MD5: e9264fbd29483aa7221d04df6a254528
SHA1: 92ab119b20817e679e8d91c4a631b101bad394ed
SHA256: 56f3bc8cf9e062169279597f20b0d5f04beb0e097e0abcbf3e9063f2c2597a46
SSDeep: 196608:aBWnXURnB8PJkepGtayKZDOJcejsGhEv20:aGPCXcyEJgEO0
Size: 6746680 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: Auslogics Labs Pty Ltd
Created at: 2013-10-13 11:19:32
Analyzed on: Windows7Ada SP1 64-bit

Summary:

Worm. A program that is primarily replicating on networks or removable drives.

Payload

Process activity

The Worm creates the following process(es):

TPAutoConnSvc.exe:1776
reader.exe:1636
PCBooster.exe:476
DefaultBrowserFinder.exe:888
%original file name%.exe:2528
e9264fbd29483aa7221d04df6a254528.tmp:1728
GASender.exe:3756

The Worm injects its code into the following process(es):

PCBooster.exe:3308

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process PCBooster.exe:476 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Program Files% (x86)\TweakBit\PCBooster\AxComponentsVCL.bpl (146 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F (471 bytes)
C:\ProgramData\TweakBit\PCBooster\1.x\Logs\PCBooster.log (4258 bytes)
%Program Files% (x86)\TweakBit\PCBooster\vcl160.bpl (291 bytes)
%Program Files% (x86)\TweakBit\PCBooster\AxComponentsRTL.bpl (49 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_D5F09CAA6E2CA434FEDC79A84C61CABA (1488 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F (1544 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 (680 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_D5F09CAA6E2CA434FEDC79A84C61CABA (471 bytes)
%Program Files% (x86)\TweakBit\PCBooster\rtl160.bpl (146 bytes)
%Program Files% (x86)\TweakBit\PCBooster\vclimg160.bpl (356 bytes)

The process PCBooster.exe:3308 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$CF3B.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$9D6B.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$E1BB.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$2A12.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$5D10.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$209C.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$764F.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$333C.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$B3A5.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$7317.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$C691.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$E81D.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$1AC9.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$973D.lnk (1 bytes)

The process DefaultBrowserFinder.exe:888 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$Cookies99236784 (10 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\sqlite3.dll (667 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$Cookies99236831 (10 bytes)

The process %original file name%.exe:2528 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-VJQ7R.tmp\e9264fbd29483aa7221d04df6a254528.tmp (50 bytes)

The process e9264fbd29483aa7221d04df6a254528.tmp:1728 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Program Files% (x86)\TweakBit\PCBooster\unins000.msg (646 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-JLSEP.tmp (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\GASender.exe (3073 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-HAIP5.tmp (3361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\AxComponentsRTL.bpl (7596 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-VNP0E.tmp (1281 bytes)
%Program Files% (x86)\TweakBit\PCBooster\Lang\is-EDSJA.tmp (53 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-OT2SA.tmp (21387 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\installer_enu.ini (37 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_Del_e9264fbd29483aa7221d04df6a254528\AxComponentsRTL.bpl (7547 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-H979H.tmp (7971 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit\PCBooster\TweakBit PC Booster on the Web.url (111 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-5MSGL.tmp (673 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-Q0SJ3.tmp (22336 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-RN34A.tmp (23811 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\EULA.rtf (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\vcl160.bpl (24102 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\AxComponentsVCL.bpl (22482 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-2RSMV.tmp (3073 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-9SV82.tmp (5441 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-5M99C.tmp (1281 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\GA.xml (868 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-ST3IJ.tmp (2 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-N00O5.tmp (7385 bytes)
%Program Files% (x86)\TweakBit\PCBooster\Lang\is-P03RI.tmp (37 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit\PCBooster\TweakBit PC Booster.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\ATUpdatersHelper.dll (6684 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\reader.exe (2485 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-00OGU.tmp (132 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-HH77V.tmp (32641 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-73QEV.tmp (3361 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-ROL9M.tmp (601 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-UUJFI.tmp (2105 bytes)
%Program Files% (x86)\TweakBit\PCBooster\PCBooster.url (60 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\WizardHelper.dll (2321 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-VBS7G.tmp (3361 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-ES4AB.tmp (5873 bytes)
C:\Users\"%CurrentUserName%"\Desktop\TweakBit PCBooster.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\GoogleAnalyticsHelper.dll (6663 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\_isetup\_shfoldr.dll (47 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\rtl160.bpl (21533 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-636VV.tmp (1425 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\_isetup\_setup64.tmp (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_Del_e9264fbd29483aa7221d04df6a254528\GoogleAnalyticsHelper.dll (5873 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-1GJ8S.tmp (5873 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-Q4228.tmp (2321 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-I0VOV.lnk (905 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-VAONU.tmp (7547 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-KIC4G.tmp (1425 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-CDRPO.tmp (7971 bytes)
%Program Files% (x86)\TweakBit\PCBooster\PCBooster.exe (49 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-Q4KSO.tmp (7433 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\sqlite3.dll (4545 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\$$$9FB8.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\vclimg160.bpl (2461 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp\DefaultBrowserFinder.exe (2457 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\is-6EJMO.tmp (4 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-H3GGB.tmp (4545 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-9400Q.tmp (2105 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-HTLAN.tmp (25 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-A77H7.tmp (5873 bytes)
%Program Files% (x86)\TweakBit\PCBooster\unins000.dat (15741 bytes)
%Program Files% (x86)\TweakBit\PCBooster\Data\main.ini (31 bytes)
%Program Files% (x86)\TweakBit\PCBooster\is-1T4CP.tmp (2321 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_Del_e9264fbd29483aa7221d04df6a254528\GA.xml (864 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_Del_e9264fbd29483aa7221d04df6a254528\GASender.exe (3589 bytes)

The process GASender.exe:3756 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\_Del_e9264fbd29483aa7221d04df6a254528\GoogleAnalyticsHelper.dll (790 bytes)

Registry activity

The process TPAutoConnSvc.exe:1776 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]
"TrayData" = "2,Tray 3, 3,Tray 2, 1,Tray 1, 4,Manual Feed, 7,Auto Select"
"FormData" = "1,2159,2794,Letter¶40,40,2086,2712, 5,2159,3556,Legal¶40,40,2086,3474, 9,2100,2970,A4¶39,39,2032,2890, 7,1842,2667,Executive¶40,40,1761,2585, 258,2159,3302,8.5 x 13 (custom)¶40,40,2086,3220, 11,1480,2100,A5¶39,39,1408,2020, 70,1050,1480,A6¶39,39,975,1399, 13,1820,2570,B5 (JIS)¶39,39,1747,2490, 264,1950,2700,16K 195x270¶39,39,1882,2620, 263,1840,2600,16K 184x260¶39,39,1761,2520, 257,1970,2730,16K 197x273¶39,39,1896,2650, 43,1000,1480,Japanese Postcard¶39,39,921,1399, 82,1480,2000,Double Japan Postcard Rotated¶39,39,1408,1919, 20,1046,2413,Envelope #10¶40,40,975,2331, 37,983,1905,Envelope Monarch¶40,40,907,1823, 34,1760,2500,Envelope B5¶39,39,1693,2420, 28,1620,2290,Envelope C5¶39,39,1544,2209, 27,1100,2200,Envelope DL¶39,39,1029,2120"
"DelAfterCreate" = "1"

[HKU\.DEFAULT\Printers\DevModes2]
"NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1" = "4E 00 50 00 49 00 34 00 35 00 36 00 41 00 42 00"

The Worm deletes the following registry key(s):

[HKLM\SOFTWARE\ThinPrint\TPPrnUI\NPI456AB0 (HP LaserJet Professional M1212nf MFP)#:1]

The process reader.exe:1636 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\TweakBit\PCBooster\1.x\Settings]
"General.PartnerId" = "tweakbit"

The process PCBooster.exe:476 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"

[HKCR\Wow6432Node\CLSID\{5D7D27E3-FF05-2968-061D-0779355AC07B}\Version]
"Assembly" = "5F 3E 15 CC C6 AE 4C 21 3C 7D 69 38 AA 90 45 CF"

[HKLM\SOFTWARE\Wow6432Node\TweakBit\PCBooster\1.x\Settings]
"App.Application.AutostartEnable" = "1"
"General.InstallDateTime" = "A2 7E A1 C3 C4 87 E4 40"
"App.Application.UpdateDate" = "4F 63 A3 C3 C4 87 E4 40"
"App.Application.SendInfo" = "0"
"General.Language" = "enu"

The Worm deletes the following value(s) in system registry:
The Worm disables automatic startup of the application by deleting the following autorun value:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"TweakBit PCBooster PCBooster"

The process PCBooster.exe:3308 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Local Settings\MuiCache\29\52C64B7E]
"LanguageList" = "en-US, en"

[HKLM\SOFTWARE\Wow6432Node\TweakBit\PCBooster\1.x\Settings]
"General.LastRun.PCBooster.exe" = "C9 92 C3 C3 C4 87 E4 40"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
"AutoDetect" = "1"

[HKLM\SOFTWARE\Wow6432Node\TweakBit\PCBooster\1.x\Settings]
"App.Application.FileName" = "%Program Files% (x86)\TweakBit\PCBooster\PCBooster.exe"

The Worm deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process DefaultBrowserFinder.exe:888 makes changes in the system registry.
The Worm deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\TweakBit\PCBooster\1.x\Settings]
"General.DefWebBrowser"

The process e9264fbd29483aa7221d04df6a254528.tmp:1728 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFilesHash" = "8D 44 CE 77 AB 70 80 A9 C0 D4 92 F5 8A 91 F4 47"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFiles0000" = "%Program Files% (x86)\TweakBit\PCBooster\WizardHelper.dll, %Program Files% (x86)\TweakBit\PCBooster\GoogleAnalyticsHelper.dll, %Program Files% (x86)\TweakBit\PCBooster\GASender.exe, %Program Files% (x86)\TweakBit\PCBooster\ATToolsStdHelper.dll, %Program Files% (x86)\TweakBit\PCBooster\ATUpdatersHelper.dll, %Program Files% (x86)\TweakBit\PCBooster\sqlite3.dll, %Program Files% (x86)\TweakBit\PCBooster\ProductHelper.dll, %Program Files% (x86)\TweakBit\PCBooster\Localizer.dll, %Program Files% (x86)\TweakBit\PCBooster\DebugHelper.dll, %Program Files% (x86)\TweakBit\PCBooster\SendDebugLog.exe, %Program Files% (x86)\TweakBit\PCBooster\SettingsHelper.dll, %Program Files% (x86)\TweakBit\PCBooster\CommonForms.Site.dll, %Program Files% (x86)\TweakBit\PCBooster\CommonForms.Routine.dll, %Program Files% (x86)\TweakBit\PCBooster\TaskSchedulerHelper.dll, %Program Files% (x86)\TweakBit\PCBooster\AxBrowsers.dll, %Program Files% (x86)\TweakBit\PCBooster\DiskCleanerHelper.dll, %Program Files% (x86)\TweakBit\PCBooster\InternetOpǼ"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F7EC1FD0-023F-49E1-B604-D81DA4BC87CA}_is1]
"MajorVersion" = "1"
"Publisher" = "Auslogics Labs Pty Ltd"
"DisplayVersion" = "1.6.7.2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F7EC1FD0-023F-49E1-B604-D81DA4BC87CA}_is1]
"Inno Setup: Icon Group" = "TweakBit\PCBooster"
"DisplayIcon" = "%Program Files% (x86)\TweakBit\PCBooster\PCBooster.exe"
"EstimatedSize" = "24653"

[HKLM\SOFTWARE\Wow6432Node\TweakBit\PCBooster\1.x\Settings]
"General.TrafficId" = "direct"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F7EC1FD0-023F-49E1-B604-D81DA4BC87CA}_is1]
"Inno Setup: User" = "%CurrentUserName%"
"NoModify" = "1"
"URLInfoAbout" = "http://www.tweakbit.com/support/contact/"
"Inno Setup: Setup Version" = "5.5.4 (u)"

[HKLM\SOFTWARE\Wow6432Node\TweakBit\PCBooster\1.x\Settings]
"General.Cookie" = ""

[HKLM\SOFTWARE\Wow6432Node\TweakBit\Google Analytics Package\1.x\Settings]
"ClientID" = "{DDC984F5-1F37-4B28-96BC-9CB42CE1F7B0}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F7EC1FD0-023F-49E1-B604-D81DA4BC87CA}_is1]
"Inno Setup: Language" = "default"
"DisplayName" = "TweakBit PCBooster"

[HKLM\SOFTWARE\Wow6432Node\TweakBit\PCBooster\1.x\Settings]
"App.Application.PurchaseUrlParam" = ""

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F7EC1FD0-023F-49E1-B604-D81DA4BC87CA}_is1]
"InstallLocation" = "%Program Files% (x86)\TweakBit\PCBooster\"
"NoRepair" = "1"
"Contact" = "[email protected]"
"Inno Setup: App Path" = "%Program Files% (x86)\TweakBit\PCBooster"
"MinorVersion" = "6"
"URLUpdateInfo" = "http://www.tweakbit.com/pc-booster"
"UninstallString" = "%Program Files% (x86)\TweakBit\PCBooster\unins000.exe"

[HKLM\SOFTWARE\Wow6432Node\TweakBit\ATUpdaters\1.x\Settings]
"Shared.Blocking.PCBooster" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F7EC1FD0-023F-49E1-B604-D81DA4BC87CA}_is1]
"QuietUninstallString" = "%Program Files% (x86)\TweakBit\PCBooster\unins000.exe /SILENT"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"Sequence" = "1"

[HKLM\SOFTWARE\Wow6432Node\TweakBit\PCBooster\1.x\Settings]
"GoogleAnalytics.InstallDate" = "41 ED 2D C1 C4 87 E4 40"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"SessionHash" = "54 65 6A 35 C7 BC 5C 1D A3 26 30 C3 D2 FF 26 64"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F7EC1FD0-023F-49E1-B604-D81DA4BC87CA}_is1]
"InstallDate" = "20150211"
"HelpLink" = "http://www.tweakbit.com/en/support.php"

[HKCU\Software\Microsoft\RestartManager\Session0000]
"Owner" = "C0 06 00 00 81 9B FC CB 9A 45 D0 01"

The Worm deletes the following registry key(s):

[HKCU\Software\Microsoft\RestartManager\Session0000]

The Worm deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\RestartManager\Session0000]
"RegFilesHash"
"Sequence"
"RegFiles0000"
"SessionHash"
"Owner"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

The process GASender.exe:3756 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionTime" = "D0 B2 BF DF 9A 45 D0 01"
"WpadDetectedUrl" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecisionReason" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadNetworkName" = "Network 3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 41 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDecisionReason" = "1"

"WpadDecisionTime" = "D0 B2 BF DF 9A 45 D0 01"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDecisionTime" = "D0 B2 BF DF 9A 45 D0 01"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Worm deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f3-c8-bd]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoDetect"
"ProxyOverride"
"ProxyServer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9C99CCBB-10A0-4B2A-A5BE-4CAC43F74632}]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-f5-e5-a3]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Auslogics Labs Pty Ltd
Product Name: TweakBit PCBooster
Product Version: 1.6.7.2
Legal Copyright: Copyright (c) 2008-2015 Auslogics Labs Pty Ltd
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.6.7.2
File Description: TweakBit PCBooster Installation File
Comments: This installation was built with Inno Setup.
Language: Language Neutral

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c2399040bb50fcad
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEBBwnU/1VAjXMGAB2OqRdbs=	178.255.83.1
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG+EAQUHsWxLH2H2gJofCW8DAeEP7bP3vECED1peiCJBlhSarL0zjkmq4A=	178.255.83.1
hxxp://www-google-analytics.l.google.com/collect
hxxp://www.tweakbit.com/pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now&registered=false	216.246.7.240
hxxp://www.tweakbit.com/pc-booster/cart/	216.246.7.240
hxxp://e6845.ce.akamaiedge.net/crls/secureca.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR6EHhJ4XUaQA4N26wwyKpLEnXRrAQULNVQQZcVi/CPNmFbSvtr2ZnJM5ICEAsdsakZ8kw8Tvy1empObL8=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTzWOT5x7dVAEdi9YzJMaln3bxMNwQUbyZW2Vzn98kEIPgeunyRJy+M+gcCEBHc6ENkz1QiC8Kfsu+chzI=
hxxp://e8218.ce.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg==
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR6EHhJ4XUaQA4N26wwyKpLEnXRrAQULNVQQZcVi/CPNmFbSvtr2ZnJM5ICEG6KkOvP8ESKcg0IBdCCpUQ=
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCSWGU/0VsUu
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBH5CtNBDuCd
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSqKwMUr2QuEw7WkiXj/yq61z1iMAQU3s9cULeuAh8VF6oW6A21KJ1qWvMCEAUfF2/jMYyltKg9vzWZLPM=
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA8YsyncEHuJ
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCALebVD3Ci3F
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDM203LqIY3d
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9825b6b6c367264b
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA6iR0vHFpqB
hxxp://d1gbu8yzpfdsn2.cloudfront.net/CRL/class2.crl
hxxp://e6845.ce.akamaiedge.net/ga.crt
hxxp://www-google-analytics.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCF+cplPoBBth
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTzWOT5x7dVAEdi9YzJMaln3bxMNwQUbyZW2Vzn98kEIPgeunyRJy+M+gcCEEjP467eza0GY3odRLpEEVc=
hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://gs1.wac.v2cdn.net/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnqkc=
hxxp://hostedocsp.globalsign.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68=
hxxp://cs1.wpc.v0cdn.net/pki/mscorp/crl/msitwww2.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://e6845.ce.akamaiedge.net/pca3.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY=
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg==	23.43.139.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCSWGU/0VsUu	173.194.113.199
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDM203LqIY3d	173.194.113.199
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCALebVD3Ci3F	173.194.113.199
hxxp://mscrl.microsoft.com/pki/mscorp/crl/msitwww2.crl	68.232.34.200
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl	88.221.132.166
hxxp://www.google-analytics.com/collect	173.194.113.198
hxxp://www.certplus.com/CRL/class2.crl	54.230.202.236
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY=	23.43.139.27
hxxp://crl.verisign.com/pca3.crl	23.43.133.163
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c2399040bb50fcad	88.221.132.177
hxxp://ga.symcb.com/ga.crt	23.43.133.163
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk=	23.43.139.27
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl	88.221.132.166
hxxp://gm.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSqKwMUr2QuEw7WkiXj/yq61z1iMAQU3s9cULeuAh8VF6oW6A21KJ1qWvMCEAUfF2/jMYyltKg9vzWZLPM=	23.43.139.27
hxxp://g2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR6EHhJ4XUaQA4N26wwyKpLEnXRrAQULNVQQZcVi/CPNmFbSvtr2ZnJM5ICEG6KkOvP8ESKcg0IBdCCpUQ=	23.43.139.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA6iR0vHFpqB	173.194.113.199
hxxp://ocsp.omniroot.com/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnqkc=	93.184.220.20
hxxp://crl.geotrust.com/crls/secureca.crl	23.43.133.163
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCF+cplPoBBth	173.194.113.199
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl	88.221.132.166
hxxp://gtextval2-ocsp.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTzWOT5x7dVAEdi9YzJMaln3bxMNwQUbyZW2Vzn98kEIPgeunyRJy+M+gcCEBHc6ENkz1QiC8Kfsu+chzI=	23.43.139.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA8YsyncEHuJ	173.194.113.199
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?9825b6b6c367264b	88.221.132.177
hxxp://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG+EAQUHsWxLH2H2gJofCW8DAeEP7bP3vECED1peiCJBlhSarL0zjkmq4A=	178.255.83.1
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=	23.43.139.27
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl	88.221.132.166
hxxp://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68=	108.162.232.207
hxxp://evsecure-ocsp.geotrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR6EHhJ4XUaQA4N26wwyKpLEnXRrAQULNVQQZcVi/CPNmFbSvtr2ZnJM5ICEAsdsakZ8kw8Tvy1empObL8=	23.43.139.27
hxxp://ga.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTzWOT5x7dVAEdi9YzJMaln3bxMNwQUbyZW2Vzn98kEIPgeunyRJy+M+gcCEEjP467eza0GY3odRLpEEVc=	23.43.139.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBH5CtNBDuCd	173.194.113.199
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=	23.43.139.27
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=	23.43.139.27
store.tweakbit.com	216.246.7.240
fonts.googleapis.com	64.233.165.95
www.google.com.ua	173.194.113.216
stats.g.doubleclick.net	74.125.143.157
googleads.g.doubleclick.net	173.194.113.217
extended-validation-ssl.geotrust.com	69.58.181.73
www.googleadservices.com	173.194.113.205
fonts.gstatic.com	173.194.113.207
mc.yandex.ru	213.180.193.119
seal.geotrust.com	23.64.217.144
ieonline.microsoft.com	204.79.197.200

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA UDPv4 invalid checksum
SURICATA IPv4 invalid checksum

Traffic

GET /pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now®istered=false HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Found

Date: Wed, 11 Feb 2015 01:38:16 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:38:16 GMT; path=/; domain=VVV.tweakbit.com

Location: /pc-booster/cart/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/html
........................


GET /pc-booster/cart/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Moved Temporarily

Date: Wed, 11 Feb 2015 01:38:16 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:38:16 GMT; path=/; domain=VVV.tweakbit.com

Location: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&ref=&affiliate=

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Content-Type: text/html
....................HTTP/1.1 302 Moved Temporarily..Date: Wed, 11 Feb 
2015 01:38:16 GMT..Server: Apache/2.2.16 (Debian)..X-Powered-By: PHP/5
.3.3-7 squeeze19..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Contro
l: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pra
gma: no-cache..Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; exp
ires=Sun, 12-Apr-2015 01:38:16 GMT; path=/; domain=VVV.tweakbit.com..L
ocation: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&re
f=&affiliate=..Vary: Accept-Encoding..Content-Encoding: gzip..Content-
Length: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Co
ntent-Type: text/html........................

GET /crls/secureca.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.geotrust.com

HTTP/1.1 200 OK

Server: Apache

ETag: "c449d4dd9061d0741beb9a23308d345b:1423617023"

Last-Modified: Wed, 11 Feb 2015 01:10:23 GMT

Date: Wed, 11 Feb 2015 01:34:28 GMT

Content-Length: 856

Connection: keep-alive

Content-Type: application/pkix-crl
0..T0...0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equ
ifax Secure Certificate Authority..150211004300Z..150221004300Z0..<
0....X...140427081922Z0....v...140618150003Z0........140429180917Z0...
.....140709194633Z0........140416233935Z0........140521155053Z0.....).
.140617185515Z0....Bf..120627171053Z0.....3..020515130611Z0.....#..140
606204021Z0........100729164439Z0........140606222139Z0....%...0205141
81157Z0........140725020038Z0........100729164732Z0....M\..14043000044
2Z0.....-..140617185011Z0....uU..150118022133Z0....V...140624123102Z0.
.......120627171025Z0........100301134531Z0........140618143256Z0.....
...120627171017Z0.....>..140711125531Z0....[...100730213120Z0....j.
..140226123519Z0...*.H.............v.S.t..w...../....9.}x.LJ.......L.W
.i...c...._ET.x....a.$....!G..x...0Bf,8.=.....,....k.#..P.D:.2....:.dC
|.....a".#g...,.H..|R?HTTP/1.1 200 OK..Server: Apache..ETag: "c449d4dd
9061d0741beb9a23308d345b:1423617023"..Last-Modified: Wed, 11 Feb 2015 
01:10:23 GMT..Date: Wed, 11 Feb 2015 01:34:28 GMT..Content-Length: 856
..Connection: keep-alive..Content-Type: application/pkix-crl..0..T0...
0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equifax Sec
ure Certificate Authority..150211004300Z..150221004300Z0..<0....X..
.140427081922Z0....v...140618150003Z0........140429180917Z0........140
709194633Z0........140416233935Z0........140521155053Z0.....)..1406171
85515Z0....Bf..120627171053Z0.....3..020515130611Z0.....#..14060620402
1Z0........100729164439Z0........140606222139Z0....%...02051418115
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1697

content-transfer-encoding: binary

Cache-Control: max-age=584746, public, no-transform, must-revalidate

Last-Modified: Tue, 10 Feb 2015 20:04:39 GMT

Expires: Tue, 17 Feb 2015 20:04:39 GMT

Date: Wed, 11 Feb 2015 01:38:53 GMT

Connection: keep-alive
0..........0..... .....0......0...0...A0?1=0;..U...4VeriSign Class 3 C
ode Signing 2004 CA OCSP Responder..20150210200439Z0s0q0I0... ........
[email protected].!......Q...==d6|h.[x....7..`..........cV.!.....201502
10200439Z....20150217200439Z0...*.H...............U.#..&1x1.......n...
tJ...-..`.-d...X.......\._......[]n\].;....n..}b..Y...b1.q....".2.<
.../..:....\..... ..?...Y. .EF.e....Y!T#SLa.......&....I.t..v...Cy'uGK
...g......-.........G>}q......1....p...pxP,.l.e^f5..i)xoE....]....t
..?.....~..Su......D.,...\........0...0...0..{.........[..I|.....Zm..0
...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....Veri
Sign Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/
rpa (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA0...140428000
000Z..150729235959Z0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA 
OCSP Responder0.."0...*.H.............0.........Y....h..@..>.....%.
-.....O...' y.........x..Gw.xF.....?..Z..u,.X.&..........3C..H.l.....f
..;]s!.\"v...|....][email protected]. ..W....n..*
..-f?EY.......UN...r...........-_.%..,P;b.....)(.P.4...,.%....<..6.
....[r^X.EV..S...5#'Y.. .TD...........0...0...U.......0.0...U.%..0... 
.......0...U...........0... .....0......0f..U. ._0]0[..`.H...E....0L0#
.. .........hXXps://d.symcb.com/cps0%.. .......0...hXXps://d.symcb.com
/rpa0!..U....0...0.1.0...U....TGV-B-1080...U......"...?....`>q..i1o
...0...U.#..0.....Q...==d6|h.[x....70...*.H.............B8@.$..wo.....
.E.....P52"b*@'C\.y.(...n....h.f..7f.....v...pb<...]..|........
<<< skipped >>>

GET /pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now®istered=false HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Found

Date: Wed, 11 Feb 2015 01:36:42 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:36:42 GMT; path=/; domain=VVV.tweakbit.com

Location: /pc-booster/cart/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/html
........................


GET /pc-booster/cart/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Moved Temporarily

Date: Wed, 11 Feb 2015 01:36:42 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:36:42 GMT; path=/; domain=VVV.tweakbit.com

Location: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&ref=&affiliate=

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Content-Type: text/html
....................HTTP/1.1 302 Moved Temporarily..Date: Wed, 11 Feb 
2015 01:36:42 GMT..Server: Apache/2.2.16 (Debian)..X-Powered-By: PHP/5
.3.3-7 squeeze19..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Contro
l: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pra
gma: no-cache..Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; exp
ires=Sun, 12-Apr-2015 01:36:42 GMT; path=/; domain=VVV.tweakbit.com..L
ocation: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&re
f=&affiliate=..Vary: Accept-Encoding..Content-Encoding: gzip..Content-
Length: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Co
ntent-Type: text/html........................

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: g.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1363

content-transfer-encoding: binary

Cache-Control: max-age=473109, public, no-transform, must-revalidate

Last-Modified: Mon, 9 Feb 2015 12:58:45 GMT

Expires: Mon, 16 Feb 2015 12:58:45 GMT

Date: Wed, 11 Feb 2015 01:34:29 GMT

Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015020
9125845Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:v....20150209125845Z....20150216125845Z0...*.H............
.e...c-.JM..D.9........[..NV...$..s ...K].3.',.yj.....*A.....i..h%..KC
B8?.y ..-w.".<..wF....&*.JF.^.._ .E.:.v.H......... !=.....C........
$...@..^.q/$?.V.Ul....D<..8...es.....V....E..10r...3.Ob............
...Yvr......]Uu?B.....j ^4$Lj@."-m.N?-@b...~n.......Z....0...0..}0..e.
.......:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U
....GeoTrust Global CA0...141201130534Z..151216130534Z02100...U...'Geo
Trust Global CA TGV OCSP Responder 30.."0...*.H.............0.........
...\.hpc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. syd.
....x..YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>x..
............6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|'..
..o...A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S............
.0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... ..
.....0...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-283
0...*.H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L...Dk
$a...nR9_......B......m....Y....U.5....'.....<{....v&=.2].....j*.r(
7...=..w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f...v
.....\.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i..%
....
<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c2399040bb50fcad HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 03 Jul 2014 23:34:12 GMT

If-None-Match: "0b2464b1797cf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com

HTTP/1.1 304 Not Modified

Content-Type: application/octet-stream

Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT

ETag: "0b2464b1797cf1:0"

Cache-Control: max-age=86400

Date: Wed, 11 Feb 2015 01:34:09 GMT

Connection: keep-alive
HTTP/1.1 304 Not Modified..Content-Type: application/octet-stream..Las
t-Modified: Thu, 03 Jul 2014 23:34:12 GMT..ETag: "0b2464b1797cf1:0"..C
ache-Control: max-age=86400..Date: Wed, 11 Feb 2015 01:34:09 GMT..Conn
ection: keep-alive..

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSOJaE2H4hHYQzP74hlLuO41NG+EAQUHsWxLH2H2gJofCW8DAeEP7bP3vECED1peiCJBlhSarL0zjkmq4A= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.comodoca.com

HTTP/1.1 200 OK

Date: Wed, 11 Feb 2015 01:34:20 GMT

Server: Apache/2.2.22 (Debian)

Last-Modified: Tue, 10 Feb 2015 00:55:42 GMT

Expires: Sat, 14 Feb 2015 00:55:42 GMT

ETag: 15A41E5FEAD49BEEB473C8F4DF54A5175EC84475

Cache-Control: max-age=256281,public,no-transform,must-revalidate

X-OCSP-Reponder-ID: h6edcaocsp8

Content-Length: 471

Connection: close

Content-Type: application/ocsp-response
0..........0..... .....0......0...0.........,}...h|%....?......2015021
0005542Z0s0q0I0... .........%.6..Ga....e............,}...h|%....?.....
.=iz ..XRj...9&......20150210005542Z....20150214005542Z0...*.H........
............Z.Y.P......>..... .`...}\..@....?..c.....h......tr)BzS.
...'.|..%2.O...9h.D..* .....E..9t.k........8=2.aQ....S..t9.4*.g....MA.
.B.O...\....b.U.;a... ...(...(..P......D)x.H.f..12`.bM....(^..o|5d....
@8j[..0b.^..'....//l[.._......^k........04......bu......

GET /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnqkc= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.omniroot.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/ocsp-response

Date: Wed, 11 Feb 2015 01:35:27 GMT

Last-Modified: Thu, 05 Feb 2015 19:47:05 GMT

Server: ECS (ams/D1C2)

X-Cache: HIT

Content-Length: 1406
0..z......s0..o.. .....0.....`0..\0......`;.l.uZ..k.F..^|A.Tb..2015020
5094606Z0g0e0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M..
..'.G....20150204200915Z....20150505201415Z0...*.H.............g...].R
...<[email protected].... .......v...MM.pos"y.#F..{K........D
.S_.F?.u...........Z"..?.....Q.:4...pm.T.R../{iU..6.........3z3.".....
.a._P.....e.n$-...SCoP..V....l.B.CU!....D..8....O. _....AHl{W=Dc. .(.I
`.h..e..R........I..K...6!.r....>t.l.../.I....0...0...0...........'
..0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....CyberTr
ust1"0 ..U....Baltimore CyberTrust Root0...150114195242Z..160114195229
Z0G1.0...U....US1.0...U....Cybertrust1#0!..U....Cybertrust-Validation-
20110.."0...*.H.............0.........?....(Fb....G... ..=..(L..wK...0
4..I......C...1.Z......U.$b.f..Pa.....S...#..B.........^T..IP8........
..h8GM..*.4.MP..../[email protected]
.x....$..@@....q2...Uby.e......D....lf...C....ZP}O......7...mM..c.g..j
.\.>.O....G.A........0..0... .....0......0...U.......0.0...U.......
....0...U.%..0... .......0...U.#..0.....Y0.GX....T6.{:..M.0...U......`
;.l.uZ..k.F..^|A.Tb0...*.H.............n.h\Ch*G.c..yr..."._....J.-....
j.t%..e.....([email protected]!m...sZH.N..>.S....K..........7wi3..x.D..l..u
d.....CC......<.&.2. ..d...T.......;.S....\... ......m.6......#(.&.
...q.[z.........r..T....W...7ea.}..B.1........al.]i.F...-.0c...y.=?...
.E...........'>..O.._..
<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?9825b6b6c367264b HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 12 Mar 2014 20:20:10 GMT

If-None-Match: "0b96c77303ecf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com

HTTP/1.1 200 OK

Cache-Control: max-age=604800

Content-Type: application/octet-stream

Last-Modified: Fri, 23 Jan 2015 02:29:11 GMT

Accept-Ranges: bytes

ETag: "803565fb436d01:0"

Server: Microsoft-IIS/8.5

X-Powered-By: ASP.NET

X-Powered-By: ARR/2.5

X-Powered-By: ASP.NET

Content-Length: 57591

Date: Wed, 11 Feb 2015 01:34:30 GMT

Connection: keep-alive
MSCF............,...................I.................6Fm. .authroot.s
tl......8..CK...<T...g.v!M.d..f.%d..}K..5......dM*K..J.,%K"...!..=.
k..........{=/....{g.~...............'....6..N....w......(.$.>.7...
........'.....`.bx....^..$.'.^.K.C......<[email protected]
.....usXq.d.i.jF$.4.........KI.Q........A2m:..E.P|...(.^p..=G|.....m..
....  .6...H.e.....X'...%$r.Y.(..)........|...;...V^r.VM.._*X.I. ..4..
...*.....Y..`.0w.u...c.i.[..-...x..<.8.<.p..,..y.[v.Yn`......!.s
...4e......B...$.,..........w.Pd.)....,..#.%..h...8...`.A...8.i(.!.$/.
=.....i.\X.H......"...a...k...y6....F.._?\*.&..3.AJo.!..`....9....=.p.
u..u....f.f....w...?..S..I.;.....5._...F.f..G?$......."..kq.y'.6tJ.e%.
.G.n.....z<.pX"....1..g."........V:.H.-...!}LM..t..-.y.j&...n{..-.]
H. .....A.O.Xg..B...#[email protected]..*.....T...}o._./S..h@$
[email protected]..#.:?."....1..v.....&G...?O1x6"5.@..$.U...n.J...w
.Y.{..........E.N.&...&.rC..W.....M.........,.e.....&eI(/eSO.B..K...R.
 [email protected].....(..Y./;-..M5.0.H2.y....:...........a.U....%.S.).^.
...1.B..a..=...q...X .B....F.../..../.Z...'..t....C....,.^...N=..t%N|I
C.#.)6...q.E.J.i.E.>....".L........>...Vy.7.jxx......G........._
q.1^..H&.4Z......^.E.K 9.Xg...qO.6%>..T....;n..s.'u.-...=.........p
..p.Rn.........=.......F........d. d.AR.0U..........9b...=N..#....c.Ic
z......u.0............Y.q..b.wYE.......R...s..W....r].....hT....k.g..[
...s.....X..`=zb.>..../..=........J.N.h...(}.5.7. .;..=F..F...'.?..
2...3...=...B..`....{...f.`Kb..@..`Z.0!^8.t..<l.j..lI.P.q.>k
<<< skipped >>>

GET /pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now®istered=false HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Found

Date: Wed, 11 Feb 2015 01:37:26 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:37:26 GMT; path=/; domain=VVV.tweakbit.com

Location: /pc-booster/cart/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/html
........................


GET /pc-booster/cart/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Moved Temporarily

Date: Wed, 11 Feb 2015 01:37:26 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:37:26 GMT; path=/; domain=VVV.tweakbit.com

Location: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&ref=&affiliate=

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Content-Type: text/html
....................HTTP/1.1 302 Moved Temporarily..Date: Wed, 11 Feb 
2015 01:37:26 GMT..Server: Apache/2.2.16 (Debian)..X-Powered-By: PHP/5
.3.3-7 squeeze19..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Contro
l: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pra
gma: no-cache..Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; exp
ires=Sun, 12-Apr-2015 01:37:26 GMT; path=/; domain=VVV.tweakbit.com..L
ocation: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&re
f=&affiliate=..Vary: Accept-Encoding..Content-Encoding: gzip..Content-
Length: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Co
ntent-Type: text/html........................

GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6dg== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: g.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1363

content-transfer-encoding: binary

Cache-Control: max-age=473109, public, no-transform, must-revalidate

Last-Modified: Mon, 9 Feb 2015 12:58:45 GMT

Expires: Mon, 16 Feb 2015 12:58:45 GMT

Date: Wed, 11 Feb 2015 01:34:29 GMT

Connection: keep-alive
0..O......H0..D.. .....0.....50..10......7).nj./P(.3.\\.;.B....2015020
9125845Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:v....20150209125845Z....20150216125845Z0...*.H............
.e...c-.JM..D.9........[..NV...$..s ...K].3.',.yj.....*A.....i..h%..KC
B8?.y ..-w.".<..wF....&*.JF.^.._ .E.:.v.H......... !=.....C........
$...@..^.q/$?.V.Ul....D<..8...es.....V....E..10r...3.Ob............
...Yvr......]Uu?B.....j ^4$Lj@."-m.N?-@b...~n.......Z....0...0..}0..e.
.......:}0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.1.0...U
....GeoTrust Global CA0...141201130534Z..151216130534Z02100...U...'Geo
Trust Global CA TGV OCSP Responder 30.."0...*.H.............0.........
...\.hpc..J.a.j-.t......F`Aw...)L.YE.2..~..-...2.Y(.".CZ.w..T..Y. syd.
....x..YE..<....lwv.:J.76>U....uF.a.|8N.. ..1p...`f.X...B>x..
............6..m.&...'..W.plK....[.m.V..h..lI.........?~.....>.|'..
..o...A!.Pm.*.N ...<.....3...*|.x._..1..m.W<*....._S............
.0..0...U.#..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... ..
.....0...U...........0...U.......0.0!..U....0...0.1.0...U....TGV-B-283
0...*.H.............~....2!...V..0...Y....L..k....z}~a.3Y.x..dS.L...Dk
$a...nR9_......B......m....Y....U.5....'.....<{....v&=.2].....j*.r(
7...=..w.I...z....\.#.J.ac.....I.[.[....6.X....0...g.3d...z.i.H..f...v
.....\.....^.N..1.J<.)`Z.....4.-.E..n.E.~t....v.e.T...?. ......i..%
....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCCSWGU/0VsUu HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Tue, 10 Feb 2015 17:47:49 GMT

Expires: Sat, 14 Feb 2015 17:47:49 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 28000

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015021
0130435Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.$..O.V......20150210130435Z....20150217130435Z0...*.H................
,u....$.I.v1..V..D...)[6.C...;..t.Wq#>w.X}P..$...D..s .n..PM0.P...\
...l*...0*.u1.y...mwBe.wd..W....B.#Y....-.....i.....["f..EV..S/.K...EP
.N.i.3*.....h. .Ip......Yu.M.p.L.O..P.~X.c.m.Gr.5..E...R..|.j.....~...
}....Iyt.....qv9$....M......../.a..L....Vj.h......


GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA8YsyncEHuJ HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 07 Feb 2015 20:26:45 GMT

Expires: Wed, 11 Feb 2015 20:26:45 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 277665

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
7130523Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
....)..{.....20150207130523Z....20150214130523Z0...*.H................
.M..ga..i..$5G:y ..6.....m.../T.F.....B...:a.g.BY[..?.Yh.8CX..(.j...x.
.......B.1.lgPW..=Y!..iQ.......W..m................%....rf#h..(.Co....
A.\..r.7......Q....%....F,]..S....eq.a....^.....R......,8.../$.....M.%
.I........?......Av..E"5..`.@......,...TNc.HTTP/1.1 200 OK..Content-Ty
pe: application/ocsp-response..Date: Sat, 07 Feb 2015 20:26:45 GMT..Ex
pires: Wed, 11 Feb 2015 20:26:45 GMT..Server: ocsp_responder..Content-
Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORI
GIN..Age: 277665..Alternate-Protocol: 80:quic,p=0.02..Cache-Control: p
ublic, max-age=345600..0..........0..... .....0......0...0......J.....
.h.v....b..Z./..20150207130523Z0k0i0A0... ..........j.....p.I.#z...(~d
..J......h.v....b..Z./.....)..{.....20150207130523Z....20150214130523Z
0...*.H.................M..ga..i..$5G:y ..6.....m.../T.F.....B...:a.g.
BY[..?.Yh.8CX..(.j...x........B.1.lgPW..=Y!..iQ.......W..m............
....%....rf#h..(.Co....A.\..r.7......Q....%....F,]..S....eq.a....^....
.R......,8.../$.....M.%.I........?......Av..E"5..`.@......,...TNc.nt>....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCALebVD3Ci3F HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 07 Feb 2015 16:05:55 GMT

Expires: Wed, 11 Feb 2015 16:05:55 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 293315

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
7130045Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...mP..-.....20150207130045Z....20150214130045Z0...*.H................
(.....~/j.J.y.PP<.......w.......u.AW|..K...x/.R..h..9. ..&.;?..^...
.n.n. ....|.d...L."?..\p..L...9 .KK3.........h5..tH ......j.........F.
!$.G...o95..$4.|6..r..... r.....Za.5..Y........J.z..l.U...H2[.....lV..
.2LCaE...V]..W...a.B.h..C[...!....Dz.j.?.*........


GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDM203LqIY3d HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 07 Feb 2015 16:02:51 GMT

Expires: Wed, 11 Feb 2015 16:02:51 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 293499

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
7130036Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.36.r.!......20150207130036Z....20150214130036Z0...*.H.............#F.
j......(.........z...}Q5.....j1A..1.r.....L..V...nk...@../#..s.`%..d..
.6....{.. X8..i1.{...t.b.........R5...B.~n.D(..}J.6-..'..1...K.t..?w.B
..U...R"[email protected]..........~.N1..YX'.A....DQ..r|)F3.M.Y......i..DwD...
n..Q&.;....|DI..sC.O..D.&o.....k.:.2.=C...ZHTTP/1.1 200 OK..Content-Ty
pe: application/ocsp-response..Date: Sat, 07 Feb 2015 16:02:51 GMT..Ex
pires: Wed, 11 Feb 2015 16:02:51 GMT..Server: ocsp_responder..Content-
Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORI
GIN..Age: 293499..Alternate-Protocol: 80:quic,p=0.02..Cache-Control: p
ublic, max-age=345600..0..........0..... .....0......0...0......J.....
.h.v....b..Z./..20150207130036Z0k0i0A0... ..........j.....p.I.#z...(~d
..J......h.v....b..Z./..36.r.!......20150207130036Z....20150214130036Z
0...*.H.............#F.j......(.........z...}Q5.....j1A..1.r.....L..V.
..nk...@../#..s.`%..d...6....{.. X8..i1.{...t.b.........R5...B.~n.D(..
}J.6-..'..1...K.t..?w.B..U...R"[email protected]..........~.N1..YX'.A....DQ..r
|)F3.M.Y......i..DwD...n..Q&.;....|DI..sC.O..D.&o.....k.:.2.=C...Znt>....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA6iR0vHFpqB HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 07 Feb 2015 16:06:08 GMT

Expires: Wed, 11 Feb 2015 16:06:08 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 293302

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
7130027Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...GK........20150207130027Z....20150214130027Z0...*.H...............7
....5vW.\...j}.7...[a.....:..rf.Z..d...h..Wvo.......2.cdZ.381.j}%...).
...?.....~UB.Z7......I&@...!...3w..:..=Z"...#p...bX...M.8|@e.....>.
qd...o_......Q0..|.....j.......RL....{!../..(.  ...V....1...N........K
.AtqL!./.1.).x.."..;.z4...P..G...|.j:.."..~.I.HTTP/1.1 200 OK..Content
-Type: application/ocsp-response..Date: Sat, 07 Feb 2015 16:06:08 GMT.
.Expires: Wed, 11 Feb 2015 16:06:08 GMT..Server: ocsp_responder..Conte
nt-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAME
ORIGIN..Age: 293302..Alternate-Protocol: 80:quic,p=0.02..Cache-Control
: public, max-age=345600..0..........0..... .....0......0...0......J..
....h.v....b..Z./..20150207130027Z0k0i0A0... ..........j.....p.I.#z...
(~d..J......h.v....b..Z./....GK........20150207130027Z....201502141300
27Z0...*.H...............7....5vW.\...j}.7...[a.....:..rf.Z..d...h..Wv
o.......2.cdZ.381.j}%...)....?.....~UB.Z7......I&@...!...3w..:..=Z"...
#p...bX...M.8|@e.....>.qd...o_......Q0..|.....j.......RL....{!../..
(.  ...V....1...N........K.AtqL!./.1.).x.."..;.z4...P..G...|.j:.."..~.
I.....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCF+cplPoBBth HTTP/1.1

Cache-Control: max-age = 345600

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 07 Feb 2015 22:46:52 GMT

Expires: Wed, 11 Feb 2015 22:46:52 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 269258

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
7190631Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
._..S...a....20150207190631Z....20150214190631Z0...*.H.............ET.
...}[email protected]........... ....6.~T.........R.........T.0.d5-.>
;...o.....o.CK..XM,69.......f..m-.n#v.)y-N........c.y.B7..l.d.*L...).7
Ec...*".z.i|[email protected]....&...\.........s./.X.......hgS.
.f...,.U.qY..#1......oV..>....>...WT.t.,QO..=.HTTP/1.1 200 OK..C
ontent-Type: application/ocsp-response..Date: Sat, 07 Feb 2015 22:46:5
2 GMT..Expires: Wed, 11 Feb 2015 22:46:52 GMT..Server: ocsp_responder.
.Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options
: SAMEORIGIN..Age: 269258..Alternate-Protocol: 80:quic,p=0.02..Cache-C
ontrol: public, max-age=345600..0..........0..... .....0......0...0...
...J......h.v....b..Z./..20150207190631Z0k0i0A0... ..........j.....p.I
.#z...(~d..J......h.v....b..Z./.._..S...a....20150207190631Z....201502
14190631Z0...*.H.............ET....}[email protected]........... ....6.
~T.........R.........T.0.d5-.>...o.....o.CK..XM,69.......f..m-.n#v.
)y-N........c.y.B7..l.d.*L...).7Ec...*".z.i|[email protected]..
..&...\.........s./.X.......hgS..f...,.U.qY..#1......oV..>....>.
..WT.t.,QO..=...
<<< skipped >>>

GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.msocsp.com

HTTP/1.1 200 OK

Date: Wed, 11 Feb 2015 01:35:27 GMT

Content-Type: application/ocsp-response

Content-Length: 1757

Connection: keep-alive

Set-Cookie: __cfduid=d2d0842adb2cfe463967fc5920b2d11041423618527; expires=Thu, 11-Feb-16 01:35:27 GMT; path=/; domain=.msocsp.com; HttpOnly

Last-Modified: Fri, 06 Feb 2015 23:51:50 GMT

Expires: Tue, 10 Feb 2015 23:51:50 GMT

ETag: "9006297540e316688484ed9e4b46a0dce7b0d372"

Cache-Control: max-age=345599,public,no-transform,must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 1b6ccf56df84046d-FRA
0..........0..... .....0......0...0..........<.|[email protected]|..2015
0206235150Z0..0..0L0... ........&."f........{5.....t..Q.$&..h"W.& ;Fb.
{.....Z..w...d..\.-....w.....20150206235150Z....20150210235150Z."0 0..
. .....0......20140206235150Z0...*.H.............Q."...T1..ý.Rs.(..%
l..<.....qN.jm\f...x3g...&.R.qQaH^....X.#{O G.....8K....(........f.
.&.%..m}.hU......9.......psNO.c;.Dz._....... ^..oQa48..6.......s.o..#.
]{D..nQL.2.;.i0.$Vp....6...:f.....h.O..#......8..!g<q...d.tl.....h(
..E.]-...................y.2.......0...0...0..........Z..~..M..<ZYJ
....~.0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....R
edmond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0...U..
..Microsoft IT SSL SHA20...141229205745Z..150314205745Z0!1.0...U....Sh
ould be ignore by CA0.."0...*.H.............0...........&!(..$.K...."=
f....x.d.._s.....j....9`..l.Z..............^f..u......-e.&.bG.(i.Q....
.......bEy...^7A...A..c....CF-&...e.7..7F....."..w...y.:..`.w{~..D.x*.
......x3Os......q...... S.fB .ig.....L..3......4E..}..7...M....e ...6.
M.O.....<5:......r.....]..A.5........0..0...U..........<.|7...@N
6p.I.e|0...U.#..0...Q.$&..h"W.& ;Fb.{...0...U...........0...U.%..0... 
.......0... .....7....0.0... .......0... .....0......0...*.H..........
........sa....^`.U.h.....(c[..j.|. ..#....3.5.?..L.....Z....J......*.w
...w.$.z..Y.d.....l.....G#.....o.\t.......(.B =..P..T....0./P.....z.3.
...L.O3....z...Wxo..~.OeH....c.i.@."..?d.......=v(.....m..LN..PP....&l
t;.}T.X......K.&e.S...|....% ...(F.=k..~.j..C......4.....c...._p..
<<< skipped >>>

GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68= HTTP/1.1

Cache-Control: no-cache

Connection: Keep-Alive

Pragma: no-cache

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.msocsp.com

HTTP/1.1 200 OK

Date: Wed, 11 Feb 2015 01:35:27 GMT

Content-Type: application/ocsp-response

Content-Length: 1757

Connection: keep-alive

Set-Cookie: __cfduid=d2d0842adb2cfe463967fc5920b2d11041423618527; expires=Thu, 11-Feb-16 01:35:27 GMT; path=/; domain=.msocsp.com; HttpOnly

Last-Modified: Fri, 06 Feb 2015 23:51:50 GMT

Expires: Tue, 10 Feb 2015 23:51:50 GMT

ETag: "9006297540e316688484ed9e4b46a0dce7b0d372"

Cache-Control: max-age=345599,public,no-transform,must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 1b6ccf572f8f046d-FRA
0..........0..... .....0......0...0..........<.|[email protected]|..2015
0206235150Z0..0..0L0... ........&."f........{5.....t..Q.$&..h"W.& ;Fb.
{.....Z..w...d..\.-....w.....20150206235150Z....20150210235150Z."0 0..
. .....0......20140206235150Z0...*.H.............Q."...T1..ý.Rs.(..%
l..<.....qN.jm\f...x3g...&.R.qQaH^....X.#{O G.....8K....(........f.
.&.%..m}.hU......9.......psNO.c;.Dz._....... ^..oQa48..6.......s.o..#.
]{D..nQL.2.;.i0.$Vp....6...:f.....h.O..#......8..!g<q...d.tl.....h(
..E.]-...................y.2.......0...0...0..........Z..~..M..<ZYJ
....~.0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....R
edmond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0...U..
..Microsoft IT SSL SHA20...141229205745Z..150314205745Z0!1.0...U....Sh
ould be ignore by CA0.."0...*.H.............0...........&!(..$.K...."=
f....x.d.._s.....j....9`..l.Z..............^f..u......-e.&.bG.(i.Q....
.......bEy...^7A...A..c....CF-&...e.7..7F....."..w...y.:..`.w{~..D.x*.
......x3Os......q...... S.fB .ig.....L..3......4E..}..7...M....e ...6.
M.O.....<5:......r.....]..A.5........0..0...U..........<.|7...@N
6p.I.e|0...U.#..0...Q.$&..h"W.& ;Fb.{...0...U...........0...U.%..0... 
.......0... .....7....0.0... .......0... .....0......0...*.H..........
........sa....^`.U.h.....(c[..j.|. ..#....3.5.?..L.....Z....J......*.w
...w.$.z..Y.d.....l.....G#.....o.\t.......(.B =..P..T....0./P.....z.3.
...L.O3....z...Wxo..~.OeH....c.i.@."..?d.......=v(.....m..LN..PP....&l
t;.}T.X......K.&e.S...|....% ...(F.=k..~.j..C......4.....c...._p..
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDM203LqIY3d HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 07 Feb 2015 16:02:51 GMT

Expires: Wed, 11 Feb 2015 16:02:51 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 293499

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
7130036Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.36.r.!......20150207130036Z....20150214130036Z0...*.H.............#F.
j......(.........z...}Q5.....j1A..1.r.....L..V...nk...@../#..s.`%..d..
.6....{.. X8..i1.{...t.b.........R5...B.~n.D(..}J.6-..'..1...K.t..?w.B
..U...R"[email protected]..........~.N1..YX'.A....DQ..r|)F3.M.Y......i..DwD...
n..Q&.;....|DI..sC.O..D.&o.....k.:.2.=C...ZHTTP/1.1 200 OK..Content-Ty
pe: application/ocsp-response..Date: Sat, 07 Feb 2015 16:02:51 GMT..Ex
pires: Wed, 11 Feb 2015 16:02:51 GMT..Server: ocsp_responder..Content-
Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORI
GIN..Age: 293499..Alternate-Protocol: 80:quic,p=0.02..Cache-Control: p
ublic, max-age=345600..0..........0..... .....0......0...0......J.....
.h.v....b..Z./..20150207130036Z0k0i0A0... ..........j.....p.I.#z...(~d
..J......h.v....b..Z./..36.r.!......20150207130036Z....20150214130036Z
0...*.H.............#F.j......(.........z...}Q5.....j1A..1.r.....L..V.
..nk...@../#..s.`%..d...6....{.. X8..i1.{...t.b.........R5...B.~n.D(..
}J.6-..'..1...K.t..?w.B..U...R"[email protected]..........~.N1..YX'.A....DQ..r
|)F3.M.Y......i..DwD...n..Q&.;....|DI..sC.O..D.&o.....k.:.2.=C...Znt>....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCF+cplPoBBth HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 07 Feb 2015 22:46:52 GMT

Expires: Wed, 11 Feb 2015 22:46:52 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 269258

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
7190631Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
._..S...a....20150207190631Z....20150214190631Z0...*.H.............ET.
...}[email protected]........... ....6.~T.........R.........T.0.d5-.>
;...o.....o.CK..XM,69.......f..m-.n#v.)y-N........c.y.B7..l.d.*L...).7
Ec...*".z.i|[email protected]....&...\.........s./.X.......hgS.
.f...,.U.qY..#1......oV..>....>...WT.t.,QO..=.HTTP/1.1 200 OK..C
ontent-Type: application/ocsp-response..Date: Sat, 07 Feb 2015 22:46:5
2 GMT..Expires: Wed, 11 Feb 2015 22:46:52 GMT..Server: ocsp_responder.
.Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options
: SAMEORIGIN..Age: 269258..Alternate-Protocol: 80:quic,p=0.02..Cache-C
ontrol: public, max-age=345600..0..........0..... .....0......0...0...
...J......h.v....b..Z./..20150207190631Z0k0i0A0... ..........j.....p.I
.#z...(~d..J......h.v....b..Z./.._..S...a....20150207190631Z....201502
14190631Z0...*.H.............ET....}[email protected]........... ....6.
~T.........R.........T.0.d5-.>...o.....o.CK..XM,69.......f..m-.n#v.
)y-N........c.y.B7..l.d.*L...).7Ec...*".z.i|[email protected]..
..&...\.........s./.X.......hgS..f...,.U.qY..#1......oV..>....>.
..WT.t.,QO..=...
<<< skipped >>>

GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1

Cache-Control: max-age = 812

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 23 Oct 2014 05:05:32 GMT

If-None-Match: "a2f3ff97eeecf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Wed, 07 Jan 2015 06:02:43 GMT

Accept-Ranges: bytes

ETag: "88c4768d3f2ad01:0"

Server: Microsoft-IIS/8.5

VTag: 438410416000000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 813

Cache-Control: max-age=900

Date: Wed, 11 Feb 2015 01:34:50 GMT

Connection: keep-alive
0..)0......0...*.H........0_1.0.....&...,d....com1.0.....&...,d....mic
rosoft1-0 ..U...$Microsoft Root Certificate Authority..150106214825Z..
150407100825Z0.0...a......../..100208014912Z._0]0...U.#..0......`@V'..
%..*..S.Y..0... .....7.......0...U......(0... .....7......150406215825
Z0...*.H..............vQ..r..L.Q.N..=#.......V;..r../\.m..<.."...F/
U....(:.....xm.....P.e.F..BE8......=...G....6t:...?...L..B.v..p.M.....
...z..Q.%J.6..I.......8...U. .g..=T=K....L..$w...^....y~..-a.'...*s#N.
o..Qs.$h..:duV'~....8.6..w..b3.... .~)...|.I.y".>R.nJq.ws...3.....f
}.E)\......EB.d\.2.....h...lMjT.7..lj.'lj.b....".L.Os6{[email protected].|7z
.. ......>..Q...([email protected]\]#..Y.*.......T. .C.....A'..
5FW.ETDvX..tE.....g5.....&..&.....x.^H;...../7..'9.t.I&<[.HX.j....Q
w......}...qy3..q`<.....LB.9w|....;..Qw..a ..=.C.:.........


GET /pki/crl/products/WinPCA.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Mon, 06 Oct 2014 05:06:02 GMT

If-None-Match: "3e1c83923e1cf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Sun, 21 Dec 2014 06:03:02 GMT

Accept-Ranges: bytes

ETag: "d2e35dc7e31cd01:0"

Server: Microsoft-IIS/8.5

VTag: 4389615400000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 561

Cache-Control: max-age=900

Date: Wed, 11 Feb 2015 01:34:51 GMT

Connection: keep-alive
0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U
....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Window
s Verification PCA..141220223154Z..150321105154Z._0]0...U.#..0.......p
............<.J0... .....7.......0...U......30... .....7......15032
0224154Z0...*.H.............h.~oH#i.J.vh_.....A'B..g...........F....9c
.{[email protected].^ 4.r..Wv.Q.0.w..j....c9..w....I..%.~.l..F.......xo....
_...o...7BR.;<..\R/ .....b.(....~..]|.v.u.i.X.B....I......./*...P..
A..fi.}& .x.v{TFP[.G......A......L.o...)R.......V.u..V.../.Q..(L.]....
.uki~......


GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Sat, 04 Oct 2014 05:06:12 GMT

If-None-Match: "58cddbea90dfcf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Fri, 19 Dec 2014 06:02:00 GMT

Accept-Ranges: bytes

ETag: "9a9a44d511bd01:0"

Server: Microsoft-IIS/8.0

VTag: 438346843700000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 550

Cache-Control: max-age=900

Date: Wed, 11 Feb 2015 01:34:51 GMT

Connection: keep-alive
0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-St
amp PCA..141218221600Z..150319103600Z._0]0...U.#..0...#[email protected].. .
.5..0... .....7.......0...U......10... .....7......150318222600Z0...*.
H............./..0Q~.r.}.E....&\....F.Z.C..#..F.s........<&\..9G..-
....j..N... .C.Fk....;l.....2.K5D.........-.>...(...g.0.S.[?...T4q&
gt;[email protected].('..e...Y..Bo..q..........I....'....i>
..y:.eH@h`..\...UA.m#.~.. ;.3..d..;..<..........p..s..J..N `Az.....
[email protected]/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modifie
d: Fri, 19 Dec 2014 06:02:00 GMT..Accept-Ranges: bytes..ETag: "9a9a44d
511bd01:0"..Server: Microsoft-IIS/8.0..VTag: 438346843700000000..P3P: 
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR S
AMo CNT COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Conte
nt-Length: 550..Cache-Control: max-age=900..Date: Wed, 11 Feb 2015 01:
34:51 GMT..Connection: keep-alive..0.."0......0...*.H........0w1.0...U
....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corp
oration1!0...U....Microsoft Time-Stamp PCA..141218221600Z..15031910360
0Z._0]0...U.#..0...#[email protected].. ..5..0... .....7.......0...U......10
... .....7......150318222600Z0...*.H............./..0Q~.r.}.E....&\...
.F.Z.C..#..F.s........<&\..9G..-....j..N... .C.Fk....;l.....2.K5D..
.......-.>...(...g.0.S.[?...T4q>[email protected].('..e.
..Y..Bo..q..........I....'....i>..y:.eH@h`..\...UA.m#.~.. ;.3..
<<< skipped >>>

GET /pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now®istered=false HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Found

Date: Wed, 11 Feb 2015 01:35:09 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:35:09 GMT; path=/; domain=VVV.tweakbit.com

Location: /pc-booster/cart/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/html
........................


GET /pc-booster/cart/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Moved Temporarily

Date: Wed, 11 Feb 2015 01:35:10 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:35:10 GMT; path=/; domain=VVV.tweakbit.com

Location: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&ref=&affiliate=

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Content-Type: text/html
....................HTTP/1.1 302 Moved Temporarily..Date: Wed, 11 Feb 
2015 01:35:10 GMT..Server: Apache/2.2.16 (Debian)..X-Powered-By: PHP/5
.3.3-7 squeeze19..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Contro
l: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pra
gma: no-cache..Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; exp
ires=Sun, 12-Apr-2015 01:35:10 GMT; path=/; domain=VVV.tweakbit.com..L
ocation: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&re
f=&affiliate=..Vary: Accept-Encoding..Content-Encoding: gzip..Content-
Length: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Co
ntent-Type: text/html........................

GET /pca3.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.verisign.com

HTTP/1.1 200 OK

Server: Apache

ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"

Last-Modified: Fri, 19 Dec 2014 01:00:19 GMT

Date: Wed, 11 Feb 2015 01:38:53 GMT

Content-Length: 933

Connection: keep-alive

Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U
....Class 3 Public Primary Certification Authority..141210000000Z..150
331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y
.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.....
..fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R
.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....
u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2..
..{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N
....* [email protected]!..Y......w
`G........070411175657Z0!..Z`[email protected].*q..080403172017Z0!..l....I..
.Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1
..7<.....e..010207211822Z0...*.H............5..v...V.._)....A... ..
..>.5]....6.(.0uFW.*:T...6$.....R...Y.N.k........%Jn..I.j*.6.3~...r
../[email protected]?....0.A.HTTP/1.1 200 OK..Server: Apache.
.ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"..Last-Modified: F
ri, 19 Dec 2014 01:00:19 GMT..Date: Wed, 11 Feb 2015 01:38:53 GMT..Con
tent-Length: 933..Connection: keep-alive..Content-Type: application/pk
ix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc
.1705..U....Class 3 Public Primary Certification Authority..1412100000
00Z..150331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A..
...{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y
..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!.
<<< skipped >>>

GET /pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now®istered=false HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Found

Date: Wed, 11 Feb 2015 01:38:41 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:38:41 GMT; path=/; domain=VVV.tweakbit.com

Location: /pc-booster/cart/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/html
........................


GET /pc-booster/cart/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Moved Temporarily

Date: Wed, 11 Feb 2015 01:38:41 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:38:41 GMT; path=/; domain=VVV.tweakbit.com

Location: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&ref=&affiliate=

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Content-Type: text/html
....................HTTP/1.1 302 Moved Temporarily..Date: Wed, 11 Feb 
2015 01:38:41 GMT..Server: Apache/2.2.16 (Debian)..X-Powered-By: PHP/5
.3.3-7 squeeze19..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Contro
l: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pra
gma: no-cache..Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; exp
ires=Sun, 12-Apr-2015 01:38:41 GMT; path=/; domain=VVV.tweakbit.com..L
ocation: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&re
f=&affiliate=..Vary: Accept-Encoding..Content-Encoding: gzip..Content-
Length: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Co
ntent-Type: text/html........................

GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Wed, 28 Jan 2015 06:05:55 GMT

Accept-Ranges: bytes

ETag: "75565c7ac03ad01:0"

Server: Microsoft-IIS/8.5

VTag: 438743915800000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 554

Cache-Control: max-age=900

Date: Wed, 11 Feb 2015 01:38:58 GMT

Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Si
gning PCA..150127173215Z..150428055215Z.a0_0...U.#..0..........X..7.3.
..L...0... .....7.........0...U......Y0... .....7......150427174215Z0.
..*.H......................YIw.. ..(..y..O.G].B.."?.@...[1.}.X...]...e
.J....pP.I....!6...%.D.k...>c.|R.?.i..yt.z..B.........b....n..m5...
0....2..I!)v....z....y.#pXz.DO.....mF...e.'e...@.%...6./.bPZ...=....bp
[email protected]..@.. ...M....z....Q...{u. .W....

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=500986, public, no-transform, must-revalidate

Last-Modified: Mon, 9 Feb 2015 20:44:25 GMT

Expires: Mon, 16 Feb 2015 20:44:25 GMT

Date: Wed, 11 Feb 2015 01:38:55 GMT

Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015020
9204425Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.l$.%t...............20150209204425Z....20150216204425Z0...*.H........
......'.^.M......_.(.~....b^:.[&...z.^.W.<'g.[..N..Y.k...i....U.Kc-
.:B....]#...l.^..S0K.OV.. ..D/&.E?./...~.z....~.E.YA....c.4...~.t.$..X
[email protected]......... .^.....7.t...*T.=1.3..I...n..m.i9.6l.....
!..r..;..8..V...._......t..YE.^9.7...*&_.a......dM.......#0...0...0...
.......<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
..{(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(....
......p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.
}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....
(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U..
..0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisig
n.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp.
 by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U.....
...0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCBH5CtNBDuCd HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Mon, 09 Feb 2015 13:44:47 GMT

Expires: Fri, 13 Feb 2015 13:44:47 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 128982

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
9070755Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.....A.......20150209070755Z....20150216070755Z0...*.H..............-.
..Z3..\.wUy......z..U..........mAh.8.3}............9Qu....u.b.........
&ZN/.i.Bnj...xf!.m...D.CF... .eF.J..I.K....8.n~%;....q....z....d....k.
E.9.x..|.aU...l......t!TW.......,.p..V..C.Iu..5........I$.#l......b...
..5..25Y.Yh....cW.k.c].....a....]..>O....D.HTTP/1.1 200 OK..Content
-Type: application/ocsp-response..Date: Mon, 09 Feb 2015 13:44:47 GMT.
.Expires: Fri, 13 Feb 2015 13:44:47 GMT..Server: ocsp_responder..Conte
nt-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAME
ORIGIN..Age: 128982..Alternate-Protocol: 80:quic,p=0.02..Cache-Control
: public, max-age=345600..0..........0..... .....0......0...0......J..
....h.v....b..Z./..20150209070755Z0k0i0A0... ..........j.....p.I.#z...
(~d..J......h.v....b..Z./......A.......20150209070755Z....201502160707
55Z0...*.H..............-...Z3..\.wUy......z..U..........mAh.8.3}.....
.......9Qu....u.b.........&ZN/.i.Bnj...xf!.m...D.CF... .eF.J..I.K....8
.n~%;....q....z....d....k.E.9.x..|.aU...l......t!TW.......,.p..V..C.Iu
..5........I$.#l......b.....5..25Y.Yh....cW.k.c].....a....]..>O....
D.....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCALebVD3Ci3F HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 07 Feb 2015 16:05:55 GMT

Expires: Wed, 11 Feb 2015 16:05:55 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 293315

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
7130045Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...mP..-.....20150207130045Z....20150214130045Z0...*.H................
(.....~/j.J.y.PP<.......w.......u.AW|..K...x/.R..h..9. ..&.;?..^...
.n.n. ....|.d...L."?..\p..L...9 .KK3.........h5..tH ......j.........F.
!$.G...o95..$4.|6..r..... r.....Za.5..Y........J.z..l.U...H2[.....lV..
.2LCaE...V]..W...a.B.h..C[...!....Dz.j.?.*........


GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCALebVD3Ci3F HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 07 Feb 2015 16:05:55 GMT

Expires: Wed, 11 Feb 2015 16:05:55 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 293315

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
7130045Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...mP..-.....20150207130045Z....20150214130045Z0...*.H................
(.....~/j.J.y.PP<.......w.......u.AW|..K...x/.R..h..9. ..&.;?..^...
.n.n. ....|.d...L."?..\p..L...9 .KK3.........h5..tH ......j.........F.
!$.G...o95..$4.|6..r..... r.....Za.5..Y........J.z..l.U...H2[.....lV..
.2LCaE...V]..W...a.B.h..C[...!....Dz.j.?.*........


GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCDM203LqIY3d HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 07 Feb 2015 16:02:51 GMT

Expires: Wed, 11 Feb 2015 16:02:51 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 293499

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
7130036Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.36.r.!......20150207130036Z....20150214130036Z0...*.H.............#F.
j......(.........z...}Q5.....j1A..1.r.....L..V...nk...@../#..s.`%..d..
.6....{.. X8..i1.{...t.b.........R5...B.~n.D(..}J.6-..'..1...K.t..?w.B
..U...R"[email protected]..........~.N1..YX'.A....DQ..r|)F3.M.Y......i..DwD...
n..Q&.;....|DI..sC.O..D.&o.....k.:.2.=C...ZHTTP/1.1 200 OK..Content-Ty
pe: application/ocsp-response..Date: Sat, 07 Feb 2015 16:02:51 GMT..Ex
pires: Wed, 11 Feb 2015 16:02:51 GMT..Server: ocsp_responder..Content-
Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORI
GIN..Age: 293499..Alternate-Protocol: 80:quic,p=0.02..Cache-Control: p
ublic, max-age=345600..0..........0..... .....0......0...0......J.....
.h.v....b..Z./..20150207130036Z0k0i0A0... ..........j.....p.I.#z...(~d
..J......h.v....b..Z./..36.r.!......20150207130036Z....20150214130036Z
0...*.H.............#F.j......(.........z...}Q5.....j1A..1.r.....L..V.
..nk...@../#..s.`%..d...6....{.. X8..i1.{...t.b.........R5...B.~n.D(..
}J.6-..'..1...K.t..?w.B..U...R"[email protected]..........~.N1..YX'.A....DQ..r
|)F3.M.Y......i..DwD...n..Q&.;....|DI..sC.O..D.&o.....k.:.2.=C...Znt>....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA6iR0vHFpqB HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 07 Feb 2015 16:06:08 GMT

Expires: Wed, 11 Feb 2015 16:06:08 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 293302

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
7130027Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...GK........20150207130027Z....20150214130027Z0...*.H...............7
....5vW.\...j}.7...[a.....:..rf.Z..d...h..Wvo.......2.cdZ.381.j}%...).
...?.....~UB.Z7......I&@...!...3w..:..=Z"...#p...bX...M.8|@e.....>.
qd...o_......Q0..|.....j.......RL....{!../..(.  ...V....1...N........K
.AtqL!./.1.).x.."..;.z4...P..G...|.j:.."..~.I.HTTP/1.1 200 OK..Content
-Type: application/ocsp-response..Date: Sat, 07 Feb 2015 16:06:08 GMT.
.Expires: Wed, 11 Feb 2015 16:06:08 GMT..Server: ocsp_responder..Conte
nt-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAME
ORIGIN..Age: 293302..Alternate-Protocol: 80:quic,p=0.02..Cache-Control
: public, max-age=345600..0..........0..... .....0......0...0......J..
....h.v....b..Z./..20150207130027Z0k0i0A0... ..........j.....p.I.#z...
(~d..J......h.v....b..Z./....GK........20150207130027Z....201502141300
27Z0...*.H...............7....5vW.\...j}.7...[a.....:..rf.Z..d...h..Wv
o.......2.cdZ.381.j}%...)....?.....~UB.Z7......I&@...!...3w..:..=Z"...
#p...bX...M.8|@e.....>.qd...o_......Q0..|.....j.......RL....{!../..
(.  ...V....1...N........K.AtqL!./.1.).x.."..;.z4...P..G...|.j:.."..~.
I...
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1453

content-transfer-encoding: binary

Cache-Control: max-age=460840, public, no-transform, must-revalidate

Last-Modified: Mon, 9 Feb 2015 09:39:15 GMT

Expires: Mon, 16 Feb 2015 09:39:15 GMT

Date: Wed, 11 Feb 2015 01:38:52 GMT

Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....2015020
9093915Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a.
.eR&.....Y.)..".\....20150209093915Z....20150216093915Z0...*.H........
.....~0...hO6...:&.O........D......Bnr.s.PL.....a.......|..]'[>...`
......I...P<I.$.T.....s..zF....... R...39...<.. J........~..{.g.
...W#..............|.r.l..<4.b.....er.kw.3.....P[.........Q.....Z?.
Sa.........6.F......8.{E.[......mQ/[email protected]."O.\....3.S.....0..
.0...0..3......./...b.v..-....l}0...*.H........0_1.0...U....US1.0...U.
...VeriSign, Inc.1705..U....Class 3 Public Primary Certification Autho
rity0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symante
c Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Clas
s 3 PCA - G1 OCSP Responder Certificate 30.."0...*.H.............0....
......'......Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....
H..3-; ).....0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M..
.T..pS.p..^|o....S..v.).)[email protected]#qh...u1T.].G0.]
E...=._...... ........TE...Sa.s4........r...3.............0..0...U....
0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps
0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U..
......0... .....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.....
........$..H......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e....
...a..D...........e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :
,....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=500835, public, no-transform, must-revalidate

Last-Modified: Mon, 9 Feb 2015 20:44:24 GMT

Expires: Mon, 16 Feb 2015 20:44:24 GMT

Date: Wed, 11 Feb 2015 01:38:52 GMT

Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015020
9204424Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
..M.s.Q~...@?j.......20150209204424Z....20150216204424Z0...*.H........
......2..T.U...=..C.V....Bo9..e..2.....S.'.#../Y].k.....n..1.8J\..PM.x
Y.P6H.....Q9...]...Z..d...Bl...!..7W.P*..-.a.-...q.f'k.d.Z...o.. D.q.8
w.!.:..8...C0.j.%V.#&.d..n..Q.,..kE.s...*....p..7....~..MI.LFE....e../
.....\..,Z.clG...v.R....Q....o.w..`...@^...%...K..,...#0...0...0......
....<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriS
ign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at h
ttps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Sign
ing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U..
..VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of u
se at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3
 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{
(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(.......
...p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}..
.r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n.
.i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0
.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.c
om/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by
 reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........
0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H......
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR6EHhJ4XUaQA4N26wwyKpLEnXRrAQULNVQQZcVi/CPNmFbSvtr2ZnJM5ICEG6KkOvP8ESKcg0IBdCCpUQ= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: g2.symcb.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1426

content-transfer-encoding: binary

Cache-Control: max-age=423565, public, no-transform, must-revalidate

Last-Modified: Sun, 8 Feb 2015 23:09:01 GMT

Expires: Sun, 15 Feb 2015 23:09:01 GMT

Date: Wed, 11 Feb 2015 01:34:29 GMT

Connection: keep-alive
0..........0..... .....0.....t0..p0........[..)...g..M..o......2015020
8230901Z0s0q0I0... [email protected]....,.PA.....6a[J.k...3..
.n.....D.r......D....20150208230901Z....20150215230901Z0...*.H........
.....^.z9a...e'.Y...H.{.Y..p........9....>;..i.....c........#'Nf..E
.,.8..x.....%Y.7..M..L........itl...5.;.0T.iY...>...]n...5.=..H~..3
e.|_J.e..X{....Y9.........=..)).......l...v..^!.n./....].]......TE.]..
......o..S....A..NBM.N..$...Q...h......r..D .r.~..K..X.a:....0...0...0
..........u$"(D.X....A.j<.0...*.H........0X1.0...U....US1.0...U....
GeoTrust Inc.110/..U...(GeoTrust Primary Certification Authority0...14
1202000000Z..151216235959Z0d1.0...U....US1.0...U....GeoTrust Inc.1=0;.
.U...4GeoTrust Primary CA OCSP-TGV Responder Certificate 30.."0...*.H.
............0.........>....L.B. (..j.P....Zf.xEKI...w5(.&...@......
..5a().D8.......... .....|~t...)..y..\.....B...1..}.<.....xv..m.8. 
;.b.6..6?....n...1.@u.......[.IM.A.@...=...o....`.ik.....Z.[D0.X...|.R
`}...b....AW~.......!...Z....#.a...cW..].C.erl.3%.F..{/...C)..H...(...
]........i0g0...U.%..0... .......0... .....0......0...U.......0.0...U.
..........0!..U....0...0.1.0...U....TGV-B-2780...*.H.............f9(.F
.?...Tn4.....V.....qp..............ZL........YC';..wz.o..).........k.p
.6U..d.....X.M./..fm.w[g!..7].N.^.......4.[0.C...'.,.Y......;....A`...
......T.b.......Z..HCB.c...3.4`g./!...j.#.L.;..Gv..V....h._.........Du
7...-.s......Q....!...J...S...W....g...z...
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRtl6lMY2+iPob4twryIF+FfgUdvwQUK8NGq7oOyWUqRtF5R8Ri4uHa/LgCEBBwnU/1VAjXMGAB2OqRdbs= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.usertrust.com

HTTP/1.1 200 OK

Date: Wed, 11 Feb 2015 01:34:14 GMT

Server: Apache/2.2.22 (Debian)

Last-Modified: Mon, 09 Feb 2015 18:46:20 GMT

Expires: Fri, 13 Feb 2015 18:46:20 GMT

ETag: 01062FBB3D0546CB913A2AA747FBA98E2C378255

Cache-Control: max-age=234125,public,no-transform,must-revalidate

X-OCSP-Reponder-ID: h6edcaocsp8

Content-Length: 471

Connection: close

Content-Type: application/ocsp-response
0..........0..... .....0......0...0...... .F....e*F.yG.b.......2015020
9184620Z0s0q0I0... ........m..Lco.>..... _.~..... .F....e*F.yG.b...
.....p.O.T..0`....u.....20150209184620Z....20150213184620Z0...*.H.....
........%...........FZ...%........./b..=.P."_.1.....p..J.S.}Q...<t.
.MF.......Z..M....!....D.}...z....Y..H.3.t?.a.Q`H.....`\..f....q.3.W6.
..|.....g..b.Nu..a....w.".....".m.y..... P.f....1y..>)`..)..O..l..&
gt;..N...z...Q.KX......e;[vb..3.H.`..f....rt.P5.O.4%...Z......\..

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSqKwMUr2QuEw7WkiXj/yq61z1iMAQU3s9cULeuAh8VF6oW6A21KJ1qWvMCEAUfF2/jMYyltKg9vzWZLPM= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gm.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1425

content-transfer-encoding: binary

Cache-Control: max-age=349869, public, no-transform, must-revalidate

Last-Modified: Sun, 8 Feb 2015 02:43:43 GMT

Expires: Sun, 15 Feb 2015 02:43:43 GMT

Date: Wed, 11 Feb 2015 01:34:29 GMT

Connection: keep-alive
0..........0..... .....0.....s0..o0.......B...".....s\.tc......2015020
8024343Z0s0q0I0... ......... ...d.....%..*..=b0....\P...........(.jZ..
....o.1....=.5.,.....20150208024343Z....20150215024343Z0...*.H........
......).......9V....DM......u'...)..].....4...K'...Z...T^m$...$.~..e..
4N.. H.kc......X..$:......;U....~U.[3m?....S.SW..c.).&..G...}._.b~..DK
K6..>..v.>.I....IV.N........R.u$TV.g<O...o.....a...w..o...b.'
t_....bdR..Q....U'...Z....[.'....=....L..k.._")......... ..a....0...0.
..0..........M. K..jU.....w .0...*.H........0G1.0...U....US1.0...U....
GeoTrust Inc.1 0...U....GeoTrust EV SSL CA - G40...150119000000Z..1504
19235959Z011/0-..U...&GeoTrust EV SSL CA - G4 OCSP Responder0.."0...*.
[email protected] [email protected]...."[email protected]..&&
...%..).........m.........C. ..8..w.^.....Q..b.?.......|...nMb5..}....
..=...a}......;[T"%.;..i..y..p..[l.b.3!.L...8..T7F...;N."[email protected]
.......{..*..<.O......(l..g_ ..E....Q#.{N]....T..o../.,Y"......s<
;H.PC........0..0... .....0......0"..U....0...0.1.0...U....TGV-B-28620
...U.#..0.....\P...........(.jZ.0...U.......B...".....s\.tc....0...U..
.....0.0...U.%..0... .......0...U...........0...*.H.............]...!3
...I..g..X_O.32(.M...R#......[C....23.....@.$....&.C.......&.....K...:
..._.1.....r.u...u...{...q_(..%?...;.OY&.Jo-....3w......&. Aa.19.q.Q..
J<p^...P.. ..S...V=..(.....i.. .Y...~.z_.=.}....Q.">...Y..P.kd..
...2..[X-L..c..1...i$"....g..?.A....i...M.v..u..
<<< skipped >>>

POST /collect HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Host: VVV.google-analytics.com

Content-Length: 113

Cache-Control: no-cache

v=1&tid=UA-49608409-4&cid={DDC984F5-1F37-4B28-96BC-9CB42CE1F7B0}&t=event&ec=1.6.7.2&ea=Install_1_Init&el=Yes&ev=0
HTTP/1.1 200 OK

Pragma: no-cache

Expires: Mon, 07 Aug 1995 23:30:00 GMT

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Access-Control-Allow-Origin: *

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 11 Feb 2015 01:34:24 GMT

Server: Golfe2

Content-Length: 35

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....


POST /collect HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Host: VVV.google-analytics.com

Content-Length: 149

Cache-Control: no-cache

v=1&tid=UA-49608409-4&cid={DDC984F5-1F37-4B28-96BC-9CB42CE1F7B0}&t=event&ec=1.6.7.2&ea=SystemInfo_ScreenInfo*&el=Windows 7 x64, 1716x901, 32, 96&ev=0
HTTP/1.1 200 OK

Pragma: no-cache

Expires: Mon, 07 Aug 1995 23:30:00 GMT

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Access-Control-Allow-Origin: *

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 11 Feb 2015 01:34:24 GMT

Server: Golfe2

Content-Length: 35

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....


POST /collect HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Host: VVV.google-analytics.com

Content-Length: 123

Cache-Control: no-cache

v=1&tid=UA-49608409-4&cid={DDC984F5-1F37-4B28-96BC-9CB42CE1F7B0}&t=event&ec=1.6.7.2&ea=SystemInfo_OS*&el=Windows 7 x64&ev=0
HTTP/1.1 200 OK

Pragma: no-cache

Expires: Mon, 07 Aug 1995 23:30:00 GMT

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Access-Control-Allow-Origin: *

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 11 Feb 2015 01:34:24 GMT

Server: Golfe2

Content-Length: 35

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....


POST /collect HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Host: VVV.google-analytics.com

Content-Length: 121

Cache-Control: no-cache

v=1&tid=UA-49608409-4&cid={DDC984F5-1F37-4B28-96BC-9CB42CE1F7B0}&t=event&ec=1.6.7.2&ea=Install_2_FileCopyInit&el=Yes&ev=0
HTTP/1.1 200 OK

Pragma: no-cache

Expires: Mon, 07 Aug 1995 23:30:00 GMT

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Access-Control-Allow-Origin: *

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 11 Feb 2015 01:34:25 GMT

Server: Golfe2

Content-Length: 35

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;....


POST /collect HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Host: VVV.google-analytics.com

Content-Length: 120

Cache-Control: no-cache

v=1&tid=UA-49608409-4&cid={DDC984F5-1F37-4B28-96BC-9CB42CE1F7B0}&t=event&ec=1.6.7.2&ea=Install_4_Completed*&el=New&ev=25
HTTP/1.1 200 OK

Pragma: no-cache

Expires: Mon, 07 Aug 1995 23:30:00 GMT

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Access-Control-Allow-Origin: *

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Wed, 11 Feb 2015 01:34:25 GMT

Server: Golfe2

Content-Length: 35

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;..

GET /pki/mscorp/crl/msitwww2.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: mscrl.microsoft.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=6610

Content-Type: application/pkix-crl

Date: Wed, 11 Feb 2015 01:35:28 GMT

Etag: "f3ebb69d2744d01:0"

Last-Modified: Mon, 09 Feb 2015 05:16:53 GMT

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

Server: ECAcc (rtm/3541)

VTag: 791153316100000000

X-Cache: HIT

X-Powered-By: ASP.NET

Content-Length: 51739
0...0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U
....Redmond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0.
..U....Microsoft IT SSL SHA2..150209050638Z..150217052638Z0...02..Z...
.o1At:~..........140611053232Z0.0...U.......02..Z........7..w........1
40610132751Z0.0...U.......02..Z......nb..y.........140610132751Z0.0...
U.......02..Z..."S....2......."..140609213929Z0.0...U.......02..Z....W
y.l.!L.........140606155944Z0.0...U.......02..Z....,)."............140
604183121Z0.0...U.......02..Z......-. ..l........140604174925Z0.0...U.
......02..Z....$..x..q.........140604173444Z0.0...U.......02..Z.......
...K.........140603144730Z0.0...U.......02..Z.....t..As..........14060
3102811Z0.0...U.......02..Z.... ..b............140603080319Z0.0...U...
....02..Z.......H.r.D........140603013424Z0.0...U.......02..Z.....bM..
..G........140602100514Z0.0...U.......02..Z....._b!]...........1406020
60640Z0.0...U.......02..Z....:S..P.=.........140527234127Z0.0...U.....
..02..Z....(...G.8C........140527155451Z0.0...U.......02..Z....Zd. V..
.........140527155451Z0.0...U.......02..Z.........Ge!........140527155
[email protected].>[email protected]....
...02..Z...?...{T........?..140527155450Z0.0...U.......02..Z...>..z
..=.......>..140527155450Z0.0...U.......02..Z...;.,k..0R......;..14
0527155450Z0.0...U.......02..Z...:h..jg.E......:..140527155449Z0.0...U
.......02..Z...5$.A{.2.......5..140527155449Z0.0...U.......02..Z...4..
...D'Y.....4..140527155449Z0.0...U.......02..Z...2.a...........2..
<<< skipped >>>

GET /CRL/class2.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: VVV.certplus.com

HTTP/1.1 200 OK

Content-Type: application/x-pkcs7-crl

Content-Length: 805

Connection: keep-alive

Date: Fri, 06 Feb 2015 13:51:24 GMT

Server: Apache/2.0.64 (Unix) DAV/2 mod_jk/1.2.36 mod_ssl/2.0.64 OpenSSL/0.9.8x

Last-Modified: Fri, 06 Feb 2015 13:20:34 GMT

ETag: "5e1c-325-4915ac80"

Accept-Ranges: bytes

Age: 42126

X-Cache: Hit from cloudfront

Via: 1.1 6a9941488f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)

X-Amz-Cf-Id: Okp96JfCNcsKEHm2HylwDuwnkiVox5vW1NlYwVquBixExbQXPjrmFw==
0..!0......0...*.H........0=1.0...U....FR1.0...U....Certplus1.0...U...
.Class 2 Primary CA..150205000000Z..160205000000Z0..e01..."...?......*
a..!s..150205000000Z0.0...U.......01... .....j.om2.!w.....150205000000
Z0.0...U.......01... r4.yL...&r/....q..140520000000Z0.0...U.......01..
. ..........X. .Q...140520000000Z0.0...U.......01..."... t.w..x...k.d.
.140505000000Z0.0...U.......01...".f.........i...S..140520000000Z0.0..
.U.......01..."..IOC5K.9~.b;.JT..140328000000Z0.0...U......../0-0...U.
......0...U.#..0....s-...(......y....0.0...*.H...............V ..o..._
t...z..z........O..W.G...J... V.G....$\.^.1...U..I...7e.U.s.x(1.'..z.b
..T=....9......I".._s=G.<..*n.<........Hi.{...%..L...Z..-p...c./
......I#.."R.bQ... ...z....O5......~...........{.N..N%.m>.$...>o
S.......3y......Mw.8..6..]u5..s*i.i .H..v.I.j.$HTTP/1.1 200 OK..Conten
t-Type: application/x-pkcs7-crl..Content-Length: 805..Connection: keep
-alive..Date: Fri, 06 Feb 2015 13:51:24 GMT..Server: Apache/2.0.64 (Un
ix) DAV/2 mod_jk/1.2.36 mod_ssl/2.0.64 OpenSSL/0.9.8x..Last-Modified: 
Fri, 06 Feb 2015 13:20:34 GMT..ETag: "5e1c-325-4915ac80"..Accept-Range
s: bytes..Age: 42126..X-Cache: Hit from cloudfront..Via: 1.1 6a9941488
f8c4d7cfc9d159decc6f1d1.cloudfront.net (CloudFront)..X-Amz-Cf-Id: Okp9
6JfCNcsKEHm2HylwDuwnkiVox5vW1NlYwVquBixExbQXPjrmFw==..0..!0......0...*
.H........0=1.0...U....FR1.0...U....Certplus1.0...U....Class 2 Primary
 CA..150205000000Z..160205000000Z0..e01..."...?......*a..!s..150205000
000Z0.0...U.......01... .....j.om2.!w.....150205000000Z0.0...U....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTzWOT5x7dVAEdi9YzJMaln3bxMNwQUbyZW2Vzn98kEIPgeunyRJy+M+gcCEEjP467eza0GY3odRLpEEVc= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ga.symcd.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1496

content-transfer-encoding: binary

Cache-Control: max-age=583964, public, no-transform, must-revalidate

Last-Modified: Tue, 10 Feb 2015 19:44:34 GMT

Expires: Tue, 17 Feb 2015 19:44:34 GMT

Date: Wed, 11 Feb 2015 01:34:31 GMT

Connection: keep-alive
0..........0..... .....0......0...0......7.4U.=r...W..Y........2015021
0194434Z0s0q0I0... .........X....U.Gb...1.g..L7..o&V.\.... ...|.'/....
.H.......cz.D.D.W....20150210194434Z....20150217194434Z0...*.H........
......h...../H...U...v...5..{(...X8.s9...nw..}..W.....;<...d;..~..Q
..[..s....c._O......eG......6...@7%aM0F..c>.wB. B..7..qK.z.....Dk&g
t;....h.t. M..aL#<{.].z..dL..)tA.T....k.d.1Y!..=..(E&2.q....u..g.P,
....k.q.......9..ub>......!..U.5...N...u..{....<..... ..V..L....
...0...0...0..........v..f.h.X.{A..|..0...*.H........0X1.0...U....US1.
0...U....GeoTrust Inc.110/..U...(GeoTrust Extended Validation SSL CA -
 G20...150101000000Z..150401235959Z0g1.0...U....US1.0...U....GeoTrust 
Inc.1@0>..U...7GeoTrust Extended Validation SSL CA - G2 OCSP Respon
der0.."0...*.H.............0..............n....>.....u.eV... .Vm..X
.......RHq9...*.f@<......ok..tY...o..\..]kX...|......R._....|!..i.p
.F...a.p.y"1..7t..2l"D.>._:.T.=*Q?...^.....~J...........qN.it.../.l
p..Q......e....S.L.~....g.V9sV..a.'sg;..=F.J...G;....~{hQ.k.........Fh
....R.6?1.z.y.z..p...........0..0...U.......0.0...U.%..0... .......0..
.U...........0... .....0......0"..U....0...0.1.0...U....TGV-B-26890...
U.#..0...o&V.\.... ...|.'/...0...U......7.4U.=r...W..Y......0...*.H...
..........P/....F-....jd....1..m.|....A.....1..Y'..E!.r.)C..e..P.N..j.
.....-..3.>...R.....D.E)......qF.7n..".,...\./.T....V&~.e-KB.?.. ..
(A.7..w5L&..Qwh>..J.Md...O.[....#..HJ..z4B...B.........fA.a....!..Q
.E#.*.4.....Kyu).j...q...........]..1.Z....b4..............].2..
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR6EHhJ4XUaQA4N26wwyKpLEnXRrAQULNVQQZcVi/CPNmFbSvtr2ZnJM5ICEAsdsakZ8kw8Tvy1empObL8= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: evsecure-ocsp.geotrust.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1426

content-transfer-encoding: binary

Cache-Control: max-age=577430, public, no-transform, must-revalidate

Last-Modified: Tue, 10 Feb 2015 17:54:26 GMT

Expires: Tue, 17 Feb 2015 17:54:26 GMT

Date: Wed, 11 Feb 2015 01:34:28 GMT

Connection: keep-alive
0..........0..... .....0.....t0..p0........[..)...g..M..o......2015021
0175426Z0s0q0I0... [email protected]....,.PA.....6a[J.k...3..
.......L<N..zjNl.....20150210175426Z....20150217175426Z0...*.H.....
.........W.,......./.W#..1.VwdO....m..=..!.#.=RPJ.cTx.......K6?v.7...L
.}..C..r.m9B.ir..$9.}......<....jZ..W.L.p..jh.......|.$..pwOyo.....
\.f.<.J....].qsz.....?..Y..........P."_....6...6.U....V.S..3.&.".Y.
.D... ..nl}....4w.9....6.5.D.g..Nr.......KX....t..Wk..[.........0...0.
..0..........u$"(D.X....A.j<.0...*.H........0X1.0...U....US1.0...U.
...GeoTrust Inc.110/..U...(GeoTrust Primary Certification Authority0..
.141202000000Z..151216235959Z0d1.0...U....US1.0...U....GeoTrust Inc.1=
0;..U...4GeoTrust Primary CA OCSP-TGV Responder Certificate 30.."0...*
.H.............0.........>....L.B. (..j.P....Zf.xEKI...w5(.&...@...
.....5a().D8.......... .....|~t...)..y..\.....B...1..}.<.....xv..m.
8. ;.b.6..6?....n...1.@u.......[.IM.A.@...=...o....`.ik.....Z.[D0.X...
|.R`}...b....AW~.......!...Z....#.a...cW..].C.erl.3%.F..{/...C)..H...(
...]........i0g0...U.%..0... .......0... .....0......0...U.......0.0..
.U...........0!..U....0...0.1.0...U....TGV-B-2780...*.H.............f9
(.F.?...Tn4.....V.....qp..............ZL........YC';..wz.o..).........
k.p.6U..d.....X.M./..fm.w[g!..7].N.^.......4.[0.C...'.,.Y......;....A`
.........T.b.......Z..HCB.c...3.4`g./!...j.#.L.;..Gv..V....h._........
.Du7...-.s......Q....!...J...S...W....g...z...
<<< skipped >>>

GET /pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now®istered=false HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Found

Date: Wed, 11 Feb 2015 01:35:26 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:35:26 GMT; path=/; domain=VVV.tweakbit.com

Location: /pc-booster/cart/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/html
........................


GET /pc-booster/cart/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Moved Temporarily

Date: Wed, 11 Feb 2015 01:35:26 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:35:26 GMT; path=/; domain=VVV.tweakbit.com

Location: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&ref=&affiliate=

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Content-Type: text/html
....................HTTP/1.1 302 Moved Temporarily..Date: Wed, 11 Feb 
2015 01:35:26 GMT..Server: Apache/2.2.16 (Debian)..X-Powered-By: PHP/5
.3.3-7 squeeze19..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Contro
l: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pra
gma: no-cache..Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; exp
ires=Sun, 12-Apr-2015 01:35:26 GMT; path=/; domain=VVV.tweakbit.com..L
ocation: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&re
f=&affiliate=..Vary: Accept-Encoding..Content-Encoding: gzip..Content-
Length: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Co
ntent-Type: text/html........................

GET /pki/mscorp/crl/msitwww2.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: mscrl.microsoft.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=6610

Content-Type: application/pkix-crl

Date: Wed, 11 Feb 2015 01:35:28 GMT

Etag: "f3ebb69d2744d01:0"

Last-Modified: Mon, 09 Feb 2015 05:16:53 GMT

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

Server: ECAcc (rtm/3541)

VTag: 791153316100000000

X-Cache: HIT

X-Powered-By: ASP.NET

Content-Length: 51739
0...0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U
....Redmond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0.
..U....Microsoft IT SSL SHA2..150209050638Z..150217052638Z0...02..Z...
.o1At:~..........140611053232Z0.0...U.......02..Z........7..w........1
40610132751Z0.0...U.......02..Z......nb..y.........140610132751Z0.0...
U.......02..Z..."S....2......."..140609213929Z0.0...U.......02..Z....W
y.l.!L.........140606155944Z0.0...U.......02..Z....,)."............140
604183121Z0.0...U.......02..Z......-. ..l........140604174925Z0.0...U.
......02..Z....$..x..q.........140604173444Z0.0...U.......02..Z.......
...K.........140603144730Z0.0...U.......02..Z.....t..As..........14060
3102811Z0.0...U.......02..Z.... ..b............140603080319Z0.0...U...
....02..Z.......H.r.D........140603013424Z0.0...U.......02..Z.....bM..
..G........140602100514Z0.0...U.......02..Z....._b!]...........1406020
60640Z0.0...U.......02..Z....:S..P.=.........140527234127Z0.0...U.....
..02..Z....(...G.8C........140527155451Z0.0...U.......02..Z....Zd. V..
.........140527155451Z0.0...U.......02..Z.........Ge!........140527155
[email protected].>[email protected]....
...02..Z...?...{T........?..140527155450Z0.0...U.......02..Z...>..z
..=.......>..140527155450Z0.0...U.......02..Z...;.,k..0R......;..14
0527155450Z0.0...U.......02..Z...:h..jg.E......:..140527155449Z0.0...U
.......02..Z...5$.A{.2.......5..140527155449Z0.0...U.......02..Z...4..
...D'Y.....4..140527155449Z0.0...U.......02..Z...2.a...........2..
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=367784, public, no-transform, must-revalidate

Last-Modified: Sun, 8 Feb 2015 07:48:42 GMT

Expires: Sun, 15 Feb 2015 07:48:42 GMT

Date: Wed, 11 Feb 2015 01:38:58 GMT

Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015020
8074842Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.A..2.....:...:......20150208074842Z....20150215074842Z0...*.H........
.....B./.h...c....(&....9.-.}......z.....'..T-."6.b..lni`B.....X.M\m.V
....Z...S..:.H7^[email protected]..."o..If=....m..Y.6p.4`*..V..M...H..OL}.]7c..N..
H.........Z.h$c.C.m...Z3.e.. ....\'..4..}.nP...UF.]*I.._.5........|.0.
2..O..j....Tu...h........./....t..N..Sb&...Q.h[..1?...#0...0...0......
....<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriS
ign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at h
ttps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Sign
ing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U..
..VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of u
se at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3
 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{
(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(.......
...p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}..
.r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n.
.i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0
.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.c
om/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by
 reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........
0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H......
<<< skipped >>>

GET /pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now®istered=false HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Found

Date: Wed, 11 Feb 2015 01:36:02 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:36:02 GMT; path=/; domain=VVV.tweakbit.com

Location: /pc-booster/cart/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/html
........................


GET /pc-booster/cart/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Moved Temporarily

Date: Wed, 11 Feb 2015 01:36:02 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:36:02 GMT; path=/; domain=VVV.tweakbit.com

Location: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&ref=&affiliate=

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Content-Type: text/html
....................HTTP/1.1 302 Moved Temporarily..Date: Wed, 11 Feb 
2015 01:36:02 GMT..Server: Apache/2.2.16 (Debian)..X-Powered-By: PHP/5
.3.3-7 squeeze19..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Contro
l: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pra
gma: no-cache..Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; exp
ires=Sun, 12-Apr-2015 01:36:02 GMT; path=/; domain=VVV.tweakbit.com..L
ocation: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&re
f=&affiliate=..Vary: Accept-Encoding..Content-Encoding: gzip..Content-
Length: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Co
ntent-Type: text/html........................

GET /pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now®istered=false HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Found

Date: Wed, 11 Feb 2015 01:34:39 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:34:39 GMT; path=/; domain=VVV.tweakbit.com

Location: /pc-booster/cart/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/html
........................


GET /pc-booster/cart/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Moved Temporarily

Date: Wed, 11 Feb 2015 01:34:40 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:34:40 GMT; path=/; domain=VVV.tweakbit.com

Location: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&ref=&affiliate=

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Content-Type: text/html
....................HTTP/1.1 302 Moved Temporarily..Date: Wed, 11 Feb 
2015 01:34:40 GMT..Server: Apache/2.2.16 (Debian)..X-Powered-By: PHP/5
.3.3-7 squeeze19..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Contro
l: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pra
gma: no-cache..Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; exp
ires=Sun, 12-Apr-2015 01:34:40 GMT; path=/; domain=VVV.tweakbit.com..L
ocation: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&re
f=&affiliate=..Vary: Accept-Encoding..Content-Encoding: gzip..Content-
Length: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Co
ntent-Type: text/html........................

GET /pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now®istered=false HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Found

Date: Wed, 11 Feb 2015 01:37:03 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:37:03 GMT; path=/; domain=VVV.tweakbit.com

Location: /pc-booster/cart/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/html
........................


GET /pc-booster/cart/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Moved Temporarily

Date: Wed, 11 Feb 2015 01:37:04 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:37:04 GMT; path=/; domain=VVV.tweakbit.com

Location: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&ref=&affiliate=

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Content-Type: text/html
....................HTTP/1.1 302 Moved Temporarily..Date: Wed, 11 Feb 
2015 01:37:04 GMT..Server: Apache/2.2.16 (Debian)..X-Powered-By: PHP/5
.3.3-7 squeeze19..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Contro
l: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pra
gma: no-cache..Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; exp
ires=Sun, 12-Apr-2015 01:37:04 GMT; path=/; domain=VVV.tweakbit.com..L
ocation: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&re
f=&affiliate=..Vary: Accept-Encoding..Content-Encoding: gzip..Content-
Length: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Co
ntent-Type: text/html........................

GET /pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now®istered=false HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Found

Date: Wed, 11 Feb 2015 01:36:21 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:36:21 GMT; path=/; domain=VVV.tweakbit.com

Location: /pc-booster/cart/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/html
........................


GET /pc-booster/cart/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Moved Temporarily

Date: Wed, 11 Feb 2015 01:36:21 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:36:21 GMT; path=/; domain=VVV.tweakbit.com

Location: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&ref=&affiliate=

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Content-Type: text/html
....................HTTP/1.1 302 Moved Temporarily..Date: Wed, 11 Feb 
2015 01:36:21 GMT..Server: Apache/2.2.16 (Debian)..X-Powered-By: PHP/5
.3.3-7 squeeze19..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Contro
l: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pra
gma: no-cache..Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; exp
ires=Sun, 12-Apr-2015 01:36:21 GMT; path=/; domain=VVV.tweakbit.com..L
ocation: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&re
f=&affiliate=..Vary: Accept-Encoding..Content-Encoding: gzip..Content-
Length: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Co
ntent-Type: text/html........................

GET /pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now®istered=false HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Found

Date: Wed, 11 Feb 2015 01:37:50 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:37:50 GMT; path=/; domain=VVV.tweakbit.com

Location: /pc-booster/cart/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/html
........................


GET /pc-booster/cart/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Moved Temporarily

Date: Wed, 11 Feb 2015 01:37:50 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:37:50 GMT; path=/; domain=VVV.tweakbit.com

Location: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&ref=&affiliate=

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Content-Type: text/html
....................HTTP/1.1 302 Moved Temporarily..Date: Wed, 11 Feb 
2015 01:37:50 GMT..Server: Apache/2.2.16 (Debian)..X-Powered-By: PHP/5
.3.3-7 squeeze19..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Contro
l: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pra
gma: no-cache..Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; exp
ires=Sun, 12-Apr-2015 01:37:50 GMT; path=/; domain=VVV.tweakbit.com..L
ocation: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&re
f=&affiliate=..Vary: Accept-Encoding..Content-Encoding: gzip..Content-
Length: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Co
ntent-Type: text/html........................

GET /pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now®istered=false HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Found

Date: Wed, 11 Feb 2015 01:34:54 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:34:54 GMT; path=/; domain=VVV.tweakbit.com

Location: /pc-booster/cart/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/html
........................


GET /pc-booster/cart/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Moved Temporarily

Date: Wed, 11 Feb 2015 01:34:54 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:34:54 GMT; path=/; domain=VVV.tweakbit.com

Location: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&ref=&affiliate=

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Content-Type: text/html
....................HTTP/1.1 302 Moved Temporarily..Date: Wed, 11 Feb 
2015 01:34:54 GMT..Server: Apache/2.2.16 (Debian)..X-Powered-By: PHP/5
.3.3-7 squeeze19..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Contro
l: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pra
gma: no-cache..Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; exp
ires=Sun, 12-Apr-2015 01:34:54 GMT; path=/; domain=VVV.tweakbit.com..L
ocation: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&re
f=&affiliate=..Vary: Accept-Encoding..Content-Encoding: gzip..Content-
Length: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Co
ntent-Type: text/html........................

GET /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnqkc= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.omniroot.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/ocsp-response

Date: Wed, 11 Feb 2015 01:35:27 GMT

Last-Modified: Thu, 05 Feb 2015 19:47:05 GMT

Server: ECS (ams/D1C2)

X-Cache: HIT

Content-Length: 1406
0..z......s0..o.. .....0.....`0..\0......`;.l.uZ..k.F..^|A.Tb..2015020
5094606Z0g0e0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M..
..'.G....20150204200915Z....20150505201415Z0...*.H.............g...].R
...<[email protected].... .......v...MM.pos"y.#F..{K........D
.S_.F?.u...........Z"..?.....Q.:4...pm.T.R../{iU..6.........3z3.".....
.a._P.....e.n$-...SCoP..V....l.B.CU!....D..8....O. _....AHl{W=Dc. .(.I
`.h..e..R........I..K...6!.r....>t.l.../.I....0...0...0...........'
..0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....CyberTr
ust1"0 ..U....Baltimore CyberTrust Root0...150114195242Z..160114195229
Z0G1.0...U....US1.0...U....Cybertrust1#0!..U....Cybertrust-Validation-
20110.."0...*.H.............0.........?....(Fb....G... ..=..(L..wK...0
4..I......C...1.Z......U.$b.f..Pa.....S...#..B.........^T..IP8........
..h8GM..*.4.MP..../[email protected]
.x....$..@@....q2...Uby.e......D....lf...C....ZP}O......7...mM..c.g..j
.\.>.O....G.A........0..0... .....0......0...U.......0.0...U.......
....0...U.%..0... .......0...U.#..0.....Y0.GX....T6.{:..M.0...U......`
;.l.uZ..k.F..^|A.Tb0...*.H.............n.h\Ch*G.c..yr..."._....J.-....
j.t%..e.....([email protected]!m...sZH.N..>.S....K..........7wi3..x.D..l..u
d.....CC......<.&.2. ..d...T.......;.S....\... ......m.6......#(.&.
...q.[z.........r..T....W...7ea.}..B.1........al.]i.F...-.0c...y.=?...
.E...........'>..O.._..
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTzWOT5x7dVAEdi9YzJMaln3bxMNwQUbyZW2Vzn98kEIPgeunyRJy+M+gcCEBHc6ENkz1QiC8Kfsu+chzI= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: gtextval2-ocsp.geotrust.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1496

content-transfer-encoding: binary

Cache-Control: max-age=542373, public, no-transform, must-revalidate

Last-Modified: Tue, 10 Feb 2015 08:14:01 GMT

Expires: Tue, 17 Feb 2015 08:14:01 GMT

Date: Wed, 11 Feb 2015 01:34:28 GMT

Connection: keep-alive
0..........0..... .....0......0...0......7.4U.=r...W..Y........2015021
0081401Z0s0q0I0... .........X....U.Gb...1.g..L7..o&V.\.... ...|.'/....
....Cd.T".......2....20150210081401Z....20150217081401Z0...*.H........
....."Q&Fk.m.....*..Vn.....6..6.9.....{:...h#...Ty...|.K9.]Z..e...X.&h
....6.k)6.a....:..S.2.mC..&.Y>.T....nu.\..=.v.\$fZ..].6.li....mt.D.
....g...|-J.`.....Q.D..P{..9 ..........R\1.&."....b..hdC....CN.6..AZ"[
T..-..9a.t..y[...N.].&.n.FShdA0f...=$.....,J...b/k.2\.....0...0...0...
.......v..f.h.X.{A..|..0...*.H........0X1.0...U....US1.0...U....GeoTru
st Inc.110/..U...(GeoTrust Extended Validation SSL CA - G20...15010100
0000Z..150401235959Z0g1.0...U....US1.0...U....GeoTrust Inc.1@0>..U.
..7GeoTrust Extended Validation SSL CA - G2 OCSP Responder0.."0...*.H.
............0..............n....>.....u.eV... .Vm..X.......RHq9...*
.f@<......ok..tY...o..\..]kX...|......R._....|!..i.p.F...a.p.y"1..7
t..2l"D.>._:.T.=*Q?...^.....~J...........qN.it.../.lp..Q......e....
S.L.~....g.V9sV..a.'sg;..=F.J...G;....~{hQ.k.........Fh....R.6?1.z.y.z
..p...........0..0...U.......0.0...U.%..0... .......0...U...........0.
.. .....0......0"..U....0...0.1.0...U....TGV-B-26890...U.#..0...o&V.\.
... ...|.'/...0...U......7.4U.=r...W..Y......0...*.H.............P/...
.F-....jd....1..m.|....A.....1..Y'..E!.r.)C..e..P.N..j......-..3.>.
..R.....D.E)......qF.7n..".,...\./.T....V&~.e-KB.?.. ..(A.7..w5L&..Qwh
>..J.Md...O.[....#..HJ..z4B...B.........fA.a....!..Q.E#.*.4.....Kyu
).j...q...........]..1.Z....b4..............].2..
<<< skipped >>>

GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.msocsp.com

HTTP/1.1 200 OK

Date: Wed, 11 Feb 2015 01:35:27 GMT

Content-Type: application/ocsp-response

Content-Length: 1757

Connection: keep-alive

Set-Cookie: __cfduid=dc321a8078923fbc3770950adae24b7391423618527; expires=Thu, 11-Feb-16 01:35:27 GMT; path=/; domain=.msocsp.com; HttpOnly

Last-Modified: Fri, 06 Feb 2015 23:51:50 GMT

Expires: Tue, 10 Feb 2015 23:51:50 GMT

ETag: "9006297540e316688484ed9e4b46a0dce7b0d372"

Cache-Control: max-age=345599,public,no-transform,must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 1b6ccf56bab10485-FRA
0..........0..... .....0......0...0..........<.|[email protected]|..2015
0206235150Z0..0..0L0... ........&."f........{5.....t..Q.$&..h"W.& ;Fb.
{.....Z..w...d..\.-....w.....20150206235150Z....20150210235150Z."0 0..
. .....0......20140206235150Z0...*.H.............Q."...T1..ý.Rs.(..%
l..<.....qN.jm\f...x3g...&.R.qQaH^....X.#{O G.....8K....(........f.
.&.%..m}.hU......9.......psNO.c;.Dz._....... ^..oQa48..6.......s.o..#.
]{D..nQL.2.;.i0.$Vp....6...:f.....h.O..#......8..!g<q...d.tl.....h(
..E.]-...................y.2.......0...0...0..........Z..~..M..<ZYJ
....~.0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....R
edmond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0...U..
..Microsoft IT SSL SHA20...141229205745Z..150314205745Z0!1.0...U....Sh
ould be ignore by CA0.."0...*.H.............0...........&!(..$.K...."=
f....x.d.._s.....j....9`..l.Z..............^f..u......-e.&.bG.(i.Q....
.......bEy...^7A...A..c....CF-&...e.7..7F....."..w...y.:..`.w{~..D.x*.
......x3Os......q...... S.fB .ig.....L..3......4E..}..7...M....e ...6.
M.O.....<5:......r.....]..A.5........0..0...U..........<.|7...@N
6p.I.e|0...U.#..0...Q.$&..h"W.& ;Fb.{...0...U...........0...U.%..0... 
.......0... .....7....0.0... .......0... .....0......0...*.H..........
........sa....^`.U.h.....(c[..j.|. ..#....3.5.?..L.....Z....J......*.w
...w.$.z..Y.d.....l.....G#.....o.\t.......(.B =..P..T....0./P.....z.3.
...L.O3....z...Wxo..~.OeH....c.i.@."..?d.......=v(.....m..LN..PP....&l
t;.}T.X......K.&e.S...|....% ...(F.=k..~.j..C......4.....c...._p..
<<< skipped >>>

GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68= HTTP/1.1

Cache-Control: no-cache

Connection: Keep-Alive

Pragma: no-cache

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.msocsp.com

HTTP/1.1 200 OK

Date: Wed, 11 Feb 2015 01:35:27 GMT

Content-Type: application/ocsp-response

Content-Length: 1757

Connection: keep-alive

Set-Cookie: __cfduid=dc321a8078923fbc3770950adae24b7391423618527; expires=Thu, 11-Feb-16 01:35:27 GMT; path=/; domain=.msocsp.com; HttpOnly

Last-Modified: Fri, 06 Feb 2015 23:51:50 GMT

Expires: Tue, 10 Feb 2015 23:51:50 GMT

ETag: "9006297540e316688484ed9e4b46a0dce7b0d372"

Cache-Control: max-age=345599,public,no-transform,must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 1b6ccf572ab40485-FRA
0..........0..... .....0......0...0..........<.|[email protected]|..2015
0206235150Z0..0..0L0... ........&."f........{5.....t..Q.$&..h"W.& ;Fb.
{.....Z..w...d..\.-....w.....20150206235150Z....20150210235150Z."0 0..
. .....0......20140206235150Z0...*.H.............Q."...T1..ý.Rs.(..%
l..<.....qN.jm\f...x3g...&.R.qQaH^....X.#{O G.....8K....(........f.
.&.%..m}.hU......9.......psNO.c;.Dz._....... ^..oQa48..6.......s.o..#.
]{D..nQL.2.;.i0.$Vp....6...:f.....h.O..#......8..!g<q...d.tl.....h(
..E.]-...................y.2.......0...0...0..........Z..~..M..<ZYJ
....~.0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....R
edmond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0...U..
..Microsoft IT SSL SHA20...141229205745Z..150314205745Z0!1.0...U....Sh
ould be ignore by CA0.."0...*.H.............0...........&!(..$.K...."=
f....x.d.._s.....j....9`..l.Z..............^f..u......-e.&.bG.(i.Q....
.......bEy...^7A...A..c....CF-&...e.7..7F....."..w...y.:..`.w{~..D.x*.
......x3Os......q...... S.fB .ig.....L..3......4E..}..7...M....e ...6.
M.O.....<5:......r.....]..A.5........0..0...U..........<.|7...@N
6p.I.e|0...U.#..0...Q.$&..h"W.& ;Fb.{...0...U...........0...U.%..0... 
.......0... .....7....0.0... .......0... .....0......0...*.H..........
........sa....^`.U.h.....(c[..j.|. ..#....3.5.?..L.....Z....J......*.w
...w.$.z..Y.d.....l.....G#.....o.\t.......(.B =..P..T....0./P.....z.3.
...L.O3....z...Wxo..~.OeH....c.i.@."..?d.......=v(.....m..LN..PP....&l
t;.}T.X......K.&e.S...|....% ...(F.=k..~.j..C......4.....c...._p..
<<< skipped >>>

GET /ga.crt HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ga.symcb.com

HTTP/1.1 200 OK

Server: Apache

ETag: "f61f2d12570d5bf28a61727a3a66fd48:1398881413"

Last-Modified: Wed, 30 Apr 2014 18:10:13 GMT

Content-Type: text/plain

Date: Wed, 11 Feb 2015 01:34:30 GMT

Content-Length: 1182

Connection: keep-alive
0...0................L<N..zjNl.0...*.H........0X1.0...U....US1.0...
U....GeoTrust Inc.110/..U...(GeoTrust Primary Certification Authority0
...120823000000Z..220822235959Z0X1.0...U....US1.0...U....GeoTrust Inc.
110/..U...(GeoTrust Extended Validation SSL CA - G20.."0...*.H........
.....0..........!..=..*M.{.......Cb[...fR...h1.....X.~.j.L1.!..p.....-
...y...%.L...by."_.|"58#..<..-.X.5.f[..$.p.t2.F.2........d......k..
..l....2R...B1.HB..].c.1..H\EE"..Y..A....FM......F........E.myx..P....
...:......?}b..mxH....#a.>5M.....K.sS...iU..g......M..)\...b.......
....^0..Z0=.. ........10/0-.. .....0..!hXXp://EVSecure-ocsp.geotrust.c
om0...U.......0.......0F..U. .?0=0;..U. .0301.. ........%hXXp://VVV.ge
otrust.com/resources/cps0A..U...:0806.4.2.0hXXp://EVSecure-crl.geotrus
t.com/GeoTrustPCA.crl0...U...........0*..U...#0!..0.1.0...U....VeriSig
nMPKI-2-2530...U......o&V.\.... ...|.'/...0...U.#..0...,.PA.....6a[J.k
...3.0...*.H..............w.W...Eo.Ln}..q..9...Il.Iq.,..6..X..u.r..x.e
...........#[email protected])4{..j.t_......n..[......g{...ip......v
[8.9E...S.=U9.....n...jLz^.....|,b..._?....I(...9"..]..._._.. ..I.Usj.
z........09.(K..w$.....N...u..W..G....H.!.i!.............*yh.^.8.).w..
.HTTP/1.1 200 OK..Server: Apache..ETag: "f61f2d12570d5bf28a61727a3a66f
d48:1398881413"..Last-Modified: Wed, 30 Apr 2014 18:10:13 GMT..Content
-Type: text/plain..Date: Wed, 11 Feb 2015 01:34:30 GMT..Content-Length
: 1182..Connection: keep-alive..0...0................L<N..zjNl.0...
*.H........0X1.0...U....US1.0...U....GeoTrust Inc.110/..U...(GeoTr
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCALebVD3Ci3F HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 07 Feb 2015 16:05:55 GMT

Expires: Wed, 11 Feb 2015 16:05:55 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 293315

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
7130045Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...mP..-.....20150207130045Z....20150214130045Z0...*.H................
(.....~/j.J.y.PP<.......w.......u.AW|..K...x/.R..h..9. ..&.;?..^...
.n.n. ....|.d...L."?..\p..L...9 .KK3.........h5..tH ......j.........F.
!$.G...o95..$4.|6..r..... r.....Za.5..Y........J.z..l.U...H2[.....lV..
.2LCaE...V]..W...a.B.h..C[...!....Dz.j.?.*....HTTP/1.1 200 OK..Content
-Type: application/ocsp-response..Date: Sat, 07 Feb 2015 16:05:55 GMT.
.Expires: Wed, 11 Feb 2015 16:05:55 GMT..Server: ocsp_responder..Conte
nt-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAME
ORIGIN..Age: 293315..Alternate-Protocol: 80:quic,p=0.02..Cache-Control
: public, max-age=345600..0..........0..... .....0......0...0......J..
....h.v....b..Z./..20150207130045Z0k0i0A0... ..........j.....p.I.#z...
(~d..J......h.v....b..Z./....mP..-.....20150207130045Z....201502141300
45Z0...*.H................(.....~/j.J.y.PP<.......w.......u.AW|..K.
..x/.R..h..9. ..&.;?..^....n.n. ....|.d...L."?..\p..L...9 .KK3........
.h5..tH ......j.........F.!$.G...o95..$4.|6..r..... r.....Za.5..Y.....
...J.z..l.U...H2[.....lV...2LCaE...V]..W...a.B.h..C[...!....Dz.j.?.*..
......
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCA6iR0vHFpqB HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 07 Feb 2015 16:06:08 GMT

Expires: Wed, 11 Feb 2015 16:06:08 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 293302

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
7130027Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
...GK........20150207130027Z....20150214130027Z0...*.H...............7
....5vW.\...j}.7...[a.....:..rf.Z..d...h..Wvo.......2.cdZ.381.j}%...).
...?.....~UB.Z7......I&@...!...3w..:..=Z"...#p...bX...M.8|@e.....>.
qd...o_......Q0..|.....j.......RL....{!../..(.  ...V....1...N........K
.AtqL!./.1.).x.."..;.z4...P..G...|.j:.."..~.I.HTTP/1.1 200 OK..Content
-Type: application/ocsp-response..Date: Sat, 07 Feb 2015 16:06:08 GMT.
.Expires: Wed, 11 Feb 2015 16:06:08 GMT..Server: ocsp_responder..Conte
nt-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAME
ORIGIN..Age: 293302..Alternate-Protocol: 80:quic,p=0.02..Cache-Control
: public, max-age=345600..0..........0..... .....0......0...0......J..
....h.v....b..Z./..20150207130027Z0k0i0A0... ..........j.....p.I.#z...
(~d..J......h.v....b..Z./....GK........20150207130027Z....201502141300
27Z0...*.H...............7....5vW.\...j}.7...[a.....:..rf.Z..d...h..Wv
o.......2.cdZ.381.j}%...)....?.....~UB.Z7......I&@...!...3w..:..=Z"...
#p...bX...M.8|@e.....>.qd...o_......Q0..|.....j.......RL....{!../..
(.  ...V....1...N........K.AtqL!./.1.).x.."..;.z4...P..G...|.j:.."..~.
I.....
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCF+cplPoBBth HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: clients1.google.com

HTTP/1.1 200 OK

Content-Type: application/ocsp-response

Date: Sat, 07 Feb 2015 22:46:52 GMT

Expires: Wed, 11 Feb 2015 22:46:52 GMT

Server: ocsp_responder

Content-Length: 463

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN

Age: 269258

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2015020
7190631Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
._..S...a....20150207190631Z....20150214190631Z0...*.H.............ET.
...}[email protected]........... ....6.~T.........R.........T.0.d5-.>
;...o.....o.CK..XM,69.......f..m-.n#v.)y-N........c.y.B7..l.d.*L...).7
Ec...*".z.i|[email protected]....&...\.........s./.X.......hgS.
.f...,.U.qY..#1......oV..>....>...WT.t.,QO..=.HTTP/1.1 200 OK..C
ontent-Type: application/ocsp-response..Date: Sat, 07 Feb 2015 22:46:5
2 GMT..Expires: Wed, 11 Feb 2015 22:46:52 GMT..Server: ocsp_responder.
.Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options
: SAMEORIGIN..Age: 269258..Alternate-Protocol: 80:quic,p=0.02..Cache-C
ontrol: public, max-age=345600..0..........0..... .....0......0...0...
...J......h.v....b..Z./..20150207190631Z0k0i0A0... ..........j.....p.I
.#z...(~d..J......h.v....b..Z./.._..S...a....20150207190631Z....201502
14190631Z0...*.H.............ET....}[email protected]........... ....6.
~T.........R.........T.0.d5-.>...o.....o.CK..XM,69.......f..m-.n#v.
)y-N........c.y.B7..l.d.*L...).7Ec...*".z.i|[email protected]..
..&...\.........s./.X.......hgS..f...,.U.qY..#1......oV..>....>.
..WT.t.,QO..=...
<<< skipped >>>

GET /pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now®istered=false HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 302 Found

Date: Wed, 11 Feb 2015 01:34:26 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; path=/

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:34:26 GMT; path=/; domain=VVV.tweakbit.com

Location: /pc-booster/cart/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/html
........................


GET /pc-booster/cart/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1

HTTP/1.1 302 Moved Temporarily

Date: Wed, 11 Feb 2015 01:34:27 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:34:27 GMT; path=/; domain=VVV.tweakbit.com

Location: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&ref=&affiliate=

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Content-Type: text/html
....................HTTP/1.1 302 Moved Temporarily..Date: Wed, 11 Feb 
2015 01:34:27 GMT..Server: Apache/2.2.16 (Debian)..X-Powered-By: PHP/5
.3.3-7 squeeze19..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Contro
l: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pra
gma: no-cache..Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; exp
ires=Sun, 12-Apr-2015 01:34:27 GMT; path=/; domain=VVV.tweakbit.com..L
ocation: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&re
f=&affiliate=..Vary: Accept-Encoding..Content-Encoding: gzip..Content-
Length: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Co
ntent-Type: text/html........................

GET /pc-booster/purchase/?source=pc-booster&campaign=tweakbit&traffic=direct&reason=EnterKey_Register_now®istered=false HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Found

Date: Wed, 11 Feb 2015 01:35:43 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:35:43 GMT; path=/; domain=VVV.tweakbit.com

Location: /pc-booster/cart/

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/html
........................


GET /pc-booster/cart/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.tweakbit.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=5fcls7t2dn8hv466gjhh3vq3i5; E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; _ga=GA1.2.1554352451.1423618474; _gat=1; _ym_visorc_21425662=b

HTTP/1.1 302 Moved Temporarily

Date: Wed, 11 Feb 2015 01:35:43 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; expires=Sun, 12-Apr-2015 01:35:43 GMT; path=/; domain=VVV.tweakbit.com

Location: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&ref=&affiliate=

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 20

Keep-Alive: timeout=15, max=99

Connection: Keep-Alive

Content-Type: text/html
....................HTTP/1.1 302 Moved Temporarily..Date: Wed, 11 Feb 
2015 01:35:43 GMT..Server: Apache/2.2.16 (Debian)..X-Powered-By: PHP/5
.3.3-7 squeeze19..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Contro
l: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pra
gma: no-cache..Set-Cookie: E24AE960-E6CF-4F69-B37D-A4E5D4D3F7BD=1; exp
ires=Sun, 12-Apr-2015 01:35:43 GMT; path=/; domain=VVV.tweakbit.com..L
ocation: hXXps://store.tweakbit.com/cart/first/?prods=4623068&clear&re
f=&affiliate=..Vary: Accept-Encoding..Content-Encoding: gzip..Content-
Length: 20..Keep-Alive: timeout=15, max=99..Connection: Keep-Alive..Co
ntent-Type: text/html........................

The Worm connects to the servers at the folowing location(s):

.text

`.itext

`.data

.idata

.edata

@.tls

.rdata

@.rsrc

@.xdata

MajorOperatingSystemVersion

MinorOperatingSystemVersion

biClrImportant

_MemoryManager_EventLog.txt

operation.

FastMM has detected an attempt to call a virtual method on a freed object. An access violation will now be raised in order to abort the current operation.

FastMM has detected an attempt to use an interface of a freed object. An access violation will now be raised in order to abort the current operation.

Note: Memory leak detail is logged to a text file in the same folder as this application. To disable this memory leak check, undefine "EnableMemoryLeakReporting".

FastMM4.pas MUST be the first unit in your project's .dpr file, otherwise memory may be allocated

go into its configuration page and ensure that the FastMM4.pas unit is initialized before any other unit.

;!199{199

;0!8&2{199

"<;=!!%{199

Windows 95

Windows 95 OSR-2

Windows 98

Windows 98 SE

Windows ME

Windows 9x New

Windows NT 3

Windows NT 4

Windows 2000

Windows XP

Windows 2003

Windows Vista

Windows 2008

Windows 7

Windows 2008 R2

Windows 8

Windows Server 8

Windows NT New

TMsgHandler

TMsgHandlerOO

user.exe

TMsgHandlers

madToolsMsgHandlerWindow

>0';0974&0{199

cmovÌ

setÌ

pop %seg

push %seg

Export

VVV.madshi.net

.data

.jdbg

madExcept.HandleContactForm

madExcept.HandleScreenshotForm

bSendBugReport

bSaveBugReport

bPrintBugReport

bShowBugReport

esSysUtilsShowException

esHttpExtension

esIntraweb

esTThreadExecute

epCompleteReport

TBugReportCallback

bugReport

TBugReportCallbackOO

eaSendBugReport

eaSaveBugReport

eaPrintBugReport

eaSendBugReport2

eaSaveBugReport2

eaPrintBugReport2

eaShowBugReport

TBugReportPluginA1

TBugReportPluginWU

TBugReportPluginExA{

TBugReportPluginExW

The import table is invalid.

%exceptMsg%

%bugReport%

Úte%

Útetime%

%computerName%

Þsktop%

%userappdata%

%commonappdata%

MailAsSmtpServer

MailAsSmtpClient

UploadViaHttp

SmtpServer

SmtpPort

SmtpAccount

SmtpPassword

HttpServer

HttpPort

HttpAccount

HttpPassword

bugreport.txt

screenshot.png

ExceptMsg

FrozenMsg

BitFaultMsg

send bug report

save bug report

print bug report

show bug report

bug report

please find the bug report attached

Sending bug report...

PrepAttMsg

MxLookMsg

ConnMsg

AuthMsg

SendMailMsg

FieldMsg

SendAttMsg

SendFinalMsg

SendFailMsg

Sorry, sending the bug report didn't work.

GetFilter1NoBugReport

GetFilter2NoBugReport

GetGeneralNoBugReport

SetFilter1NoBugReport

SetFilter2NoBugReport

SetGeneralNoBugReport

GetAutoShowBugReport

SetAutoShowBugReport

GetMailAsSmtpServer

SetMailAsSmtpServer

GetMailAsSmtpClient

SetMailAsSmtpClient

GetUploadViaHttp

SetUploadViaHttp

GetSmtpServer

SetSmtpServer

GetSmtpPort

SetSmtpPort

GetSmtpAccount

SetSmtpAccount

GetSmtpPassword

SetSmtpPassword

GetHttpServer

SetHttpServer

GetHttpPort

SetHttpPort

GetHttpAccount

SetHttpAccount

GetHttpPassword

SetHttpPassword

GetAttachBugReport

SetAttachBugReport

GetAttachBugReportFile

SetAttachBugReportFile

GetDeleteBugReportFile

SetDeleteBugReportFile

GetBugReportSendAs

SetBugReportSendAs

GetBugReportZip

SetBugReportZip

GetBugReportFile

SetBugReportFile

GetAppendBugReports

SetAppendBugReports

GetBugReportFileSize

SetBugReportFileSize

GetExceptMsg

SetExceptMsg

GetFrozenMsg

SetFrozenMsg

GetBitFaultMsg

SetBitFaultMsg

GetPrepareAttachMsg

SetPrepareAttachMsg

GetMxLookupMsg

SetMxLookupMsg

GetConnectMsg

SetConnectMsg

GetAuthMsg

SetAuthMsg

GetSendMailMsg

SetSendMailMsg

GetFieldsMsg

SetFieldsMsg

GetSendAttachMsg

SetSendAttachMsg

GetSendFinalizeMsg

SetSendFinalizeMsg

GetSendFailureMsg

SetSendFailureMsg

TDABugReportCallback

TDABugReportCallbackOO

FBugReportHeader

FBugReportSections

FBugReport

FBugReportCallbacks

FBugReportCallbacksOO

FCreateBugReport

FCorrectBugReportNo

GetBugReportHeader

GetBugReportSections

GetBugReport_

SetBugReport

GetBugReport

RegisterBugReportCallback

bugReportCallback

UnregisterBugReportCallback

GetCreateBugReport

SetCreateBugReport

ShowBugReport

SendBugReport

SaveBugReport

PrintBugReport

CompleteBugReport

CriticalBugReportCallbackExists

VVV.google.de

SMTP:

Tcpip\Parameters

VxD\MSTCP

A.ROOT-SERVERS.NET

K.ROOT-SERVERS.NET

VVV.madshi.net_multipart_boundary

LOGIN

AUTH LOGIN

http=

HTTP/1.1

*.txt

BugReport

TSendBugReportExRec

FDefaultMsgBox

defaultMsgBox

BugReportChanged

<tr><td><button onClick="history.back();" style="height:19.5pt;"> 

<button onClick="document.getElementById('bugReport').style.visibility='visible';this.style.visibility='hidden';" style="height:19.5pt;"> 

<textarea id="bugReport" readonly cols="80" rows="20" style="width:100%;height:100%;

Software\Microsoft\Windows

operating system

GetThreadReport

GetCpuRegisters

ServerSupportFunctionNext

kernel32.dll

user32.dll

internal error. please notify [email protected]

HardWareKey

Project.Consts

Project.DebugLog

%TDebugLog<Project.DebugLog.TLogLevel>c

%TDebugLog<Project.DebugLog.TLogLevel>@uF

Auslogics.Debug.Log

Interfaces.Routines

Interfaces.ATUpdaters

Interfaces.TweakManager

Interfaces.PCBoosterHelper

@:%-%S

AT.Classes

VerifyKey

AKey

InstallKey

UninstallKey

BlockCustomKey

BlockKey

Interfaces.Protection

Interfaces.Protection<

TDLLFunctionImport

:TDLLImport.:1

TDLLImport

TImports

TDLLFunctionExport

TExports

Interfaces.Protection4

PExportTreeNode

TExportTreeNode

TExportTree&

TExportTree

ImportArray

ExportArray

ExportTree

FindExport

FindExportPerIndex

GetExportList

FImportTable

FBoundImportTable

&TArray<Interfaces.Protection.TSection>

 TEnumerator<Interfaces.Protection.TSection>(

 TEnumerator<Interfaces.Protection.TSection>x

System.Generics.Collections

 TEnumerable<Interfaces.Protection.TSection>-

 TEnumerable<Interfaces.Protection.TSection>

F:{System.Generics.Collections}TList<Interfaces.Protection.TSection>.:1

)IComparer<Interfaces.Protection.TSection>pkJ

System.Generics.Defaults

6TCollectionNotifyEvent<Interfaces.Protection.TSection>

 IEnumerable<Interfaces.Protection.TSection>lkJ

1TList<Interfaces.Protection.TSection>.TEnumerator5

1TList<Interfaces.Protection.TSection>.TEnumerator

%TList<Interfaces.Protection.TSection>&

%TList<Interfaces.Protection.TSection>

 TObjectList<Interfaces.Protection.TSection><

 TObjectList<Interfaces.Protection.TSection>

TTwofishKeyData

FKeyData

AKeyData

FSessionKey

FPassword

APassword

 TComparison<Interfaces.Protection.TSection>pkJ

)TComparer<Interfaces.Protection.TSection>2

)TComparer<Interfaces.Protection.TSection>

F:{System.Generics.Collections}TList<Interfaces.Protection.TSection>.:3

DebugLogExeption

AT.Logics.SingletonBase

Interfaces.ProductHelper

Interfaces.SettingsHelper

TArray<System.string>

Project.Globals

TATConstsGUIBase.TLResource

RES_FM_MAIN_IMG_STATUS_REPORT RES_FM_MAIN_IMG_STATUS_REPORT_ON!RES_FM_MAIN_IMG_STATUS_REPORT_OFF

AT.GUI.Logics.Base.Consts

ResFmMainImgStatusReport

ResFmMainImgStatusReportState

AMsg

Interfaces.TaskScheduler

Interfaces.TaskScheduler*

Interfaces.DiskCleaner

Interfaces.RegistryCleaner

Interfaces.InternetOptimizer

Globals.TCmdParams

Project.GUI.Globals

;CommonCmdLineParams<Project.GUI.Globals.Globals.TCmdParams>^

;CommonCmdLineParams<Project.GUI.Globals.Globals.TCmdParams>

Project.GUI.CmdLineParams

TATLocalizerGUIBase.TTimeConvert

TATLocalizerGUIBase.TLMsg

MSG_ALL_ABBR_MASK

MSG_ALL_ABBR_BYTES

MSG_ALL_ABBR_BYTE_OR_BYTES

MSG_ALL_ABBR_KILO_BYTE

MSG_ALL_ABBR_MEGA_BYTE

MSG_ALL_ABBR_GIGA_BYTE

MSG_ALL_ABBR_TERA_BYTE

MSG_ALL_ABBR_ZERO

MSG_ALL_TIME_HOUR

MSG_ALL_TIME_HOURS

MSG_ALL_TIME_MINUTE

MSG_ALL_TIME_MINUTES

MSG_ALL_TIME_SECOND

MSG_ALL_TIME_SECONDS

MSG_ALL_USER_NOT_ADMIN

MSG_ALL_TRAY_FIRST_HELP

MSG_ALL_TRAY_PROTECTION_FULL

MSG_ALL_TRAY_PROTECTION_LIMITED

MSG_ALL_STA_ZERO

MSG_ALL_STA_ZERO_TRIAL

MSG_ALL_STA_ZERO_FULL

MSG_ALL_STA_ZERO_RESULT

MSG_ALL_TASKS_AUTOSTART

MSG_ALL_TASKS_AUTOSCAN

MSG_ALL_TASKS_SENDREPORT

MSG_ALL_BENEFIT_1

MSG_ALL_BENEFIT_2

MSG_ALL_BENEFIT_3"MSG_UPSELL_LBL_STATE_NOT_INSTALLED

MSG_UPSELL_LBL_STATE_INSTALLED#MSG_UPSELL_LBL_STATE_NOT_REGISTERED

MSG_UPSELL_LBL_STATE_REGISTERED#MSG_UPSELL_LBL_STATE_ERROR_DOWNLOAD

MSG_UPSELL_LBL_STATE_DOWNLOAD

MSG_UPSELL_LBL_STATE_RUN

MSG_UPSELL_LBL_STATE_REGISTER'MSG_UPSELL_SIMPLE_LBL_CAPTION_PCCLEANUP%MSG_UPSELL_SIMPLE_LBL_CAPTION_PCFIXUP'MSG_UPSELL_SIMPLE_LBL_CAPTION_PCSPEEDUP$MSG_UPSELL_SIMPLE_LBL_DESC_PCCLEANUP"MSG_UPSELL_SIMPLE_LBL_DESC_PCFIXUP$MSG_UPSELL_SIMPLE_LBL_DESC_PCSPEEDUP$MSG_UPSELL_PROJECT_PCCLEANUP_CAPTION(MSG_UPSELL_PROJECT_PCCLEANUP_DESCRIPTION#MSG_UPSELL_PROJECT_PCCLEANUP_SCANER"MSG_UPSELL_PROJECT_PCFIXUP_CAPTION&MSG_UPSELL_PROJECT_PCFIXUP_DESCRIPTION!MSG_UPSELL_PROJECT_PCFIXUP_SCANER$MSG_UPSELL_PROJECT_PCSPEEDUP_CAPTION(MSG_UPSELL_PROJECT_PCSPEEDUP_DESCRIPTION#MSG_UPSELL_PROJECT_PCSPEEDUP_SCANER"MSG_UPSELL_SUITE_PCCLEANUP_CAPTION

MSG_UPSELL_SUITE_PCCLEANUP_LINK MSG_UPSELL_SUITE_PCFIXUP_CAPTION

MSG_UPSELL_SUITE_PCFIXUP_LINK"MSG_UPSELL_SUITE_PCSPEEDUP_CAPTION

MSG_UPSELL_SUITE_PCSPEEDUP_LINK

MSG_UPSELL_SUITE_LINK

MSG_UPSELL_TABLE_HEADER_PRODUCT#MSG_UPSELL_TABLE_HEADER_DESCRIPTION

MSG_UPSELL_TABLE_HEADER_STATUS

MSG_UPSELL_TABLE_HEADER_ACTION

MSG_PG_ES_SUBS_INFO_1

MSG_PG_ES_SUBS_INFO_2

MSG_PG_ES_SUBS_INFO_3

MSG_PG_ES_CONTINUE_INFO_1

MSG_PG_ES_CONTINUE_INFO_2

MSG_PG_ES_CONTINUE_INFO_3

MSG_FM_MAIN_LBL_TOP_MENU

MSG_PG_S_BH_DEFAULT_AUTOSTART

MSG_NF_IA_LBL_TITLE_INSTALL

MSG_NF_IA_LBL_TITLE_DOWNLOADING

MSG_NF_IA_LBL_TITLE_STARTING"MSG_NF_IA_LBL_TITLE_ERROR_DOWNLOAD

MSG_NF_IA_LBL_TITLE_ERROR_RUN!MSG_NF_IA_LBL_DESCRIPTION_INSTALL%MSG_NF_IA_LBL_DESCRIPTION_DOWNLOADING"MSG_NF_IA_LBL_DESCRIPTION_STARTING(MSG_NF_IA_LBL_DESCRIPTION_ERROR_DOWNLOAD*MSG_NF_IA_LBL_DESCRIPTION_ERROR_FREE_SPACE#MSG_NF_IA_LBL_DESCRIPTION_ERROR_RUN(MSG_NF_IA_LBL_DOWNLOAD_CAPTION_PREPARING(MSG_NF_IA_LBL_DOWNLOAD_CAPTION_REMAINING'MSG_NF_IA_LBL_DOWNLOAD_CAPTION_STOPPING

MSG_NF_IA_LBL_DOWNLOAD_SIZE

MSG_NF_IA_BTN_INSTALL

MSG_OFFER_GUARANT

AT.GUI.Logics.Base.Localizer

TATLocalizerGUIBase.TLURL

URL_ALL_COMPANY

URL_ALL_PURCHASE_UPGRADE

URL_APP_CHECK_VERSION

URL_APP_INSTALLER

URL_FM_MAIN_TOP_MENU_MANUAL%URL_FM_MAIN_TOP_MENU_CHECK_FOR_UPDATE'URL_FM_MAIN_BOTTOM_REGISTER_NOW_UPGRADE

URL_UPSELL_PROJECT_PCCLEANUP_A

URL_UPSELL_PROJECT_PCFIXUP_A

URL_UPSELL_PROJECT_PCSPEEDUP_A

URL_UPSELL_PROJECT_PCCLEANUP_B

URL_UPSELL_PROJECT_PCFIXUP_B

URL_UPSELL_PROJECT_PCSPEEDUP_B)URL_UPSELL_PROJECT_PCCLEANUP_PCSUPPORTBAR'URL_UPSELL_PROJECT_PCFIXUP_PCSUPPORTBAR)URL_UPSELL_PROJECT_PCSPEEDUP_PCSUPPORTBAR%URL_UPSELL_PROJECT_PCCLEANUP_PURCHASE#URL_UPSELL_PROJECT_PCFIXUP_PURCHASE%URL_UPSELL_PROJECT_PCSPEEDUP_PURCHASE#URL_UPSELL_PROJECT_PCSUITE_PURCHASE$URL_UPSELL_PROJECT_PCCLEANUP_UPGRADE"URL_UPSELL_PROJECT_PCFIXUP_UPGRADE$URL_UPSELL_PROJECT_PCSPEEDUP_UPGRADE

TATLocalizerGUIBase.TLDef

DEF_PRODUCT_NAME_FOR_URLS

MsgStaZero

MsgStaZeroTrial

MsgStaZeroFull

MsgStaZeroResult

UrlAllCompany

UrlAppCheckVersion

UrlAppInstaller

UrlAllPurchase

UrlUpsellProjectCleanUp

UrlUpsellProjectFixUp

UrlUpsellProjectSpeedUp

UrlPurchaseUpsellProjectCleanUp

UrlPurchaseUpsellProjectFixUp

UrlPurchaseUpsellProjectSpeedUp

UrlPurchaseUpsellProjectSuite

UrlFmMainTopMenuManual

UrlFmMainTopMenuCheckForUpdate

!UrlFmMainBottomRegisterNowUpgrade

DefProductNameForUrls

MsgAllFullProductName

MsgAllUserNotAdmin

MsgAllTrayFirstHelp

MsgAllTrayProtection

MsgAllTasksAutoStart

MsgAllTasksAutoScan