Adware.GenericKD.3648311_f583b9474f

by malwarelabrobot on November 7th, 2016 in Malware Descriptions.

not-a-virus:AdWare.NSIS.Agent.iv (Kaspersky), Adware.GenericKD.3646019 (B) (Emsisoft), Adware.GenericKD.3648311 (AdAware), Trojan.NSIS.StartPage.FD, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan, Adware


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: f583b9474f00606f6768782433fa8505
SHA1: 5f4685f74ed9dccca2535ebfd14f55ab7f22efef
SHA256: 6cd1e04dcc4a3bfaac4c4df6d3814ad681e267ba3f73fa70ee08ec1b21956da6
SSDeep: 196608:AamgeGAEF2ekeT0joHE/o4jW/hEdSCurwmWOKXyeELkbFgenZvrrMh:Aamvyceg4E/o46hp OIy/Le5rK
Size: 10335050 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2016-10-26 12:52:23
Analyzed on: Windows7 SP1 32-bit


Summary:

Adware. Delivers advertising content in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions. Users may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program or are frustrated by its effects on system performance.

Payload

No specific payload has been found.

Process activity

The Adware creates the following process(es):

nsC8ED.tmp:2264
61fda4ee77910796d32333421184d8b6.exe:1524

The Adware injects its code into the following process(es):

%original file name%.exe:2472
61fda4ee77910796d32333421184d8b6.exe:656
61fda4ee77910796d32333421184d8b6.exe:2552

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:2472 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

%Program Files%\be105bbb97d93cef6c0d6cf170a32291\ce1c22c865645f1f8a89a398e374a17f.exe (13304 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe (11110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsEE3A.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\MoreInfo.dll (15 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\SimpleSC.dll (1896 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\OQFJK3FB.txt (803 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsE9D6.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7Q30U04Y.txt (803 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\441136ae10b200e9992f407b66b2554e (2104 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Social2Search Website.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\682AIKA9.txt (543 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsExec.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\md5dll.dll (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\IpConfig.dll (4254 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss92DE.tmp (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\NSISList.dll (2457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\QIHBCSNO.txt (803 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb\bc5601ccb5de9f6cb8cd31285eef3bbe.ico (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\System.dll (23 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F9C1.tmp (601 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\X15I46EM.txt (803 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0ITTGDW2.txt (99 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\815346a4778321839cef8ab48bf110e2.exe (40364 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\c850ebe35760d7b12fc1318953221f59.exe (19514 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\FA20.tmp (78068 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb\ffdefbf88c95cae97a1671206e9fe39e.ico (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F500.tmp (78068 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Settings.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll (46 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TGQ7LZCB.txt (283 bytes)
C:\Windows\815346a4778321839cef8ab48bf110e2.exe (70672 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsC8ED.tmp (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\get_local_output.tmp (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F491.tmp (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiFCFE.tmp (906 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Uninstall Social2Search\uninstall.lnk (2 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\SignIn with Twitter.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\brh.dll (22456 bytes)

The Adware deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsEE3A.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F500.tmp-shm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPS1JHSL\urlsLog[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\OQFJK3FB.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsE9D6.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\682AIKA9.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F9C1.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\FA20.tmp-shm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss92DE.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\QIHBCSNO.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GPS1JHSL\downloadsLog[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\X15I46EM.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0ITTGDW2.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F500.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TGQ7LZCB.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\FA20.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F500.tmp-wal (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsd5EB3.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsC8ED.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\FA20.tmp-wal (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F491.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiFCFE.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp (0 bytes)

The process nsC8ED.tmp:2264 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

%Program Files%\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe (458 bytes)

The process 61fda4ee77910796d32333421184d8b6.exe:1524 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ImaCC82.tmp (381 bytes)

The Adware deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ImaCC82.tmp (0 bytes)

The process 61fda4ee77910796d32333421184d8b6.exe:656 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

%Program Files%\be105bbb97d93cef6c0d6cf170a32291\dc6d02d096c74fb10e2d25b209aafe9b\qqytbxfm.dll (1 bytes)
C:\Windows\Temp\ImaD47E.tmp (381 bytes)
C:\Windows\Temp\wjmE091.tmp (11964 bytes)
C:\Windows\Temp\wjmDE10.tmp (2500 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\e214f9b15940fe19bca2f6de222d6969 (28 bytes)
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\441136ae10b200e9992f407b66b2554e (601 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Local State (8063 bytes)

The Adware deletes the following file(s):

C:\Windows\Temp\wjmE091.tmp (0 bytes)
C:\Windows\Temp\wjmDE10.tmp (0 bytes)
C:\Windows\Temp\ImaD47E.tmp (0 bytes)

The process 61fda4ee77910796d32333421184d8b6.exe:2552 makes changes in the file system.
The Adware creates and/or writes to the following file(s):

C:\Windows\Temp\ImaE61A.tmp (381 bytes)

The Adware deletes the following file(s):

C:\Windows\Temp\ImaE61A.tmp (0 bytes)

Registry activity

The process %original file name%.exe:2472 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASAPI32]
"FileDirectory" = "%windir%\tracing"
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Socia2Sear]
"ts2" = ""

[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASAPI32]
"MaxFileSize" = "1048576"

[HKCU\Software\WajIEnhance]
"affiliate_id" = "3673"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\be105bbb97d93cef6c0d6cf170a32291]
"DisplayVersion" = "9.75.1.48 (i1.0)"

[HKLM\SOFTWARE\Socia2Sear]
"aid2" = "none"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASMANCS]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\be105bbb97d93cef6c0d6cf170a32291]
"DisplayName" = "Social2Search"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
"WpadLastNetwork" = "{24C5EDBC-2851-452A-B521-5DA992F6C1B5}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]
"WindowClassName" = "DDEMLMom"
"processname" = "iexplore.exe"

[HKLM\SOFTWARE\Socia2Sear]
"UID" = "47936C0FEA50B790BD59E50713FEF01C"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{24C5EDBC-2851-452A-B521-5DA992F6C1B5}]
"WpadDecision" = "3"
"WpadDecisionTime" = "C0 D7 09 6D 26 38 D2 01"

[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASMANCS]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASAPI32]
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings" = "46 00 00 00 09 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\be105bbb97d93cef6c0d6cf170a32291]
"URLInfoAbout" = "http://www.technologieyvonlheureux.com"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e1-da-d8]
"WpadDecision" = "3"
"WpadDecisionReason" = "1"

[HKCU\Software\WajIEnhance]
"unique_id" = "47936C0FEA50B790BD59E50713FEF01C"

[HKLM\SOFTWARE\Socia2Sear]
"AID" = "3673"

[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASAPI32]
"EnableFileTracing" = "0"
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 36 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Socia2Sear]
"TS" = "1478434084"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{24C5EDBC-2851-452A-B521-5DA992F6C1B5}]
"WpadNetworkName" = "Network 2"
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASMANCS]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Socia2Sear]
"mid" = "9c331592e812c97b86f3693753f893e6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-e1-da-d8]
"WpadDecisionTime" = "C0 D7 09 6D 26 38 D2 01"

[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\be105bbb97d93cef6c0d6cf170a32291]
"Publisher" = "Social2Search"

[HKLM\SOFTWARE\Microsoft\Tracing\f583b9474f00606f6768782433fa8505_RASMANCS]
"FileDirectory" = "%windir%\tracing"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Adware deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process 61fda4ee77910796d32333421184d8b6.exe:1524 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKCR\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E]
"LocalService" = "0323361c87c4374d1b9678cf26352f9d"

The Adware deletes the following value(s) in system registry:

[HKCR\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E]
"LocalService"

The process 61fda4ee77910796d32333421184d8b6.exe:656 makes changes in the system registry.
The Adware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Socia2Sear]
"IExplore" = "1"

Dropped PE files

MD5 File path
b628b65f1e107eda3fc281dc1b6e159e c:\Program Files\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe
8341cef98f8ad18d6bec0373705b7955 c:\Program Files\be105bbb97d93cef6c0d6cf170a32291\815346a4778321839cef8ab48bf110e2.exe
4fec221eb7addc22a2acc68da554f377 c:\Program Files\be105bbb97d93cef6c0d6cf170a32291\dc6d02d096c74fb10e2d25b209aafe9b\qqytbxfm.dll
a3ed6f7ea493b9644125d494fbf9a1e6 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\IpConfig.dll
80e34b7f576b710d100f6e7c0bed0c2e c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\MoreInfo.dll
2e0785f18f8714393bc4bc1fe170eadf c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\NSISList.dll
d63975ce28f801f236c4aca5af726961 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\SimpleSC.dll
c17103ae9072a06da581dec998343fc1 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\System.dll
6bdb7d00a9766c9fd0a067ccf0e03961 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\brh.dll
d7a3fa6a6c738b4a3c40d5602af20b08 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll
97960d7a18662dac9cd80a8c5e3c794b c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\md5dll.dll
acc2b699edfea5bf5aae45aba3a41e96 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsExec.dll
2eb862dca5d4e59759a3348b2c19b5b6 c:\Windows\815346a4778321839cef8ab48bf110e2.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 34204 34304 4.40433 f8d2a37891617b4484d193e89fa938e0
.rdata 40960 4632 5120 3.46186 305338a83ba78cc3d317b03c418f77d8
.data 49152 150520 5120 3.54223 10e030d6c33374df83208e6631bff2fd
.CRT 200704 4 512 0.042395 f250c6e48e7e5b84656c9aed51a409a2
.ndata 204800 7921664 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 8126464 16128 16384 4.10581 e360b9bfc072f570471f33d8fe5d5f48

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 16
bee9380f542d20959e724a93843af8dd
6c2cf5c4cb6fcc0a46cd61c677bdedf3
b38101212f32a69c4b851a4442d3bef1
0d9058da7215fd6b720556e58f6edf77
a6046d368ba8b10cb7f1b9f294ceaa4c
6048afcdaadb43724a4acca52c410caf
522cc11c45b6b2da2bbbd00085ae975e
820f73ddc1fab785c57c55696b07d8c2
a7564a7e5c34382d298316646d8c3cb3
93e1502902c20da7cb537043312d7155
73238098ade6bfd393f594b25da38f47
744167ff24274fea6e73b748cb152c59
e7437f43e286b6ecd1ffb6c92b75c633
77554c8c8d95c7e19ef9ca1169613b91
2e9a33c9062d98f88e2de6a32c6a3110
2e29e77b4d131520ea76e1c8c9dd554d

URLs

URL IP
hxxp://www.technologieyvonlheureux.com/installer/getTimestamp
hxxp://www.technologieyvonlheureux.com/installer/start?v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/web/log?evt=10001&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/logging?evt=1&pge=0&pr=0&ar=0&dr=0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/progress?section=1.0&getinstructions=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/progress?section=2.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/progress?section=3.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/web/log?evt=10023&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2=
hxxp://www.technologieyvonlheureux.com/web/log?evt=10035&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2=
hxxp://www.technologieyvonlheureux.com/webenhancer/injections?v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2=
hxxp://www.technologieyvonlheureux.com/webenhancer/config?v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2=
hxxp://www.technologieyvonlheureux.com/web/log?evt=10004&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2=
hxxp://www.technologieyvonlheureux.com/installer/progress?section=4.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/web/log?evt=10042&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2=
hxxp://www.technologieyvonlheureux.com/installer/progress?section=5.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/webenhancer/update?v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2=&retry_count=0&retry_version=&sc=1&scfr=&ie_status=-2&ch_status=-2&ff_status=-2&avs=0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0
hxxp://www.technologieyvonlheureux.com/installer/progress?section=6.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/downloadsLog?unique_id=47936C0FEA50B790BD59E50713FEF01C&affiliate_id=3673
hxxp://www.technologieyvonlheureux.com/installer/urlsLog?unique_id=47936C0FEA50B790BD59E50713FEF01C&affiliate_id=3673&br=iexplore
hxxp://www.technologieyvonlheureux.com/installer/installedProgramsLogs?unique_id=47936C0FEA50B790BD59E50713FEF01C&affiliate_id=3673
hxxp://www.technologieyvonlheureux.com/installer/progress?section=7.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/installer/progress?section=8.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/index.php?firstrun=1&bg=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
hxxp://www.technologieyvonlheureux.com/installer/finish?v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/web/log?evt=10002&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://www.technologieyvonlheureux.com/index.php?firstrun=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00401.0
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.7/jquery.min.js?1.00401.0
hxxp://platform-eb.twitter.com/widgets.js?1.00401.0
hxxp://www.technologieyvonlheureux.com/js/min_general_en.js?1.00401.0
hxxp://www.technologieyvonlheureux.com/js/min_fancybox.js?1.00401.0
hxxp://www.technologieyvonlheureux.com/css/min_bootstrap3_social2search.css?1.00401.0
hxxp://www.technologieyvonlheureux.com/css/min_fancybox.css?1.00401.0
hxxp://www.technologieyvonlheureux.com/css/min_signup.css?1.00401.0
hxxp://main-social2search.netdna-ssl.com/imgs/app/social2search/login-twitter.png
hxxp://www.technologieyvonlheureux.com/css/min_general.css?1.00401.0
hxxp://www.technologieyvonlheureux.com/js/min_signup_page.js?1.00401.0
hxxp://e6845.dscb1.akamaiedge.net/crls/secureca.crl
hxxp://e8218.dscb1.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg==
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCB2zJf1Xylv2
hxxp://googleadapis.l.google.com/css?family=Signika:400,300,600,700
hxxp://stats.l.doubleclick.net/dc.js
hxxp://www.technologieyvonlheureux.com/css/webfonts/Lato-Black-webfont.eot?
hxxp://www.technologieyvonlheureux.com/css/webfonts/F37F5_0.eot?
hxxp://main-social2search.netdna-ssl.com/imgs/app/social2search/login-bg-img.png
hxxp://scontent.xx.fbcdn.net/en_US/all.js
hxxp://scontent.xx.fbcdn.net/connect/xd_arbiter/r/fTmIQU3LxvB.js?version=42
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8=
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEA7LCTmysQFUuJVwx7Irekc=
hxxp://www.technologieyvonlheureux.com/imgs/social2search/favicon.ico
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCB2zJf1Xylv2 173.194.44.67
hxxp://fonts.googleapis.com/css?family=Signika:400,300,600,700 173.194.222.95
hxxp://connect.facebook.net/en_US/all.js
hxxp://staticxx.facebook.com/connect/xd_arbiter/r/fTmIQU3LxvB.js?version=42
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js?1.00401.0 64.233.165.95
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= 93.184.220.29
hxxp://platform.twitter.com/widgets.js?1.00401.0
hxxp://crl.geotrust.com/crls/secureca.crl
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== 23.43.139.27
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00401.0 64.233.165.95
hxxp://stats.g.doubleclick.net/dc.js 173.194.222.155
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEA7LCTmysQFUuJVwx7Irekc= 93.184.220.29


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers

Traffic

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCB2zJf1Xylv2 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 02 Nov 2016 20:45:11 GMT
Expires: Sun, 06 Nov 2016 20:45:11 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 314612
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2016110
2130147Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...%.W.[.....20161102130147Z....20161109130147Z0...*.H...............]
W...@b.E.o.}...\T!.^...'..%.d4.......a.D.....,.i...'......{P....}..?k1
....g......&k.......49O.p...VO....u...^.Q.b........._.r.q-MS...`<.^
...r*..[...v;.A$<..P...O..f$.....LmfP.........8|=.{(..n.1 bD.... 89
;...$iQ]\...\)e.........Q......hn.\..o|e....^!T7.HTTP/1.1 200 OK..Cont
ent-Type: application/ocsp-response..Date: Wed, 02 Nov 2016 20:45:11 G
MT..Expires: Sun, 06 Nov 2016 20:45:11 GMT..Server: ocsp_responder..Co
ntent-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: S
AMEORIGIN..Age: 314612..Cache-Control: public, max-age=345600..0......
....0..... .....0......0...0......J......h.v....b..Z./..20161102130147
Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....%.W.
[.....20161102130147Z....20161109130147Z0...*.H...............]W...@b.
E.o.}...\T!.^...'..%.d4.......a.D.....,.i...'......{P....}..?k1....g..
....&k.......49O.p...VO....u...^.Q.b........._.r.q-MS...`<.^...r*..
[...v;.A$<..P...O..f$.....LmfP.........8|=.{(..n.1 bD.... 89;...$iQ
]\...\)e.........Q......hn.\..o|e....^!T7...


GET /web/log?evt=10001&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:05 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=a4sl3us21dqoar8bgqfou12de5; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340857514934; expires=Mon, 06-Nov-2017 12:08:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434085; expires=Mon, 06-Nov-2017 12:08:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:05 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w13|WB8dK|WB8dK; path=/


GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "422ad394b282092665011bc408d8ad5e:1478433628"
Last-Modified: Sun, 06 Nov 2016 12:00:28 GMT
Date: Sun, 06 Nov 2016 12:08:42 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equi
fax Secure Certificate Authority..161106114300Z..161116114300Z0,0....%
...020514181157Z0.....3..020515130611Z0...*.H............X.Hb5b...*s0.
!..J9.w9.t....!.....x....wlU...c@gf.r@.~.)8W%..........3.*_./..N7Y]6t.
.:....4.1Rh6...p....%.E.p......../....0../...HTTP/1.1 200 OK..Server:
Apache..ETag: "422ad394b282092665011bc408d8ad5e:1478433628"..Last-Modi
fied: Sun, 06 Nov 2016 12:00:28 GMT..Date: Sun, 06 Nov 2016 12:08:42 G
MT..Content-Length: 325..Connection: keep-alive..Content-Type: applica
tion/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax
1-0 ..U...$Equifax Secure Certificate Authority..161106114300Z..161116
114300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H..........
..X.Hb5b...*s0.!..J9.w9.t....!.....x....wlU...c@gf.r@.~.)8W%..........
3.*_./..N7Y]6t..:....4.1Rh6...p....%.E.p......../....0../.....


GET /index.php?firstrun=1&bg=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 302 Found
Date: Sun, 06 Nov 2016 12:08:29 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=5vu5bai044r1utlhfcrf402gl0; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341092622323; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434109; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:30 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Location: /signup?aid=3673&inline=0&afr=0
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w67|WB8dQ|WB8dQ; path=/


GET /webenhancer/injections?v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Host: VVV.technologieyvonlheureux.com


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:19 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=hhftotsi9gsqu5105r3o210ud0; path=/; domain=.technologieyvonlheureux.com
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340998259899; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434099; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=39,90,74,82,12,39,61,65,64,29; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Connection: close
Transfer-Encoding: chunked
Content-Type: application/octet-stream
Set-Cookie: APPSESSID=w12|WB8dN|WB8dN; path=/
6f16......:`x....d4-.%!.J....SJ...-3%....H%:9.[.M....a;'.5.].m..o..gm.
...L.f(Wn.{.Ro.aJ.3_...8P.D.2....^..e.(Q.....B..QC...]...2P...!sb.L&..
l..v]...R.........oz...w.A..F.#..P.!..>......y(...O....v2a...*'.<
;.0.1.~U>'.E.>....a....X...7.w..r..A.[..%..u....8........j.|A...
.......e....;G.~............Q<..7DK\...q...\.~..Q..F...D.....BRW6'.
p..K.....D..D)h1..80..x.>Bx.........'.............du_..D/.TT..i.9.
ic......a.../..k..4..$.@j........T...Mj....-..x.>.=.Zd.Y...z*.(:...
WE..N.LZe....r...BD.3.}R.H..db1...s..g..?....P[............`.q?.q. t..
.Z........i.[..0%P..i.W.......{c.R...'...tZ)J2..g.X....(..W....Fz -.).
.Yo.;8..=.......^..u..........Om.I....D...V...4.I.HV.?fDvn~....z...FK.
..At.Q............(ON3..-.I.5..=..x.<&S"..?t.|1..E........Ok..S$.a.
..[.......Uw~..-...!.|a....\B.......A..1..w.J.-aU..S.;....Y'.j......!Y
...$.x..........4:...,S..mJ..[...._\...G.p....9..(lz.\.)*:...|......r.
......4..l.{.7%..7...P6...k4.L...'g...........{.pH7W..3Y5{....oF...v..
_.,x.^..b.T...^......%k..tR....9..K....\XX_.....[....z.y..'w.,.....>
;`.d...QO7[<!....Q.g0.4-........y)....5...Z.X..o.].c.M(S.o._.3.....
.4a:.a...9..#c....Z5..:$....n...q.H..;^..#"....<.g..,`.>)'"M.d..
R........*"..........D..Q..d...jN.q\y......0....^...9p.....9......a.Q.
S.....i^..B...I..3Q|.if.J}..W..%..r.*..k ._..[P..d...ZXj.......*...c..
B.9C.rx.|._..n.>..v`...iT.....F....].O..>..)..9?.VP5.....g......
.h. ........8.T.h2.:....B6@..`...`~0.........%.t1.G%.f..."G...eS..{.v`
S.......KQ@....O..S_.6..[d......6g.%....._s....JC.x../..K..A'UF...

<<< skipped >>>

GET /web/log?evt=10004&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Host: VVV.technologieyvonlheureux.com


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:20 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=ehinbuiir4prret4ssopvj7es6; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341001639678; expires=Mon, 06-Nov-2017 12:08:20 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434100; expires=Mon, 06-Nov-2017 12:08:20 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:20 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=39,22,25,75,63,83,89,63,76,61; expires=Mon, 06-Nov-2017 12:08:20 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w17|WB8dN|WB8dN; path=/


GET /imgs/app/social2search/login-twitter.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: main-social2search.netdna-ssl.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:41 GMT
Content-Type: image/png
Content-Length: 5243
Connection: keep-alive
Last-Modified: Mon, 09 May 2016 20:37:45 GMT
ETag: "147b-5326ec7ebd36c"
Accept-Ranges: bytes
Set-Cookie: APPSESSID=w5|WB8dT|WB8dT; path=/
Cache-control: private
Server: NetDNA-cache/2.2
X-Cache: EXPIRED
.PNG........IHDR...6...R........Q....sBIT....|.d....2IDATx...w..T... .
...v...c.q;.M.{.&.Y..b(f...v(..e.e...`(...40K.C.R.a)..<.8..S....v.;
.s._.t..I.....:=..W.....z..s.=Wb....v.A..... U.J.^....8.I$X....\x..[.%
.M.....X%..4.@z........... .'1.6.......KU....i:.~.. ......yl.>.ds.d
......u_.A.f...U.......<Uw.v(...w.M.^.r....0..F1..tjF........LV7s..
W=.>.e.w...,r..T'..N...t......J...&.\... ...W.i.......@EL.....&$..U
...B..)...[.v...O.F..`..&....T...T..).L...!0..................{.kB..a.
.._<x..G.Yk..)............w/&Q#.b(a.......k..p....7;W..Z..{.[,...`.
. .".b..'..^.F...Y..ZkEw..Z&......A..0aB...^...6.f............A$.p.Up.
..t,UWTd.k.`.. .".....[..(L .....0a.`.. .")...E..q.6..u..wE..;..&..pF.
.D...i;..).F..1.8....{.X.. .b.I..A....... .........F.........<....b
K.. .b8I.Q...l7$....l-4 .t...... .b.I.....,vF.F.D6.P...<8....."n...
.R..n..0.........!......vv..PR. ..8...........$.m...'.u.\.....xT|.....
.,..p.$.w~......"n....V.;....?A.C..F%..!cr....z1.<....B...G.....Y%
b...,........c.G.*^[K.F.'.Y..vv.&H..u.....i.....N*j....c....~.2.3KE\76
.. .." ......]=......7...'.c......J..%...\........O{{. .........6.L..
Ksp_...$...r..tM<.cr.4t..eu....7.z..{..xd..%...,wLv....xb.0...9%...
.....y.........VI..pO......NC......&.V......V......oC..S..\xD...F.....
....B..Vk..s..O..AE3(K...........6.T..U.........4..k.$...{g...3....S..
.R..#E|}$....c. ..zu./1.d....&.M..&.......`......^\:Z.h...3._.8......u
]*.m.....,o...&*.sgy...\..9.2.....wGe<.S.zM-....\<6.c...Z......T
.K....9>.u....U.......9....dx..DN......-Cc.&..,^..xTbWN..ozsw.K

<<< skipped >>>

POST /web/log?evt=10042&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Content-Length: 277
Content-Type: application/x-www-form-urlencoded
Host: VVV.technologieyvonlheureux.com

..U..
.k.....i..........,w.E.....5 ...c}.@>...qQ..&.....#\>.....8DSC.........!............e....m.....u......a.r.....C.......&....o.&-....c......C.e..=e.U.k.\L.>.$H.
.ps...g.
....e
...
(V.XS...E...;..u)D.9<.uc....6....}...3*...q..T...z.... U9.w......N?-.hM.$.o.=...._4>..qI
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:21 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=7q1ukpgiccdju7q7ekqfo5ffr2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341018943668; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434101; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=39,59,15,84,54,9,2,38,24,27; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w1|WB8dO|WB8dO; path=/


GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCB2zJf1Xylv2 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 02 Nov 2016 19:55:20 GMT
Expires: Sun, 06 Nov 2016 19:55:20 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 317603
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2016110
2070147Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...%.W.[.....20161102070147Z....20161109070147Z0...*.H.............V..
..R4F..k.g.......^.......E_I.........h...I.@...E...dT.8.`...y..c...|..
8s~..7.`W......".......WH..w..r.V......5.An.g~.#...d..Y&.DT3.!|.q..:.\
\.u.....a...gw.z...H..5..(..0...O.2....w....H...x.V.........>.A.u .
...z....fko.....X..8M....H..f>.;j./.o... .`.T.HTTP/1.1 200 OK..Cont
ent-Type: application/ocsp-response..Date: Wed, 02 Nov 2016 19:55:20 G
MT..Expires: Sun, 06 Nov 2016 19:55:20 GMT..Server: ocsp_responder..Co
ntent-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: S
AMEORIGIN..Age: 317603..Cache-Control: public, max-age=345600..0......
....0..... .....0......0...0......J......h.v....b..Z./..20161102070147
Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....%.W.
[.....20161102070147Z....20161109070147Z0...*.H.............V....R4F..
k.g.......^.......E_I.........h...I.@...E...dT.8.`...y..c...|..8s~..7.
`W......".......WH..w..r.V......5.An.g~.#...d..Y&.DT3.!|.q..:.\\.u....
.a...gw.z...H..5..(..0...O.2....w....H...x.V.........>.A.u ....z...
.fko.....X..8M....H..f>.;j./.o... .`.T...


GET /installer/progress?section=2.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:13 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=jlsgq50hs57bg9pfqdn4qbm7l1; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340939525590; expires=Mon, 06-Nov-2017 12:08:13 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434093; expires=Mon, 06-Nov-2017 12:08:13 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:13 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:13 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w32|WB8dM|WB8dM; path=/


GET /widgets.js?1.00401.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: platform.twitter.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Last-Modified: Tue, 01 Nov 2016 23:44:43 GMT
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Etag: "fbfd77ed3a7a01d7ce6ff7ca0baa7a4d gzip"
Content-Encoding: gzip
Content-Length: 32775
Accept-Ranges: bytes
Date: Sun, 06 Nov 2016 12:08:41 GMT
Via: 1.1 varnish
Age: 1080
Connection: keep-alive
X-Served-By: cache-tw-fra1-cr1-3-TWFRA1
X-Cache: HIT
X-Timer: S1478434121.386304,VS0,VE0
Vary: Accept-Encoding,Host
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
............k{.F.0.....0Y..[...m.....L4...J....=.............OU....(..
d..'y.......u..."..$.\..{.ssS........9.z7.H.xs..~....w......A.......2.
.b.(y...g.w...@..fp~^.TU..i?.n...W....4.c......|r=..{O.......Uyw.w...w
.L..$;..^-.......</.r|...$.W..|..-Y......7F...Za.(LS7Q-........Z.1.
?,..,.'.....@O.`9L#/\....-.!.......b....../.}.../.XrR.mnF.......yz.F..
.......{I....$<.r..^.X....j....U2.\O.6[.).....5 .\..n.......'PAQ(.x
'vc..ArR........u.....,....`K.<-....`G...<Z.......)...w.....p.].
.......X^....V\.v.2*.y.x.|..(p*....%.........(y.8.j......m..~..<.E.
..qxqp..@.]....<....g...w-?...bE...I..^....z.."..x...P.Q.....K.....
......EU...v|G....."....;.....}...").|....<L..=..*..4..............
W^..8}.e.........$:x.................3.|x..EO.............>.Q.tg..$
..a..........~4......)......d..p...y/..6=..^.Eq..`............g...dvwv
.......>.2..2|.>}.wG{;...~L..>....=.w.D....`4}...._..x7zJ....
....'.......C.......`|.........tX...g...$...[.)..p .QP.......y.oo.....
..bL....(.m;..Co........9....y...{....v<V..=....}R?G....b......w...
.w....yo.cs,.....>.0..P.2p..3.....c.].m..K..~1.........p`.?...}_...
.n.w.....!.......v.|E..a)....5.s.Ma.4&8.y..q........,../....b .^......
8..c......../......x.^r8.....v.....,>.........,...QB.......".L2.>
;(..z%...<.E.L......TR~.........E..uT[..Y...5YH<U..UR....Cb...Q.
J-[.....GU.A..:..............p.@....S.......*,e...9.t.I....Z..&E......
?.oz.._..:.9.....co....$..%....h.z..'.)._........MWU....F^og8...._-...
.......Y.U.r..X.i......./..i.YU$....../...Ub....?>..x......-..{

<<< skipped >>>

GET /index.php?firstrun=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434107; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34


HTTP/1.1 302 Found
Date: Sun, 06 Nov 2016 12:08:40 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=rlivefmasanafnoloud4mvv1v1; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434120; expires=Mon, 06-Nov-2017 12:08:40 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:40 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:40 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:40 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Location: /signup?aid=3673&inline=0&afr=0
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w20|WB8dS|WB8dS; path=/


GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1
Cache-Control: max-age = 564348
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1362
content-transfer-encoding: binary
Cache-Control: max-age=593013, public, no-transform, must-revalidate
Last-Modified: Sun, 6 Nov 2016 08:48:44 GMT
Expires: Sun, 13 Nov 2016 08:48:44 GMT
Date: Sun, 06 Nov 2016 12:08:43 GMT
Connection: keep-alive
0..N......G0..C.. .....0.....40..00.......j.#.p.e$.\ps.*.. .j..2016110
6084844Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:.....20161106084844Z....20161113084844Z0...*.H............
........?....@~...r[...0}..r.lg..........Y.....9F3.DOzk..}.B..'.....).
.....e"J~].G.a.......1.g.' .......w..f,.J.D...#..E....=6{....!9....t!.
T.y....2NT.9.h.S.......N...f...... .a.....5X......10....L..@.Q.A.1....
mq.@.....b...D...K...v,AiX..1....5F=..X.....2U.....0...0..|0..d.......
.:.0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....Ge
oTrust Global CA0...151203170230Z..161214170230Z02100...U...'GeoTrust
Global CA TGV OCSP Responder 40.."0...*.H.............0.........[.c.#z
j......RME.....,......(..U......!-.l..R..E.~..%."./8mv..D...*...Rx....
....mw.~2..Q5T\.H...Wk*..a.z.$._..T......;T.S.r(._*.G....^.P.!.3..t...
....s......P....C._.g.b.oK...EV..>...>.|.o.~quo.............v4..
Tt....Q.]A.Y......... w.E..=.%.n7.......{" *C........0..0...U.#..0....
z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U........
...0...U.......0.0 ..U....0...0.1.0...U....TGV-C-670...*.H............
...aEc<..'R......]C.ri.Zm.....|..B.$..76..h....l...Xbxua...C.X.S...
.~K..A..._.T@$.....9(.... ......\.*.....5.b.x...[QM.._9P.=..l...gf..L.
?..3 ......Z....._...20R;...x.......C..0....l.G.A..5TS>d.U......w.(
\....v..9.z7.....J..;..'...u.Y...BB.@.2u.e..eW..J.U....

<<< skipped >>>

POST /web/log?evt=10035&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Content-Length: 433
Content-Type: application/x-www-form-urlencoded
Host: VVV.technologieyvonlheureux.com

    "Chrome"
    
        "Chrome Media Router"
        "Chrome Web Store Payments"
        "Gmail"
        "Google Docs"
        "Google Docs Offline"
        "Google Drive"
        "YouTube
    ]
    "Firefox"
    
        "Default"
        "Multi-process staged rollout"
        "Pocket"
        "Web Compat
    ]
    "IE"
    
        "Adobe PDF Link Helper"
        "Java(tm) Plug-In 2 SSV Helper
    

HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:19 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=gomt8vjejoqp9n1h5e9uhto307; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340994137684; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434099; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=39,19,47,57,68,42,33,68,41,41; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w14|WB8dN|WB8dN; path=/


GET /installer/progress?section=3.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:14 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=idkkn56hjfddpc56i58dv2c426; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340943821025; expires=Mon, 06-Nov-2017 12:08:14 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434094; expires=Mon, 06-Nov-2017 12:08:14 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:14 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:14 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w51|WB8dM|WB8dM; path=/


GET /installer/progress?section=5.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:22 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=ic3uqmv1992pb0bb9janpuicg5; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341027425325; expires=Mon, 06-Nov-2017 12:08:22 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434102; expires=Mon, 06-Nov-2017 12:08:22 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:22 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:22 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w66|WB8dO|WB8dO; path=/


GET /css?family=Signika:400,300,600,700 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Sun, 06 Nov 2016 12:08:44 GMT
Date: Sun, 06 Nov 2016 12:08:44 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
12e..............Mo.@.....bo`R.Z...5.6...=....,..5..........p i....l..
..i.'!..x...U.1i. x1.........A..h.B...P.#n..Y.z,..@h..x.a..&...(r"F._.
I.v..3.y.L..JLb..R9..j.6..9.u}..G=T......r4...z.E..v.<.h...c...(t.0
^..G._.)......"\......5Y..G?..3.d{.........y(...\.Y.#<9.fj&.....u.e
.?......qZ.Tm*....[.)Y...@.........a.....-..y.....0..HTTP/1.1 200 OK..
Content-Type: text/css; charset=utf-8..Access-Control-Allow-Origin: *.
.Timing-Allow-Origin: *..Expires: Sun, 06 Nov 2016 12:08:44 GMT..Date:
Sun, 06 Nov 2016 12:08:44 GMT..Cache-Control: private, max-age=86400.
.Content-Encoding: gzip..Transfer-Encoding: chunked..Server: ESF..X-XS
S-Protection: 1; mode=block..X-Frame-Options: SAMEORIGIN..12e.........
.....Mo.@.....bo`R.Z...5.6...=....,..5..........p i....l....i.'!..x...
U.1i. x1.........A..h.B...P.#n..Y.z,..@h..x.a..&...(r"F._.I.v..3.y.L..
JLb..R9..j.6..9.u}..G=T......r4...z.E..v.<.h...c...(t.0^..G._.)....
.."\......5Y..G?..3.d{.........y(...\.Y.#<9.fj&.....u.e.?......qZ.T
m*....[.)Y...@.........a.....-..y.....0..


GET /js/min_fancybox.js?1.00401.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:41 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sun, 06 Nov 2016 14:08:41 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434121; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8131
Connection: close
Content-Type: application/javascript
Set-Cookie: APPSESSID=w20|WB8dT|WB8dS; path=/
Cache-control: private
...........=ks........1.!...I.....(....%.(..q. ..)H @..d...t..~.u.....
...%.Z..LOwOOO.f.mo...9.q...dh'~8#.]..i..4]...,.......vb..$..>...m
......8I...g..,. %~HX?q..=..?...v].%.P...]..F$.N....A./.O........q<
<.8&....x.....~.{..B.D....2t.'2.3.%{....g..:....?;K...7..t.'..(.y..
........~z... .4!..x.........I...%.J@Hd.x(....L...^.Q<Otr.hI...h..
y..S....N...G.^..S.."..}.\zf.tB.(.. *.(t}*%:h..f5g..X..D.........*..'.
%v...Q."...OH......I.n.. ...?.b....%.B...t.....@...#. |zn.,.^..b......
......v.P....2.....u..|:..B{.!K..%,j.l.].g.!...(^.......{.....Y.....#L
,.t..>...B..D.M. \p.C..sP.`.......L..Df...hL....?........~...w..g..
................hL......|4.99>...?........x.?.....A..............h8
..h..w.;....@B............tJx}..vD.qx4..-......3%.nt......>9.....'{
.#rxrtx...g.;.......]....d..p...?....&b.&|.i.x.3(.vg...w.....wwt4.....
....X....p8...E>.y....}.9...............T.......h..Y..7>.....O..
....v......F...G....R.@..O.....t....xD.7...ztrx<:..`.?....>.....
.>.......}F.(...:..a..G(_*.>.c.....`@..y,..2.?|.7z?......1}....,
..8|.h...>.=..GUA.@.%].....;...i$...@%.#.>T...\..#.6..Z.MR.8.8.;
AR..:...Qg.0..o..%.9.tf..*...6.$.2....<......y.&.qJ,R....Z6..lZW-..
...3........2.qi......7.t.:.....N..."p......../N..J....l..@..X.a..5...
r......Q..=....l.i.r...4.DB...8,-..<j...J.F....S.R4m@..t5".lon...9.
.&h...Z. ..Qe....w.*.*.<...Zi.mu.......!.....aD.... ..V$N...;T...PW
HQ6..r....a...:..(..B...HH.bz.........}......ui.........A...C...}?..k.
.Y....g..RV._..S.gz...1o..;...."z.rXo...m2!f>.Et.n...A.8..R&..x

<<< skipped >>>

GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "422ad394b282092665011bc408d8ad5e:1478433628"
Last-Modified: Sun, 06 Nov 2016 12:00:28 GMT
Date: Sun, 06 Nov 2016 12:08:42 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equi
fax Secure Certificate Authority..161106114300Z..161116114300Z0,0....%
...020514181157Z0.....3..020515130611Z0...*.H............X.Hb5b...*s0.
!..J9.w9.t....!.....x....wlU...c@gf.r@.~.)8W%..........3.*_./..N7Y]6t.
.:....4.1Rh6...p....%.E.p......../....0../...HTTP/1.1 200 OK..Server:
Apache..ETag: "422ad394b282092665011bc408d8ad5e:1478433628"..Last-Modi
fied: Sun, 06 Nov 2016 12:00:28 GMT..Date: Sun, 06 Nov 2016 12:08:42 G
MT..Content-Length: 325..Connection: keep-alive..Content-Type: applica
tion/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax
1-0 ..U...$Equifax Secure Certificate Authority..161106114300Z..161116
114300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H..........
..X.Hb5b...*s0.!..J9.w9.t....!.....x....wlU...c@gf.r@.~.)8W%..........
3.*_./..N7Y]6t..:....4.1Rh6...p....%.E.p......../....0../.....


GET /installer/logging?evt=1&pge=0&pr=0&ar=0&dr=0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:12 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=l03nh5jjfj1900d9hjf5ro0mu1; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340926478105; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434092; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w2|WB8dL|WB8dL; path=/


GET /installer/progress?section=1.0&getinstructions=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:12 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=5jebfbutnmp140nudcmfb89o93; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340921913994; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434092; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:12 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w9|WB8dL|WB8dL; path=/


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Cache-Control: max-age = 511667
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT
If-None-Match: "57ff143e-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=499258
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581eb58e-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:46:06 GMT
Server: ECS (vie/F2D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...2016
1105210000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&...
.cd ........\..m. B.]......20161105210000Z....20161112210000Z0...*.H..
...........:u.....)(........'....@WHh.B..6Ex.!K^..}H.1..r..0.Ds.6[..[.
j.....M.{q,.>p.v...'Q........c.9|Z..j2..!.,z.. ..yG.L..k3.I...Y..p.
7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O..$.aS.:]~*..KxP.2,0..D....M
.#N......aF...CZ*..xt/.....B..{...~i.yeA..;..{..EMoB>...W8..HTTP/1.
1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=499258..Content
-Type: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT.
.Etag: "581eb58e-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Mo
dified: Sun, 06 Nov 2016 04:46:06 GMT..Server: ECS (vie/F2D5)..X-Cache
: HIT..Content-Length: 471..0..........0..... .....0......0...0.......
>.i...G...&....cd ...20161105210000Z0s0q0I0... ............(..A...B
..G@B.X....>.i...G...&....cd ........\..m. B.]......20161105210000Z
....20161112210000Z0...*.H.............:u.....)(........'....@WHh.B..6
Ex.!K^..}H.1..r..0.Ds.6[..[.j.....M.{q,.>p.v...'Q........c.9|Z..j2.
.!.,z.. ..yG.L..k3.I...Y..p.7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O
..$.aS.:]~*..KxP.2,0..D....M.#N......aF...CZ*..xt/.....B..{...~i.yeA..
;..{..EMoB>...W8..
....

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEA7LCTmysQFUuJVwx7Irekc= HTTP/1.1

Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=496111
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581ead2c-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:10:20 GMT
Server: ECS (vie/F2BA)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..2016
1106033900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb.
..Yr;.....9...T..p.. zG....20161106033900Z....20161113025400Z0...*.H..
............0<.F...PlF....ly@?...r5..J.bYwT.F.|.)... ..-D..9%. #.k.
.9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G),sR. k.x..1.o..?...a.r..
.......)....`.... .P......6.....E..i%N.j...lw.j.l:..`C..#R..`8.....BQu
d...@...1...J.mT..6..I.@..C?....4$.. q...|...7.5...w..a...y.HTTP/1.1 2
00 OK..Accept-Ranges: bytes..Cache-Control: max-age=496111..Content-Ty
pe: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT..Et
ag: "581ead2c-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Modif
ied: Sun, 06 Nov 2016 04:10:20 GMT..Server: ECS (vie/F2BA)..X-Cache: H
IT..Content-Length: 471..0..........0..... .....0......0...0......Qh..
...u<..edb...Yr;..20161106033900Z0s0q0I0... .........&....~...B../j
..._...Qh.....u<..edb...Yr;.....9...T..p.. zG....20161106033900Z...
.20161113025400Z0...*.H..............0<.F...PlF....ly@?...r5..J.bYw
T.F.|.)... ..-D..9%. #.k..9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G
),sR. k.x..1.o..?...a.r.........)....`.... .P......6.....E..i%N.j...lw
.j.l:..`C..#R..`8.....BQud...@...1...J.mT..6..I.@..C?....4$.. q...|...
7.5...w..a...y...

<<< skipped >>>

GET /installer/progress?section=6.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:25 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=j99nudh0f6ad5nu1vm3urtpme2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341055624630; expires=Mon, 06-Nov-2017 12:08:25 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434105; expires=Mon, 06-Nov-2017 12:08:25 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:25 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:25 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w22|WB8dP|WB8dP; path=/


POST /installer/downloadsLog?unique_id=47936C0FEA50B790BD59E50713FEF01C&affiliate_id=3673 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.technologieyvonlheureux.com
Content-Length: 0
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:26 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=vo7vi6ivng3trr1iuu5r10pui5; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341069875129; expires=Mon, 06-Nov-2017 12:08:26 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434106; expires=Mon, 06-Nov-2017 12:08:26 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:26 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:26 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w8|WB8dP|WB8dP; path=/


GET /webenhancer/update?v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2=&retry_count=0&retry_version=&sc=1&scfr=&ie_status=-2&ch_status=-2&ff_status=-2&avs=0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Host: VVV.technologieyvonlheureux.com


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:24 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=tqj3dbb2pk62tph7d960m9dar4; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341043367090; expires=Mon, 06-Nov-2017 12:08:24 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434104; expires=Mon, 06-Nov-2017 12:08:24 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:24 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=39,12,47,39,82,74,94,16,62,69; expires=Mon, 06-Nov-2017 12:08:24 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 99
Connection: close
Content-Type: application/octet-stream
Set-Cookie: APPSESSID=w28|WB8dO|WB8dO; path=/
....n*..o.a........%.."........YI.U......?..B..(.Z..sIe. ,9...........
Yf....T......t......z...:.i....


GET /css/min_bootstrap3_social2search.css?1.00401.0 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:41 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sun, 06 Nov 2016 14:08:42 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434122; expires=Mon, 06-Nov-2017 12:08:42 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:42 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 18546
Connection: close
Content-Type: text/css;charset=UTF-8
Set-Cookie: APPSESSID=w20|WB8dT|WB8dS; path=/
Cache-control: private
...........}k..8r._.{bb......T.S..v....O....>.%R%.P..........H$.$..
..E.;<[...Df..$..}{(/...Nv..(.=6...4y]..&_..oE;i....)..O.....}L....
...k..*.v9..Kq|..i...2..M...,o..l...e....:.?.u>.UU...}.f..^..|....8
>.....~.7.V.h.....% .S.~{.....kz..j.M...f|...:o..g.ke .cY...h..9...
.$-....&mr^ .=..../[...*.O...cu...y..o..~..Y..?...........M......M.UY.
.m.8|J...^.....3c...b.\.s.I.l.l._..-.O.MU3.L6U.V....u..?....7.......I.
*....(...[.?.-....O.X..*?..'....8..WV..ER.C..O....v.....Ri.h..........
T5...c.36.1.....O...mA.sLmuz.D.F..}Q..DS^R.^.7..../BJ.5S.....]Y}y.".J.
.#N.x....u__..Z.7.WNiq|y..g..EL..........h.I.mu.VL...dL%.q..N.t;T..i.6
..........1.8...s;.N...._l2...d....&.35....>IY._..%.s...2.=H..1....
.. .XA..b1....~;.?..OcP..\.:%L....t..NO.<e....l..=..#.T.......6.RF]
..vk./.Q...s....(D....fR..l!.....).2.<..Z....*..q -.`4.}......t...;
B..f......RC!..x>l......L.f.....jJ.../....BU.....{rL..!O..p...y...X
.e.d....`C..|[.)_.(...-:g.k."...f.-...V..Oz.....Zg.R.Te....d..Z./.1...
.Twu...[.[..z......MI....Q.qm.q..._.|.."..j6...8~..l:...t.4.,..P.NU...
.IZ.}.1.8[@....~..GOh...k..._..E.....#.1..U.e_..Of.B........m[....F.&g
t;...3.-...@..~~..;.?6E.M.fb[.'..C....c.....m^..V..^..<~a;.&...d...
..sUd..ou.vA.{"w?......^......C.u......y......x?.T.i...8{b`....UV..bX.
.2.........m....D....m.R..(.........3.>.4....&/..1.k.L.O.!..9bSA...
._x<...{..&c.(#(...`..Y..m.......v..Le......i.K..SSo..u.>.....?.
...^.M...\.u.....M...E. .~.q3......-`..lR............T........mA..>
.7..v{?X..2...bg.?}.F.....-&...y,. ?...[.'.|....."..:.v..]..U.iN.6

<<< skipped >>>

GET /js/min_general_en.js?1.00401.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:41 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sun, 06 Nov 2016 14:08:41 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434121; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30573
Connection: close
Content-Type: application/javascript
Set-Cookie: APPSESSID=w20|WB8dT|WB8dS; path=/
Cache-control: private
.............v.8.(.;^...V...2..c"E.u<t.;.IR]U....DJb,..H.q.:.q..>
;.....$....;..J......=..h4._.Q<...<....V}....h8..w...g.[.....x._
.:...2..Y.....U<..&."r^M.u.T..$.3.......,.'.E..'..."N>..7.>9.
d.O..*.O.y.N3'......4.%.8r...O..........~..i~;..l..$...?..q.f..b:.6.I.
....{:.:..,.A..d0O7?.W.I.'...q.=.....y.L2......T.K..|.n4d...P.%.x.....
.B........'.:s/..A..%C/.v........i.w...}..........dB..E..z..~1......h.
~....,......t.Z.vYO../.p..I..J,....D..9`.....JM...~.:.;qwR..j.7......Y
g...n.|0.b.n.f.S;K...A.3:.......k..A.,.vq...Z...Fx0..A..8<.xm..J..0
.....2M'q8Umn.j~.G'_gZ..,]..q..6._.<...I..q..7L.ZL.d.LcLV?0'.M.~..#
.*~-.y5....E.....QI..h..s..`....x:.....f.....a.P#.6;Q}...r...f0.B2.*.{
8....Z........U(:Dh....bG@..........<.5.]....|..w..$......@>_..t
^Kh..I.......C.......=.._...,...p.76.u..........1A...y.^".F...=jkP....
a.....l.\.*...w.Y...H...I...f.. ..-...!.>S.l.}G.....e=Cv....-..8...
.;..).......yw3..8...mp.e...p0....W.,8...K...K..C2.....O&y<...k...6
8....8.._..l_...S.>.....=.cH2....#..o. .JNQ......~W........7...^vj.
I.."".kI..........^..b. ...Ea.j..kft.~ ../.G..t....|.....n.Db.V.g...p.
..V5..5.......@nq)......~yX..$..K.5.e6B}.0.l..".....xc......<.0/...
,..q...R..H......"..o..L..tQ.M&0....A..c..z..e4p1.1..Al...v.(..$xX....
....R...b1.^W...8o)...[.N.(......&n.M.o2.\.N...c...G$.3............r..
.Z(..v..v..}.n.a...?<.%i.../.Y.B?H....D@..q...]..;....x.8Y....4#Z=.
`-...4.j...T.@..oA.......;...!..p.\..E\S.F...3....Mt.DZ...v_~.....7...
WE....{.q@.`]Y..7F..@.r..H........0.....D0k.....B..0.....y........

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Cache-Control: max-age = 511667
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT
If-None-Match: "57ff143e-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=499258
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581eb58e-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:46:06 GMT
Server: ECS (vie/F2D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...2016
1105210000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&...
.cd ........\..m. B.]......20161105210000Z....20161112210000Z0...*.H..
...........:u.....)(........'....@WHh.B..6Ex.!K^..}H.1..r..0.Ds.6[..[.
j.....M.{q,.>p.v...'Q........c.9|Z..j2..!.,z.. ..yG.L..k3.I...Y..p.
7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O..$.aS.:]~*..KxP.2,0..D....M
.#N......aF...CZ*..xt/.....B..{...~i.yeA..;..{..EMoB>...W8..HTTP/1.
1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=499258..Content
-Type: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT.
.Etag: "581eb58e-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Mo
dified: Sun, 06 Nov 2016 04:46:06 GMT..Server: ECS (vie/F2D5)..X-Cache
: HIT..Content-Length: 471..0..........0..... .....0......0...0.......
>.i...G...&....cd ...20161105210000Z0s0q0I0... ............(..A...B
..G@B.X....>.i...G...&....cd ........\..m. B.]......20161105210000Z
....20161112210000Z0...*.H.............:u.....)(........'....@WHh.B..6
Ex.!K^..}H.1..r..0.Ds.6[..[.j.....M.{q,.>p.v...'Q........c.9|Z..j2.
.!.,z.. ..yG.L..k3.I...Y..p.7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O
..$.aS.:]~*..KxP.2,0..D....M.#N......aF...CZ*..xt/.....B..{...~i.yeA..
;..{..EMoB>...W8..
....

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEA7LCTmysQFUuJVwx7Irekc= HTTP/1.1

Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=496111
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581ead2c-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:10:20 GMT
Server: ECS (vie/F2BA)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..2016
1106033900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb.
..Yr;.....9...T..p.. zG....20161106033900Z....20161113025400Z0...*.H..
............0<.F...PlF....ly@?...r5..J.bYwT.F.|.)... ..-D..9%. #.k.
.9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G),sR. k.x..1.o..?...a.r..
.......)....`.... .P......6.....E..i%N.j...lw.j.l:..`C..#R..`8.....BQu
d...@...1...J.mT..6..I.@..C?....4$.. q...|...7.5...w..a...y.HTTP/1.1 2
00 OK..Accept-Ranges: bytes..Cache-Control: max-age=496111..Content-Ty
pe: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT..Et
ag: "581ead2c-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Modif
ied: Sun, 06 Nov 2016 04:10:20 GMT..Server: ECS (vie/F2BA)..X-Cache: H
IT..Content-Length: 471..0..........0..... .....0......0...0......Qh..
...u<..edb...Yr;..20161106033900Z0s0q0I0... .........&....~...B../j
..._...Qh.....u<..edb...Yr;.....9...T..p.. zG....20161106033900Z...
.20161113025400Z0...*.H..............0<.F...PlF....ly@?...r5..J.bYw
T.F.|.)... ..-D..9%. #.k..9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G
),sR. k.x..1.o..?...a.r.........)....`.... .P......6.....E..i%N.j...lw
.j.l:..`C..#R..`8.....BQud...@...1...J.mT..6..I.@..C?....4$.. q...|...
7.5...w..a...y...

<<< skipped >>>

GET /web/log?evt=10002&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:32 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=dfb70m77u4d4keeodlvpnbeb63; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341128429013; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434112; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w9|WB8dQ|WB8dQ; path=/


POST /installer/urlsLog?unique_id=47936C0FEA50B790BD59E50713FEF01C&affiliate_id=3673&br=iexplore HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: VVV.technologieyvonlheureux.com
Content-Length: 406
Cache-Control: no-cache
Cookie: PHPSESSID=vo7vi6ivng3trr1iuu5r10pui5; _wau=14784341069875129; _wal=1478434106; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; APPSESSID=w8|WB8dP|WB8dP

hXXp://go.microsoft.com/fwlink/?LinkId=129791
hXXp://go.microsoft.com/fwlink/?LinkId=129792
hXXp://go.microsoft.com/fwlink/?LinkId=121315
hXXps://ieonline.microsoft.com/#ieslice
hXXps://VVV.mozilla.org/en-US/about/
hXXps://VVV.mozilla.org/en-US/contribute/
hXXps://VVV.mozilla.org/en-US/firefox/customize/
hXXps://VVV.mozilla.org/en-US/firefox/help/
hXXps://VVV.mozilla.org/en-US/firefox/central/

HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:27 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434107; expires=Mon, 06-Nov-2017 12:08:27 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:27 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:27 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8


POST /installer/installedProgramsLogs?unique_id=47936C0FEA50B790BD59E50713FEF01C&affiliate_id=3673 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Filename: nsiFCFE.tmp
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Content-Length: 459
Connection: Keep-Alive
Cache-Control: no-cache

7-Zip 9.20
Adobe Flash Player 23 ActiveX
Social2Search
Google Chrome
Mozilla Firefox 49.0.1 (x86 en-US)
Total Commander (Remove or Repair)
WinPcap 4.1.3
Wireshark 0.99.6a
Microsoft Visual C   2008 Redistributable - x86 9.0.30729.4148
Java(TM) 6 Update 18
VMware Tools
Java Auto Updater
ActivePerl 5.16.2 Build 1602
Google Update Helper
Microsoft .NET Framework 4.5
Microsoft PowerPoint Viewer
Microsoft .NET Framework 4.5
Adobe Reader 9.3.4

HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:28 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=kg2996i2b84m0jots8mavlbcf2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341084013938; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434108; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w29|WB8dP|WB8dP; path=/


GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "422ad394b282092665011bc408d8ad5e:1478433628"
Last-Modified: Sun, 06 Nov 2016 12:00:28 GMT
Date: Sun, 06 Nov 2016 12:08:42 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equi
fax Secure Certificate Authority..161106114300Z..161116114300Z0,0....%
...020514181157Z0.....3..020515130611Z0...*.H............X.Hb5b...*s0.
!..J9.w9.t....!.....x....wlU...c@gf.r@.~.)8W%..........3.*_./..N7Y]6t.
.:....4.1Rh6...p....%.E.p......../....0../...HTTP/1.1 200 OK..Server:
Apache..ETag: "422ad394b282092665011bc408d8ad5e:1478433628"..Last-Modi
fied: Sun, 06 Nov 2016 12:00:28 GMT..Date: Sun, 06 Nov 2016 12:08:42 G
MT..Content-Length: 325..Connection: keep-alive..Content-Type: applica
tion/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax
1-0 ..U...$Equifax Secure Certificate Authority..161106114300Z..161116
114300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H..........
..X.Hb5b...*s0.!..J9.w9.t....!.....x....wlU...c@gf.r@.~.)8W%..........
3.*_./..N7Y]6t..:....4.1Rh6...p....%.E.p......../....0../.....


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Cache-Control: max-age = 511667
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT
If-None-Match: "57ff143e-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=499258
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581eb58e-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:46:06 GMT
Server: ECS (vie/F2D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...2016
1105210000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&...
.cd ........\..m. B.]......20161105210000Z....20161112210000Z0...*.H..
...........:u.....)(........'....@WHh.B..6Ex.!K^..}H.1..r..0.Ds.6[..[.
j.....M.{q,.>p.v...'Q........c.9|Z..j2..!.,z.. ..yG.L..k3.I...Y..p.
7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O..$.aS.:]~*..KxP.2,0..D....M
.#N......aF...CZ*..xt/.....B..{...~i.yeA..;..{..EMoB>...W8..HTTP/1.
1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=499258..Content
-Type: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT.
.Etag: "581eb58e-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Mo
dified: Sun, 06 Nov 2016 04:46:06 GMT..Server: ECS (vie/F2D5)..X-Cache
: HIT..Content-Length: 471..0..........0..... .....0......0...0.......
>.i...G...&....cd ...20161105210000Z0s0q0I0... ............(..A...B
..G@B.X....>.i...G...&....cd ........\..m. B.]......20161105210000Z
....20161112210000Z0...*.H.............:u.....)(........'....@WHh.B..6
Ex.!K^..}H.1..r..0.Ds.6[..[.j.....M.{q,.>p.v...'Q........c.9|Z..j2.
.!.,z.. ..yG.L..k3.I...Y..p.7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O
..$.aS.:]~*..KxP.2,0..D....M.#N......aF...CZ*..xt/.....B..{...~i.yeA..
;..{..EMoB>...W8..
....

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEA7LCTmysQFUuJVwx7Irekc= HTTP/1.1

Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=496111
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581ead2c-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:10:20 GMT
Server: ECS (vie/F2BA)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..2016
1106033900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb.
..Yr;.....9...T..p.. zG....20161106033900Z....20161113025400Z0...*.H..
............0<.F...PlF....ly@?...r5..J.bYwT.F.|.)... ..-D..9%. #.k.
.9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G),sR. k.x..1.o..?...a.r..
.......)....`.... .P......6.....E..i%N.j...lw.j.l:..`C..#R..`8.....BQu
d...@...1...J.mT..6..I.@..C?....4$.. q...|...7.5...w..a...y.HTTP/1.1 2
00 OK..Accept-Ranges: bytes..Cache-Control: max-age=496111..Content-Ty
pe: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT..Et
ag: "581ead2c-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Modif
ied: Sun, 06 Nov 2016 04:10:20 GMT..Server: ECS (vie/F2BA)..X-Cache: H
IT..Content-Length: 471..0..........0..... .....0......0...0......Qh..
...u<..edb...Yr;..20161106033900Z0s0q0I0... .........&....~...B../j
..._...Qh.....u<..edb...Yr;.....9...T..p.. zG....20161106033900Z...
.20161113025400Z0...*.H..............0<.F...PlF....ly@?...r5..J.bYw
T.F.|.)... ..-D..9%. #.k..9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G
),sR. k.x..1.o..?...a.r.........)....`.... .P......6.....E..i%N.j...lw
.j.l:..`C..#R..`8.....BQud...@...1...J.mT..6..I.@..C?....4$.. q...|...
7.5...w..a...y...

<<< skipped >>>

GET /imgs/app/social2search/login-bg-img.png HTTP/1.1
Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: main-social2search.netdna-ssl.com
Connection: Keep-Alive
Cookie: APPSESSID=w5|WB8dT|WB8dT


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:45 GMT
Content-Type: image/png
Content-Length: 2520039
Connection: keep-alive
Last-Modified: Mon, 09 May 2016 20:24:41 GMT
ETag: "2673e7-5326e9931c20c"
Server: NetDNA-cache/2.2
X-Cache: HIT
Accept-Ranges: bytes
.PNG........IHDR.......\...... ......gAMA......a...@.IDATx...k.%.....W
uk$..B.&..L.}..`...0h..k...V.[u.? .w..........{.................Wo....
.W.^.~....7o_...|x.._..z..]>...W...........o.^..O^o..........>||
....W.....u......7o;............W......z..[.............^........;K...
.W..|{....Wo..../....O.^}..Y.....~d..O.~{......[....7s..M.{..}0.......
...2.........?|..............t.f.........b.<6............Wor].7.a..
.H{...^C....). .....W_.|m...~.R:.. ..V.....s_.}....y...Q....?!>}..d
*..L...}E.7.........L......._;~...u......7s|..........g:....X........n
..G...]|...L.."K.|yl....G.~..7.....:....,.|..........>..7..c?F...7.
.....h......Gx............M....C.-..>...z. ....|..%x.[.h...E..~..g.
q|.......]........1.E........B....../?.......>T........Q.L....g~dN.
Py[..70....o.../.._...&..8.^.........i.3}..~.~........9..;...}~.C.26}.
g.<.......sb.Y...m./.......g.i.T.....~.........,.^........Q...#...G
..en..g.{~..]..a.:......J.O...x......t.........9..5..>4.........X..
...s...9......m...GO_C..~...z.%nW..$......?../O.k...g...............=.
..o..0.....}.N.._....I<{...o.&7......M.a.C........*....O..-.)v%....
..7..]0..>=..&=6...8,..&c[.N.....l.?{p.....J.......C9@%s...V..o..&Z
p...:.'&..En.:c../<D...I.l.|...~......ZG<....7.....k..y.'X..k.7.
c...5}.\..g...>..<..O..~1.z.....W..'..Oq.....=...?se0a[.w.S.c#.c
.x....;.....k>..,w-~....7..Wc.9b...fS.%*......6y...;..~GQ.E...K.j..
N..\..;.%..K.._.....9.......zr<.a.6..~...R93.x:....vv!...dk.9(.$w..
{...LP....}.X.g...<~...x.F.7~...!.....ozh.H=..W..g._<....z.%

<<< skipped >>>

GET /installer/getTimestamp HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:04 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=grulj1pnksagiapuikkdk8ifa1; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340842021152; expires=Mon, 06-Nov-2017 12:08:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434084; expires=Mon, 06-Nov-2017 12:08:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=0,91,10,51,81,86,83,5,52,84; expires=Mon, 06-Nov-2017 12:08:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 10
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w16|WB8dJ|WB8dJ; path=/
1478434084..


GET /installer/progress?section=8.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:29 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=ip86d1ccjd8dkiqnjr2o8qkon2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341098383326; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434109; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:29 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w1|WB8dQ|WB8dQ; path=/


GET /css/min_signup.css?1.00401.0 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:41 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sun, 06 Nov 2016 14:08:42 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434122; expires=Mon, 06-Nov-2017 12:08:42 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:42 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 616
Connection: close
Content-Type: text/css;charset=UTF-8
Set-Cookie: APPSESSID=w20|WB8dT|WB8dS; path=/
Cache-control: private
...........T...0...TQ.D...B......o..d`.w.m..a....Kv...iT^.{|f.93.Y.jR.
"..........#...&F.K.XES#a..`.......$.../..L(DU..._.G....o-g.. !Q..u..%
.*..)..15.......:..B.Q.b...V..8....H.KF1"....dcv.?!S...M.8/T.Y..'.1. .
. YD2....L..P.b.H. ..C....d`.B..a/J`[.&.... .D....w....-.....vY..&....
.E4........."...Z.]h..4...".....9. .(..DPk...@.(..z...2......q.....w.f
.iC....u..P..k.]S&..@.....KD.!A....V.yOe..r0.ct.qx=...v.9#.[r.......Y.
..8:..9....*.$.........s'...n.HG........\AA....Xs....I..)......3*...X.
...G.]{....v.F.Y...}....{.........M..N....,P:W.Y.^....r...b....6..#..k
.}........)....,Y..R.......}...j.......<.G[..i...^........


GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1
Cache-Control: max-age = 564348
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1362
content-transfer-encoding: binary
Cache-Control: max-age=592825, public, no-transform, must-revalidate
Last-Modified: Sun, 6 Nov 2016 08:48:44 GMT
Expires: Sun, 13 Nov 2016 08:48:44 GMT
Date: Sun, 06 Nov 2016 12:08:43 GMT
Connection: keep-alive
0..N......G0..C.. .....0.....40..00.......j.#.p.e$.\ps.*.. .j..2016110
6084844Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:.....20161106084844Z....20161113084844Z0...*.H............
........?....@~...r[...0}..r.lg..........Y.....9F3.DOzk..}.B..'.....).
.....e"J~].G.a.......1.g.' .......w..f,.J.D...#..E....=6{....!9....t!.
T.y....2NT.9.h.S.......N...f...... .a.....5X......10....L..@.Q.A.1....
mq.@.....b...D...K...v,AiX..1....5F=..X.....2U.....0...0..|0..d.......
.:.0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....Ge
oTrust Global CA0...151203170230Z..161214170230Z02100...U...'GeoTrust
Global CA TGV OCSP Responder 40.."0...*.H.............0.........[.c.#z
j......RME.....,......(..U......!-.l..R..E.~..%."./8mv..D...*...Rx....
....mw.~2..Q5T\.H...Wk*..a.z.$._..T......;T.S.r(._*.G....^.P.!.3..t...
....s......P....C._.g.b.oK...EV..>...>.|.o.~quo.............v4..
Tt....Q.]A.Y......... w.E..=.%.n7.......{" *C........0..0...U.#..0....
z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U........
...0...U.......0.0 ..U....0...0.1.0...U....TGV-C-670...*.H............
...aEc<..'R......]C.ri.Zm.....|..B.$..76..h....l...Xbxua...C.X.S...
.~K..A..._.T@$.....9(.... ......\.*.....5.b.x...[QM.._9P.=..l...gf..L.
?..3 ......Z....._...20R;...x.......C..0....l.G.A..5TS>d.U......w.(
\....v..9.z7.....J..;..'...u.Y...BB.@.2u.e..eW..J.U....

<<< skipped >>>

POST /web/log?evt=10023&v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Content-Length: 942
Content-Type: application/x-www-form-urlencoded
Host: VVV.technologieyvonlheureux.com

7-Zip 9.20
Adobe Flash Player 23 ActiveX
Google Chrome
Mozilla Firefox 49.0.1 (x86 en-US)
Total Commander (Remove or Repair)
WinPcap 4.1.3
Wireshark 0.99.6a
Microsoft Visual C   2008 Redistributable - x86 9.0.30729.4148
Java(TM) 6 Update 18
VMware Tools
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Java Auto Updater
ActivePerl 5.16.2 Build 1602
Google Update Helper
Microsoft .NET Framework 4.5
Microsoft PowerPoint Viewer
Microsoft .NET Framework 4.5
Adobe Reader 9.3.4

HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:19 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=pg8goq1gu85g7o8m9ffm8sm466; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340996807822; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434099; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=39,56,65,99,61,30,96,68,79,25; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w2|WB8dN|WB8dN; path=/


GET /signup?aid=3673&inline=0&afr=0 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:30 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=sf1v45nucnc8unf1qbf40nusf1; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341107850532; expires=Mon, 06-Nov-2017 12:08:30 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434110; expires=Mon, 06-Nov-2017 12:08:30 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=0,93,1,98,73,21,3,22,58,51; expires=Mon, 06-Nov-2017 12:08:30 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Length: 5089
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w66|WB8dQ|WB8dQ; path=/
<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xm
lns:fb="hXXp://ogp.me/ns/fb#" xml:lang="en" prefix="og: hXXp://ogp.me/
ns#">..<head>..<meta http-equiv="Content-Type" content="te
xt/html; charset=utf-8"/>...<base href="hXXp://VVV.technologieyv
onlheureux.com" />...<title>Social2Search.com | Download Soci
al2Search for Free</title>..<meta name="title" content="Socia
l2Search.com | Download Social2Search for Free" />....<meta name
="description" content="Enhance Your Search Experience With Results Fr
om Your Friends! Download Social2Search and get Social Results and Rec
ommendations in Your Regular Search Results | Social2Search.com" />
;..<meta name="keywords" content="Download Social2Search, Social2Se
arch Download, Install Social2Search, Get Social2Search, Social2Search
, Social Search, Social results, Social Search Results, Recommendatio
ns from your friends, recommendations, Facebook friends recommendation
s, Find a Friend's Facebook Post, Find a Tweet" />.......<!-- Go
ogle Chrome Web Store Verification -->..<meta name="google-site-
verification" content="5KnCIaGgQoFFL2URoeiXrg0xTbPK3qJZLbDJpbIoC9U" /&
gt;...<link rel="shortcut icon" href="/imgs/social2search/favicon.i
co" type="image/x-icon" />..<link href="hXXps://fonts.googleapis
.com/css?family=Merriweather:300,400,700,900" rel="stylesheet" type="t
ext/css">..<link href="hXXps://fonts.googleapis.com/css?family=O
pen Sans:300,400,600,700,800" rel="stylesheet" type="text/css">

<<< skipped >>>

GET /ajax/libs/jqueryui/1.8.16/jquery-ui.js?1.00401.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Thu, 27 Oct 2016 05:14:47 GMT
Expires: Fri, 27 Oct 2017 05:14:47 GMT
Last-Modified: Fri, 27 Nov 2015 19:30:24 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 89894
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 888834
............y..7.(..-}.6.gHF..$.E.........Z.dr5:.....1..a..4...[ P.F..
c.vg.=...R....B-[.=XO>K~.?.lz.|..........a..br;./.g....N/y...w....g
7..s9.M...~._l:....j = ...6}:OG.(.d.2.&..0.&..,yqx....O..'...e^..].W..
e.o..^l.g.J...A..J8....qk.s>..f.m'y..q..1@.M~^_..J&..}6.%....MgY2*.
a>......L.....m.B..l.]%g. ..Yr.a..m......$:X........q{.\.0..._s.C..
.\.?.... ..~.%..n.=?O:T../k...M..|:._.[.F..,...Z..J....{.......n...l.
.=~~.......~......~...^B..<~}....'...[K..^.x....~.|...q..|.....T..t
..|~s...........W.........?;......z..K..F~..|.%.y...........b........9
.>|y......5b.>.Z/.....0.2X..../^?~...S.og..K..gO._<FXw.m.....
>...S.@n...........?b..L......y...a..X........... ..5..Y.~......G.D
..sj{..!Nu.....|...?.....QO..../a.#..`......|.F...p.a.|...x..:y<.M.
...?.Q.G...go.......7.)e....Qz.K........$ ..krpp......l.J.A.5<..,.\
.........$.#y@gu...lv._e@y....v.A...t....9....&2HG#./......@..w.d.A.K.
O'..m...%..b~.d...w.b.`Z.F..)..5..q^.....v.....u.M.We.%..m.....t..~..D
..}....gY9..8....'E.c..n..{...\...,[R...B" .../X..y>.e..R...|../:./
..M6tp>....'GG.D......x..|V..p45 .....kl...m.v....R....og.~......(k
........6a..#.<.3......2y.<...K8.._.UB....e{c.?.....'%....W._3.X
.........:.....a..C.p.l'.I...4{..t4.h../s....kO.....!.:oG*.r.^..i..m3'
....... Hx..<Rr}....aP.arF.A"'\.>F&.*}...x\..s`..Z.o.k........Ja
/.R{)..........:.-.^.2AtDpq\.&v..*..........vhiK.#.....\O|.Q)..T!..0..
i1..3..6..X........d..<...E.s..e.....l...V......`..A........%)...P!
....l".#o%..v=}5..C.....%...l.l....~..[.E...q.....2;..:v... ..l'..

<<< skipped >>>

GET /webenhancer/config?v=d9.75.1.48&os_mj=6&os_mn=1&os_bitness=32&mid=9c331592e812c97b86f3693753f893e6&uid=47936C0FEA50B790BD59E50713FEF01C&aid=3673&aid2=none&ts=1478434084&ts2= HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Connection: close
Host: VVV.technologieyvonlheureux.com


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:19 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=86jb7uggdj5jlnjf1djes7aqk2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340992775019; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434099; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=39,20,52,39,16,13,58,15,23,87; expires=Mon, 06-Nov-2017 12:08:19 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Connection: close
Transfer-Encoding: chunked
Content-Type: application/octet-stream
Set-Cookie: APPSESSID=w29|WB8dN|WB8dN; path=/
155f5......:`x....dn...G>..T.....'U..Z..T...L.%...$Yu.-zp.!....r8*.
0y...1.d.........j..9.hc...xWX...Y..N.C. .d..n.jT......[...<.}..#.%
.{3#.b...@....W...<..m...7.X.. ....x.3.....[..}5...& k....|.m.1..fn
....)T...;..GW.#>g5.A.J.pJQ.Qhu....Q.. .?..../!.k....}FX...ji...&.Y
.......N...>....yE..........IA.V1.!.....`....b.M..&.......i...K.x.6
.m....4|......W?x~F.......=...A3....h...."...Hr....k.C................
O..........7.h..j..."M(...4xv.Y.t.........s.$....5.....B...V.J......v7
H...b5..,...{...D...G.......-9...V..z.QK1....(h..a.MS...RR)i....n~.@.6
.g1.........b.....2.E/n.......a...Ym.......}!u....RJ...p........{zO.o.
iT-......C1k&mj.....9AS..f<...j.%..uG>p..KzW.e.....my.../......Q
...>..Z..$.O.A/.X.[.aF...,]F.(...3.r.l%.....,.Y.B......lj..ot;1.6"C
..:9u)................5..y...mm..Mk....W.....o.r.Z$...Q,q..m2.....*.$.
z..3&..-..u...kEm...@zb.6...t.....Q..M..NBR.....~N..`C" '.;.Q.0..w.N..
..BM.I?3..<....6.E$.-.Z.:.jmLi..... .g.....n..)}..M.=..1m......;.!.
...........Q..D.P......7...2D...U.....h.....5..F4....~aJ.m..!.z.W?$...
.f...^F..D`5..U[ti..j.. uk....@P.......d..M.}L.'{..*'......#..Y.....2.
"E.'.M...#P^0....AHe.a...w.....c....B...tC..8).MJ....... ..*.c.M(.;i..
FE.%..(.\G..HX?."T.;.k...tc..84.0.WA....YAE1..;...n^Z..A.h......Y.A.m.
..'.~7d........m..S.7%....g.M!^...d..-].v..Pf..!...R;..-9!)a..3..K...I
...............w,Cu.8..p'."$.@8.........{..oP.S....#.O...Y.V.#.F.i3W.{
...R..m...L$8-s......&...?.J?..l........_0.....R....xg........wwk$..:.
....Nv^'.....J..$.f..DmS.\..t.K8.......B0.'.[.....r...4..._P.O.#jA

<<< skipped >>>

GET /en_US/all.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: connect.facebook.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: a17fb71a1a0f9fe8f1ac75bd270cd266
ETag: "8cb6e5a3ee5717d0c084c670ee9114b2"
X-Frame-Options: DENY
timing-allow-origin: *
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data:;style-src data: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* hXXps://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com;
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
X-XSS-Protection: 0
Content-Type: application/x-javascript; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15552000; preload
Expires: Sun, 06 Nov 2016 12:21:30 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-MD5: WS13IM Y6i4YSFBWj58 Pw==
X-FB-Debug: W0GBFxyNJfAqCHR4yj mn7aEyJq8Cjkbs7f11Xahv7hMBK6EcBdhNG8MDUd5/PdrMcIa1yOOPlpQryhcX5Myrw==
Date: Sun, 06 Nov 2016 12:08:45 GMT
Connection: keep-alive
Content-Length: 58308
............{..8.0............./..............I...'....B..y...H.d.I..&
gt;....L...,.J..R].~..?}v|t..y........$N..Yg.&q.ts........ n.z....._.?
...J?A...$..MK.E'h'...!.T....%..q.tK...LJ.^Pz5...#.x.....>Q:...Eo:.
5....yUP.j2.>..vz...7.>.......k:. -.a.M......R.j....\.........?.
..T........._z/.WG.d.L.FA.^5K%.S..M....vZ..=.F...\S_..$..&qV..v....pYV
.U..jGD...W....0...... .w.......`..Q...k...>k...G......?..x....(.i.
..I..U.UU.....".....z.4..t..:..N.L... .M.{,.. ...H.t.@L.JT...J...dR*..
B....?/.>[...z.......O.<_.<...~.%a.....{f.|r.....o.D...>..
....z.......d.F0.M......6...S......h..R\J....d*.......{....$..U..j..p'
].q.m....R.1I#.1..a..Xym_.8,.......;..... .3.EQ..D........R.....U.....
..U.kU..:..m........:k../.e....._.....:..i......So..W.TGb"....z...\...
S..:..NE79.-.b..(.#8.8.....S..A....Z.~y..6`.n......?........S..T./..M.
..ws......uP......l....T8.0.. ._m..>b..86..........~..Ny....00.....
......a..H.6O$b.I..5..jB_8....P..|c.[.B.....S..ZC..y...KWa[....|......
NL..C.U.~\.&.Y.Tp).q5.`,.5W..$.l.c../.U..8O..2.K...`6D.mS.&........M.F
.W.U...U'...$.`...`..o..g..^..7.....o..u.....t..6Ar..i..G#.=.k.|.. ..6
..t.}Qd.<.].@..o....%...Y8..V..,...e..i.......Q@.d.....l....."....#
.<...d2M......)...;;..H?../...7. .........z.]P..^YT}..........$....
4..S.</A.%@.R;..............t].......Jt.g.$.......&,X.O.Z3z.6#8..).
O.^.w.]....%S.h.a...@..\.../...UA.....\..^....jA......-....!f.4...7...
.. 8Wfi.N..*..ox.......\..`.....PL.o..(....g.i...x.^..Z..k ..=P.\4.!G.
..p..] ^qG...z......R.....>...;.g...en.wY...;;y5..@..KO...(....

<<< skipped >>>

GET /imgs/social2search/favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434122; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dT|WB8dS


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:51 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Mon, 22 Feb 2016 16:43:16 GMT
ETag: "5a596-52c5e8791889d"
Accept-Ranges: bytes
Content-Length: 370070
Connection: close
Content-Type: image/vnd.microsoft.icon
Set-Cookie: APPSESSID=w20|WB8dV|WB8dS; path=/
Cache-control: private
............ .h...f...  .... .........00.... ..%..v...@@.... .(B...;..
...... .(...F}........ .( ..n...(....... ..... .......................
..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..I ..M1..J,..J,..
J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J-..........S8..J,..J,..J,
..J,..J,..J,..I-.._H%.`I'.J...J,..I ..............K...J,..J,..J,..T8..
Q6..........................^G'.........O2..J,..J,..J,..J,..R6........
..........................nX8.L...J,..J,..M...P/..Q0..............}c?.
.d>..d>.~d>.............Q0..O/..M-..V3..Y4..Z6...............
gB.`8...vU...r.............]:..Y4..V3.._8..a9..tR"..................i?
.yS..................~^2.a9.._8..g=..i>..{W#......................a
..._)..............c3.i>..g=..nA..pB..rD........................q.w
F..............uI..pB..nA..tD..wF..yG................S.{I..}J...l8....
.........yG..wF..tD..yG..|I...K...S...................................
Z..~K..|I..yG..~J...L...M...Z...]...........................]...]...M.
..L..~J...L...N...O...Q...R...S...W...q-..r/..X...S...R...Q...P...N...
L...N...O...Q...S...T...U...V...W...W...V...U...T...S...Q...O...N...O.
..P...R...T...U...V...W...X...X...W...W...U...T...R...P...O...........
.......................................................(... ...@.....
.........................O...K,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J
,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,.
.J,..K,..N...K,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J
,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..J,..E*..YB#.F ..J,.

<<< skipped >>>

GET /css/webfonts/F37F5_0.eot? HTTP/1.1
Accept: */*
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Origin: hXXp://VVV.technologieyvonlheureux.com
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434122; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dT|WB8dS


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:44 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Tue, 09 Feb 2016 18:41:20 GMT
ETag: "1025c-52b5aa9da82b9"
Accept-Ranges: bytes
Content-Length: 66140
Connection: close
Content-Type: application/vnd.ms-fontobject
\.................................LP................... .....3........
...................&....V.e.r.s.i.o.n. .1...0.0.0.;.P.S. .1...1.0.;.h.
o.t.c.o.n.v. .1...0...5.7.;.m.a.k.e.o.t.f...l.i.b.2...0...2.1.8.9.5.;.
c.o.m...m.y.f.o.n.t.s...u.r.w...c.o.o.p.e.r...b.l.a.c.k.-.d...w.f.k.i.
t.2...6.7.t.X......&C.o.o.p.e.r.B.l.a.D................`OS/2g......D..
.`cmap..u4........cvt .!.....H...6fpgm../........egasp.......@....glyf
...... H....head...$.......6hhea...p...X...$hmtx$..#...|...Ploca......
.....4maxp.:.k....... name..W........@post:.p$........prep.. .........
..........................................3._.<....................
..W....................._.........X...K...X...^.~.....................
.........UKWN.@. .....!...... .............. .....................&. .
....~...S.a.x.~...... . . . " & 0 : .!"..... ...R.`.x.}...... . . .
& 0 9 .!"...................p.H.G.F.E.B.9.3...h.......................
........................!.....W.^.............................M.......
4.(...!.X. .X.!. ...e.....!...C.....X.^.X.<.,.......,.#.....X...X.(
.X...X...X...X. .X...X...X...X...,.#.,.....!.X.<...!.........;.....
......"...............".......s...;...y...t...>....................
.......4...#.....................{...'...............M.7...y..........
.........B.......d...q.......m...........Z...........................s
.......Z...k.........#...........[.....4.(.X.M.X...X...X.........A....
.....{.........!...........2...!.X.<.............X...X...,.#.......
..........................;...;...;...;...;...;...................

<<< skipped >>>

GET /installer/finish?v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:32 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=1puqibqvk9jug8kffdqrobj696; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341121831392; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434112; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:32 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w69|WB8dQ|WB8dQ; path=/


GET /css/min_fancybox.css?1.00401.0 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:41 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sun, 06 Nov 2016 14:08:41 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434121; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1531
Connection: close
Content-Type: text/css;charset=UTF-8
Set-Cookie: APPSESSID=w20|WB8dT|WB8dS; path=/
Cache-control: private
...........Y.n.6....."..:.l.Y..b.v...>.C..J.l".).t....wH]L...u.....
)...3...".<~...1.....\(...aJ7$.k..3....T...&z.N.|3_..X.b.a.....(p..
..'.J*!.\P....'"S&...&....DyB6.x...t.P.3..r..?.m.^B.vPq..[ib...V......
..q!..'.fxA..dW......J...@.,.....p..b.Xd.4[...J=..|qy.`4......m?4u..t.
Y..qb...... .2!...E.J..M....!..X.5...b....n;$....Ek.=R..|H..V...=Q&^..
.<..J...O..[.W;..5......]D...q}$L.....3..4O..^... ...~.....^$H..R.3
..86` -1W9.`...].1..d...L"........x.F..'.<..$9..CS...`2...J...o..V.
pi..}O...5PG:.R.m,....N......e..7.WnM(z.%...6..i6.....v.......A^3B5...
...!.....xGbA.!.9.*.GL..nV.....Z2..-.Z.,t2..P...>t..W.~.{.z8b.?..4.
...M`.x.....EX6|_([.Os.,F4.m..g..X........lg2;v.....)..>.Y4.s..Gu.o
.....3..K0...I(............w.].i....D..(..9.C...b.......z(.Yd..b......
EOT. .....|.....1.-....a.......}.....D...Gz.~5.@L.t......=H......H.{..
...~..j!....0.}..j.....^..r....5.'3..c.u.{.........t......T3R...%..l.c
........7..:.7I.bR.......k.d{.-L*h.......].&.]..1.UQY.O&.nk7........[G
..x........m.5..(..cN..*...r./_..[..N(w.......Jy0RJ.4.....I..>.T...
....p.....q......0.CwX..4h..=[y:i.f.....MCbV..l.........GoK.x.h..-..(#
j.0.....h..[.."........GT.:,<.....i.I~.c.f=..1..;.}.2p..R..&..X.$..
.?L`}3.R!..W.K.D.G.Y..v.O..hWJ....>..js........H>]*.....C..t....
.O...!*.u.....v.RN.?/.Zi._...0'. .9)..u<...T|...w..rE.>G...;S...
.$...Zto.r.NZ?..g3...(....^R5*,..H.(f....u.O....G.A(.ik......D.v..D..j
/..*..*.a.j..#.{../.....a....sk..6.=.a.$_..ixW.|a..........^.6./...k..
.Z... .o....-..R..f....f.....N..Z.D.......u..q..Dke...>..:5....

<<< skipped >>>

GET /css/webfonts/Lato-Black-webfont.eot? HTTP/1.1
Accept: */*
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Origin: hXXp://VVV.technologieyvonlheureux.com
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434122; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dT|WB8dS


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:44 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Tue, 09 Feb 2016 18:41:20 GMT
ETag: "8832-52b5aa9daa1fb"
Accept-Ranges: bytes
Content-Length: 34866
Connection: close
Content-Type: application/vnd.ms-fontobject
2...`.............................LP....J`.@........... ....T.os......
..............L.a.t.o.....B.l.a.c.k...H.V.e.r.s.i.o.n. .1...0.1.0.;. .
W.e.s.t.e.r.n. .c.h.a.r.a.c.t.e.r. .s.e.t.....L.a.t.o. .B.l.a.c.k.....
............FFTMZps2........GDEF.......(... OS/2...I...H...`cmap.R.i..
......cvt ...\...|...Ffpgm../........egasp.......,....glyf...2...8..x.
head...........6hhea.1.#...@...$hmtx p ....d..."loca.u0`........maxp..
......... name7.O........ppostlO.....,....prep^..y... ...@............
.....8.'.....8. ...................................'.........3.......3
........................@.`J........tyPL. . ...q.q...... ........%....
. .....................................(. .....~............ . . . . "
& / _ .!"......... ............ . . . . " & / _ .!"..................
...j.e.b.`.\.Y.Q."...a ...............................................
................................................................. !"#$
%&'()* ,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a...
................................cd.~..hf.i........e...................
..b.....xy|}z{.................................................%......
.=...............:...J. ...1.R.../.A.4.L.D.........#..........,...K.*P
X.JvY..#?... X=YK.*PX}Y ......-.., ... -..,KRXE#Y!-..,i. .@PX!.@Y-..,.
. X!#!zX...Y.KRXX...Y.#!.. X.FvYX...YYY.-..,.\Z-..,."..PX. .\\...Y-..,
.$..PX.@.\\...Y-..,.. 9/-.., }.. X...Y ..%I# ..&J..PX.e.a ..PX8.!!Y...
a ..RX8.!!YY.-..,.. X!...!Y-.., ... -.., /.. \X G#Faj X db8.!!Y.!Y-..
,.. 9/ . G.Fa#. .#J..PX#..RX.@8.!Y.#..PX.@e8.!YY-..,.. X=..!!. ..

<<< skipped >>>

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1
Cache-Control: max-age = 564348
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.4.7
Content-Type: application/ocsp-response
Content-Length: 1362
content-transfer-encoding: binary
Cache-Control: max-age=593013, public, no-transform, must-revalidate
Last-Modified: Sun, 6 Nov 2016 08:48:44 GMT
Expires: Sun, 13 Nov 2016 08:48:44 GMT
Date: Sun, 06 Nov 2016 12:08:43 GMT
Connection: keep-alive
0..N......G0..C.. .....0.....40..00.......j.#.p.e$.\ps.*.. .j..2016110
6084844Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:.....20161106084844Z....20161113084844Z0...*.H............
........?....@~...r[...0}..r.lg..........Y.....9F3.DOzk..}.B..'.....).
.....e"J~].G.a.......1.g.' .......w..f,.J.D...#..E....=6{....!9....t!.
T.y....2NT.9.h.S.......N...f...... .a.....5X......10....L..@.Q.A.1....
mq.@.....b...D...K...v,AiX..1....5F=..X.....2U.....0...0..|0..d.......
.:.0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U....Ge
oTrust Global CA0...151203170230Z..161214170230Z02100...U...'GeoTrust
Global CA TGV OCSP Responder 40.."0...*.H.............0.........[.c.#z
j......RME.....,......(..U......!-.l..R..E.~..%."./8mv..D...*...Rx....
....mw.~2..Q5T\.H...Wk*..a.z.$._..T......;T.S.r(._*.G....^.P.!.3..t...
....s......P....C._.g.b.oK...EV..>...>.|.o.~quo.............v4..
Tt....Q.]A.Y......... w.E..=.%.n7.......{" *C........0..0...U.#..0....
z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U........
...0...U.......0.0 ..U....0...0.1.0...U....TGV-C-670...*.H............
...aEc<..'R......]C.ri.Zm.....|..B.$..76..h....l...Xbxua...C.X.S...
.~K..A..._.T@$.....9(.... ......\.*.....5.b.x...[QM.._9P.=..l...gf..L.
?..3 ......Z....._...20R;...x.......C..0....l.G.A..5TS>d.U......w.(
\....v..9.z7.....J..;..'...u.Y...BB.@.2u.e..eW..J.U....

<<< skipped >>>

GET /js/min_signup_page.js?1.00401.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:42 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sun, 06 Nov 2016 14:08:42 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434122; expires=Mon, 06-Nov-2017 12:08:42 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:42 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 333
Connection: close
Content-Type: application/javascript
Set-Cookie: APPSESSID=w20|WB8dT|WB8dS; path=/
Cache-control: private
.............j.1...-......%ji.T.....>..8...&K2Q...M6...^y....d2....
_.......r......h.g_.w..g.R*X..YH....X.-.bH;$..[f.P...;X.kk.....6j..(.V
*. N.c..r... ..H..c...XZ.s`E.... `..]J../."cS....C..v.....<.Rc#....
.i.?..O..;gBO.....!._..2,.....J...'V.u..W..\<.6.E..........5..>.
E...0 .>.;;u.....l.....};>....~5. ..g6...7_q..O...9.\1..o....o..
...


GET /dc.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: stats.g.doubleclick.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Date: Sun, 06 Nov 2016 11:06:28 GMT
Expires: Sun, 06 Nov 2016 13:06:28 GMT
Last-Modified: Wed, 28 Sep 2016 20:19:01 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 15977
Age: 3736
Cache-Control: public, max-age=7200
...........}kW....w~........pk..f......Z.R..Y.C 8i.pi......b..}.>g.
.Kl...}4....d....O...-.....`~...E...]7..>..>....Pf.a.yU."HCC...i
...T*..b.....'..Olf[.Y.[c6P/.....'n.m'..m.... !_XXll..&..(..E..V=/.u.X
..%.w...i..rDoT.....?>z..1`.D...y...y7. \...5ZI...TA..........C...p
3..A..x.k.q4.2...?L.k=.v....4.:sB[...l.w.o {.....?Nc....|..........q..
.......[.n..2..X~.......S.f.]h~....7:.n...m.C#6...........#....y...7.|
..f.W.>..wS......)..Q....i......z......D.`...7N....y.C;....`1....x.
.p.tG.L..=..1r...M..2..)xa...{0!..5...^...7..."..........J8... ...5.O.
...l...r...|....R...P.0ok.8.Z.2....i|...S.y.od...~..k.>.....0vGr.mI
.....0.&&yg.sf2......m.....G=0..B.6..u....A.h.A.0.V.:.-...j..L.....5.E
.[...Q.{2imA......T........~. ...0*%.....>......hX...ga1./$......f.
#..d,.|www5/XX...c5..D-.....p.h..8D.@./.X,.....&gTV..5..,.x..?.....(.&
gt;?6Sy.].`.]...'-"....-...........(.n.@_"p"`.*...T.1.$..t.....o?.."..
/.kX.)L.....-.....E1M.....@..T.F9.,HP........# ....d...-,.......-.j..B
S....9...%.~Sug,...`."...4a..@.p]..yn.i(5.....U.r..$j..0{|.i.5........
H}.......A=..&.Vq....4<..*7c.<b.....OQ8X...&..a/a.....aI.j.7.E.:
cuV=.P.q..d.....X....#..@.T...q......U.T~.@.C......S.#....Q.....K.....
.A.y._....z|..9...9.zM......%m........m).?4.Q...c.....PTDB&..7.-G....E
.....E.7.t.V..G....._..!.....xt..}.......Ev..x..a.{...d.. .q./..OB|.
.6..{....a^.......@?.......o.....*T.;/Oa.......J..........I.)......J..
#..A....FS.....t.H..h...W..|B.~..t.6..........t"<..z..||.......8..B
9......x.a....m.V[.=...K!..\.....w."d...=>.B..(K...u.....~.".@b

<<< skipped >>>

GET /signup?aid=3673&inline=0&afr=0 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:40 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434120; expires=Mon, 06-Nov-2017 12:08:40 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:40 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:40 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1996
Connection: close
Content-Type: text/html; charset=utf-8
...........X{o.8......X..v..d'..e.h.(....%.........."U..-\..oHI~5... .
-.....3..>......).....z...S.t.......l6.f..TI.=88.... ......L. .P.p&
lt;....r*....#..1..=...M.....r........u$>|.....Ka@.....#Q.....MhE9"
..*..............2A.kz..&Br.0(.R.....y...#.A........;.@U4... 9.3.%...&
.KE..@/,..:....i.V....J.5..t.Xf.. ..bBE......PN..(.v...L.............X
.~J.*b...V..v..P..OS .&L..W....d..|%.;..vk.=@1.*. .=.Y{C...M..6..M...-
.Gh....m.J.....^...0..-.%..q...F.&g4....5.#..ML .4.....f.}3.0..1H...}.
|.2.@.'(.:.F..H.._..c.9...7,..S.f......'............b.......t.7...w...
....o..\..|.3.3......'R.(7.E..L.....u.................XJ...~y....^...$
...:(....6..H.wc.2^...J..P3.u..........t:^%.)8..3j......~....._.).....
....qE.e..n..)-W.\.).....!.|.I.4!...s.j.....Q.~-...4R7.*.L.a...\q..Z..
...^K. ....P.!........r@.^X.......E...t.iL..r6.....T.v...1H.@..u.N.M.?
........2....V.~.^.u...b..f....x.X......^.h.a....C.{...4KD..3L......U.
..i....t.T).. B.6....j......F.lw.V.^..r.K.-L.=^u=...-a@@...HH...J@.[6&
...Srp7X.o.9...[u.......wk(..w.Q9..4...9d..8u.S.....\^.?....x.^.":...c
/2.....ay......V,...{..(.}..8...............m.4fx..Y...p.c..k.}...V..@
...C..........v..w.v....I&...fWK.2d..4...._].47.r.-| %l...e.g..|......
.o.].o..V.QqX..gya../h$...ke{..d...n.C...G...i.I..{..........m.m?F~".V
..`.dOlT..>q.=.rv.q...Y.=B.E&z...:e0..Z..v.4E....". ....[.Y...}.d..
...7,.t....ye7...9. .f..4I..Q.9....!...#...j....>o._.6.].....G."...
@....k.k".2zU...*E....&..K.n;wGD..UH....c.....0....6..j..[........7.qA
"N5......Z..!..FI.1.3..#k.%v..[.....)aq...|......TmT..i.@.E....7..

<<< skipped >>>

GET /installer/progress?section=7.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:28 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=d07ar9u04vrn17cocnmdc481g2; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341086100816; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434108; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:28 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w28|WB8dP|WB8dP; path=/


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Cache-Control: max-age = 511667
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT
If-None-Match: "57ff143e-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=499258
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581eb58e-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:46:06 GMT
Server: ECS (vie/F2D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...2016
1105210000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&...
.cd ........\..m. B.]......20161105210000Z....20161112210000Z0...*.H..
...........:u.....)(........'....@WHh.B..6Ex.!K^..}H.1..r..0.Ds.6[..[.
j.....M.{q,.>p.v...'Q........c.9|Z..j2..!.,z.. ..yG.L..k3.I...Y..p.
7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O..$.aS.:]~*..KxP.2,0..D....M
.#N......aF...CZ*..xt/.....B..{...~i.yeA..;..{..EMoB>...W8..HTTP/1.
1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=499258..Content
-Type: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT.
.Etag: "581eb58e-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Mo
dified: Sun, 06 Nov 2016 04:46:06 GMT..Server: ECS (vie/F2D5)..X-Cache
: HIT..Content-Length: 471..0..........0..... .....0......0...0.......
>.i...G...&....cd ...20161105210000Z0s0q0I0... ............(..A...B
..G@B.X....>.i...G...&....cd ........\..m. B.]......20161105210000Z
....20161112210000Z0...*.H.............:u.....)(........'....@WHh.B..6
Ex.!K^..}H.1..r..0.Ds.6[..[.j.....M.{q,.>p.v...'Q........c.9|Z..j2.
.!.,z.. ..yG.L..k3.I...Y..p.7...ZFg:.. 1...0&\......D).re@l.I.9R.0...O
..$.aS.:]~*..KxP.2,0..D....M.#N......aF...CZ*..xt/.....B..{...~i.yeA..
;..{..EMoB>...W8..
....

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEA7LCTmysQFUuJVwx7Irekc= HTTP/1.1

Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=496111
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2016 12:08:50 GMT
Etag: "581ead2c-1d7"
Expires: Sun, 13 Nov 2016 00:08:50 GMT
Last-Modified: Sun, 06 Nov 2016 04:10:20 GMT
Server: ECS (vie/F2BA)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..2016
1106033900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb.
..Yr;.....9...T..p.. zG....20161106033900Z....20161113025400Z0...*.H..
............0<.F...PlF....ly@?...r5..J.bYwT.F.|.)... ..-D..9%. #.k.
.9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G),sR. k.x..1.o..?...a.r..
.......)....`.... .P......6.....E..i%N.j...lw.j.l:..`C..#R..`8.....BQu
d...@...1...J.mT..6..I.@..C?....4$.. q...|...7.5...w..a...y.HTTP/1.1 2
00 OK..Accept-Ranges: bytes..Cache-Control: max-age=496111..Content-Ty
pe: application/ocsp-response..Date: Sun, 06 Nov 2016 12:08:50 GMT..Et
ag: "581ead2c-1d7"..Expires: Sun, 13 Nov 2016 00:08:50 GMT..Last-Modif
ied: Sun, 06 Nov 2016 04:10:20 GMT..Server: ECS (vie/F2BA)..X-Cache: H
IT..Content-Length: 471..0..........0..... .....0......0...0......Qh..
...u<..edb...Yr;..20161106033900Z0s0q0I0... .........&....~...B../j
..._...Qh.....u<..edb...Yr;.....9...T..p.. zG....20161106033900Z...
.20161113025400Z0...*.H..............0<.F...PlF....ly@?...r5..J.bYw
T.F.|.)... ..-D..9%. #.k..9A?)..F.mxP.q.r-....t...^......6c.F/..cz..3G
),sR. k.x..1.o..?...a.r.........)....`.... .P......6.....E..i%N.j...lw
.j.l:..`C..#R..`8.....BQud...@...1...J.mT..6..I.@..C?....4$.. q...|...
7.5...w..a...y...

<<< skipped >>>

GET /css/min_general.css?1.00401.0 HTTP/1.1
Accept: text/css
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cookie: _wau=14784341069875129; _wal=1478434120; not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; _waab=37,22,71,50,81,44,51,39,61,34; PHPSESSID=rlivefmasanafnoloud4mvv1v1; APPSESSID=w20|WB8dS|WB8dS


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:41 GMT
Server: Apache/2.4.7 (Ubuntu)
Expires: Sun, 06 Nov 2016 14:08:41 GMT
Cache-Control: max-age=7200, public
Pragma: cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wal=1478434121; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:41 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 18549
Connection: close
Content-Type: text/css;charset=UTF-8
Set-Cookie: APPSESSID=w20|WB8dT|WB8dS; path=/
Cache-control: private
...........}...H...h.0\.H2/IT&zf..............(.J.M.,.r.....xq...C.T.g
m..DF..^D...k. .C58.....{.)..q|_..y...q.*v.V...l.].......>...F.7...
).;..7o.....6.*}.........d..<ysw<.ny;....*]m.E^.g..O.>...Cz.,
.|...iw...T...<Y}..g...H..../7Y..>.y;...]R}.&.-..:]..2.W_.......
{(6....y).U.aW.Sz...?..<.&..7o.ZQ`.s.|C...h..v...9.g.[..L..l.O.-..:
=.zO.b.e..>..e.......j.m....n..6.n..6.n'..tX..y.......ayH..0Y...du(
._vC......U.N..4..7.a..f.....5.]...a..O.0...,.....B..y.$U..>...U...
.*).... ..jS......y. _..z...lE.&.....2...=..!.O.C......S9.'d.d..n....}
s...............Uw.Rh5.GINN..erL.l.>i.I.$....1..1.M[.v...tr...<.
rK.......=...o..Y.>..zd}...<O.cz{L...T)...,....IN,..c.~..P.tS..?
.......B.w..H..>..7vO%..5..hs....<}...v..eN...&...........4Ov...
7....G........WO..`..1.....X....... ..._O..Kq......f....o.t.....![W[X{
...T>"t........MQ.C....L9m.'.m>.s..Jaf..d.....m...5^f..e.YE..h..
;.P..wyZUhAG.....:].d....i....q...M.......n.....25..!.1.d.yv$.R}.9....
....[..l..,-.{.,.-F#r.5.....O.G.(..Y..y...*.r....O...]...Lw....w..k.B.
..Z.<m.gd..i.....o.F...&.&t6..d]<.....V`H6......P%..^g.2..hkyN..
.Ye.X..G...t.......H.m..>....!..W..t..v.pa@.p...SHz. .Wt6'.X..M>
%.).:.{hL.._....N.8k........|.D.....8o@O..@v.9........ [....*v.|.FK...
..aY|24..Cm.....U.8[.r....'z[.?..k.c'......c...d....RA.0.zS......DG?..
.........5.....v.O..>...9%...=.K...R.V..$.Y:...o....i.&..:.....s.iL
.3.......@..^...d.r..|j.?}?.1|........).&..6..f 5.7.Xbo.v.$....w...i..
..D.)q..L}b.J.8...EUo..#,.<....M4.:J..........%....~....h...*..

<<< skipped >>>

GET /ajax/libs/jquery/1.7/jquery.min.js?1.00401.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Tue, 25 Oct 2016 05:15:53 GMT
Expires: Wed, 25 Oct 2017 05:15:53 GMT
Last-Modified: Fri, 16 Oct 2015 18:27:31 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33622
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 1061568
...............F.?...).hM...H.l....qeYn...Xr.=,..\$..%.u.E......m|#2..
.,.g....H$... ..>o....6.|<....o..g..x......<.6...H..6?{.._..v
......U.<.........|w.Y..;...b....p..qg......y.E.>.;Y>.o......
~.w..&_....uy([.E...o..a<.....Y...d.}TY4.. .....^....|.._.I..(.....
e.v=.?zA?.l......>5..x..2..{......~..7.|...].f./h\.W.7."....t....M.
o"z./...?.y1...^..=...b.Q{._ ...-.Wi:H.....rgW`./K.\..\..._*.w.7....qg
{.^.6;Z..oi.....E.w..g..b...ibm.....j/1.y'...X.,.Ce.1W@..D2...W5S...te
].t..WQ~........t..i.x..;y.N.t.I.....?.....-`.......G[5.M..(..A.t.t.E.
.Q..m.h.....|u.......~..-.Z....>.m>..^..gq.......>..4..."....
......|......>..lh....iSc.f.[...I...?Lh.....L...*..|s~...[..J.q....
....hK..xP.5U...y....j.n.l....Z..Z.u.......?.*..v.O....e.7..bI..M..7..
6....gS:>...XN<.[>.vv.oV...u...]r>.NGA...p........s/....|N
x...-.;?....q.......Q.(..Ftj..s.p..e...........Y......Og....M.......W.
.....#i..[.. *]...j.z.e.....f..VA?.3ss.........9..fC.{...d.[..xC..k/..
..!X.^.w.[....l.6.h9X.i...........c@.......@.[5.....6.v."..U...-..[. T
`.&.....p2,F#...6...r...."<3-.;?P..QB.L....$.F..3.w?....cB...Gv....
bU...<......s.......DP:.K..0kL51..5.E..P.h...D.....k..)^....n.x.&*.
.,........^.*...bfqD6.......,&.....{.........%%.J..c..'_.L.*f.}..h....
.....#o....$..G...'Bv.|.R...P.Q../1C.V&.l.9.....7%.e...Y=.t...:..^.g..
.|..........5.n.{.n.-COi...QK....o....>PO..s.../......o............
..4Dc...l..I4A.j2....0.#x.'.n=5.....qa..L..}..<.~q5................
N..7a^.h-.>..G.y...3..&.@..r.s.<.........G..W.Q.*...;.....*.

<<< skipped >>>

GET /installer/start?v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:04 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=sb30ufbssqerpn069qsljfldf1; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784340844690433; expires=Mon, 06-Nov-2017 12:08:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434084; expires=Mon, 06-Nov-2017 12:08:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:04 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w26|WB8dJ|WB8dJ; path=/


GET /connect/xd_arbiter/r/fTmIQU3LxvB.js?version=42 HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Referer: hXXp://VVV.technologieyvonlheureux.com/signup?aid=3673&inline=0&afr=0
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: staticxx.facebook.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Sat, 04 Nov 2017 21:55:06 GMT
Strict-Transport-Security: max-age=15552000; preload
Cache-Control: public,max-age=31536000,immutable
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' fbstatic-a.akamaihd.net fbcdn-static-b-a.akamaihd.net *.atlassolutions.com blob: data:;style-src data: 'unsafe-inline' *;connect-src *.facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* *.akamaihd.net wss://*.facebook.com:* hXXps://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com;
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Vary: Accept-Encoding
Content-Encoding: gzip
X-FB-Debug: NOFfziK/Z 3Hc6pFjPrQIcxs05h62zzPT CBRjMm 7EsvDNwhAgxHQGuEsp/8YUEar3M/3Z7A0Ta7cFDLNxzmQ==
Date: Sun, 06 Nov 2016 12:08:46 GMT
Connection: keep-alive
Content-Length: 11595
...........}i{.H.....X.-..u.....5.*WO.[.VU......@"....l.......$H..g.y.
yz,.32"2....'.?....... _F.C....|..yD....:I..^.I...N.$...4..,.gZ@..M...
z..}.....37.W.....%....;....Q.n....i..8..t9.c7Z{4.V..A..'.iJ6m?M.f.h..
...$6...V...u..y.&.ZLo.....L.$5.......f....T[.....z.9.!...$.1 .qob....
...<.3..| ......O|..f.$.m...H.=R...aNS.'i_.._..^y.fr..2...r:.'....Z
sk.X...\6.. r<...'l..........aD..ciG.....i..bjn...}C.5..g..v..."..
.Vh...pb..-.7x..#......)..i....8SlSQ............v......86...X.^...0F.(
....6........F.o.^..8'.Wi.'.u;O..)l.>91a......d..L....t.........v..
...D.Ys`).cr.....C]......N...(.i0....Cs..'*....J...$..r...C5..].O.;.!.
."..~~...>7...h>...Y.e...G.g..lb.,j...3I.S.aI.....;Pc;.0....T...
..'..q%.....L...68..H.k.t2P..:.@t.PY........xUbS.S....H...ci`....{...%
.3hkfu.>..c....."..v.. #..q..=..0..0.......s.......Vk. ...>.L.T.
..........r.j..a..p...../.b.z.HLj.......kw.@..j...l.O.#.N.x4Mj........
..b.(...G.d0r...........Jf.....oy......<C.........80....:..Z3..3..=
c..v4........mqV).....$.$n..(Q^[.........F.f..d...Q...Us.tm..p.A[.[...
...@....W.,@DK.E.uhq...R..J..Kc4.lw..R.K..f. .6..\.q.l.'..f......".'.7
$'.)...W.%K..8,.....Kc..,...BTS........9.........>.S~..1.....8..d.f
.1.3.iA.U...0"Y.t.G...w..D-2...3..4....V.*..|.m6I...pjH....Ic.......n.
.W...E5....\.,...:.....E....]........@..vpnwGA.vZ.`!..X3.NO......I...A
.H..'......gi^\.V....i............S.\d...k9C.CsVQ.l......V @.....}..?.
.x.9j..E.%..... .g....q..g65...*....M\t=.D.3....Y...F...m...n H..$....
.Zf.(.>.. ?B.V..4E|.........G.n..(..^:4....v.!.Vy.C....%c.\o6e.

<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCB2zJf1Xylv2 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 04 Nov 2016 10:35:29 GMT
Expires: Tue, 08 Nov 2016 10:35:29 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 178394
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2016110
4010148Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...%.W.[.....20161104010148Z....20161111010148Z0...*.H.............P..
..........-9..K.......}...Ad{N..K...ddlbi..C8.._:..K......O29..:......
....r.....w[.."m...y"-.B..'..Z#..1.o.^*JzAz.)..V...?...79&Z...0....l&l
t;...$..o.f.-....(...P.I..U..|.....!2^ .f..m..8K.2dHQ...?.y......a...J
K.b..!...XA.$0..X...M._..t....h...E.?.<.Op....HTTP/1.1 200 OK..Cont
ent-Type: application/ocsp-response..Date: Fri, 04 Nov 2016 10:35:29 G
MT..Expires: Tue, 08 Nov 2016 10:35:29 GMT..Server: ocsp_responder..Co
ntent-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: S
AMEORIGIN..Age: 178394..Cache-Control: public, max-age=345600..0......
....0..... .....0......0...0......J......h.v....b..Z./..20161104010148
Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./....%.W.
[.....20161104010148Z....20161111010148Z0...*.H.............P.........
...-9..K.......}...Ad{N..K...ddlbi..C8.._:..K......O29..:..........r..
...w[.."m...y"-.B..'..Z#..1.o.^*JzAz.)..V...?...79&Z...0....l<...$.
.o.f.-....(...P.I..U..|.....!2^ .f..m..8K.2dHQ...?.y......a...JK.b..!.
..XA.$0..X...M._..t....h...E.?.<.Op......


GET /installer/progress?section=4.0&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: VVV.technologieyvonlheureux.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sun, 06 Nov 2016 12:08:21 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=bs0m4ij9jv9hskjmh7m4irlt76; path=/; domain=.technologieyvonlheureux.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: _wau=14784341012219988; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _wal=1478434101; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: not_logged_unique_id=47936C0FEA50B790BD59E50713FEF01C; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Set-Cookie: _waab=37,22,71,50,81,44,51,39,61,34; expires=Mon, 06-Nov-2017 12:08:21 GMT; Max-Age=31536000; path=/; domain=.technologieyvonlheureux.com
Content-Length: 0
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: APPSESSID=w14|WB8dO|WB8dO; path=/


The Adware connects to the servers at the folowing location(s):

%original file name%.exe_2472:

.text
`.rdata
@.data
@.ndata
.rsrc
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
COMCTL32.dll
VERSION.dll
GetWindowsDirectoryA
KERNEL32.dll
ExitWindowsEx
GetAsyncKeyState
USER32.dll
GDI32.dll
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
ADVAPI32.dll
ShellExecuteA
SHFileOperationA
SHELL32.dll
ole32.dll
Jump: %d
Aborting: "%s"
Call: %d
detailprint: %s
Sleep(%d)
SetFileAttributes: "%s":X
CreateDirectory: "%s" (%d)
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: "%s" created
IfFileExists: file "%s" exists, jumping %d
IfFileExists: file "%s" does not exist, jumping %d
Rename: %s
Rename on reboot: %s
Rename failed: %s
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: wrote %d to "%s"
Delete: "%s"
MessageBox: %d,"%s"
RMDir: "%s"
Exch: stack < %d elements
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
ExecShell: success ("%s": file:"%s" params:"%s")
Exec: command="%s"
Exec: success ("%s")
Exec: failed createprocess ("%s")
Error registering DLL: %s not found in %s
Error registering DLL: Could not load %s
WriteINIStr: wrote [%s] %s=%s in %s
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
CopyFiles "%s"->"%s"
DeleteRegValue: "%s\%s" "%s"
DeleteRegKey: "%s\%s"
WriteRegStr: "%s\%s" "%s"="%s"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegBin: "%s\%s" "%s"="%s"
WriteReg: error writing into "%s\%s" "%s"
WriteReg: error creating key "%s\%s"
created uninstaller: %d, "%s"
settings logging to %d
logging set to %d
verifying installer: %d%%
Section: "%s"
Skipping section: "%s"
hXXp://nsis.sf.net/NSIS_Error
... %d%%
~nsu.tmp
%u.%u%s%s
install.log
New install of "%s" to "%s"
Delete: DeleteFile("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile failed("%s")
RMDir: RemoveDirectory invalid input("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory failed("%s")
%s=%s
*?|<>/":
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
invalid registry key
x%c
RegDeleteKeyExA
sers\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll
02&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll
firstrun=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp
AC76BA86-7AD7-1033-7B44-A93000000001}
run=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
q*R.bl_
e.XM.
$X.Zp
X:\7|E
.dJb& &:pa
.Aakr
%5X*/
MJ.Qm
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
;#;(;-;2;;;
: :%:3:<:
: :$:(:,:0:4:8:<:
5"64686<6@6
= =$=(=,=0=4=8=<=@=
= =$=(=,=0=4=8=
3"3,363@3
= =(=0=8=
1 1$1(1,10141
:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll
p?firstrun=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiFCFE.tmp
nsiFCFE.tmp
File: skipped: "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll" (overwriteflag=1)
D.tmp\inetc.dll"
902d1298b7313b2bf0050dd40.ico,0, sw=0, hk=0
\AppData\Local\Temp\nsn66FD.tmp\inetc.dll
Windows\815346a4778321839cef8ab48bf110e2.exe
Adobe Reader 9.3.4
.NET Framework 4 Client Profile (KB2656405)
gram Files\Internet Explorer\iexplore.exe
:\Program Files\Internet Explorer\iexplore.exe
c:\%original file name%.exe
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb
%original file name%.exe
ers\"%CurrentUserName%"\AppData\Local\Temp\nsd5EB3.tmp
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\
269092128
1478434084
%Program Files%\Internet Explorer\iexplore.exe
%Program Files%\be105bbb97d93cef6c0d6cf170a32291
88dcd395-b062-45b3-a6cd-79f37c0eba08
hXXp://VVV.technologieyvonlheureux.com/web/log
hXXp://VVV.technologieyvonlheureux.com/web/log?evt=10002&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
IE.HTTP
"%Program Files%\Internet Explorer\iexplore.exe" -nohome
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss92DE.tmp
0728832
twitter.ico
03967CDD-F8BD-4AC9-8369-0D2BD8F246F5}
6.1.7600.16385 (win7_rtm.090713-1255)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs
815346a4778321839cef8ab48bf110e2.exe
dd4e70c902d1298b7313b2bf0050dd40.ico
bc5601ccb5de9f6cb8cd31285eef3bbe.ico
ffdefbf88c95cae97a1671206e9fe39e.ico
-2046754816
-2147410511
61fda4ee77910796d32333421184d8b6.exe
3514ea1003608a0c7fb4630ce20fd94c.exe
ce1c22c865645f1f8a89a398e374a17f.exe
fe31ca0af645687ee3c5b1da57895877.exe
c850ebe35760d7b12fc1318953221f59.exe
525bac57de7cb6660b9a54b1a6b27dc9.exe
C:\Windows\815346a4778321839cef8ab48bf110e2.exe
hXXp://VVV.technologieyvonlheureux.com/index.php?firstrun=1&lp=1&v=d9.75.1.48&tv=1.0-10000&unique_id=47936C0FEA50B790BD59E50713FEF01C&mid=9c331592e812c97b86f3693753f893e6&aid=3673&aid2=none&ts=1478434084&ts2=&brw=iexplore&mi=1&ma=6
)-.Yln
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v19-Mar-2012.cvs</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Uninstall Social2Search\uninstall.lnk
lorer\iexplore.exe" -nohome
er 9.3.4

%original file name%.exe_2472_rwx_10004000_00001000:

callback%d

61fda4ee77910796d32333421184d8b6.exe_656:

.text
`.rdata
.xdata
@.rsrc
@.reloc
zcÁ
.?AV?$_Ref_count_del@PAUHKEY__@@V<lambda_c2547fa6d62c87180fd655c78bd4cfcb>@@@std@@
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
Operation not permitted
Inappropriate I/O control operation
Broken pipe
operator
GetProcessWindowStation
4#<8?0%4
$!=820%4
FVAEPYKD.pdb
NtDelayExecution
KERNEL32.dll
USER32.dll
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
SHDeleteKeyW
SHLWAPI.dll
CreateNamedPipeW
GetWindowsDirectoryW
GetProcessHeap
GetCPInfo
RegOpenKeyW
RegCreateKeyW
ole32.dll
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
405;6{6(8
1a2%4s4
: :$:(:,:0:4:8:
<$<(<,<0<7>
<"<&<*<.<2<6<
;";=;`;{;
4989<9@9
1 1(10181@1
ADVAPI32.DLL
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
ntdll.dll
kernel32.dll
mscoree.dll
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe
wajam.dll
\\.\pipe\
\BaseNamedObjects\_MMapEvent_0x%x_0x%x
9.75.1.48

61fda4ee77910796d32333421184d8b6.exe_656_rwx_010EA000_00002000:

zcÁ
.?AV?$_Ref_count_del@PAUHKEY__@@V<lambda_c2547fa6d62c87180fd655c78bd4cfcb>@@@std@@

61fda4ee77910796d32333421184d8b6.exe_656_rwx_01103000_00005000:

4#<8?0%4
$!=820%4
FVAEPYKD.pdb
NtDelayExecution
.text
KERNEL32.dll
USER32.dll
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
SHDeleteKeyW
SHLWAPI.dll
CreateNamedPipeW
GetWindowsDirectoryW
GetProcessHeap
GetCPInfo
%Program Files%\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe
wajam.dll
ntdll.dll
kernel32.dll
\\.\pipe\
\BaseNamedObjects\_MMapEvent_0x%x_0x%x

61fda4ee77910796d32333421184d8b6.exe_2552:

.text
`.rdata
.xdata
@.rsrc
@.reloc
zcÁ
.?AV?$_Ref_count_del@PAUHKEY__@@V<lambda_c2547fa6d62c87180fd655c78bd4cfcb>@@@std@@
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
Operation not permitted
Inappropriate I/O control operation
Broken pipe
operator
GetProcessWindowStation
4#<8?0%4
$!=820%4
FVAEPYKD.pdb
NtDelayExecution
KERNEL32.dll
USER32.dll
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
SHDeleteKeyW
SHLWAPI.dll
CreateNamedPipeW
GetWindowsDirectoryW
GetProcessHeap
GetCPInfo
RegOpenKeyW
RegCreateKeyW
ole32.dll
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
405;6{6(8
1a2%4s4
: :$:(:,:0:4:8:
<$<(<,<0<7>
<"<&<*<.<2<6<
;";=;`;{;
4989<9@9
1 1(10181@1
ADVAPI32.DLL
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
ntdll.dll
kernel32.dll
mscoree.dll
c:\program files\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe
wajam.dll
\\.\pipe\
\BaseNamedObjects\_MMapEvent_0x%x_0x%x
9.75.1.48

61fda4ee77910796d32333421184d8b6.exe_2552_rwx_010EA000_00002000:

zcÁ
.?AV?$_Ref_count_del@PAUHKEY__@@V<lambda_c2547fa6d62c87180fd655c78bd4cfcb>@@@std@@

61fda4ee77910796d32333421184d8b6.exe_2552_rwx_01103000_00005000:

4#<8?0%4
$!=820%4
FVAEPYKD.pdb
NtDelayExecution
.text
KERNEL32.dll
USER32.dll
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
SHDeleteKeyW
SHLWAPI.dll
CreateNamedPipeW
GetWindowsDirectoryW
GetProcessHeap
GetCPInfo
c:\program files\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe
wajam.dll
ntdll.dll
kernel32.dll
\\.\pipe\
\BaseNamedObjects\_MMapEvent_0x%x_0x%x

61fda4ee77910796d32333421184d8b6.exe_2552_rwx_6C1A1000_00001000:

VERSION.dll

iexplore.exe_1304:

.text
`.data
.rsrc
@.reloc
v9.uj
>.uzf
.us;}
IEFRAME.dll
MLANG.dll
iertutil.dll
urlmon.dll
ole32.dll
SHELL32.dll
SHLWAPI.dll
msvcrt.dll
USER32.dll
KERNEL32.dll
ADVAPI32.dll
RegOpenKeyExW
RegCloseKey
GetWindowsDirectoryW
_amsg_exit
_wcmdln
UrlApplySchemeW
PathIsURLW
UrlCanonicalizeW
UrlCreateFromPathW
iexplore.pdb
KEYW
KEYWh
KEYWD
.ENNNG.
a.ry.v
l.igM4
?1%SGf
xh.JW^
.97777"7" " " !
3.... )) 
8888888888888
8888888888
.lPV)
úW1
.ApX/
H.ZAf
ð[U
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
Y.hilkRROMLK=C,
..(((($$
3...((((%
3....(.''$
3.2...((((%
33.2....(,'
55323222...
(%&'00443445?
00.,,,4(
000.,,9(
0020..9(
003200;(
(#'( (''''!'!
Microsoft.InternetExplorer.Default
user32.dll
Kernel32.DLL
xfire.exe
wlmail.exe
winamp.exe
waol.exe
sidebar.exe
psocdesigner.exe
np.exe
netscape.exe
netcaptor.exe
neoplanet.exe
msn.exe
mshtmpad.exe
mshta.exe
loader42.exe
infopath.exe
iexplore.exe
iepreview.exe
groove.exe
explorer.exe
dreamweaver.exe
contribute.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
Kernel32.dll
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
{00000000-0000-0000-0000-000000000000}
\\?\Volume
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Imaging_CreateWebPagePreview
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
Windows
9.00.8112.16421

iexplore.exe_1412:

.text
`.data
.rsrc
@.reloc
v9.uj
>.uzf
.us;}
IEFRAME.dll
MLANG.dll
iertutil.dll
urlmon.dll
ole32.dll
SHELL32.dll
SHLWAPI.dll
msvcrt.dll
USER32.dll
KERNEL32.dll
ADVAPI32.dll
RegOpenKeyExW
RegCloseKey
GetWindowsDirectoryW
_amsg_exit
_wcmdln
UrlApplySchemeW
PathIsURLW
UrlCanonicalizeW
UrlCreateFromPathW
iexplore.pdb
KEYW
KEYWh
KEYWD
.ENNNG.
a.ry.v
l.igM4
?1%SGf
xh.JW^
.97777"7" " " !
3.... )) 
8888888888888
8888888888
.lPV)
úW1
.ApX/
H.ZAf
ð[U
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
Y.hilkRROMLK=C,
..(((($$
3...((((%
3....(.''$
3.2...((((%
33.2....(,'
55323222...
(%&'00443445?
00.,,,4(
000.,,9(
0020..9(
003200;(
(#'( (''''!'!
Microsoft.InternetExplorer.Default
user32.dll
Kernel32.DLL
xfire.exe
wlmail.exe
winamp.exe
waol.exe
sidebar.exe
psocdesigner.exe
np.exe
netscape.exe
netcaptor.exe
neoplanet.exe
msn.exe
mshtmpad.exe
mshta.exe
loader42.exe
infopath.exe
iexplore.exe
iepreview.exe
groove.exe
explorer.exe
dreamweaver.exe
contribute.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
Kernel32.dll
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
{00000000-0000-0000-0000-000000000000}
\\?\Volume
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Imaging_CreateWebPagePreview
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
Windows
9.00.8112.16421


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    nsC8ED.tmp:2264
    61fda4ee77910796d32333421184d8b6.exe:1524

  2. Delete the original Adware file.
  3. Delete or disinfect the following files created/modified by the Adware:

    %Program Files%\be105bbb97d93cef6c0d6cf170a32291\ce1c22c865645f1f8a89a398e374a17f.exe (13304 bytes)
    %Program Files%\be105bbb97d93cef6c0d6cf170a32291\61fda4ee77910796d32333421184d8b6.exe (11110 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsEE3A.tmp (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\MoreInfo.dll (15 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\SimpleSC.dll (1896 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\OQFJK3FB.txt (803 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsE9D6.tmp (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7Q30U04Y.txt (803 bytes)
    %Program Files%\be105bbb97d93cef6c0d6cf170a32291\441136ae10b200e9992f407b66b2554e (2104 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Social2Search Website.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\682AIKA9.txt (543 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsExec.dll (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\md5dll.dll (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\IpConfig.dll (4254 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nss92DE.tmp (10 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\NSISList.dll (2457 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\QIHBCSNO.txt (803 bytes)
    %Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb\bc5601ccb5de9f6cb8cd31285eef3bbe.ico (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\System.dll (23 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F9C1.tmp (601 bytes)
    %Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\X15I46EM.txt (803 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\0ITTGDW2.txt (99 bytes)
    %Program Files%\be105bbb97d93cef6c0d6cf170a32291\815346a4778321839cef8ab48bf110e2.exe (40364 bytes)
    %Program Files%\be105bbb97d93cef6c0d6cf170a32291\c850ebe35760d7b12fc1318953221f59.exe (19514 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\FA20.tmp (78068 bytes)
    %Program Files%\be105bbb97d93cef6c0d6cf170a32291\5fc72d63d5eb71c8dff05712551a63cb\ffdefbf88c95cae97a1671206e9fe39e.ico (3 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F500.tmp (78068 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Settings.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\inetc.dll (46 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TGQ7LZCB.txt (283 bytes)
    C:\Windows\815346a4778321839cef8ab48bf110e2.exe (70672 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\nsC8ED.tmp (14 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\get_local_output.tmp (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\F491.tmp (601 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsiFCFE.tmp (906 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\Uninstall Social2Search\uninstall.lnk (2 bytes)
    %Program Files%\be105bbb97d93cef6c0d6cf170a32291\dd4e70c902d1298b7313b2bf0050dd40.ico (4 bytes)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear\SignIn with Twitter.lnk (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsn66FD.tmp\brh.dll (22456 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\ImaCC82.tmp (381 bytes)
    %Program Files%\be105bbb97d93cef6c0d6cf170a32291\dc6d02d096c74fb10e2d25b209aafe9b\qqytbxfm.dll (1 bytes)
    C:\Windows\Temp\ImaD47E.tmp (381 bytes)
    C:\Windows\Temp\wjmE091.tmp (11964 bytes)
    C:\Windows\Temp\wjmDE10.tmp (2500 bytes)
    %Program Files%\be105bbb97d93cef6c0d6cf170a32291\e214f9b15940fe19bca2f6de222d6969 (28 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Google\Chrome\User Data\Local State (8063 bytes)
    C:\Windows\Temp\ImaE61A.tmp (381 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet

x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now