A.D...R.l..b.....nPr...P...tR.(..K.,\X..K.bBp:1.......Ea.M!6.....%.......a/.[..W=t...d<...T'j...w.F..h.m..8S..\..E-^.>YK.Z.V........f..?..|^..O.....rKh]....[r.s.YV_..G{Y..6.r....l...f....Cr.....j..`.....S......K........}....J....,8.....u..a..)...{.{$O....J...X..,*...\do.m*?.... ..p.....f.0..... v. ../..~..b1..(..%...i~.#`...._.p.`...z.1..t....S..gq...8..v..f..3P.$....)>.....u....jfQN.U.....`.....\..3.....{<N.6GH ...,.[.e";..K..Q%..T..2T...Z..X.9..H.i.....[..i..Bj...HN...G?/.(...)..gc..*...].9.#4.Tab..4..F....4.O. ...qy..._.5.lB<...q.b^{h...H.b7Y.4.Q...l.b.." pLM.i......8..T.`)7...D......&....i@.:.pG.x........../9.v,.%.n._..T............|.........."......;.!.......#.n..{ .`Q...vs......L..w;..$.&..O..*.7#...`....m#.........md{"28.&......(..Y.d..$..tKC.h.........K...7Z[..bC..5.Q.....F..3.......(.-..l.......4.vB.%..dpm;rB..P.............$T..>A&@. .{....ZR.=.a.../...J.=)....".e....."M.~..a..y....FE....q....{...V2 ." .....L...E>.*..../=.D8..e.rW..{p..o.T.S{!WL..Z........0......%.........@Y.....;..qt.6 ...
<<< skipped >>>
GET /pixel/ID6YJCUG4BA7BHFUIYCHOX/MJDFCCTA3JETLDLZWCFYDD/IBURATUZTNHBFDLWQBB66R.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: a.adroll.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: SUN/ukBa1WvDj4rZgMbrJHo7MGPcefQdv4rDyPRe0ITeWerukSCPXKYVaULl5EBh
x-amz-request-id: 65C7DD73B30BFEF0
Last-Modified: Mon, 17 Nov 2014 18:36:37 GMT
ETag: "56cd4083f0fe771e2ca4e10370446b91"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 927
Cache-Control: must-revalidate, max-age=283
Date: Thu, 11 Dec 2014 16:36:04 GMT
Connection: keep-alive
...........W{o.6..?.B.`Xn.....na....[.m.d....M.$.4)P..`.w...8n....y..[&....y...f.......?v,kF.....`.,..cc...m...S4..4m.(.u..VFQ%Z..V)i[/...zYY#L....)..m6S...vAnS5m....TL.a.B?.....)...-.......~f..6g..rJ/..f....}..O.Ql.....je..ZP..b.H@>sl.ge.@.Ss'...sfb...l/Y...1.(6.q.O.A.J6..K...P%....LBJI.N..S>...Ni...F....I....b..2Q....(D*...R...P..i5.......P.u.FM !...t.jWe.E......6x.v..l7..v.[l7<.=.6..G[..5......@3...!.0Q.c.....r....{.^..{.......Q.....7\.(...~.^_.^]..:?..~u...p..].8..{..Q..S"(...7 w9R*./....S(..nB"$.x.........~........L@...7.....z..Et......Y2M.L...{s.....>..H.F.n.....=.Qq4...V ..J......i$..}...AB...F.^..u}.Q......q.................._........3....NN.....9.w.L...w...3..8.o]>>.XAP.......;.r6pn:....-..e&.V......&.O..... ....-..h.......Z.2......D.......y..jP...05)8.......n..Y..U.:..F..|]m=...:./.X5........z.........!N%X..\J..Wg....... .|tZm.$ .(..9 ZuSd..P..xZ...D@.6.`...O&...b..kzT.).......).(RL......-w.N....L938|...HTTP/1.1 200 OK..x-amz-id-2: SUN/ukBa1WvDj4rZgMbrJHo7MGPcefQdv4rDyPRe0ITeWerukSCPXKYVaULl5EBh..x-amz-request-id: 65C7DD73B30BFEF0..Last-Modified: Mon, 17 Nov 2014 18:36:37 GMT..ETag: "56cd4083f0fe771e2ca4e10370446b91"..Accept-Ranges: bytes..Content-Type: text/javascript..Server: AmazonS3..Vary: Accept-Encoding..Content-Encoding: gzip..Content-Length: 927..Cache-Control: must-revalidate, max-age=283..Date: Thu, 11 Dec 2014 16:36:04 GMT..Connection: keep-alive.............W{o.6..?.B.`Xn.....na....[.m.d....M.$.4)P..`.w...8n....y..[&....y...f.......?v,kF.....`.,..cc...m...S4..4m.(.u..VFQ%
<<< skipped >>>
GET /imagefactory.ashx?modelid=0 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: apps.driversupport.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/png
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 11 Dec 2014 16:35:59 GMT
Content-Length: 46066
.PNG........IHDR................b....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...y.e.u.v......z......... .......R;.he.YvJ.[..l%*G...r..R..........%)..d..GJ....E.".$Hl.`0...~....}9.|...w....,Y....._...{.~~.w.C.....\ H.......&....*..x........$)L&.......,....4..X.....g .. |.............a..Z......7.Rx,&....d..*.{-.....9....k.....q..x...g.}Z'.<wl...f4.A.~.N..........h4........L..$.../P.T@....s.f`...Y.Y..}.4.@.(>....c...9i.@..)..z...V..I...W..o.......=../.7........9....O.}.}.....x...%x...........?...N.;...m>g.Z.F..*^.....O..Z..w.ZZ|.O].....?../.Y\.F.4z..c.Oj...%...B.Z..l...$0.....P..y.d(Kx....z...j.L...Fx.U..:..<.{{{P.V...Q&'....?7....9..5...c......Q<....YIn...co8.......F.>.f.s..cuc.....)..........Dc.L.$'Q..Zi/?.i..o7.si.....{O<..k?...;...2.L^B..*...x{.o;(j.(.c...\.S..._dq'.<K~..U.Ok.{............YaR.>Z...n..]^Z.......//.....i.....$S...a.y..$..U~Ai.|.$........S.{_...0...X..{(..w.....,-?....*5V....\.z.V..`.....=..l...=.o{.#...._{..X......V0.K.....1.}...7....#.7....K...wf:.ax|...5.._...C.yO1.}.i~uP.....S*I.c...c.V....r<O.................u..,,,a....W..../pL.......7.N9..&..Z...2.......K.`4.c...aXv......p...:y.......C...-/.<7;.......^....[3.y..).......W.o...O.$y:.U...>.....t...x<......I....'.....`...".%....#.2L........E~.].$t.7....|...../`o...V...........k...}....a..v.}|~~..'N...O...;sfp....'.......F...|.K.Z.f.V..[.....{.q..[..E#{..?............8.A..;.......A[(.....kT..du...`.U..X.....Ru..j|?Uw.KT..T.c..u.>....p...CK0..69.#..V.6AQ5.......{..x..W...L..Y..j3.....{....g...S;...y.
<<< skipped >>>
POST /postinstall/LogUIDOMReady HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: apps.driversupport.com
Content-Length: 65
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: optimizelySegments={"176773665":"false","176809951":"direct","176875026":"ie"}; optimizelyEndUserId=oeu1418315759846r0.5595372060045518; optimizelyBuckets={}; optimizelyPendingLogEvents=[]; __utma=164611050.388424965.1418315760.1418315760.1418315760.1; __utmb=164611050.1.10.1418315760; __utmc=164611050; __utmz=164611050.1418315760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
uuid=13684600-ad88-4ba9-8423-494ed72da3ae×tamp=1418315763296
HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/8.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 11 Dec 2014 16:36:03 GMT
Content-Length: 0
HTTP/1.1 200 OK..Cache-Control: private..Server: Microsoft-IIS/8.0..X-AspNetMvc-Version: 5.2..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date: Thu, 11 Dec 2014 16:36:03 GMT..Content-Length: 0..
GET /cm/f/out HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d.adroll.com
DNT: 1
Connection: Keep-Alive
Cookie: __adroll=263029beff56234a7a2f35a27dd85513
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate
Date: Thu, 11 Dec 2014 16:36:04 GMT
Location: hXXp://VVV.facebook.com/fr/u.php?t=2592000&p=443937282305007&m=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Pragma: no-cache
Server: nginx/1.6.2
Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:04 GMT; Max-Age=157680000; Path=/
Content-Length: 112
Connection: keep-alive
Go to hXXp://VVV.facebook.com/fr/u.php?t=2592000&p=443937282305007&m=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTMHTTP/1.1 302 Moved Temporarily..Cache-Control: no-store, no-cache, must-revalidate..Date: Thu, 11 Dec 2014 16:36:04 GMT..Location: hXXp://VVV.facebook.com/fr/u.php?t=2592000&p=443937282305007&m=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM..P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"..Pragma: no-cache..Server: nginx/1.6.2..Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:04 GMT; Max-Age=157680000; Path=/..Content-Length: 112..Connection: keep-alive..Go to http://VVV.facebook.com/fr/u.php?t=2592000&p=443937282305007&m=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM..
GET /pagead/viewthroughconversion/996887577/?random=1418315763277&cv=7&fst=1418315763273&num=2&fmt=1&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
DNT: 1
Connection: Keep-Alive
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4
HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Thu, 11 Dec 2014 16:36:03 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://VVV.google.com/ads/user-lists/996887577/?fmt=1&num=2&cv=7&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&random=4049257803
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 76
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`....h.?...HTTP/1.1 302 Found..P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Date: Thu, 11 Dec 2014 16:36:03 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Location: hXXp://VVV.google.com/ads/user-lists/996887577/?fmt=1&num=2&cv=7&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%253a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&random=4049257803..Content-Type: text/html; charset=UTF-8..X-Content-Type-Options: nosniff..Content-Encoding: gzip..Server: cafe..Content-Length: 76..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`....h.?...HTTP/1.1 302 Found..P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Date: Thu, 11 Dec 2014 16:36:05 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Location: hXXp://VVV.google.com/ads/user-lists/933633792/?label=NtOJCPjf1hEQgL6YvQM&script=0&ct_cookie_present=false&random=2712868772..Content-Type: image/gif..X-
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?98d988b27ac8444b HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Fri, 12 Sep 2014 18:47:05 GMT
If-None-Match: "805a83f2b9cecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
ETag: "805a83f2b9cecf1:0"
Cache-Control: max-age=604800
Date: Thu, 11 Dec 2014 16:33:11 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT..ETag: "805a83f2b9cecf1:0"..Cache-Control: max-age=604800..Date: Thu, 11 Dec 2014 16:33:11 GMT..Connection: keep-alive..
GET /cm/x/out HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d.adroll.com
DNT: 1
Connection: Keep-Alive
Cookie: __adroll=263029beff56234a7a2f35a27dd85513
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate
Date: Thu, 11 Dec 2014 16:36:04 GMT
Location: hXXp://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid('MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM')
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Pragma: no-cache
Server: nginx/1.6.2
Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:04 GMT; Max-Age=157680000; Path=/
Content-Length: 112
Connection: keep-alive
Go to hXXp://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid('MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM')HTTP/1.1 302 Moved Temporarily..Cache-Control: no-store, no-cache, must-revalidate..Date: Thu, 11 Dec 2014 16:36:04 GMT..Location: hXXp://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid('MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM')..P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"..Pragma: no-cache..Server: nginx/1.6.2..Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:04 GMT; Max-Age=157680000; Path=/..Content-Length: 112..Connection: keep-alive..Go to http://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid('MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM')..
GET /pca3-g5.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.verisign.com
HTTP/1.1 200 OK
Server: Apache
ETag: "bd6753109994fa1bef1833b34f3e263b:1411514416"
Last-Modified: Tue, 23 Sep 2014 23:20:16 GMT
Date: Thu, 11 Dec 2014 16:32:06 GMT
Content-Length: 533
Connection: keep-alive
Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G5..140922000000Z..141231235959Z0...*.H.............O...i.i(.#..s.T....F....${|...xLT.k...(....AC.#.....Y.Ht..}.n..* ...b.Gs...G..N.|2*.9l....\..H.Y....Wh. .....A.......?/...}.......z.Q..qP_.-..~......!.UBW...ER..6....:.p...[...../..h...9.J(..<.;i.......?c.I.t....LV.uD....B..z...~I .6..aR[..(..q............HTTP/1.1 200 OK..Server: Apache..ETag: "bd6753109994fa1bef1833b34f3e263b:1411514416"..Last-Modified: Tue, 23 Sep 2014 23:20:16 GMT..Date: Thu, 11 Dec 2014 16:32:06 GMT..Content-Length: 533..Connection: keep-alive..Content-Type: application/pkix-crl..0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Public Primary Certification Authority - G5..140922000000Z..141231235959Z0...*.H.............O...i.i(.#..s.T....F....${|...xLT.k...(....AC.#.....Y.Ht..}.n..* ...b.Gs...G..N.|2*.9l....\..H.Y....Wh. .....A.......?/...}.......z.Q..qP_.-..~......!.UBW...ER..6....:.p...[...../..h...9.J(..<.;i.......?c.I.t....LV.uD....B..z...~I .6..aR[..(..q..............
<<< skipped >>>
GET /pixel/ID6YJCUG4BA7BHFUIYCHOX/MJDFCCTA3JETLDLZWCFYDD?pv=95008905058.17587&cookie=&keyw= HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d.adroll.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate
Date: Thu, 11 Dec 2014 16:36:04 GMT
Location: hXXp://a.adroll.com/pixel/ID6YJCUG4BA7BHFUIYCHOX/MJDFCCTA3JETLDLZWCFYDD/IBURATUZTNHBFDLWQBB66R.js
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Pragma: no-cache
Server: nginx/1.6.2
Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:03 GMT; Max-Age=157680000; Path=/
X-Conversion-Currency:
X-Conversion-Value: 0
Content-Length: 0
Connection: keep-alive
HTTP/1.1 302 Moved Temporarily..Cache-Control: no-store, no-cache, must-revalidate..Date: Thu, 11 Dec 2014 16:36:04 GMT..Location: hXXp://a.adroll.com/pixel/ID6YJCUG4BA7BHFUIYCHOX/MJDFCCTA3JETLDLZWCFYDD/IBURATUZTNHBFDLWQBB66R.js..P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"..Pragma: no-cache..Server: nginx/1.6.2..Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:03 GMT; Max-Age=157680000; Path=/..X-Conversion-Currency: ..X-Conversion-Value: 0..Content-Length: 0..Connection: keep-alive......
GET /cm/r/out HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d.adroll.com
DNT: 1
Connection: Keep-Alive
Cookie: __adroll=263029beff56234a7a2f35a27dd85513
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate
Date: Thu, 11 Dec 2014 16:36:04 GMT
Location: hXXp://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=http://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Pragma: no-cache
Server: nginx/1.6.2
Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:04 GMT; Max-Age=157680000; Path=/
Content-Length: 179
Connection: keep-alive
Go to hXXp://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=http:/%2Fads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1....
GET /cm/w/out HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d.adroll.com
DNT: 1
Connection: Keep-Alive
Cookie: __adroll=263029beff56234a7a2f35a27dd85513
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate
Date: Thu, 11 Dec 2014 16:36:05 GMT
Location: hXXps://analytics.twitter.com/i/adsct?p_user_id=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM&p_id=823423
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Pragma: no-cache
Server: nginx/1.6.2
Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:04 GMT; Max-Age=157680000; Path=/
Content-Length: 109
Connection: keep-alive
Go to hXXps://analytics.twitter.com/i/adsct?p_user_id=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM&p_id=823423HTTP/1.1 302 Moved Temporarily..Cache-Control: no-store, no-cache, must-revalidate..Date: Thu, 11 Dec 2014 16:36:05 GMT..Location: hXXps://analytics.twitter.com/i/adsct?p_user_id=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM&p_id=823423..P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"..Pragma: no-cache..Server: nginx/1.6.2..Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:04 GMT; Max-Age=157680000; Path=/..Content-Length: 109..Connection: keep-alive..Go to hXXps://analytics.twitter.com/i/adsct?p_user_id=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM&p_id=823423....
GET /cm/r/in?xid=KBgCC6FUe9PSyWP2DG4.yWXZ HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: d.adroll.com
Cookie: __adroll=263029beff56234a7a2f35a27dd85513
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: image/gif
Date: Thu, 11 Dec 2014 16:36:05 GMT
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Pragma: no-cache
Server: nginx/1.6.2
Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:04 GMT; Max-Age=157680000; Path=/
Content-Length: 35
Connection: keep-alive
GIF87a.............,............Q.;HTTP/1.1 200 OK..Cache-Control: no-store, no-cache, must-revalidate..Content-Type: image/gif..Date: Thu, 11 Dec 2014 16:36:05 GMT..P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"..Pragma: no-cache..Server: nginx/1.6.2..Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:04 GMT; Max-Age=157680000; Path=/..Content-Length: 35..Connection: keep-alive..GIF87a.............,............Q.;....
GET /cm/g/in?google_ula=1535926,0 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: d.adroll.com
Cookie: __adroll=263029beff56234a7a2f35a27dd85513
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: image/gif
Date: Thu, 11 Dec 2014 16:36:09 GMT
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Pragma: no-cache
Server: nginx/1.6.2
Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513-g_1418315769; Version=1; Expires=Tue, 10-Dec-2019 16:36:09 GMT; Max-Age=157680000; Path=/
X-Result: g.-1.-1.1535926.0.-1
Content-Length: 35
Connection: keep-alive
GIF87a.............,............Q.;HTTP/1.1 200 OK..Cache-Control: no-store, no-cache, must-revalidate..Content-Type: image/gif..Date: Thu, 11 Dec 2014 16:36:09 GMT..P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"..Pragma: no-cache..Server: nginx/1.6.2..Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513-g_1418315769; Version=1; Expires=Tue, 10-Dec-2019 16:36:09 GMT; Max-Age=157680000; Path=/..X-Result: g.-1.-1.1535926.0.-1..Content-Length: 35..Connection: keep-alive..GIF87a.............,............Q.;..
GET /js/176561969.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: cdn.optimizely.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
x-amz-id-2: XemI5sTnd87JfSOkaD4H YwRgBL8zWaELfjlfyl76XMzktsMiUVCIPb1cXRCar5L
x-amz-request-id: B16397A007C32D8D
Content-Encoding: gzip
ETag: "8f79e2277c84675a130114b4c4a9f496"
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Length: 55336
Server: AmazonS3
Vary: Accept-Encoding
Timing-Allow-Origin: *
Cache-Control: max-age=120
Date: Thu, 11 Dec 2014 16:35:59 GMT
Connection: keep-alive
Timing-Allow-Origin: *
......}T.....c.6.0........5-...#...mv.&[...._..D[..Q......... A...4}...{X$.s0.......S..f.2.ge}}p0..I.2|/......T.....-..C;......u0,...lQ.l(...j....7....J.'......o.Qw..n.....##......k.4..ne..F....yh.N%.y..7......4..?.........K........l..]]..].2_.W...Y.;....p..pQvK....^e..77...p./..P...U..h\.gn..?...Y8..3..|=.l.8...w...u.m.....U......o]..:v......&~.............{6...f...9Pr......:......P."w.....e........qyz.>0..>..v...&<F..v....@.....0..Ne.,...q0.t...^.........ET.A ?........%.L.m.?..`....Y.V..M...8..Z.. I..-S..F!.\....?..|.u....Uk.f.^.:}...x..G..... ...\\T.^.......".6..|......^\..c...W.pJ.t. _\.*_C._../...5...3...Q3^x3......t'.{....e'...i.C......NE.u.U3....ug>.t...rZgu.aY5.....2w..|.-......Z..2b.Q8..Z.<.Y-....~.FO{.....V.-3.;g9....[g.Y.A_..G.I......I..Os6.c...P.U.3.M.s...Q...z...$ir..S...P.. Z...../...X....K>3....o....f.....s..P...f5.fl...->.F.l..Fu.t....M......sPo....qv....D..u..'..u..%Tk...@...H.8.V..Y..w !....i{.tC.....gMh..c.-bC.eX.r.Z.@.}.,f.^.V.X.....`IT..[.....[....6\.P4k....c...)....).[..*..j.F..m.O.4.Z8*.j.....JB..`Z.V.f...y%D.*.N....n4...Zq.....4.pN.L....a.....5.Yk4..........e`.F.....>.......2..v.j.y.yQ.qqQ.]...03............!(....>.........k..iQz.#..J..C.......a q....m.U..V..Rk....0!..j1..km.......@......Q..........t2?..S>........:...jJ5....s&.w.....["9MX.f.L..7...=.n..j6...j.Y7a...j..0.&.=|jY..I/.......M..a.....F..pO.8,j...i...........us....k.m..3.LZ..........;..X.`.{..2......e....1....ZbQ.......}.<.N....L.[.J..4K...o......?...B.b...P...`.u..U..VU.....Z=.. .($...{.x..7z.
<<< skipped >>>
GET /seg?add=1973902&t=2 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Set-Cookie: uuid2=0; path=/; expires=Wed, 11-Mar-2015 16:36:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: sess=1; path=/; expires=Fri, 12-Dec-2014 16:36:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=5146562351194588348; path=/; expires=Wed, 11-Mar-2015 16:36:05 GMT; domain=.adnxs.com; HttpOnly
Location: hXXp://ib.adnxs.com/bounce?/seg?add=1973902&t=2
Content-Type: text/html; charset=utf-8
Date: Thu, 11 Dec 2014 16:36:05 GMT
Content-Length: 0
....
GET /pxj?bidder=172&seg=802787&action=setuid('MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM') HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: ib.adnxs.com
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Set-Cookie: uuid2=0; path=/; expires=Wed, 11-Mar-2015 16:36:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: sess=1; path=/; expires=Fri, 12-Dec-2014 16:36:05 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Thu, 11 Dec 2014 16:36:05 GMT
GIF89a.............!.......,........@..L..;HTTP/1.1 200 OK..Cache-Control: no-store, no-cache, private..Pragma: no-cache..Expires: Sat, 15 Nov 2008 16:00:00 GMT..P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"..X-XSS-Protection: 0..Set-Cookie: uuid2=0; path=/; expires=Wed, 11-Mar-2015 16:36:05 GMT; domain=.adnxs.com; HttpOnly..Set-Cookie: sess=1; path=/; expires=Fri, 12-Dec-2014 16:36:05 GMT; domain=.adnxs.com; HttpOnly..Content-Length: 43..Content-Type: image/gif..Date: Thu, 11 Dec 2014 16:36:05 GMT..GIF89a.............!.......,........@..L..;..
GET /pagead/conversion/933633792/?label=xn2YCKKm-1UQgL6YvQM&guid=ON&script=0&ord=6861940290426481 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.googleadservices.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 302 Found
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Date: Thu, 11 Dec 2014 16:36:04 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://googleads.g.doubleclick.net/pagead/viewthroughconversion/933633792/?label=xn2YCKKm-1UQgL6YvQM&guid=ON&script=0&ord=6861940290426481&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&random=30957904
Content-Type: image/gif
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............!.......,...........D.;HTTP/1.1 302 Found..P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"..Date: Thu, 11 Dec 2014 16:36:04 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Location: hXXp://googleads.g.doubleclick.net/pagead/viewthroughconversion/933633792/?label=xn2YCKKm-1UQgL6YvQM&guid=ON&script=0&ord=6861940290426481&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&random=30957904..Content-Type: image/gif..X-Content-Type-Options: nosniff..Server: cafe..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............!.......,...........D.;..
GET /hardDrive.png HTTP/1.1
Host: 70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com
Connection: Close
HTTP/1.1 200 OK
Last-Modified: Fri, 24 Oct 2014 17:06:36 GMT
ETag: 1ecccf3727b0b0de7146a8c1f8995ba0
Content-Length: 4901
Accept-Ranges: bytes
X-Timestamp: 1414170395.59644
Content-Type: image/png
X-Trans-Id: tx46f3eeefe381495b9fe4b-00544a88eaord1
Cache-Control: public, max-age=261
Expires: Thu, 11 Dec 2014 16:40:15 GMT
Date: Thu, 11 Dec 2014 16:35:54 GMT
Connection: close
.PNG........IHDR.......,......i......PLTE........}.....\...........q.._..r..h..i..o..z..f..l..e..b..`..]..Y..Z..V..W..S..N..P..P..K..H..F..J..E..@..B..?..=..<..7.....9..6../..3..4..1..... ..)..$..%..#.. .......................|...........v.....w..t...........y..z..k..n.....m..n..k..f..c..h..d..c..a..}..M..X..V..Q.....T..T..R..M..L..I..G..A..D..D..:..C..7..;..9..<..4.....2..0..*..-..,..-..(.....&..(..'.."..".. ...............................y.....s..l..f..`...u......yV(...........~...........}....................u..c.....s............fff..q.....p..y............................................xiii...ooo........o.....v.................j........j...........i........uxxx~[-.............................Q..^.....x...........]..E.....X.uH..N..Z..........g9..>.....=.....U.....a..3........,.....9.{4.|$....}j........IDATx...]O.W....:2@......7...c.0.$...n.]..o.K>..0..:8$S../pq..).B.@.D... ....[....Ez[.9..y.96...}~\D.#Y._.<s....B.!..B.!..B.!..B.!..B.!..B.!..........WK...R!.J.2....p..*......h...)A.... ,q.n75....]\$6;.T...X..uj....).h...a.G.,.A.>.s....G. r..d....o.......7.K.L......k.].dn.d...4.%.. .F.m.f.A......,8uMDtu_..". O...U.VD.?.r..Y0~a.n..I....s....f|...!T%.F[S`...4..w0.@3...A..A..9LB.-6.H#.Vw...xx(I.,........9g..].d...NbD.4-).2..".._.....V....G. ..%U..r...#.........?}..C.A..C....G....B......7??..E.|.X......o59....;....0r....... .o._1....q2g2I..n0..Z}... F.z.G4.....Cg{.... ...8.#..........v..kY=.s.;{$.{..L....Y0....D'........Q...8O.....!j=...Q.......X..A....EY..Q..0........]...{=.]?....YA...yH.C...s.
<<< skipped >>>
GET /input.png HTTP/1.1
Host: 70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com
Connection: Close
HTTP/1.1 200 OK
Last-Modified: Fri, 24 Oct 2014 17:06:36 GMT
ETag: 184d022e56c9b162d6d5fc95e91951c3
X-Trans-Id: txb288ded5eff44a7480eb6-00546d18ebord1
Content-Length: 20915
Accept-Ranges: bytes
X-Timestamp: 1414170395.91873
Content-Type: image/png
Cache-Control: public, max-age=270
Expires: Thu, 11 Dec 2014 16:40:24 GMT
Date: Thu, 11 Dec 2014 16:35:54 GMT
Connection: close
.PNG........IHDR.......,......i......PLTE...///''' YYY...PPPNNNEEETTTIII```GGG[[[VVVccc...BBB111333###@@@555<<<>>>fffhhh888jjj:::...LLL...llluuu............~~~......RRRKKK{{{nnn...pppxxxrrr............]]].........^^^.........---eee777.................................................................bB..PlIDATx..|.{.......7v$.B. G $..A.0..........%;........y:3.7.u.RIuN..DN2d..!C...2d..!C...2d..!C...2d..!C...2d..!C...2d..!C...2d..!C...2d..!C...2d....?..~9.....Co.r.....] Z....'.~.|zZ{......d.%py.a..Y.|..$......./..R.3..........8>.......>.....p:.1..........,...H.....|.....t...~:.(.u}...|..^...d..*B.....Gh.Z!/...}...#.m-n......6.'....@&.?.s<X.#.YNU.o......[..o......#'..;..W.....g.s"I.R.:..g..D..U...3.{...!....:..d.K...9=....'..NG.......j.......3..0.v.m..z..Y...K.........].N...>...........A.. u..e.j.....,...$...R.\.].c:..WZ..bdtWk\AK ....'.].....nv../._S\....nw...I.?../TKN...G.....m....?.A|.u.o..?.wp&....4...0...q.0p...$...I>}.X`.....u.d{.....Z.G_N ....O_.....b.8<..v...o../=v..g.....}.....S....*.Kum....V..0._.\g4'.!.O.Bx...7............}...z..-......jQ..b......F......f.."AfD..^".$D.f....P.F.XqF......O_....oInt./^.R.2..U.7_..?g..............Kv..K......./.b..ECx..o.L..M....).|......]~...w-..&.;h....o..../G......."9....tx|9.4./....~.;.<K..$Z.wW=....HF...~!........d...q~..u{l.....p....>}...................u.Yo._.2... G........W.0.....B....9..-..^..u^..W.......o/......=..-.r...j.i....$h.6......f..{.....[.....b...k...^~...........M...o.=...G.......d.\.*..m&..._....4..6{..o...Ud.ec
<<< skipped >>>
GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 05 May 2014 05:04:34 GMT
If-None-Match: "87fbb3811f68cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Sat, 04 Oct 2014 05:06:12 GMT
Accept-Ranges: bytes
ETag: "58cddbea90dfcf1:0"
Server: Microsoft-IIS/8.0
VTag: 438171942400000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 550
Cache-Control: max-age=900
Date: Thu, 11 Dec 2014 16:32:46 GMT
Connection: keep-alive
0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-Stamp PCA..141003211553Z..150102093553Z._0]0...U.#..0...#4..RFp..@.v.. ..5..0... .....7.......0...U......00... .....7......150101212553Z0...*.H.............:...h:O..9..a.M8.}*.........A....f......SG....(...g...>.!.4o7P....O...`x.h.W.F..x.9...1....C.......5..9..p ....1 ........$..P.......?.6...2.....(.."C1aF..B....I.V.u.4=Cs....~d5X..R...BRo............1Q-b.... ..P.M/SfvX..l..Mm.j9..A|.q.W=...Wy.Y]<....._!.../HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Sat, 04 Oct 2014 05:06:12 GMT..Accept-Ranges: bytes..ETag: "58cddbea90dfcf1:0"..Server: Microsoft-IIS/8.0..VTag: 438171942400000000..P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Length: 550..Cache-Control: max-age=900..Date: Thu, 11 Dec 2014 16:32:46 GMT..Connection: keep-alive..0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-Stamp PCA..141003211553Z..150102093553Z._0]0...U.#..0...#4..RFp..@.v.. ..5..0... .....7.......0...U......00... .....7......150101212553Z0...*.H.............:...h:O..9..a.M8.}*.........A....f......SG....(...g...>.!.4o7P....O...`x.h.W.F..x.9...1....C.......5..9..p ....1 ........$..P.......?.6...2.....(.."C1aF..B....I.V.u.4=Cs....~d5X..R...BRo............1Q-b.... ..P.M/SfvX..l..Mm.j9..A|.
<<< skipped >>>
GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:51 GMT
If-None-Match: "96bfbfb1d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Thu, 23 Oct 2014 05:05:32 GMT
Accept-Ranges: bytes
ETag: "a2f3ff97eeecf1:0"
Server: Microsoft-IIS/8.0
VTag: 791744844900000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 813
Cache-Control: max-age=900
Date: Thu, 11 Dec 2014 16:32:52 GMT
Connection: keep-alive
0..)0......0...*.H........0_1.0.....&...,d....com1.0.....&...,d....microsoft1-0 ..U...$Microsoft Root Certificate Authority..141022204822Z..150121090822Z0.0...a......../..100208014912Z._0]0...U.#..0......`@V'..%..*..S.Y..0... .....7.......0...U......'0... .....7......150120205822Z0...*.H.............4....w.h.Y..L.p.Q... ..?.~.q.......'.a[... ]G........t.....^p..De..0*r.n....G|....$b-{......d/....m...r.xQ...t..XtF...OW~.....@6...*x.h........wi.L.%.,<}.rULPR..T........P..g...._V.\z`..../..^...e.............r.%...:.S..W.....Qy...6.W..Fo.;.~.e9.]...;7..[.$wzD....|.%\.w..o...X.....R.2u.w."J\.&q.f.d<&.p....[31.....il.....dI2.#...h.Y.._e........H.%2.r.w..M.(~...W.{?...@n0.X.v..Wa.^o]...K....f[.oN\.V.../<..&.)@P.A.......p....D.Gj.M}PhUY?s...YX>..e...PC...@.^....v...:._[.l.....z.._(..>.l....O....ReP...M.%.B1..)HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Thu, 23 Oct 2014 05:05:32 GMT..Accept-Ranges: bytes..ETag: "a2f3ff97eeecf1:0"..Server: Microsoft-IIS/8.0..VTag: 791744844900000000..P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Length: 813..Cache-Control: max-age=900..Date: Thu, 11 Dec 2014 16:32:52 GMT..Connection: keep-alive..0..)0......0...*.H........0_1.0.....&...,d....com1.0.....&...,d....microsoft1-0 ..U...$Microsoft Root Certificate Authority..141022204822Z..150121090822Z0.0...a......../..100208014912Z._0]0...U.#..0......`@V'..%..*..S.Y..0... .....7.......0...U......'0... ..
<<< skipped >>>
GET /pki/crl/products/WinPCA.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 07 May 2014 05:04:02 GMT
If-None-Match: "a413fc3b169cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Mon, 06 Oct 2014 05:06:02 GMT
Accept-Ranges: bytes
ETag: "3e1c83923e1cf1:0"
Server: Microsoft-IIS/8.5
VTag: 791653227500000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 561
Cache-Control: max-age=900
Date: Thu, 11 Dec 2014 16:32:58 GMT
Connection: keep-alive
0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Windows Verification PCA..141005213147Z..150104095147Z._0]0...U.#..0.......p............<.J0... .....7.......0...U......20... .....7......150103214147Z0...*.H.................C>....... ..3yv..N...Q...&..U...u(..8.2.,.K.r.M..m0..BdE..(@.bu//J.......b...H.Z...B..7zS.>......G....{..C..}p.......9d..Q.E/.N......fM.._A{7RI*.....t.B...d..>w'.. ..0xJ...'.0.6...o. ..(.......1..TU[..<..|F.>x..j.....xA2....b.'..{.t.H......A...@.{{ip..HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Mon, 06 Oct 2014 05:06:02 GMT..Accept-Ranges: bytes..ETag: "3e1c83923e1cf1:0"..Server: Microsoft-IIS/8.5..VTag: 791653227500000000..P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Length: 561..Cache-Control: max-age=900..Date: Thu, 11 Dec 2014 16:32:58 GMT..Connection: keep-alive..0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Windows Verification PCA..141005213147Z..150104095147Z._0]0...U.#..0.......p............<.J0... .....7.......0...U......20... .....7......150103214147Z0...*.H.................C>....... ..3yv..N...Q...&..U...u(..8.2.,.K.r.M..m0..BdE..(@.bu//J.......b...H.Z...B..7zS.>......G....{..C..}p.......9d..Q.E/.N......fM.._A{7RI*.....t.B...d..>w'.. ..0xJ...'.0.6...o. ..(
<<< skipped >>>
GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 01 Jul 2014 05:04:34 GMT
If-None-Match: "924558f3e994cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Last-Modified: Thu, 13 Nov 2014 06:02:42 GMT
Accept-Ranges: bytes
ETag: "88cab6f7ffcf1:0"
Server: Microsoft-IIS/8.5
VTag: 438383355800000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 554
Cache-Control: max-age=900
Date: Thu, 11 Dec 2014 16:33:04 GMT
Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..141112173206Z..150211055206Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......W0... .....7......150210174206Z0...*.H................].`...D..9.>LO.ey...Qx%.^.P.& ...D.......b}.K..[.....5.m....).....H..6R....G/ju.........:..A.#.9!......D5...|".w.x..=.u..X6.7{..).XN....g......B.8.!&...........<7fS$..........t<X)%.b(0.L@..i..Kn.......fX... ,...K\....U1cp).........y.T..?rm.t..Y.}.E..-@.HTTP/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Thu, 13 Nov 2014 06:02:42 GMT..Accept-Ranges: bytes..ETag: "88cab6f7ffcf1:0"..Server: Microsoft-IIS/8.5..VTag: 438383355800000000..P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Length: 554..Cache-Control: max-age=900..Date: Thu, 11 Dec 2014 16:33:04 GMT..Connection: keep-alive..0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Signing PCA..141112173206Z..150211055206Z.a0_0...U.#..0..........X..7.3...L...0... .....7.........0...U......W0... .....7......150210174206Z0...*.H................].`...D..9.>LO.ey...Qx%.^.P.& ...D.......b}.K..[.....5.m....).....H..6R....G/ju.........:..A.#.9!......D5...|".w.x..=.u..X6.7{..).XN....g......B.8.!&...........<7fS$..........t<X)%.b(0.L@..i..Kn.......fX... ,...K\.
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=509943
Content-Type: application/ocsp-response
Date: Thu, 11 Dec 2014 16:36:05 GMT
Etag: "5489966f-1d7"
Expires: Thu, 18 Dec 2014 04:36:05 GMT
Last-Modified: Thu, 11 Dec 2014 13:04:47 GMT
Server: ECS (ams/49CD)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......P.s..)...... ..y.H....20141211125000Z0s0q0I0... .........H...{....*.....04....P.s..)...... ..y.H.....p.x.f..7.L.%o. ....20141211125000Z....20141218130500Z0...*.H..............]....2..S`.C...R.....|*..x.Y8.`....B.K..L.h."e.j....P.g.a.6:./..:....|............(. 4V.k..0I...(.E|..Tw<@..o...&....]e..}.....m........jE7.=....$./.qB... ..Qj.O.S;%....J.......v).8..)....9I..g...I1W..../.W.eCUk_...;..~1..l...i.x?&.KO].;...u.."..I.t....XcHTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=509943..Content-Type: application/ocsp-response..Date: Thu, 11 Dec 2014 16:36:05 GMT..Etag: "5489966f-1d7"..Expires: Thu, 18 Dec 2014 04:36:05 GMT..Last-Modified: Thu, 11 Dec 2014 13:04:47 GMT..Server: ECS (ams/49CD)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0...0......P.s..)...... ..y.H....20141211125000Z0s0q0I0... .........H...{....*.....04....P.s..)...... ..y.H.....p.x.f..7.L.%o. ....20141211125000Z....20141218130500Z0...*.H..............]....2..S`.C...R.....|*..x.Y8.`....B.K..L.h."e.j....P.g.a.6:./..:....|............(. 4V.k..0I...(.E|..Tw<@..o...&....]e..}.....m........jE7.=....$./.qB... ..Qj.O.S;%....J.......v).8..)....9I..g...I1W..../.W.eCUk_...;..~1..l...i.x?&.KO].;...u.."..I.t....Xc..
<<< skipped >>>
GET /cm/l/out HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d.adroll.com
DNT: 1
Connection: Keep-Alive
Cookie: __adroll=263029beff56234a7a2f35a27dd85513
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate
Date: Thu, 11 Dec 2014 16:36:04 GMT
Location: hXXp://idsync.rlcdn.com/377928.gif?partner_uid=263029beff56234a7a2f35a27dd85513
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Pragma: no-cache
Server: nginx/1.6.2
Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:04 GMT; Max-Age=157680000; Path=/
Content-Length: 85
Connection: keep-alive
Go to hXXp://idsync.rlcdn.com/377928.gif?partner_uid=263029beff56234a7a2f35a27dd85513HTTP/1.1 302 Moved Temporarily..Cache-Control: no-store, no-cache, must-revalidate..Date: Thu, 11 Dec 2014 16:36:04 GMT..Location: hXXp://idsync.rlcdn.com/377928.gif?partner_uid=263029beff56234a7a2f35a27dd85513..P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"..Pragma: no-cache..Server: nginx/1.6.2..Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:04 GMT; Max-Age=157680000; Path=/..Content-Length: 85..Connection: keep-alive..Go to hXXp://idsync.rlcdn.com/377928.gif?partner_uid=263029beff56234a7a2f35a27dd85513..
GET /359eb7b28b26c98a238e6cdedc877947afb6a2ef/satelliteLib-6d2ff207543454d05c23a4bcb6934a30b796a147.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: assets.adobedtm.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
ETag: "2d0f7175d096c4871870d2620c9cf80d:1417019825"
Last-Modified: Wed, 26 Nov 2014 16:37:05 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 19148
Date: Thu, 11 Dec 2014 16:35:59 GMT
Connection: keep-alive
...........}[{.F.......(...".vB......~v..9.s.f< .......% "..VU.....}..&..hT......N.e...l.Za:...%K.8K.V...2.J..l..\...u../...7[...r....w#.[...L..t.....`&,.ZN..P.b.."L.....QxJ..FA..Ry...|.."..gqR.../.u......<uX....}...p. `m....`......,[&.5..@..jR.y......y..'...8.......Y..r...S.`T..U.......4....}.:.^d.,......O.....]./.c...`.fatQ.D...A*:..K...A.._........ZL`..UF......f5*.|.....%..4[..... .....\^.e...5.?...i\.a...\o........zS....=..........I{.%.k..n.7.k.....'8...,'..[.&<....]Yx'P..%..-8R.a.Ut.q..Q.#t.`..O.p.T[.x.#.._....eI;.a.............z....1...k.a1........N.....p...!..".....S..l....hU.....n.v.b.nq.67(....4:..xY..........).a>/.f..$..B.xU...[.U...{#QG..........0...9.......=..*...A:q.|.....g....%l.........R..J..d...S.IT.d...7.......Q......E.....#.c.S.^...6...l.v.Ox.Z....o...A>.....Z.T.%0|.T...a1*...,... Ha.#.~.W..a*....ona._"%.e...i N[..42.d..........l..M.q.2...>...O.u.M.e. -.1F.r....... ..^....t.${.,..D..o.....@..f..C8|...8...T.GFSu.a^..c.._._E..WS....P|Og`c...........|[b.wq..S.4.=w..}...x._9.....J...eW,?........ZCd..q..C.:a...../.A..Z....l.........;.....V.a./.A..b.=.....H.K...'......M......}.x.mt[az}...6.m..A<.c.in<.8]..^.f.h..f..w.O...c....0.e.(d.#q...x...N...3z....*......I.T_..&.........@N.).....<.j:..2..|c..8T...=r|.3Q....A..~Y....]...-..e._......{.h....0...L.ra..R}v~>......Hz.m...k...9...........z.W.k.......w..............*;.'Y..=_d..........N...3z...T...q.R...vh...R.....b...|...>.2.6..\..s..L.....'..q<].z...l.I...t..VX..z..G."&.. ...C....>;..A.".ibQ.@A....9JK.....N......
<<< skipped >>>
GET /359eb7b28b26c98a238e6cdedc877947afb6a2ef/s-code-contents-1ce25cd3cd6d4f446079f5924eec249f6b3d3a78.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: assets.adobedtm.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
ETag: "9f7cd65bb731ab2c8e0cd9ca5bf9c135:1417019825"
Last-Modified: Wed, 26 Nov 2014 16:37:05 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 10393
Date: Thu, 11 Dec 2014 16:36:03 GMT
Connection: keep-alive
...........=kw.6... d....`Zr.>$#:N.4n.$.........LK"............D;{..."..........M.. ........h..^..h...t....O.....~o..y....q{...o........*...e.I....7..O.e...I.....w.u....xy..........v.{.g.. .$k.D..>.....>m...Lnd.j...l..$nC..\xs..Y.*......z...(.......o.Z.U.g0n.:....I;..U..SWC.-...b....(...pb......9...0..cf.y...2SI..y.T.%..y:4.......W5........{...|.P...Y..a....|..E.......^../p.......N'.t,.[..px..E..v.rmQ.^.i.yL.Cg.CV@..6...t.7. =n.n..=...Q..%t6.".Z@.. ......E..t....U.p. ...\../K_0.|..i.><...L...@.....:k.C....y.A.{....;..L}.,..).........z\F~....N^..e.!/y.QB........u.......v.m...K.$...`..w....;/x...=........Y]...D...;....f.......|\.e.J..v..L.......l.....Z......1.m9..xN................D_.X....W.XH&.....8...(^.0z/.0.RM..`....k.Ng.Z...v.......;..s..d..........3........'..3.ivb..Z...=.s.D..D1..?t..2...,vw.U`...7.J...j79S.."...I>..R..R"...&. 8.......f!..B...8.Cr..7....!...;`.e....E...~..*.iv.$4..e K.......xl...e.y..y...Y.'..E.%G&.....O...B`..P......#......HC...`......wo-.<..}....m{.......(.....w=gd.<......mn*.......~r..o....g.s...J.'..}."...kz.t.w..A..^o..`0\..Ms.r.......9y..b...t.a{). .7..vm.#.-o.a"S..#..:....?..QN...,P,iu.)gef...\......`....[..)..B...h.b.....;.x...{CE....6HtJ..Z.j.-_<6...Zz.0.....Az..`...$.V.x.B.&..>...I.3..d.H....Xz.p.p.......A|..S..C..8v!....$.i.f2..=....&....$....F&0..rp.. ;.9"..lg.l$....F.S..q..b[......9C..@.w.J......?.,...$.....a.....; ."_..)Z....M.....9..*C'.:.La.Eo.......p.j...d30d...^x..W fT..>..^...$..a.^".l......w.cW,..;..Z. . ...r....~..2.*.......U4..H. ..S.
<<< skipped >>>
GET /scsi.png HTTP/1.1
Host: 70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com
Connection: Close
HTTP/1.1 200 OK
Last-Modified: Fri, 24 Oct 2014 17:06:43 GMT
ETag: 5c2bcf85387ad7cddd68297ebf7ae2e9
X-Trans-Id: tx61316fbadee94a0c9379e-0054527cedord1
Content-Length: 40592
Accept-Ranges: bytes
X-Timestamp: 1414170402.10987
Content-Type: image/png
Cache-Control: public, max-age=462
Expires: Thu, 11 Dec 2014 16:43:36 GMT
Date: Thu, 11 Dec 2014 16:35:54 GMT
Connection: close
.PNG........IHDR.......,......i......PLTE......aUVQFF.....................XLN...eYY...UJJ...LAA=jG.........\RR...[NR...DnLG<;...1,-# !<aCEtP)'(4433_>#..6gBLxV...SRP@569<5h]^ @....:/-...EDC[PJSyZwkjMKK, .EcHnaa:W>0W9*2*EYC`_\...38)...pffK[L<rL...MpSaSO@N>2'%& ZYV7J;...5E3JgP@D:j}j=<=btc...-L6...T._}.{......~po.%.n^[...a.e......Z|_fgb..._tYHPFXl[TbT.{xK.[f.mvfc}xsWnQ...JK=\_Nq.us.o......&X4......QeJuspC}T..s.=&....1.............(7"*c;..............zTTE..............P.2&[.g2oE......B<.{.wqqbi[N...o.k.%...v~..s.v..I...........H.........lnj.......wePA8...s.|...giVe.q..@...!N,...........X.....j..S:E......y..F.....c.......u:.........8zO;P...Of.Z%..9QI........0..UHL*h]&.r#.....L..825.R[3\L:.....9udQ.....dQ<&.nX.....`|.....TM....iX>C1.{h/....................k...............jC....rm@twW....\......d.....k..t6......KIDATx..}]L[g...8.>...a|X.,c.W.'s....6.$...B...."V0qHl..&6.S.a0....$..... c.....&.."E.pSE.^q......S..%..H.9.gH..G..?;3~..IZ.?~..}...V......>..... ../. .<!yB..............y.' OH._.....yB.............x*(............C...(..:..zAI.@$.... ...........yB~.T.Y....#.."..XT...y.p.!.*.r...1..UUUyB.'..#........"0".......p.AI.....n!...B.........b.^........1O.....h# O.....8G....uG.H[.....>.9....U...?Wy(o6~.h..@G....J...0V...U.....H.-..n..R......yB...i;..|.s.#y...E.dw9..z]....H..%.`$.<!.1.*.......BI^.......x..1.c.X.bY..././..8..'.{..........F67.<.NEl.g.. .My.q.o`.....52Ry. ...E....A.%..\|.......}...<...P..bXo<...[,...Be%....w..3..".E.PT.F..h.!...........~..6...h4......F
<<< skipped >>>
GET /pixel?google_sc&google_nid=artb&google_hm=JjApvv9WI0p6LzWifdhVEw&google_ula=1535926 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4
DNT: 1
Connection: Keep-Alive
Host: cm.g.doubleclick.net
HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: hXXp://d.adroll.com/cm/g/in?google_ula=1535926,0
Date: Thu, 11 Dec 2014 16:36:07 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Server: HTTP server (unknown)
Content-Length: 245
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://d.adroll.com/cm/g/in?google_ula=1535926,0">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Location: hXXp://d.adroll.com/cm/g/in?google_ula=1535926,0..Date: Thu, 11 Dec 2014 16:36:07 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Content-Type: text/html; charset=UTF-8..Server: HTTP server (unknown)..Content-Length: 245..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://d.adroll.com/cm/g/in?google_ula=1535926,0">here</A>...</BODY></HTML>....
<<< skipped >>>
GET /pagead/conversion.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.googleadservices.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 4968263566528690459
Date: Thu, 11 Dec 2014 09:02:19 GMT
Expires: Fri, 12 Dec 2014 09:02:19 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 4131
X-XSS-Protection: 1; mode=block
Age: 27220
Cache-Control: public, max-age=86400
Alternate-Protocol: 80:quic,p=0.002
...........Z.r.8.....PS21b(..3{D..\<..$q6q&{V.q.$(2.H.II.-..v.....l.V.(....@_...y....8....'.9.. .oYI...f..R.^.[........0fS...~;A.f<r..U..;..l.D.c.X.<.r...c[8....X&q...F.... ....C.K.0U.t....of .[....`..H...D..-...K2B..3..#...^...t..t...x...].$..H.a`.p;..n{.F.`.>..R._../.m..7..$..U.T.<..0.......:.$.....h..."..Jq.;y.aC..)....p..w........ZO...^.hR.@.:.>R".....S..\.t..z.......u>ug..s....F*..,.sB..np.=_.({....D2yL..U..t.MY.._..z.*.TD.8........xX.i.'66u?p]....e".....GX^.b3>.M....m...=.0...d<..-7..}.u.O"d...wz...Xm.LlF.Z...<..2~B..W.m]....4`..H u..=..%.1..f...5-..=.......L..:].5u...Q].5...^.....<3...6........T..=......^.4.J1...v...-A..]`..\7...%OR.k...fGA.....vk.r8.3>....`.........?.........xoEc./.....:..,N.q.R....2V.H^.Al.......e'..v......&}.^.]vo.m....N..,9.....>.,o......?k.....9.8...N8.1.s.a2.g..x#.7<.....B"[W.........1.u...].....coz......Q...`.E.B...zo.P'..cn..A....X...5.f}.]..E....rmk.1J.M.t:.....*.l.M.....@.....j.w.8.?..?...S.qj...2... ...7v .D.../..bW.s.j.54.NTl......R.w..FDb8l:.d.3......Pw.O.r.4...}.Z..MU.i.>.g3TB.7...?..8....(~..q'...B..1...C....I....%h......<...C.Xh4.$.5.8.8...%w..qDb...D..R".....<...-..........W".<j.O..g..''..;.g....ao..g|*)^.......Cg.er..}.qe].?..K.....c.p..*.........[.%~u.q...*\..j.....GFr...@.....V..... ....r..B........7.{g..2..$.-u..q.P.b.#...RYm..{c.^...s..u.su../.......GT.....>.t...b..8.UV0.f..k......2|.......BV'(@~..`d...P....^....1....YK...B.....C...W|..k...BwV.@!....L...l...a.Xq.'...R..7..2?.Ws.h....[...........r...8~.DA&.iI_.
<<< skipped >>>
GET /pagead/conversion/996887577/?random=1418315763273&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.googleadservices.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 302 Found
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Date: Thu, 11 Dec 2014 16:36:03 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://googleads.g.doubleclick.net/pagead/viewthroughconversion/996887577/?random=672765864&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0
Content-Type: image/gif
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............!.......,...........D.;HTTP/1.1 302 Found..P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"..Date: Thu, 11 Dec 2014 16:36:03 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Location: hXXp://googleads.g.doubleclick.net/pagead/viewthroughconversion/996887577/?random=672765864&cv=7&fst=1418315763273&num=1&fmt=3&value=0&label=9hZ5CJeizAcQmZit2wM&bg=ffffff&hl=en&guid=ON&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_his=1&u_tz=120&u_java=true&u_nplug=0&u_nmime=0&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia%26aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&vis=1&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0..Content-Type: image/gif..X-Content-Type-Options: nosniff..Server: cafe..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............!.......,...........D.;....
<<< skipped >>>
GET /pagead/conversion/933633792/?label=NtOJCPjf1hEQgL6YvQM&guid=ON&script=0&ord=6861940290426481 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.googleadservices.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 302 Found
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Date: Thu, 11 Dec 2014 16:36:04 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://googleads.g.doubleclick.net/pagead/viewthroughconversion/933633792/?label=NtOJCPjf1hEQgL6YvQM&guid=ON&script=0&ord=6861940290426481&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&random=1049230801
Content-Type: image/gif
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
GIF89a.............!.......,...........D.;HTTP/1.1 302 Found..P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"..Date: Thu, 11 Dec 2014 16:36:04 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, must-revalidate..Location: hXXp://googleads.g.doubleclick.net/pagead/viewthroughconversion/933633792/?label=NtOJCPjf1hEQgL6YvQM&guid=ON&script=0&ord=6861940290426481&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0&random=1049230801..Content-Type: image/gif..X-Content-Type-Options: nosniff..Server: cafe..Content-Length: 42..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..GIF89a.............!.......,...........D.;..
GET /video.png HTTP/1.1
Host: 70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com
Connection: Close
HTTP/1.1 200 OK
Last-Modified: Fri, 24 Oct 2014 17:06:44 GMT
ETag: 1a5883daf427181232acbcfb26aaf4b7
Content-Length: 15399
Accept-Ranges: bytes
X-Timestamp: 1414170403.72059
Content-Type: image/png
X-Trans-Id: tx1000dd2267d54152a04bf-00544a89f1ord1
Cache-Control: public, max-age=430
Expires: Thu, 11 Dec 2014 16:43:04 GMT
Date: Thu, 11 Dec 2014 16:35:54 GMT
Connection: close
.PNG........IHDR.......,......i......PLTE...8p.8u.8r.8y.#. 8{.......8w.8m.9k.8t.=l.8.....@..8l.8..8..8o.;..8..D..7|....8..>.....=..<..7..8..*..<{.@..<}.8..:..8..;..A..8..C..<..!..E..8...Z.8..8........H..'..?.....nnp.O.1..=.....G..SSU...>..c...c.;y.....T....8...^..E..j.C...}.:.....@..?.....'%&302- ,...<..~..o..M.........J.Bp.Z..{|.;...........H...x..q.E...j..B....N...s.968f...........|..[.....wx{.......K.............Q.....8.....H...........V...Q....^{."..YXZ2........t..*......}.J..-..>p.A.....Et.;....._^`:.........Y..........ddfM..............SbuMMOiik...>=?...rsv...&......c....5.........\..?.Q.. ..DCDIHJ............W.....:..\....W......t....zAb...p.....Z..U.....d....6K........t..0..Q\...%Y..}.....f..(&Mwk.....w.Z..J.?q\....5...}.....n....a.......!:C...d'....*D...u.......&..u.~cm..F..........L.L.4l...3`..8.IDATx....lV....]....(S`2E../H0.2..X.....m.6B%Y.2.e. ......H.\....1w:6(e..m.J.m.... .. .......4...>......p..|.s...d.O........i..I.&M.4i..I.&M.4i..I.&M.4i..I.&M.4i..I.&M.4i..I.&M.4i..I.&M.4i..I..B...'0....5I..../'1/>..CQ..._yy`.7........>*...L.o...(_$........$.|=.....F@B..%...\. ?K....aP..Pp...r.H2=.d4ro\m......o2A.. ...LMG...w...\....HB@.....,....={...q..%I..._/...0..<....N......{:z.B...kt..\...m.......grg<..3.tK...K.0.........P...=q"..........,.r.E..01J..*........2. ..a9.@.....8.j;.l... C........z.:bH...@.p....X..z,N(.%".[.....?\..]^^...y=a.ftm...:..hI..%i.".0".#....P...t....=t.a...|...D..G... .....q"Y%!......9..c.A.v0...5..9.Hm^^.0....SV.^*.....j...x.2 !..!.....1.I..
<<< skipped >>>
GET /cm/g/out?google_nid=adroll4 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d.adroll.com
DNT: 1
Connection: Keep-Alive
Cookie: __adroll=263029beff56234a7a2f35a27dd85513
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate
Date: Thu, 11 Dec 2014 16:36:04 GMT
Location: hXXp://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=JjApvv9WI0p6LzWifdhVEw&google_ula=1535926
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Pragma: no-cache
Server: nginx/1.6.2
Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:04 GMT; Max-Age=157680000; Path=/
Content-Length: 117
Connection: keep-alive
Go to hXXp://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=JjApvv9WI0p6LzWifdhVEw&google_ula=1535926HTTP/1.1 302 Moved Temporarily..Cache-Control: no-store, no-cache, must-revalidate..Date: Thu, 11 Dec 2014 16:36:04 GMT..Location: hXXp://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=JjApvv9WI0p6LzWifdhVEw&google_ula=1535926..P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"..Pragma: no-cache..Server: nginx/1.6.2..Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:04 GMT; Max-Age=157680000; Path=/..Content-Length: 117..Connection: keep-alive..Go to hXXp://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=JjApvv9WI0p6LzWifdhVEw&google_ula=1535926..
GET /pro1000pf_dualport_preview.jpg.rendition.cq5dam.thumbnail.219.146.png HTTP/1.1
Host: 9478ead64acb3b167847-1e1b59e1b8bb5e93fbebd0cc2fdbf9a2.r18.cf1.rackcdn.com
Connection: Close
HTTP/1.1 200 OK
Last-Modified: Fri, 11 Apr 2014 19:48:23 GMT
ETag: 1115d22970934168c37ec2b5829c86b2
X-Trans-Id: tx3278a6275b534567923b7-005463449adfw1
Content-Length: 19586
Content-Disposition: attachment; filename=pro1000pf_dualport_preview.jpg.rendition.cq5dam.thumbnail.219.146.png
Accept-Ranges: bytes
X-Timestamp: 1397245702.32015
Content-Type: image/png
Cache-Control: public, max-age=89336
Expires: Fri, 12 Dec 2014 17:24:50 GMT
Date: Thu, 11 Dec 2014 16:35:54 GMT
Connection: close
.PNG........IHDR...................LIIDATx....t[g.-..........3.....;ff.. .23.2.....8..ff..9q.an.R.6M..I..}^Y......i..u".H.........A0...Y.=...&..6....&.`..`.L0.l..&.M0....&.`....L0.l..&.M0....&.`....L..`..&.M0....&..6...L..`..`.L0....&..6....&.`..`.L0.l..&..6....&.`....L0.l..&.M0....&.`....L..`.....[OO.;...O........m...k.S?..w.......5..6.\.................?..K.p..m.....\...?..u3pusl.o....v...=...?.==...l..}..~7{aW7.=./.}|?...)......<~.._}..>..c.<y..7o..5k.z.j.......{.}....&.O.f.h..~....'..W.]...W.a.^]<.3Z...`..\..u`S....o8....d.....e.0}.t..?..V.....[q..y.....l.f...c5.......I....c...<.b.....`l...=...9.~o..W%#........r..<x.okii.....t.Rl....m..9X.b...J..@.)...,....>.M.yw'.$.......=.<...%..K.........x.N&?.}...._.H:......m..;|.0..=........]....c..yX.h.v...........S\._I.7..y'.z.........)....S9...}. ..@....0{..gM..........d......^$.k....lo.C...{.4..{.......{.n.....'9I~....9...1.....s...|k`E.....}..bWg;..^2.1f#X..dl...l...1.......0y.L....9..fb.h;.a...".Sq..E<c|'.....o.{.U1.2.A2.d".m....`t{..!.9r..6l..F,G@.9s&f..._..g.q....D..O.:.........\/....../q..I,..........s..h:.CUd.5'C.......jnF...C......=....g?.nr.l....2.O...s'..=.7.<...8q..I...W#...G.F...^.x....ft...>.[.......!..s.c..._.=..<.B.../...g7....T..ATa,.....[b4c.1"..:..[=.v..j/..:.A...CD.0..av.b.._p.| .~c.._..:::.N.../_....8mmm\F....F,F..2e../^..H@..(..&...r....7aL.u.:{..........c..u..=.....<..x...I................vu..7LCLy.\..`.`.1.z..6.{s....H;C..3..'c.s2....tD&..t<...f.qB.,$.p........$......)......X.`..L......._~..F #p).%....
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a5a65ff8a989e7eb HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 05 Dec 2013 22:47:50 GMT
If-None-Match: "0af536cf2ce1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
Accept-Ranges: bytes
ETag: "0b2464b1797cf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 6408
Date: Thu, 11 Dec 2014 16:31:44 GMT
Connection: keep-alive
MSCF............,...................O.......'#.........D.z .disallowedcert.stl....2..'#CK...8T...g........g.k..".....mlI."d..m...P$"....e.J........z.....\..........9g.9....~.........Q.Q......Q..DL.8.C.PS.K0.!P.0........#.DY.8.....V.....$.C....a.0...........`......;.S.....0#...m... ..`0...?.!vR?.....d....`......_@..}....$...i..OR'..$....K..'Z....o.g..*.Vc.....[nY e./.EJ...B.Y.......Ag......!....9......u..!..1Yy.......r...Ss^@...M.Dtl\....i.k....3...B.Z.:.p.N....*......x,...ah/..].[....GB..T..$A....SY..t.E5R..R...9!....*.*68V....1... ...Q{...".Op@L.2M...1;xd{.C.u?..e.U.=f.nx.........y.G..0.......\L .'.^....$......N=..m...UjrZs...J.I.C....;......q_..e......?.T..2..bw....E.L.{...S...~.<.........-.Q..|.l. .1..6r....[}!J..,...naPk.U.... ..{@LH..W....>.Sq...8.5.,.z..0.jL.S..........]...yW_...Y.1..h.7...9{.....I......g.Y.,1...i8n.6..........4.]...........=........^..n.K7...c.g).Z. .0..$7.ys.p...B.5.].f...|(3!.|..P...j..^..j....#(...@...As..*.O..i..u....9..S.Y.n..HXW...F ..i...:.......!.] r......D..*ld.b.>>:Pp.....5:1 o=..5.'..4.......hO....{.V.rx..V...%.}..u...6Wv-..".iV.b..B0.Q..,...E.Dy...x..5....?Z.$L..1.....4...=.....g!....%..:..c..j..v~....._R.6.......;.#.Y*p..J.4.#'..Vo...g^K...J....._.^..u...)....&/.....q....o......4.....S...,q.....p.8IIe.....d|.3{)...M.0.X...4.."..P.......Hk.... ]!.!... ..#.x..<..X.........'.E(<b[.......#.. ....XiLl|..=.....&P.@H.J.oo...a...x B....l.....@.P......!8..@...q2..;.......mm....>~............j%..>.X.,V...J...C ....*..Z.8- RKGW...0./Z.__..)7g_'{.......pr......;.
<<< skipped >>>
GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?f44aaddf1e28b195 HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT
If-None-Match: "0b2464b1797cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 304 Not Modified
Content-Type: application/octet-stream
Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT
ETag: "0b2464b1797cf1:0"
Cache-Control: max-age=86400
Date: Thu, 11 Dec 2014 16:32:13 GMT
Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..Cache-Control: max-age=86400..Date: Thu, 11 Dec 2014 16:32:13 GMT..Connection: keep-alive......
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?bb767d4abad4985e HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Mar 2014 20:20:10 GMT
If-None-Match: "0b96c77303ecf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ctldl.windowsupdate.com
HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/octet-stream
Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT
Accept-Ranges: bytes
ETag: "805a83f2b9cecf1:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Content-Length: 56928
Date: Thu, 11 Dec 2014 16:33:01 GMT
Connection: keep-alive
MSCF....`.......,...................I.................,E.Y .authroot.stl..Y-..8..CK...<T...g.v!M.d..f.%d..}K..5..F. ...T..%.,YJ.,!T......_..x.<=O.....yy....;3..>.|..~..\.....|......;..8..~.za...."A...q.......g..m......<X........j"I........!..-w.....w....P...H..(.?}..2.N. .u..a. ...=.C..D.F>rC.. ..|).=.. ..3b.8H.M...(...u8.%...W.g...\YB.m:.....dE.........V....$....Dn:....0...S."...o..q.....K...I..K...(x%....>A.R...`.0 .........<`L0mp...%....y.....g.n...R0Op..<..,....`0$z.@..&.x"....T..H...<........~..E..".....<<.\B(.....................@.....L.........KNAy8/"...f.......k..Jm7j....R.5q....Rz..!@...].......Y.[........4.. .D8..&...t.J^O..Q.._..1.J.m5<'k.,....%T....i.\.;.;q..S./ 8.?Bu.............}D.Q....L....*..[.."e......15m..._.0.M........#..v!..<...@..?sc.y....*.....tX[........{.W4.Q...^u@..*..QP.......~.L9N....2r...4.....B..-\(...b.d...K...O.8..Un.......V.<.......A...V.....(..s..f..q.{N0.hS.,..;M.|G|.@.M.._.....7._6...C.0...A;L....%...M=Y.....f.JV.(.5.....0..?*...KZ....jM...8.6U...#...ew.?..?...........WE.Or..O>..{.'W2.........3m.O.u..Z8....H4@.w}.o:?~....]<!...%....}@.d...L.p.aHTTP/1.1 200 OK..Cache-Control: max-age=604800..Content-Type: application/octet-stream..Last-Modified: Fri, 12 Sep 2014 18:47:05 GMT..Accept-Ranges: bytes..ETag: "805a83f2b9cecf1:0"..Server: Microsoft-IIS/8.5..X-Powered-By: ASP.NET..X-Powered-By: ARR/2.5..X-Powered-By: ASP.NET..Content-Length: 56928..Date: Thu, 11 Dec 2014 16:33:01 GMT..Connection: keep-alive..MSCF....`.......,.............
<<< skipped >>>
GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCv3k0jGH6Vn HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 09 Dec 2014 04:37:14 GMT
Expires: Sat, 13 Dec 2014 04:37:14 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 215929
Cache-Control: public, max-age=345600
Alternate-Protocol: 80:quic,p=0.002
0..........0..... .....0......0...0......J......h.v....b..Z./..20141209010332Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.. ..H...g....20141209010332Z....20141216010332Z0...*.H..............h.>'(...."6.&.....j..&..8^.._.>...X.1.C.X.}(.....2".Cm..O...^q.|..%.h.L.__.#4..|..o..!..n.....Wn ..r.yl......X0.......@.%?..zbn\....hlN.......b8.].L"R1...HH$..c.!|._~.7...)...$..Z..`.jG..~.*.1...../Yd.v..h...v.rXy.M.....p(.......C|..t.}M....g..Z...T[..G.xHTTP/1.1 200 OK..Content-Type: application/ocsp-response..Date: Tue, 09 Dec 2014 04:37:14 GMT..Expires: Sat, 13 Dec 2014 04:37:14 GMT..Server: ocsp_responder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..Age: 215929..Cache-Control: public, max-age=345600..Alternate-Protocol: 80:quic,p=0.002..0..........0..... .....0......0...0......J......h.v....b..Z./..20141209010332Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.. ..H...g....20141209010332Z....20141216010332Z0...*.H..............h.>'(...."6.&.....j..&..8^.._.>...X.1.C.X.}(.....2".Cm..O...^q.|..%.h.L.__.#4..|..o..!..n.....Wn ..r.yl......X0.......@.%?..zbn\....hlN.......b8.].L"R1...HH$..c.!|._~.7...)...$..Z..`.jG..~.*.1...../Yd.v..h...v.rXy.M.....p(.......C|..t.}M....g..Z...T[..G.x..
<<< skipped >>>
GET /377928.gif?partner_uid=263029beff56234a7a2f35a27dd85513 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: idsync.rlcdn.com
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Date: Thu, 11 Dec 2014 16:36:05 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://idsync.rlcdn.com/377928.gif?partner_uid=263029beff56234a7a2f35a27dd85513&redirect=1
P3P: CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"
Set-Cookie: ck1=ck1;Domain=.rlcdn.com;Expires=Tue, 09-Jun-2015 16:36:01 GMT
Content-Length: 0
Connection: keep-alive
....
GET /377928.gif?partner_uid=263029beff56234a7a2f35a27dd85513&redirect=1 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Cookie: ck1=ck1
DNT: 1
Connection: Keep-Alive
Host: idsync.rlcdn.com
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Content-Type: image/gif; charset=ISO-8859-1
Date: Thu, 11 Dec 2014 16:36:05 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"
Set-Cookie: rlas3="2bznhIPTxdCmZBR0kwf2LBYkymcmIRNKGQqXi8VRZSE=";Version=1;Domain=.rlcdn.com;Expires=Tue, 09-Jun-2015 16:36:04 GMT;Max-Age=15551999
Set-Cookie: rtn1=9bd5eed91f135ce5f86b12932f97ce18;Domain=.rlcdn.com;Expires=Tue, 09-Jun-2015 16:36:03 GMT
Set-Cookie: dids1581976645=ce45d84a6ae406224417910205f87c185e28a01c6ffec0578ac43b6522cf4b0dca3ac54fac842cbd0c19c77235780725;Domain=.rlcdn.com;Expires=Tue, 09-Jun-2015 16:36:02 GMT
Content-Length: 43
Connection: keep-alive
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Control: no-cache, no-store..Content-Type: image/gif; charset=ISO-8859-1..Date: Thu, 11 Dec 2014 16:36:05 GMT..Expires: Thu, 01 Jan 1970 00:00:00 GMT..P3P: CP: "NON DSP COR PSDo SAMo BUS IND UNI COM NAV INT POL PRE"..Set-Cookie: rlas3="2bznhIPTxdCmZBR0kwf2LBYkymcmIRNKGQqXi8VRZSE=";Version=1;Domain=.rlcdn.com;Expires=Tue, 09-Jun-2015 16:36:04 GMT;Max-Age=15551999..Set-Cookie: rtn1=9bd5eed91f135ce5f86b12932f97ce18;Domain=.rlcdn.com;Expires=Tue, 09-Jun-2015 16:36:03 GMT..Set-Cookie: dids1581976645=ce45d84a6ae406224417910205f87c185e28a01c6ffec0578ac43b6522cf4b0dca3ac54fac842cbd0c19c77235780725;Domain=.rlcdn.com;Expires=Tue, 09-Jun-2015 16:36:02 GMT..Content-Length: 43..Connection: keep-alive..GIF89a.............!.......,...........L..;..
GET /repository/gd_intermediate.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: certificates.godaddy.com
HTTP/1.1 200 OK
Date: Thu, 11 Dec 2014 16:32:55 GMT
Server: Apache
Last-Modified: Thu, 23 Oct 2014 23:14:10 GMT
ETag: "4e2-5061f38c8f480"
Accept-Ranges: bytes
Content-Length: 1250
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
Connection: close
Content-Type: application/x-x509-ca-cert
0...0............0...*.H........0c1.0...U....US1!0...U....The Go Daddy Group, Inc.110/..U...(Go Daddy Class 2 Certification Authority0...061116015437Z..261116015437Z0..1.0...U....US1.0...U....Arizona1.0...U....Scottsdale1.0...U....GoDaddy.com, Inc.1301..U...*hXXp://certificates.godaddy.com/repository100...U...'Go Daddy Secure Certification Authority1.0...U....079692870.."0...*.H.............0.........-....&L.25._.Y.Z.a.Y;pc...=.*..3.y.:.<0#...0.....=.T......%.!.e)~5..T...29.&U.....X.......*..B...?.......R.if....].,f..k...QJ./H..u..)...fm.....x|........z....%.....enj..DSp0... X =.tJ..Q....L'Xk.5....1......6.....:.%..I...g.E....9.6..~.7...q..t0.....?..O........20...0...U........a2.lE...._...v.h..0...U.#..0.........L.q.a.=....j..0...U.......0.......03.. ........'0%0#.. .....0...hXXp://ocsp.godaddy.com0F..U...?0=0;.9.7.5hXXp://certificates.godaddy.com/repository/gdroot.crl0K..U. .D0B0@..U. .0806.. ........*hXXp://certificates.godaddy.com/repository0...U...........0...*.H.....................g.f...:.P..r.Jt.S.7.DI...k3....V..0.<.2!{....$...F.%#..g...o.]{z...X*...!.Z...F...c./..))..r,).7.'.O.h.!..........S....Y..;...$I.....H..E.:6o.E.E.A...DN>.tv...U,..........u....L..n..=..q...Q@"(I..K..4.....Z..6d.5oown...P.^..S..#c.......c:..h...5.S...
<<< skipped >>>
GET /content/themes/base/images/ms-certified-partner.png?v=1.0.0.13 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d1pmrmlzxdx671.cloudfront.net
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 5258
Connection: keep-alive
Cache-Control: public,max-age=3600
Last-Modified: Mon, 10 Nov 2014 19:19:02 GMT
Accept-Ranges: bytes
ETag: "4ab6ac2f1bfdcf1:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Tue, 02 Dec 2014 21:23:07 GMT
Age: 3001
X-Cache: Hit from cloudfront
Via: 1.1 3d412ad301f6861db40352c43a580a9d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: cWM-J1GQ2eHqZKG9WM3FwckDn8aW7c7GCMNnR60vDtYw1CL-1l8kWQ==
.PNG........IHDR.......E.............tEXtSoftware.Adobe ImageReadyq.e<...,IDATx..].xUU.^IH.$...Z.=@.Ez...Q...Q..O..~...Q?..O...d...a.P.a.RD@z....z.I.y.....s..-......;$...W.....0.0..H.8..ii8....C...pg.r79...)O..322...~.`......W.XQ........cr..........L.........C.<..n.....)[......}KOOW?...#...w.).z....-[f......}>?...W.....U.T1...k....e|..W..9s..........i...F....z.... W6.....^z);.^.....e.....-.~....O>.D......@.......^..7nx.5i..Qu.}..w..O...f*V.....O^~.e...P.Xg..qR.n..w.;w..X......./.~.....*TPf...z.......%4h.....n..)c...b>.~.f.........Z...KO.,....;...8...6.,..f...'O...S&..........@.7.J...........$....J....~.n5....}...._|Q&L..~_.n..z. W............k....i......:uJI..Pr3.6l(.<.....3gd..E.b..9z...C&.=."..M..]...g{..u.7.V,X.@..Y#.?..t..M.M.c..O.V.F.*Y.....C.x..eb..|.r.qd.....X.?.9>>^z..%...R..J..../..B..]*g..U.E..)SF.y...0`..L..:....m.p.S.LQ....'.2......D....wo..q.\.|E.F\\.;..X.....LZ.......%.|...m....M0........I.FD......muXN ....*..._>pK.,.g..v.......>m..5..;.i.A4&M.d ....u......A.i.@O..=U_PD......y...!....#........];`."E...l.....&...m.b...>..b...}5..m~......y...!.....Az...l...F..-.z.e.O.e1.{...............'..2J..ByaA.N.Z.j.t..s...~.m.z0G........3...=....60i.....l..z...../_6:w..p\Z..;....w.U..........y5.R.J..J!&.....E....G..../nL.>].IM.*...>h.........tok..n.....^e......X.v.......-[...d.a`P.._1../o[.|....S.*.g.....Q..].v...F........}j"..&n.......L.USk..i{O.........X..W..-[..Z..|.\.p..]..Q.i-g..i.s(.....(mt.p.Q.pa.>.V.Zek..3.x..eX..=.....Ce..D... ...w.U.H!))I.. .m...~.z.A.z.....Jo
<<< skipped >>>
GET /content/themes/UI/Argon/AltHeader.css?v=1.0.0.13 HTTP/1.1
Accept: text/css
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d1pmrmlzxdx671.cloudfront.net
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 2254
Connection: keep-alive
Cache-Control: public,max-age=3600
Last-Modified: Mon, 10 Nov 2014 19:19:02 GMT
Accept-Ranges: bytes
ETag: "9710301bfdcf1:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Tue, 02 Dec 2014 21:23:07 GMT
Age: 3002
X-Cache: Hit from cloudfront
Via: 1.1 55b76ed2d318937c5f609e4d0eca210d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: UPvbad3e2u7GMmPSR67RkY6JktkLtAEAbv-J5CAQ9MamGHBtCg6p7g==
..... #introWrapper {.. padding: 20px 30px;.. background-color: #bbb;.. }.. #intro {.. text-align: left;.. padding: 20px;.. background-color: #fff;.. text-align: center;.. border: 1px solid #888;.. width: 880px;.. box-shadow: 3px 3px 3px #aaa;.. height: auto;.. }.. #intro h1 {.. font-size: 30px;.. margin-bottom: 5px;.. line-height: 1.4em;.. text-align: center;.. }.. #intro h2 {.. font-size: 27px;.. }.. #productDescription {.. color: #666;.. text-align: center;.. font-size: 12px;.. }.. #machineImageTop {.. float: left;.. text-align: center;.. width: 280px;.. margin: 10px 20px 10px 0;.. }.. #machineImageTop img {.. display: inline-block;.. max-width: 280px;.. width: auto;.. }.. #marketingSubText {.. float: left;.. width: 580px;.. }.. #marketingSubText h2 {.. margin: 5px 0 15px 0;.. font-size: 18px;.. line-height: 1.2em;.. text-align: left;.. }.. #PartnerLogo {.. height: 40px;.. }.. #updateCount {.. color: #d25647;.. font-we
<<< skipped >>>
GET /driverdetective/dd.html?whitelabel=driversupport&utm_source=ddloc&utm_medium=en&utm_campaign=ddtracking HTTP/1.1
Host: downloads.drivershq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 22 Apr 2009 18:24:34 GMT
Accept-Ranges: bytes
ETag: "05de39577c3c91:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Thu, 11 Dec 2014 16:35:35 GMT
Content-Length: 0
HTTP/1.1 200 OK..Content-Type: text/html..Last-Modified: Wed, 22 Apr 2009 18:24:34 GMT..Accept-Ranges: bytes..ETag: "05de39577c3c91:0"..Server: Microsoft-IIS/8.0..X-Powered-By: ASP.NET..Date: Thu, 11 Dec 2014 16:35:35 GMT..Content-Length: 0..
GET /printer.png HTTP/1.1
Host: e49b30b1dab19bb21dcf-bce5d432a4997ec4ca1b037336914d84.r88.cf1.rackcdn.com
Connection: Close
HTTP/1.1 200 OK
Last-Modified: Tue, 15 Apr 2014 19:21:18 GMT
ETag: dc0beab565f8b8f6e8376f434c0d793c
Content-Length: 60685
Content-Disposition: attachment; filename=printer.png
Accept-Ranges: bytes
X-Timestamp: 1397589677.22478
Content-Type: image/png
X-Trans-Id: tx6a925c8b676843e490454-0053f3c065dfw1
Cache-Control: public, max-age=109757
Expires: Fri, 12 Dec 2014 23:05:12 GMT
Date: Thu, 11 Dec 2014 16:35:55 GMT
Connection: close
.PNG........IHDR.......,.....b.r.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:DE5B71AB7E3211E387FDB964610F7B6B" xmpMM:DocumentID="xmp.did:DE5B71AC7E3211E387FDB964610F7B6B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:DE5B71A97E3211E387FDB964610F7B6B" stRef:documentID="xmp.did:DE5B71AA7E3211E387FDB964610F7B6B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>]nsz....IDATx...Y.%Wz&vN....=....U\........-k i$x...1.h..1..~3....".....lk..c./..<...[3c.jQ#.Zl...f.l..T...YK..w....v.s"nV.m.5..8.J...7n..s../....9g.Q.jT.,.[.V5.Q....Q.jT...jT...`U....F.X..F5.Q.V5.Q....Q.jT...jT.........F.X..F5.Q.V5.Q.jT.U.jT...jT.........F5*..F5.Q.V5.Q.jT.U.jT...`U.........F5*..F5.Q....Q.jT.U.jT...`U....F.X..F5*..F5.Q....Q.jT...jT...`U....F.X..F5*.......F.X..F5.Q.V5.Q....Q.jT...jT.........F.X..F5.Q.V5.Q.jT.U.jT...jT.........F5*..F5.Q.V5.Q.jT.U.jT...`U.......gm.........Q.......J...<R`.....<.......jT.U...N.En.....UaV5*..........>. ..1.CU.U.....=C.zj...?.4a....?(..l
<<< skipped >>>
GET /content/themes/reset.css?v=1.0.0.13 HTTP/1.1
Accept: text/css
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d1pmrmlzxdx671.cloudfront.net
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 1092
Connection: keep-alive
Cache-Control: public,max-age=3600
Last-Modified: Mon, 10 Nov 2014 19:19:01 GMT
Accept-Ranges: bytes
ETag: "aa603a2f1bfdcf1:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Tue, 02 Dec 2014 21:23:07 GMT
Age: 467
X-Cache: Hit from cloudfront
Via: 1.1 3d412ad301f6861db40352c43a580a9d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: AzzbsfTitnXnOJB3adAn2WO1EuoDOKEUQqGbQ87hh4TLu8J9dyKTkA==
/* hXXp://meyerweb.com/eric/tools/css/reset/ . v2.0 | 20110126. License: none (public domain).*/..html, body, div, span, applet, object, iframe,.h1, h2, h3, h4, h5, h6, p, blockquote, pre,.a, abbr, acronym, address, big, cite, code,.del, dfn, em, img, ins, kbd, q, s, samp,.small, strike, strong, sub, sup, tt, var,.b, u, i, center,.dl, dt, dd, ol, ul, li,.fieldset, form, label, legend,.table, caption, tbody, tfoot, thead, tr, th, td,.article, aside, canvas, details, embed, .figure, figcaption, footer, header, hgroup, .menu, nav, output, ruby, section, summary,.time, mark, audio, video {..margin: 0;..padding: 0;..border: 0;..font-size: 100%;..font: inherit;..vertical-align: baseline;.}./* HTML5 display-role reset for older browsers */.article, aside, details, figcaption, figure, .footer, header, hgroup, menu, nav, section {..display: block;.}.body {..line-height: 1;.}.ol, ul {..list-style: none;.}.blockquote, q {..quotes: none;.}.blockquote:before, blockquote:after,.q:before, q:after {..content: '';..content: none;.}.table {..border-collapse: collapse;..border-spacing: 0;.}....
<<< skipped >>>
GET /bundles/TSUIScanResults?v=1.0.0.13 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d1pmrmlzxdx671.cloudfront.net
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 14212
Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 11 Dec 2014 16:35:59 GMT
X-Cache: Miss from cloudfront
Via: 1.1 3d412ad301f6861db40352c43a580a9d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: OXdQY7IonF1VX5i8nhP6RwaZ9oQmBbpJOnScqPbCawtuWuzIel5k4w==
var UIControls,Model,UIObjects,__extends,Controllers;(function(n){var t=function(){function n(){this.animationTime=300;this.tileSelected=new Common.UIActionEvent}return n.prototype.Initialize=function(){this.parentController.dataBound&&(this.scanData=this.parentController.data,this.BindDomObjects(),$(this.tileHolder).width(0),this.animationBlockers=[this.tileHolder,this.carrot],this.tiles=[])},n.prototype.slideLeft=function(){var t=this,i=parseInt($(this.tileHolder.jQueryObject).css("left"),10),n,r,u;i<0?(this.SelectPreviousTile(!1),n=i this.tileWidth this.tileMargin,$(this.tileHolder.jQueryObject).animate({left:n "px"},this.animationTime)):(r=this.tileHolder.jQueryObject,this.tiles[0].currentlySelected?(u=Math.round(this.tileViewportWidth/this.tileWidth),n=(this.tiles.length-u)*(this.tileWidth this.tileMargin),$(r).animate({left:"-" n "px"},this.animationTime,function(){t.SelectTile(t.tiles[t.tiles.length-1],!0)})):this.SelectPreviousTile(!0))},n.prototype.slideRight=function(){var n=this,r=$(this.tileHolder.jQueryObject).width() parseInt($(this.tileHolder.jQueryObject).css("left"),10),u=parseInt($(this.tileHolder.jQueryObject).css("left"),10),t,i;r>this.tileViewportWidth?(this.SelectNextTile(!1),t=u-this.tileWidth-this.tileMargin,$(this.tileHolder.jQueryObject).animate({left:t "px"},this.animationTime)):(i=this.tileHolder.jQueryObject,this.tiles[this.tiles.length-1].currentlySelected?$(i).animate({left:"0px"},this.animationTime,function(){n.SelectTile(n.tiles[0],!0)}):this.SelectNextTile(!0))},n.prototy
<<< skipped >>>
GET /ads/user-lists/996887577/?fmt=1&num=2&cv=7&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&random=4049257803 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com
HTTP/1.1 302 Found
Location: hXXp://VVV.google.com.ua/ads/user-lists/996887577/?fmt=1&num=2&cv=7&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&random=4049257803&ipr=y
Cache-Control: private, max-age=43200
Date: Thu, 11 Dec 2014 16:36:03 GMT
Expires: Thu, 11 Dec 2014 16:36:03 GMT
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 594
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/ads/user-lists/996887577/?fmt=1&num=2&cv=7&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&random=4049257803&ipr=y">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Location: hXXp://VVV.google.com.ua/ads/user-lists/996887577/?fmt=1&num=2&cv=7&frm=0&url=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&random=4049257803&ipr=y..Cache-Control: private, max-age=43200..Date: Thu, 11 Dec 2014 16:36:03 GMT..Expires: Thu, 11 Dec 2014 16:36:03 GMT..Content-Type: text/html; charset=UTF-8..X-Content-Type-Options: nosniff..Server: adclick_server..Content-Length: 594..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY&
<<< skipped >>>
GET /ads/user-lists/933633792/?label=NtOJCPjf1hEQgL6YvQM&script=0&ct_cookie_present=false&random=2712868772 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: VVV.google.com
HTTP/1.1 302 Found
Location: hXXp://VVV.google.com.ua/ads/user-lists/933633792/?label=NtOJCPjf1hEQgL6YvQM&script=0&ct_cookie_present=false&random=2712868772&ipr=y
Cache-Control: private, max-age=43200
Date: Thu, 11 Dec 2014 16:36:05 GMT
Expires: Thu, 11 Dec 2014 16:36:05 GMT
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 346
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic,p=0.002
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.com.ua/ads/user-lists/933633792/?label=NtOJCPjf1hEQgL6YvQM&script=0&ct_cookie_present=false&random=2712868772&ipr=y">here</A>...</BODY></HTML>..HTTP/1.1 302 Found..Location: hXXp://VVV.google.com.ua/ads/user-lists/933633792/?label=NtOJCPjf1hEQgL6YvQM&script=0&ct_cookie_present=false&random=2712868772&ipr=y..Cache-Control: private, max-age=43200..Date: Thu, 11 Dec 2014 16:36:05 GMT..Expires: Thu, 11 Dec 2014 16:36:05 GMT..Content-Type: text/html; charset=UTF-8..X-Content-Type-Options: nosniff..Server: adclick_server..Content-Length: 346..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic,p=0.002..<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="http://VVV.google.com.ua/ads/user-lists/933633792/?label=NtOJCPjf1hEQgL6YvQM&script=0&ct_cookie_present=false&random=2712868772&ipr=y">here</A>...</BODY></HTML>....
<<< skipped >>>
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=514290
Content-Type: application/ocsp-response
Date: Thu, 11 Dec 2014 16:36:05 GMT
Etag: "54899de5-1d7"
Expires: Thu, 18 Dec 2014 04:36:05 GMT
Last-Modified: Thu, 11 Dec 2014 13:36:37 GMT
Server: ECS (ams/D1A6)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...20141210200000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ...._.M.[........?;....20141210200000Z....20141217200000Z0...*.H.............|.S..l........D........%.?..5v...H...t...B./.Uu....o.n.r....[...=....i......#.3".....rNd..W.5..E.4...F....b0D.... ....DI...8....ay.XOuh..F..~[_.}..Va.....cE.z??........c........wn.t...8.E..$.......\tlE&.Gv..3UQ.QV.....:..*.....\.QL..(... u...,G.zv.......vS....
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=514290
Content-Type: application/ocsp-response
Date: Thu, 11 Dec 2014 16:36:05 GMT
Etag: "54899de5-1d7"
Expires: Thu, 18 Dec 2014 04:36:05 GMT
Last-Modified: Thu, 11 Dec 2014 13:36:37 GMT
Server: ECS (ams/D1A6)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...20141210200000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&....cd ...._.M.[........?;....20141210200000Z....20141217200000Z0...*.H.............|.S..l........D........%.?..5v...H...t...B./.Uu....o.n.r....[...=....i......#.3".....rNd..W.5..E.4...F....b0D.... ....DI...8....ay.XOuh..F..~[_.}..Va.....cE.z??........c........wn.t...8.E..$.......\tlE&.Gv..3UQ.QV.....:..*.....\.QL..(... u...,G.zv.......vS....
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=513545
Content-Type: application/ocsp-response
Date: Thu, 11 Dec 2014 16:36:05 GMT
Etag: "5489966f-1d7"
Expires: Thu, 18 Dec 2014 04:36:05 GMT
Last-Modified: Thu, 11 Dec 2014 13:04:47 GMT
Server: ECS (ams/D1CA)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......P.s..)...... ..y.H....20141211125000Z0s0q0I0... .........H...{....*.....04....P.s..)...... ..y.H.....p.x.f..7.L.%o. ....20141211125000Z....20141218130500Z0...*.H..............]....2..S`.C...R.....|*..x.Y8.`....B.K..L.h."e.j....P.g.a.6:./..:....|............(. 4V.k..0I...(.E|..Tw<@..o...&....]e..}.....m........jE7.=....$./.qB... ..Qj.O.S;%....J.......v).8..)....9I..g...I1W..../.W.eCUk_...;..~1..l...i.x?&.KO].;...u.."..I.t....Xc....
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys= HTTP/1.1
Cache-Control: max-age = 513545
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 11 Dec 2014 13:04:47 GMT
If-None-Match: "5489966f-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
HTTP/1.1 304 Not Modified
Accept-Ranges: bytes
Cache-Control: max-age=509943
Date: Thu, 11 Dec 2014 16:36:05 GMT
Etag: "5489966f-1d7"
Expires: Thu, 18 Dec 2014 04:36:05 GMT
Last-Modified: Thu, 11 Dec 2014 13:04:47 GMT
Server: ECS (ams/49CD)
X-Cache: HIT
HTTP/1.1 304 Not Modified..Accept-Ranges: bytes..Cache-Control: max-age=509943..Date: Thu, 11 Dec 2014 16:36:05 GMT..Etag: "5489966f-1d7"..Expires: Thu, 18 Dec 2014 04:36:05 GMT..Last-Modified: Thu, 11 Dec 2014 13:04:47 GMT..Server: ECS (ams/49CD)..X-Cache: HIT..
GET /custom/drivershq.jsp HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.upsellit.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 11 Dec 2014 16:36:04 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=D1E94680A85FC4F0243C42DFB4359337; Path=/
Pragma: No-cache
Cache-Control: no-cache,no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: uid=CgoKBlSJx/QlcUCwtRR Ag==; expires=Fri, 11-Dec-15 16:36:04 GMT; domain=VVV.upsellit.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NON DSP LAW CUR ADMi TAIi PSAi PSD TELi OUR SAMi IND PHY DEM ONL STA NAV UNI LOC COM CNT"
Content-Encoding: gzip
6c7.............Xms.F..,.........^.0...4..eZ..d%..$.# .a.S..w.8.@..:m&3.....gwo...5.Y.|tCB.r.4.<....Hg:....,(..R.N..* Z.....v.....$.$..f....w..a.Y.3Xj....4........Ln.V...`.4.E.......FAp.:*.9jKHa....?g4.fB..SReQ.....$b.'.......Gi..s...S...@Q.........c....}.1....gJO.....:.B......v,#M..i.H..Lc.qd.......#$...GA.Uj.@.....p,.AH........f..."U.AF.].....O.*|..A.....Z~d.9.2uD..hTa...."......N.e..;B...E....$t=.....I.D.... .:y"..E...dFn.A.2..xu4QZ.J.....&............SH...4...... 7....\./.0.\n.1.d.r.i .<".^..(e.J.......W.....\...}.0...J.xEn....u..........R9;......S7.9Yb........BxD....Sm.L.......4.....D..!b....U.P.x..&....1...L.k...g.G.....R..A/.....'........M].P.w.Z"....03..e..U..].. ......R.4.&4..Z>.......A..H...tD.U..N>.-[...).:.k..E=R........Q-X..../............o.....8.,.......yQ.).T...}.C..].".......E.(....H......;..S.Eu...i.c.lf~.OR..*Z......-....(.D....i.u,0.. .....F....J.G.A...D!..T.x..x...w.%ILyg\..9.........d......w.dIJB......!....V7..[/....J...ge..B-..Bww[.. ~..'~...B%I....t.......n.....=Zz...Ed..\..a..u...x.h....0..k............w..k.>..l..mu...m....P.........9...l....>N..V..2.~G>.A..*...!..y....u..^.-`PuHX..<^. Y..^..(..9h..)...e...}lNFU~.6:.h...(..fDJ.S.@^.r/.....k.S.e.o...g.....k.r.....R.C.v{.\...D.)6?.w.Oi..s.....-.(.......#..........t.w.4^.oTj.^.YU\......_..ZJ......"$.O.m..*^......?.z.......|Fp....Q>.~C.z-.........$ ...m.6$.l....s..........j....j.T.HA .......||.=>....wx.m.....;-..'..JF1-9....4 ...0.JC...&.n..m^....C...mvm...!..0 ...P...Y.~...f..9 ...v... .........t.u..2^.(X......
<<< skipped >>>
GET /hound/monitor.jsp?qs=222263239272274311291323337332321338325289311328311346277328329&siteID=10238 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: VVV.upsellit.com
DNT: 1
Connection: Keep-Alive
Cookie: JSESSIONID=D1E94680A85FC4F0243C42DFB4359337; uid=CgoKBlSJx/QlcUCwtRR Ag==
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 11 Dec 2014 16:36:04 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Pragma: No-cache
Cache-Control: no-cache,no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip
afc..............kw.F.sr..Ah.A.6J.m......6.@)...M.9.4.....Fy....;..i.(.|[.r..}.}..m>..|.y.UNS......sTUEu^7........=..4y..".`5..}...o.z:..M...Y...._.*p.|...N....i..._&...5....q1w....y..<z.t.A..S]..X......-....b0...D..G..3.%.{.bR....8."..!..~}s.M.Es.....N...lJ.(....$..E.q*.WS./..-.....p=......2..V.............U..p......(.z..P.G%.{...'...........)......,...%..].......\5..`..|V..q.pV....uZ.. J...Kw..`.....3P..9F.HP#|...H..e....R?.m.:.d.9..n.c.W.&..Y.m.......6!>.c@.FYFY.\8@.....a7|w...|..$...G...'.....I.0.....x6J.......!...r....c.]....d...... .r.@..0.....0.....R;|q..<`C..M......c.-.....o....\...AY...V...........Q....A....!(v...J...4..........hP9.;....^,..C....*IOV.7.........._..}.......r....,....[U.a.~.(>...C.yX....:..O..`as.=..S..b.Y.8."C.L..`.s..w....@..........2v....?.=>.U.O9}Y...D...w@..p...UFx6..%.<JsBQ....s[n.0@b._iL.....Q ..#.^RB|...'.K.V.u=...E*b..........?..YT...v0.{..0......gg.sz..bY.....n..::...LRV....)..y..3b.?.#...x%....GZ.b..A2....@.NDJ.I.%$99W..Qh.rB..h..%.5.......&.@.....qQ.HV-....G.=......u....I.e.j$......Y*..!.i..I.Z6..ZU...|c....C.....<.n.~.......$.vH.. ....F...5n&..\.D2..D/..dv..F.k.,]KH....Y=-...1...d.n......f.W.w.........<|.....~8:.....:.wt.CTLg..l.... ..........XZ8....F>."Po......6..>,.m_..9.....N..2#..H....ia$...1.".D.0BtH..v..R...m......R...n2.&........... .......L.-.)!..z4a'.. ..3..5..(..#Uy.U^...!.Q........$..(H\0.LC8.mS.T......].*.9...5..]J.%.oU....>m.U9k..e.......-.v^....}....r.9yH..s.q].......{5;..V..&...O....SL'. ...(....=........C..B.....G..........
<<< skipped >>>
GET /usb2.png HTTP/1.1
Host: 70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com
Connection: Close
HTTP/1.1 200 OK
Last-Modified: Fri, 24 Oct 2014 17:06:44 GMT
ETag: bea72b85914ad8b9df71c60690406a55
X-Trans-Id: tx62245962a4b44141bd5bb-005466783ford1
Content-Length: 9403
Accept-Ranges: bytes
X-Timestamp: 1414170403.53559
Content-Type: image/png
Cache-Control: public, max-age=720
Expires: Thu, 11 Dec 2014 16:47:54 GMT
Date: Thu, 11 Dec 2014 16:35:54 GMT
Connection: close
.PNG........IHDR..............X\X....PLTE......&*-....' ...........................' 1................$'......... /4#,,-197<?...?CF...............)-0...........................#(,y|.......149/25...39;...HJM...............<>@..................os}......6=E/6=............%./FJU.........~......../66...............ko{...|..;BE...MOQvy|BIK:>F[]a.........uw....hjn&.3......HOR?CM# 0......cil......qv.BFQ58=orv..................TXc...dhq...*36TWZ...DFJ...!*(.........{{{............%/)......RQV...NQ]WZg......iot......~.....;AJ......QU_tz.MXcttwbcf\`e...~~.PUY...................'%....."nop[_l........."##...2-*./0......v{.38By~.z}.^cr_dk............T_j......gkwDEE...KOZ............)22...`gu...en}......(&'Wfq.........khhYX\...............81-......C<6...>5....HTa/)$8/&inn776...........}PE@....tl...fYX...\QQ......f.....!vIDATx...wX........a..u.u]......)...!4.^..t.#.fP.w.B.&E..QDb...F.7".1....xSn.}..O|o.......>.q....Y...9...9g....................................................1,,,DH..G...A5.|\.#..../..m.mM.Lm.A.(Es.4p0P.].(V1*JQ1..(.f......[..r.hf.o.:.e._t..T... ,......J..F$..{DD.......O.>....W..8.t.r...--y.....s... W.WTT8......[..KK..b...b..\.. .........Ca...#N..............}...|.V[7m..g..-.....L..=zd......G_>zT....#.....C.B.a.&.....f0^.].h.c._I6BaD....DDD.. .....G.b..Q............J....m..v...m.V..7..l...44$........b|...V.....wJ...HI_..*.......#..x0X,...,..X.. ...C..Xt..#.X..? @.q...p.....,.v$....xy...Q.5...B.<..!..~.~~:?I.....0..:.\.??...r.`..'G.Y../W..fN.........\n....AP.......c.@..B.,.........
<<< skipped >>>
GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBQ/m36Fj2BE19VBYXRO62zrgIYp0gQUQnlUG2HNVSs+Y9U8SFf1n/tFzkoCAwJ35A== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: gtssl-ocsp.geotrust.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1359
content-transfer-encoding: binary
Cache-Control: max-age=372026, public, no-transform, must-revalidate
Last-Modified: Mon, 8 Dec 2014 23:52:05 GMT
Expires: Mon, 15 Dec 2014 23:52:05 GMT
Date: Thu, 11 Dec 2014 16:36:06 GMT
Connection: keep-alive
0..K......D0..@.. .....0.....10..-0...,0*1(0&..U....GeoTrust SSL TGV OCSP Responder..20141208235205Z0f0d0<0... ........?.~..`D..AatN.l...)...ByT.a.U >c.<HW...E.J...w.....20141208235205Z....20141215235205Z0...*.H...............A.....U.%r\2....).3]n..-.B..v.F...=...X3.....H.......I)W..........v.M.......Ql..u..............S....Mr.m..^z~..-.7vM.(._.6|.? ~.....X.....%.....E|.\..W..............Yj.lPl..W.......6.....!...d.v<.J...L..v....2.4Y...Vr.H.......N.-0Fr....t.....P)...a.........k0..g0..c0..K..........0...*.H........0@1.0...U....US1.0...U....GeoTrust, Inc.1.0...U....GeoTrust SSL CA0...140502165328Z..150522165328Z0*1(0&..U....GeoTrust SSL TGV OCSP Responder0.."0...*.H.............0...........S.O.].&...4.......PU.HE..L....P.AH(l...o.V...b*....c.r.5^...'.79.e<N]^n......<p....\H..0.#[".....B.A....K%?"...Q...z.\X.~.b....X{.R..d.e..3.p.1...]!xX?.N.X.O...`v!39..V..VK9U....|.fV.7v.....F.3..^.E'....C..M..4Ur......B ...>..d... ...w.....p..9$....y{........|0z0...U.#..0...ByT.a.U >c.<HW...E.J0... .....0......0...U.%..0... .......0...U...........0!..U....0...0.1.0...U....TGV-B-1210...*.H.............]E...n...a..b.M.(B....S......H~...h.2....{pK..#...0.........A...L).....).f|d:..@.9;r....B.$..1.LH...`....S.<.y..$..N./!.....e?z2T.'.....0..h.,b.D..... ....d.G..*[R`2J...g....6.!.........#.......T.LF:q,...2..S.9....5..u!.y.RP..;H`.....S..}.F..$3Se...N.....5..
<<< skipped >>>
GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=ee37b96e-98b7-465e-94e5-b1d77765b708 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
DNT: 1
Connection: Keep-Alive
Host: simage2.pubmatic.com
HTTP/1.1 200 OK
Date: Thu, 11 Dec 2014 16:36:05 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_466=8233-ee37b96e-98b7-465e-94e5-b1d77765b708&KRTB&14401-ee37b96e-98b7-465e-94e5-b1d77765b708&KRTB&15149-ee37b96e-98b7-465e-94e5-b1d77765b708; domain=pubmatic.com; expires=Wed, 11-Mar-2015 16:36:05 GMT; path=/
Set-Cookie: PUBRETARGET=dummy; domain=pubmatic.com; expires=Thu, 11-Dec-2014 16:36:05 GMT; path=/
Content-Length: 1
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=utf-8
..
GET /postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: apps.driversupport.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.0
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 11 Dec 2014 16:35:59 GMT
Content-Length: 15598
<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>.. <title>DriverSupport - Available Driver Updates</title>.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. <link href="hXXp://d1pmrmlzxdx671.cloudfront.net/content/themes/reset.css?v=1.0.0.13" rel="stylesheet" type="text/css" />.. .. <link href="hXXp://d1pmrmlzxdx671.cloudfront.net/content/themes/UI/Argon/ScanResults.css?v=1.0.0.13" rel="stylesheet" type="text/css" />.. <link href="hXXp://d1pmrmlzxdx671.cloudfront.net/content/themes/UI/Argon/AltHeader.css?v=1.0.0.13" rel="stylesheet" type="text/css" />.. .. .. <link rel="shortcut icon" href="hXXp://d1pmrmlzxdx671.cloudfront.net/content/themes/base/images/favicon.ico?v=1.0.0.13" type="image/x-icon" />.. <link rel="icon" href="http://d1pmrmlzxdx671.cloudfront.net/content/themes/base/images/favicon.ico?v=1.0.0.13" type="image/x-icon" />.. <script src="//assets.adobedtm.com/359eb7b28b26c98a238e6cdedc877947afb6a2ef/satelliteLib-6d2ff207543454d05c23a4bcb6934a30b796a147.js"></script>.. <!--Optimizely testing support scripts and variables-->.. <script src="hXXp://d1pmrmlzxdx671.cloudfront.net/Scripts/custom.js?v=1.0.0.13" type="text/javascript"></script>.. <script type="text/javascript">.. var machineName = "Custom built m
<<< skipped >>>
GET /content/themes/base/images/win7_compatible.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: apps.driversupport.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: public,max-age=3600
Content-Type: image/png
Last-Modified: Mon, 10 Nov 2014 19:19:02 GMT
Accept-Ranges: bytes
ETag: "b68c82f1bfdcf1:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Thu, 11 Dec 2014 16:35:59 GMT
Content-Length: 7444
.PNG........IHDR...I...I.....qs......sRGB.........gAMA......a.....pHYs..........o.d....tEXtSoftware.Paint.NET v3.5.11G.B7....IDATx^...X.i..{.P.E.^..cI...v...%.(.P..JR.}_.E.6.&.e.../c...Y.......y.O.b....}.}..8..s..s..u^.....u.....HJJ....KJII...4h...........o'......I..:.B^^..H.. YY.Kd..f..~........5......]....:Q.......!C.l...?R....u.S..6({...x'.w.....NH...HKKCVV..M....{...&@QQ..f....5RRR.............x.C.3f.V.X.UUU..;......NP...G.............555.3 ..9.....&....#....=7xv.._~.SSS...s..{.......mmm.......;.... .s......!M.:.vvv..e}...1.f.G....3z.h...`...\......8^W.!EEE.....k.6mBXX.BBB....777...a..5hii...K.o.>............puu...s.p.B...p........=......q#.V\\\7$................\.1....'"!!......m.6l...c``...F.\......2e....1....?5...o6.....$6p."6H.[jj*7.l..9sNtt4<<<...L6..... . 1.l.............J||<.;.........9.......$...r....sN.....w=..cH.N..0W...o...q.8.3(....;.)##.{.99..T[[..z..E...@qq1......~....R.......\.....e.................X............J6.]5i.........f...........$n0.n........Y.`.7xVs..2.18....6..8.:22...O...9...9JGG..ml..1b.....g_O..'K{v.@..8|.p8;;s..M.k... 1w....<.g.$........W.?.....g....*....s ....X...Ca.WP.1....P......P....naPu...g.T...M.......y........P.^.%..P.........fSQ.....?Q._H.....(.ZBi.2.,....Cm.a.'\.F..h.}..\.g.A..k/.)4RnA-...!.PY...9.P.b..Q.....x....IA....E..P.I....PM.`...Z....T..A5......4g..&.~..g.D..B..N...v.........J[.@.3...6.....8z.]^....P..#..I../.vM....!....f..2..p[W....e..h.....V...Bp....QVPM..$J ..a.....-7.......8..F.(.Mc......C..rh./..I$=y4...........%.......>...i...<$..
<<< skipped >>>
GET /imagefactory.ashx?rguid=c5f07e3a-a197-4627-9438-974b57fd6373&catid=4d36e972-e325-11ce-bfc1-08002be10318 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: apps.driversupport.com
DNT: 1
Connection: Keep-Alive
Cookie: optimizelySegments={"176773665":"false","176809951":"direct","176875026":"ie"}; optimizelyEndUserId=oeu1418315759846r0.5595372060045518; optimizelyBuckets={}; optimizelyPendingLogEvents=[]; __utma=164611050.388424965.1418315760.1418315760.1418315760.1; __utmb=164611050.1.10.1418315760; __utmc=164611050; __utmz=164611050.1418315760.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/png
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Thu, 11 Dec 2014 16:36:03 GMT
Content-Length: 19586
.PNG........IHDR...................LIIDATx....t[g.-..........3.....;ff.. .23.2.....8..ff..9q.an.R.6M..I..}^Y......i..u".H.........A0...Y.=...&..6....&.`..`.L0.l..&.M0....&.`....L0.l..&.M0....&.`....L..`..&.M0....&..6...L..`..`.L0....&..6....&.`..`.L0.l..&..6....&.`....L0.l..&.M0....&.`....L..`.....[OO.;...O........m...k.S?..w.......5..6.\.................?..K.p..m.....\...?..u3pusl.o....v...=...?.==...l..}..~7{aW7.=./.}|?...)......<~.._}..>..c.<y..7o..5k.z.j.......{.}....&.O.f.h..~....'..W.]...W.a.^]<.3Z...`..\..u`S....o8....d.....e.0}.t..?..V.....[q..y.....l.f...c5.......I....c...<.b.....`l...=...9.~o..W%#........r..<x.okii.....t.Rl....m..9X.b...J..@.)...,....>.M.yw'.$.......=.<...%..K.........x.N&?.}...._.H:......m..;|.0..=........]....c..yX.h.v...........S\._I.7..y'.z.........)....S9...}. ..@....0{..gM..........d......^$.k....lo.C...{.4..{.......{.n.....'9I~....9...1.....s...|k`E.....}..bWg;..^2.1f#X..dl...l...1.......0y.L....9..fb.h;.a...".Sq..E<c|'.....o.{.U1.2.A2.d".m....`t{..!.9r..6l..F,G@.9s&f..._..g.q....D..O.:.........\/....../q..I,..........s..h:.CUd.5'C.......jnF...C......=....g?.nr.l....2.O...s'..=.7.<...8q..I...W#...G.F...^.x....ft...>.[.......!..s.c..._.=..<.B.../...g7....T..ATa,.....[b4c.1"..:..[=.v..j/..:.A...CD.0..av.b.._p.| .~c.._..:::.N.../_....8mmm\F....F,F..2e../^..H@..(..&...r....7aL.u.:{..........c..u..=.....<..x...I................vu..7LCLy.\..`.`.1.z..6.{s....H;C..3..'c.s2....tD&..t<...f.qB.,$.p........$......)......X.`..L......._~..F #p).%....
<<< skipped >>>
GET /content/themes/UI/Argon/images/dsLogoNoCogWithBreak.png?v=1.0.0.13 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d1pmrmlzxdx671.cloudfront.net
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 2851
Connection: keep-alive
Cache-Control: public,max-age=3600
Last-Modified: Mon, 10 Nov 2014 19:19:02 GMT
Accept-Ranges: bytes
ETag: "60e110301bfdcf1:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Tue, 02 Dec 2014 21:23:07 GMT
Age: 3001
X-Cache: Hit from cloudfront
Via: 1.1 55b76ed2d318937c5f609e4d0eca210d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: QQa3dYnPPO-ewBOgc7MnKdqQzBgSDm5GgGLsLHp5qe1pCaSXg7SNFA==
.PNG........IHDR...............v.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:5A16CB5E0D1811E4BBA98899D70A4A47" xmpMM:DocumentID="xmp.did:5A16CB5F0D1811E4BBA98899D70A4A47"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5A16CB5C0D1811E4BBA98899D70A4A47" stRef:documentID="xmp.did:5A16CB5D0D1811E4BBA98899D70A4A47"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.OBO....IDATx..\.n.F.^..J.*@..{@.t...1.&..........@..Hz.@..X.r...i.AR$@...i...s...y<7C.)Q.).`a.".3........{.QG.JA.|W.8y......=...c./X.?.....bx..b...........d.k...!G.....q....... F..[..../.z..0..........).U1..<G.....(r..XwL>...............B.I.C...t.>da,...J.......n.9..t..k.s.<M[......<..X......%....W.3.=........F9>Z..`..\......E ;V-F...o..............X '......6!.Y...s.-.r........LNw..).... .......>.....)...SC.......|Z.c.s,........Z...%....9.~.....;.Y.......~.V.V,..t..q}..............^yqP]..z.R...5.&O..3...`.#K..<=.........7......z....w ....k..:A.x5.oDt.r.....D.d4...
<<< skipped >>>
GET /CSC3-2010.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: csc3-2010-crl.verisign.com
HTTP/1.1 200 OK
Server: Apache
ETag: "4b8936ccb5005a365daff28f62dc93f4:1418289018"
Last-Modified: Thu, 11 Dec 2014 09:10:18 GMT
Date: Thu, 11 Dec 2014 16:32:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Connection: Transfer-Encoding
Content-Type: application/pkix-crl
00006000..0..(.0..'....0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA..141211090003Z..141225090003Z0..&.0!.....S.@.k....6..c..140730092631Z0!....c..k....D.k.....120708062201Z0!... _...u.t.=.<.&...130218061114Z0!...&..].....P.k.:...120125130117Z0!...7P.x....8.Q...s..130227010252Z0!...J.....Q..Y.[.....110404153956Z0!...d...=..q!_...g9..130729145216Z0!...d....Y.......o...140711083257Z0!...l.....h2<.H......120329152211Z0!...q.9...`H.*.Y.C...120525202212Z0!...s...TM.......0...121221080842Z0!...t..,.. ...eL.....130314222305Z0!...y..r.HW.v.....w..140423054643Z0!..../u.......A..5...101214165045Z0!.....0.Xc...%...iM..121102230226Z0!.......S.a&.X5t.E]..111206083350Z0!....c.(....B.[M83...140108164517Z0!....A.Sv.....f,.....110609003155Z0!.....z......!.ID{]..101228182208Z0!....b^......{d.J'...130102154110Z0!.......n........'u..140521222808Z0!......0..........I..130912181631Z0!.....1.;C,.. L..0...141111073655Z0!....6e...~..T.......130131012247Z0!.....|.....t.l.o....140827175301Z0!.........bD#*u......130226223939Z0!.......@..'$.).;}\..130121172259Z0!....7.v..........n..120724160733Z0!....n[..P..a.y...p..141121045513Z0!....P;.Y..d...c.(...120209181451Z0!.....].bb[.....!....140328205453Z0!.....a...L`..IV.....130402103508Z0!......fFW.z.....@T..130117000242Z0!...........].{7.....120730000000Z0!...".......Z.V.,.e..121031192224Z0!...'....[.1......g..130318195659Z0!...,GI.jH.|.
<<< skipped >>>
GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1363
content-transfer-encoding: binary
Cache-Control: max-age=487256, public, no-transform, must-revalidate
Last-Modified: Wed, 10 Dec 2014 07:53:01 GMT
Expires: Wed, 17 Dec 2014 07:53:01 GMT
Date: Thu, 11 Dec 2014 16:36:03 GMT
Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....20141210075301Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U....... ...:v....20141210075301Z....20141217075301Z0...*.H.............Q......ci.......2.a..).D.xa..K./.r ..1.v)xV.q.../......... .2.......z.>).....C...V..2y...UL0...r..>.,..i,..H.d*.^..q..c|@..~I..W{2$.....N..5mz.@.6.6...3:........Z3...Q.VxD%YQ.o..$......0..0..A8...#{.g.....e.:....... .....wK],..lm{|\.........m....I............0...0..}0..e........:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Global CA0...141201130534Z..151216130534Z02100...U...'GeoTrust Global CA TGV OCSP Responder 30.."0...*.H.............0............\.hpc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. syd.....x..YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>x..............6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|'....o...A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S.............0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-2830...*.H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L...Dk$a...nR9_......B......m....Y....U.5....'.....<{....v&=.2].....j*.r(7...=..w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f...v.....\.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i..%....
<<< skipped >>>
GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI20A== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.geotrust.com
HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1363
content-transfer-encoding: binary
Cache-Control: max-age=386057, public, no-transform, must-revalidate
Last-Modified: Tue, 9 Dec 2014 03:47:25 GMT
Expires: Tue, 16 Dec 2014 03:47:25 GMT
Date: Thu, 11 Dec 2014 16:36:05 GMT
Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....20141209034725Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U....... ...6.....20141209034725Z....20141216034725Z0...*.H.............%.......kZ..2X.u.V......3P!.J.w..nM...q^...T..B? ........W.<F..q....Pf.s..i.;...sp..!Kc.......%B&.....!.....:.{.P8.2...3.....BeN.....p.....`=.......).8..|..q....4...=..){.>t~cv.....0....24..n.z...._q......X*Y....}T...k....>K...s....%..&.......A&....[Y..3......0...0..}0..e........:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....GeoTrust Global CA0...141201130534Z..151216130534Z02100...U...'GeoTrust Global CA TGV OCSP Responder 30.."0...*.H.............0............\.hpc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. syd.....x..YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>x..............6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|'....o...A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S.............0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-2830...*.H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L...Dk$a...nR9_......B......m....Y....U.5....'.....<{....v&=.2].....j*.r(7...=..w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f...v.....\.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i..%....
<<< skipped >>>
GET /cm/b/out HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d.adroll.com
DNT: 1
Connection: Keep-Alive
Cookie: __adroll=263029beff56234a7a2f35a27dd85513
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate
Date: Thu, 11 Dec 2014 16:36:04 GMT
Location: hXXp://x.bidswitch.net/sync?dsp_id=44&user_id=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Pragma: no-cache
Server: nginx/1.6.2
Set-Cookie: __adroll=263029beff56234a7a2f35a27dd85513; Version=1; Expires=Tue, 10-Dec-2019 16:36:04 GMT; Max-Age=157680000; Path=/
Content-Length: 95
Connection: keep-alive
Go to hXXp://x.bidswitch.net/sync?dsp_id=44&user_id=MjYzMDI5YmVmZjU2MjM0YTdhMmYzNWEyN2RkODU1MTM..
GET /cd-rom.png HTTP/1.1
Host: 70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com
Connection: Close
HTTP/1.1 200 OK
Last-Modified: Fri, 24 Oct 2014 17:06:35 GMT
ETag: d6905b36ba69707b36406ffc24481aef
Content-Length: 36630
Accept-Ranges: bytes
X-Timestamp: 1414170394.61876
Content-Type: image/png
X-Trans-Id: tx90e6af58f6d5418891294-00544a89dford1
Cache-Control: public, max-age=348
Expires: Thu, 11 Dec 2014 16:41:42 GMT
Date: Thu, 11 Dec 2014 16:35:54 GMT
Connection: close
.PNG........IHDR.......,......i......PLTE................................................................................................RMI...............C>=...D@A......G?A@<=...FBC...PKH...NJFC>?.........=:;F>?............@>?::;...=<>IACDA?...KFC.........I@?...JDA...777......:89...IDE...VUQ...USO.........OMHTNL...XWX...LJD............RQL[Y]GB?.....................KIIVST?>;...FEE........................RPR<<:......ZXTUTX...E@=.....L.....<431.....D....................).....E<:6210......645`]a..5...........?LGE......$##..K.........*((.....5..$..G......NLM.-... ...872...........<..2...........".....<..-...olk.....D..L1/)........., .........?{xv*....Sigd...C>9vso...1%......D..3%........b_Y............4%.......=/......y..8..VYK.../KJ>...I:...>..O...hZ.wj ..F..=RRC..W..7.|$.. ..=..:..P........O.....Z.x4..K%....IDATx....lSw..M......M......."Y.f.....U..r...x..Y...=....... ...#9W..A.:.....l..--T..mHB...".mig``.0..NwzUU..N...........@a..w...1..?....55.PC.5.PC.5.PC.5.PC.5.PC.5.PC.-_n.../.._...K......K.....-.|..H.<C.m..&.FL..D...{.....o....I..nj....]/.j..........,...I..D.7..=.?2.>.q.'.t....8$b...z...... ........|..%.M.I...._%........lMtGR2.....F.a..pa.NF.E"....w.lm.....u..VC.Dl #i.?....C..<...p{...}1.......DN.a&$.jtV.q,...<.......A.V..w..K....o....]..6....8p.w..p...#...#...."..Q..-syG".>.; ........b..~.!.X.W.L...z...... .=.b........[....k[............q..a.....=.>........u..'.....<< .1.!....=...k...B.{.=.n..l...55..$...h....r....rEb..=y)kj.s.fq...t,
<<< skipped >>>
GET /bootstrap/v5/tp.widget.bootstrap.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: widget.trustpilot.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 2443
Connection: keep-alive
Cache-Control: public, max-age=3600
Content-Encoding: gzip
Date: Thu, 11 Dec 2014 15:42:04 GMT
Expires: Thu, 11 Dec 2014 16:42:04 GMT
Last-Modified: Thu, 11 Dec 2014 15:42:04 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 5.1
X-Powered-By: ASP.NET
Age: 3237
X-Cache: Hit from cloudfront
Via: 1.1 7359b6ad468465a51e7437a7923fda0a.cloudfront.net (CloudFront)
X-Amz-Cf-Id: YIjv5prSbf6QmRrQ_0pC02iP95uppk2-6-HZ4J8TLFqxY5K6giXw6Q==
............ks.6..0.\.<.t.....e.7..&n{.s...3..I.)..@;...~....z....ddb..b........<N6F=m....F..SIE...1O..z...y_k.8S....#y.c.f.5.(.. &......u.Y.......xL..e.T*..#..mc.}.v;.s.*fZ..S4-......`.m..M.Y,.... {.../Y............M.k....n..v.......?.....H..u#LZ.U...~..\.}M.f....1Y.#...y%.v..I.QZY....R4.kO5..SB..fr.8..3-c.F\.:......~..........Dj.o..X..BULM_R..x.Q...P..OS.: T.J4M..S..,.S..t3....B...YQ./.hyu!..p...!...l..v.w.'T<05.3..uU1N......Y..f9}..9.....-.W..Z.)..-r.2.tm..... V..........S\3..R.......)..OV.@.[:k.'....7...z..'.5.Td.....Gk(.H>..\*2"..fQ.9[F..d.1oj..J.k..D......l....No.\u......zf...m.Y].$...1k5..nym......P...o.a..........\|.yi....?(......u.tJ.<....o....".l.. Iv...P.....,K.....g.f.U...td...........*Y.%....O.]1Y.....'.,v....?], l.Si.a.X...?.....}P .....h..$.....|.f...._....B.i.Y...\..M..Kj.N..EL..C....(..^.......L<....o.8m..p.E.....H.....*!..bJ...w.n.s......9..j.8..~.}.C[G8.~@.........m.o.U.1.q{N......O.<...`....F.q.XH. .3..d.idz.|...o.;[...>......;V.<...j....bU`..{...W..w...{z..]:.&....w.d.C.'S............S....t..{:8.L..A...mU3.z.P.?~xO..3....H...f...@....54$B..E../Z..8.........)&..P...<f....!..a(hW).#@./).z..NR...2S...h5.......l.@.%....]....m...l..."..N2.......d.-.I.[q.I.......P......I.....K..n.#....q o....y..`..l/AW...ko..q5.j...9...Xck@<.~..&..g. ..<.j '9...L.o......B.$.d.p.[~.L..(....|.|.d.y......d......i.Cz.$.^.E.IbT...h...,I.3.....w...m&%D...n.X`.....A..6]..`k..aKN}..E.T.R.?.....v.(T..t8....C....x4.....I..N's..d}... .....'.&....~r.......z.). fTF...&7...W.j...V..P.m.#`.G
<<< skipped >>>
GET /monitor.png HTTP/1.1
Host: 70bd7761b4e8398ed5ec-bf80855baf7f0a78e1035933491d3dca.r98.cf2.rackcdn.com
Connection: Close
HTTP/1.1 200 OK
Last-Modified: Fri, 24 Oct 2014 17:06:39 GMT
ETag: 33d0ab2f164ede0bc598921a89635534
Content-Length: 25481
Accept-Ranges: bytes
X-Timestamp: 1414170398.07988
Content-Type: image/png
X-Trans-Id: tx7c26630b6eae425fab4b5-00544a8929ord1
Cache-Control: public, max-age=614
Expires: Thu, 11 Dec 2014 16:46:08 GMT
Date: Thu, 11 Dec 2014 16:35:54 GMT
Connection: close
.PNG........IHDR.......,......i......PLTE...&&&(((***!!!%%%)))###"""$$$''' 000///... ,,,...111666777---333222444555...888999<<<;;;:::===...>>>......???BBB.........SSSCCC...@@@..!...EEE...DDDFFF......AAAGGGHHHRRR... "VVVJJJIII...PPP...UUU.. LLL......KKK[[[TTTNNN...OOOZZZQQQMMMWWW.....#.........YYY\\\XXX...... .$........ ......!!#...QQS...........! .%......PPR...LLO.........SSU........ ]]]............NNPNOR...JKM"!%TTVVVX...IIL......GGJUUW..........................0...RSW...CCE.."......((,.........""#.........bcdjjj...,,.==?...335$$&.........89<..."#)ffg...//1@AC......UUZ...)''@@A''*WW\__`...224mno...DDF......]]`...458.........* - ) FFIvwxppr...9;?;>B;<>137...&%'ttt111113) 1...789YY\<99$(.}}}...,.3$% &$$NLK77:>>B36; ((ZZ]=AG..&\\^RRT@?>wz},07#$#ECBAEJ/04/0/DHL#.!((&GED...422?<<WUSC?>GEFS^eUSS723.Q.b..`DIDATx....t.....$3.L.2..d&.....CH...W....1@...@..%.....e!.)...*...G........V.h-..k..........,.s..N......g...:k.{.=.....g.{.....7...{.{....*....*....*....*....*....*....*....*....*..T.}..{... .~...|...?{^V..u..?.D...c........}....O}........................U...uu5.U.xYY...3..}.l..............^=....<.......O...[.[......u.5U.?....?w...W6w..........R...D..". 5u...1.e.d.l&.6...k.@..u..9........s7...-......w...OL.\Q2UVY[S]...'..6<A..GZ&.L.:m.T.....n..b...p....7e....^N.1:..E.HK..........).L.!.9s.<.3fL...56.O...n..^..S.|.{Y......;......xmm]z|..i.......g..G..(..x.f..;.....O.z....'O~a..3.D..........H.....X.,B.L.6.4.0f..4.................o..}.vAK.,.7......O...}.u.
<<< skipped >>>
GET /seg?add=1602123&t=2 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
DNT: 1
Connection: Keep-Alive
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Set-Cookie: uuid2=0; path=/; expires=Wed, 11-Mar-2015 16:36:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: sess=1; path=/; expires=Fri, 12-Dec-2014 16:36:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=5277781543489012436; path=/; expires=Wed, 11-Mar-2015 16:36:05 GMT; domain=.adnxs.com; HttpOnly
Location: hXXp://ib.adnxs.com/bounce?/seg?add=1602123&t=2
Content-Type: text/html; charset=utf-8
Date: Thu, 11 Dec 2014 16:36:05 GMT
Content-Length: 0
....
GET /bounce?/seg?add=1973902&t=2 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
DNT: 1
Connection: Keep-Alive
Cookie: uuid2=5277781543489012436; sess=1
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Set-Cookie: uuid2=5277781543489012436; path=/; expires=Wed, 11-Mar-2015 16:36:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: sess=1; path=/; expires=Fri, 12-Dec-2014 16:36:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=dTM7k!M4/8DYRWSDgEREg739KaN(6P%phwSNS v_o5U_uN[BufeCa798>[TK!!!yI'cC!9; path=/; expires=Wed, 11-Mar-2015 16:36:05 GMT; domain=.adnxs.com; HttpOnly
Location: hXXps://VVV.facebook.com/fr/u.php?p=391363987594223&m=5277781543489012436
Content-Type: text/html; charset=utf-8
Date: Thu, 11 Dec 2014 16:36:05 GMT
Content-Length: 0
HTTP/1.1 302 Found..Cache-Control: no-store, no-cache, private..Pragma: no-cache..Expires: Sat, 15 Nov 2008 16:00:00 GMT..P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"..X-XSS-Protection: 0..Set-Cookie: uuid2=5277781543489012436; path=/; expires=Wed, 11-Mar-2015 16:36:05 GMT; domain=.adnxs.com; HttpOnly..Set-Cookie: sess=1; path=/; expires=Fri, 12-Dec-2014 16:36:05 GMT; domain=.adnxs.com; HttpOnly..Set-Cookie: anj=dTM7k!M4/8DYRWSDgEREg739KaN(6P%phwSNS v_o5U_uN[BufeCa798>[TK!!!yI'cC!9; path=/; expires=Wed, 11-Mar-2015 16:36:05 GMT; domain=.adnxs.com; HttpOnly..Location: hXXps://VVV.facebook.com/fr/u.php?p=391363987594223&m=5277781543489012436..Content-Type: text/html; charset=utf-8..Date: Thu, 11 Dec 2014 16:36:05 GMT..Content-Length: 0..
<<< skipped >>>
GET /input.png HTTP/1.1
Host: 1b168f054a2c3427459f-daaeafaf8ae4e7adccb47a82a8360bf0.r36.cf1.rackcdn.com
Connection: Close
HTTP/1.1 200 OK
Last-Modified: Tue, 25 Mar 2014 19:35:42 GMT
ETag: 8ac9dd4affeafc8104360b139946cae6
X-Trans-Id: txdf3d3de9924b48e78027c-00542c6f4ddfw1
Content-Length: 40826
Content-Disposition: attachment; filename=input.png
Accept-Ranges: bytes
X-Timestamp: 1395776141.03421
Content-Type: image/png
Cache-Control: public, max-age=182158
Expires: Sat, 13 Dec 2014 19:11:53 GMT
Date: Thu, 11 Dec 2014 16:35:55 GMT
Connection: close
.PNG........IHDR.......,.....b.r.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:752358267EC911E3A2F1BF9AFE5296D1" xmpMM:DocumentID="xmp.did:752358277EC911E3A2F1BF9AFE5296D1"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:752358247EC911E3A2F1BF9AFE5296D1" stRef:documentID="xmp.did:752358257EC911E3A2F1BF9AFE5296D1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx...y...u.........B.@6.E..D..K\..66m.M..t:....i;.I[;.e&...I....I....("."(. F.*"."..qI~.~_..x?...C..=.0.....~.r...s......_..U.R.J..._..R.J..*U.T..V.J.*`U.T.R..J.*U..U.R..X.*U.T..R.J.*`U.T..V.J.*U..T.R..X.*U..U.R.J..*U.T..V.J.*`U.T.R..J.*U..U.R..X.*U.T..R.J.*`U.T..V.J.*U..T.R..X.*U..U.R.J..*U.T..V.J.*`U.T.R..J.*U..T.R..X.*U.T..R.J..*U.T..V.J.*U..T.R..J.*U..U.R.J..*U.T..R.J.*`U.T.R..J.*U..T.R..X.*U.T.k..7.|s..u...j..J..&.P.`../...i....7o...#F.8.....T.T.k/._..Wo......Y.V.Zu.I'm..y....8qb.....T....Cr.(..z...W.X.d.=......<.......'..'.]v....U.T..>....Q.#t....p....{.~..w.]wm.....__.
<<< skipped >>>
GET /Scripts/custom.js?v=1.0.0.13 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d1pmrmlzxdx671.cloudfront.net
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 449
Connection: keep-alive
Cache-Control: public,max-age=3600
Last-Modified: Mon, 10 Nov 2014 19:19:03 GMT
Accept-Ranges: bytes
ETag: "7d359301bfdcf1:0"
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Tue, 02 Dec 2014 21:23:07 GMT
Age: 3002
X-Cache: Hit from cloudfront
Via: 1.1 e0dab913fa7be8ddd3789f425dd91cb2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: aCANeG_LLEyxXjOdOgTlHze_zQvAXpnyqbNw_zO6U9pp_KrWYNTkXw==
.....function getParameterByName(name) {.. try {.. name = name.replace(/[\[]/, "\\\[").replace(/[\]]/, "\\\]");.. var regexS = "[\\?&]" name "=([^]*)";.. var regex = new RegExp(regexS);.. var results = regex.exec(window.location.search);.. if (results == null).. return "";.. else.. return decodeURIComponent(results[1].replace(/\ /g, " "));.. } catch (e) { return ""; }..}....
GET /bundles/TSUIBase?v=1.0.0.13 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: d1pmrmlzxdx671.cloudfront.net
DNT: 1
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Content-Length: 21489
Connection: keep-alive
Cache-Control: public
Expires: Wed, 02 Dec 2015 22:32:13 GMT
Last-Modified: Tue, 02 Dec 2014 22:32:13 GMT
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 02 Dec 2014 23:36:31 GMT
Age: 752367
X-Cache: Hit from cloudfront
Via: 1.1 e0dab913fa7be8ddd3789f425dd91cb2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Hp8J5AGfaqN1xt4tC34N0_Ehg1Kn_i7QwfrkxEIJRkM38nVWLXbHRw==
var Communication,Common,UIObjects,Controllers,ErrorHandling,UIMarkups;(function(n,t){typeof define=="function"&&define.amd?define(t):typeof exports=="object"?module.exports=t():n.returnExports=t()})(this,function(){function v(n){return n= n,n!==n?n=0:n!==0&&n!==1/0&&n!==-(1/0)&&(n=(n>0||-1)*Math.floor(Math.abs(n))),n}function k(n){var t=typeof n;return n===null||t==="undefined"||t==="boolean"||t==="number"||t==="string"}function si(n){var t,i,u;if(k(n))return n;if((i=n.valueOf,r(i)&&(t=i.call(n),k(t)))||(u=n.toString,r(u)&&(t=u.call(n),k(t))))return t;throw new TypeError;}function d(){}var t=Array.prototype,u=Object.prototype,ft=Function.prototype,o=String.prototype,et=Number.prototype,l=t.slice,ot=t.splice,rr=t.push,fi=t.unshift,h=ft.call,a=u.toString,r=function(n){return u.toString.call(n)==="[object Function]"},ei=function(n){return u.toString.call(n)==="[object RegExp]"},b=function(n){return a.call(n)==="[object Array]"},f=function(n){return a.call(n)==="[object String]"},st=function(n){var i=a.call(n),t=i==="[object Arguments]";return t||(t=!b(i)&&n!==null&&typeof n=="object"&&typeof n.length=="number"&&n.length>=0&&r(n.callee)),t},oi=Object.defineProperty&&function(){try{return Object.defineProperty({},"x",{}),!0}catch(n){return!1}}(),ht,i,e,ct,y,hi,ci,li,ai,vi,lt,at,vt,g,nt,pt,wt,kt,tt,it,ni,n,rt,ut,ii,ri,ui;ht=oi?function(n,t,i,r){!r&&t in n||Object.defineProperty(n,t,{configurable:!0,enumerable:!1,writable:!0,value:i})}:function(n,t,i,r){!r&&t in n||(n[t]=i)};i=function(n,t,i){for(var r in t)u.h
<<< skipped >>>
GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com
HTTP/1.1 200 OK
Server: Apache
ETag: "75fbcf49e0c48af6549c537eafceac7c:1418314828"
Last-Modified: Thu, 11 Dec 2014 16:20:28 GMT
Date: Thu, 11 Dec 2014 16:36:02 GMT
Content-Length: 966
Connection: keep-alive
Content-Type: application/pkix-crl
0...0.. 0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..141211160300Z..141221160300Z0...0....v...140618150003Z0....X...140427081922Z0........140429180917Z0........140416233935Z0........140709194633Z0........140521155053Z0.....)..140617185515Z0....Bf..120627171053Z0.....3..020515130611Z0........100729164439Z0........140811090836Z0.....#..140606204021Z0....x...140507204001Z0........140606222139Z0....%...020514181157Z0....S...140423105438Z0........120627171058Z0........140725020038Z0........100729164732Z0....M\..140430000442Z0.....-..140617185011Z0....V...140624123102Z0....t6..140425041720Z0........120627171025Z0........100301134531Z0........140618143256Z0........120627171017Z0.....>..140711125531Z0....[...100730213120Z0........120627171058Z0....j...140226123519Z0...*.H............U.U4}.S.$...Dln...n:...../..... .t.X...r9.uC@.'2tR...7\\.sm.h..5.EZ.Cu.".J1.-LQ3*....i..!P..iV..}5$..A/.r[....S;5..k.*..O..k....HTTP/1.1 200 OK..Server: Apache..ETag: "75fbcf49e0c48af6549c537eafceac7c:1418314828"..Last-Modified: Thu, 11 Dec 2014 16:20:28 GMT..Date: Thu, 11 Dec 2014 16:36:02 GMT..Content-Length: 966..Connection: keep-alive..Content-Type: application/pkix-crl..0...0.. 0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Secure Certificate Authority..141211160300Z..141221160300Z0...0....v...140618150003Z0....X...140427081922Z0........140429180917Z0........140416233935Z0........140709194633Z0........140521155053Z0.....)..140617185515Z0....Bf..120627171053Z0...
<<< skipped >>>
GET /bounce?/seg?add=1602123&t=2 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
DNT: 1
Connection: Keep-Alive
Cookie: uuid2=5277781543489012436; sess=1
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Set-Cookie: uuid2=5277781543489012436; path=/; expires=Wed, 11-Mar-2015 16:36:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: sess=1; path=/; expires=Fri, 12-Dec-2014 16:36:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=dTM7k!M4/8DYRWSDgEREg739KaN(6P%phwSNS v_o5U_uN[BufeCa798>[TK!!!yI'cC!9; path=/; expires=Wed, 11-Mar-2015 16:36:05 GMT; domain=.adnxs.com; HttpOnly
Location: hXXps://VVV.facebook.com/fr/u.php?p=391363987594223&m=5277781543489012436
Content-Type: text/html; charset=utf-8
Date: Thu, 11 Dec 2014 16:36:05 GMT
Content-Length: 0
HTTP/1.1 302 Found..Cache-Control: no-store, no-cache, private..Pragma: no-cache..Expires: Sat, 15 Nov 2008 16:00:00 GMT..P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"..X-XSS-Protection: 0..Set-Cookie: uuid2=5277781543489012436; path=/; expires=Wed, 11-Mar-2015 16:36:05 GMT; domain=.adnxs.com; HttpOnly..Set-Cookie: sess=1; path=/; expires=Fri, 12-Dec-2014 16:36:05 GMT; domain=.adnxs.com; HttpOnly..Set-Cookie: anj=dTM7k!M4/8DYRWSDgEREg739KaN(6P%phwSNS v_o5U_uN[BufeCa798>[TK!!!yI'cC!9; path=/; expires=Wed, 11-Mar-2015 16:36:05 GMT; domain=.adnxs.com; HttpOnly..Location: hXXps://VVV.facebook.com/fr/u.php?p=391363987594223&m=5277781543489012436..Content-Type: text/html; charset=utf-8..Date: Thu, 11 Dec 2014 16:36:05 GMT..Content-Length: 0..
<<< skipped >>>
GET /action-uic/0?ti=4002897&Ver=2&mid=e203559b-83f9-ed19-5e6b-dac9ae7c7a43&evt=pageLoad&pi=0&lg=en-US&sw=1916&sh=902&sc=24&tl=DriverSupport - Available Driver Updates&p=http://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https%3a%2f%2fsecure.driversupport.com%2fregistration%2fcart%3faf%3dmedia&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults&r=&rn=842334 HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://apps.driversupport.com/postinstall/ScanResultsMedia?cart=https://secure.driversupport.com/registration/cart?af=media&aff=media&wlID=30&uuid=13684600-ad88-4ba9-8423-494ed72da3ae&appVer=9.1.4.66&ddsrc=ScanResults
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: bat.r.msn.com
DNT: 1
Connection: Keep-Alive
Cookie: mh=MSFT; CC=UA; CULTURE=EN-US; SRCHD=SM=1&MS=3093912&D=3093912&AF=NOFORM; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20131118; MC1=V=3&GUID=373863f57d114b0289364f6434076125; brdSample=0; MUID=1785AC2FD94664211AC0A9A6DD466620; cbus=subint:1:138479115
HTTP/1.1 204 No Content
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/8.0
Access-Control-Allow-Origin: *
Date: Thu, 11 Dec 2014 16:36:00 GMT
HTTP/1.1 204 No Content..Cache-Control: no-cache, must-revalidate..Pragma: no-cache..Content-Length: 0..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Server: Microsoft-IIS/8.0..Access-Control-Allow-Origin: *..Date: Thu, 11 Dec 2014 16:36:00 GMT..
Map
The Worm connects to the servers at the folowing location(s):
Strings from Dumps
IEXPLORE.EXE_2008:
.text
.text
`.data
`.data
.idata
.idata
.rsrc
.rsrc
@.reloc
@.reloc
u\j.Xf9
u\j.Xf9
j.Xf9
j.Xf9
USER32.dll
USER32.dll
api-ms-win-downlevel-shell32-l1-1-0.dll
api-ms-win-downlevel-shell32-l1-1-0.dll
IEFRAME.dll
IEFRAME.dll
SHELL32.dll
SHELL32.dll
iexplore.pdb
iexplore.pdb
api-ms-win-downlevel-shlwapi-l1-1-0.dll
api-ms-win-downlevel-shlwapi-l1-1-0.dll
iertutil.dll
iertutil.dll
api-ms-win-downlevel-advapi32-l1-1-0.dll
api-ms-win-downlevel-advapi32-l1-1-0.dll
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
_wcmdln
_wcmdln
_amsg_exit
_amsg_exit
RegOpenKeyExW
RegOpenKeyExW
RegCloseKey
RegCloseKey
name="Microsoft.InternetExplorer"
name="Microsoft.InternetExplorer"
true
true
KEYW
KEYW
.ENNNG.
.ENNNG.
a.ry.v
a.ry.v
l.igM4
l.igM4
?1%SGf
?1%SGf
xh.JW^
xh.JW^
.97777"7" " " !
.97777"7" " " !
3.... ))
3.... ))
8888888888888
8888888888888
8888888888
8888888888
.lPV)
.lPV)
úW1
úW1
.ApX/
.ApX/
H.ZAf
H.ZAf
ð[U
ð[U
%s!FK
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
888777777
Y.hilkRROMLK=C,
Y.hilkRROMLK=C,
..(((($$
..(((($$
3...((((%
3...((((%
3....(.''$
3....(.''$
3.2...((((%
3.2...((((%
33.2....(,'
33.2....(,'
55323222...
55323222...
(%&'00443445?
(%&'00443445?
00.,,,4(
00.,,,4(
000.,,9(
000.,,9(
0020..9(
0020..9(
003200;(
003200;(
(#'( (''''!'!
(#'( (''''!'!
Microsoft.InternetExplorer.Default
Microsoft.InternetExplorer.Default
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
{28fb17e0-d393-439d-9a21-9474a070473a}
imm32.dll
imm32.dll
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}
Kernel32.dll
Kernel32.dll
"%s" %s
"%s" %s
kernel32.dll
kernel32.dll
IEXPLORE.EXE
IEXPLORE.EXE
{00000000-0000-0000-0000-000000000000}
{00000000-0000-0000-0000-000000000000}
\\?\Volume
\\?\Volume
Imaging_CreateWebPagePreview_Perftrack
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows
Browseui_Tabs_Tearoff_BetweenWindows_TabProc
Browseui_Tabs_Tearoff_BetweenWindows_TabProc
Frame_URLEntered
Frame_URLEntered
Imaging_CreateWebPagePreview
Imaging_CreateWebPagePreview
WS_ExecuteQuery
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
IdleTask_Execution_Time
Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute
Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute
IMTravelLogMVC_TravelURL
IMTravelLogMVC_TravelURL
10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
Windows
Windows
10.00.9200.16521
10.00.9200.16521