SearchProtectToolbar_pcap_be28dff543

by malwarelabrobot on January 13th, 2015 in Malware Descriptions.

Backdoor.Win32.Farfli.FD, SearchProtectToolbar_pcap.YR (Lavasoft MAS)
Behaviour: Backdoor


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: be28dff543300248ba2fc4b014fa156f
SHA1: 32ab877549b303cfea394a7d7a92eaa0e1494c4a
SHA256: 74a277bb8bb2b4ce0b943a398ec2dd358805b26b97a94ce8dca63a236ecc8185
SSDeep: 12288:QEbPLKsk W2HRSnxcCAJa90agBcrjj WB2k1//DZphYieONqeLIrbGRu6oK1hNWH:QEPbkIxoiCpnv/np ieQIrpHms
Size: 735680 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: ?? 2014 ClientConnect Ltd.
Created at: 2012-02-24 21:19:59
Analyzed on: WindowsXPESX SP3 32-bit


Summary:

Backdoor. Malware that enables a remote control of victim's machine.

Payload

No specific payload has been found.

Process activity

The Backdoor creates the following process(es):
No processes have been created.
The Backdoor injects its code into the following process(es):

%original file name%.exe:1060

Mutexes

The following mutexes were created/opened:

RasPbFile
WininetProxyRegistryMutex
WininetConnectionMutex
WininetStartupMutex
c:!documents and settings!adm!local settings!history!history.ie5!
ShimCacheMutex
c:!documents and settings!adm!cookies!
c:!documents and settings!adm!local settings!temporary internet files!content.ie5!
_!MSFTHISTORY!_
oleacc-msaa-loaded
ZonesCacheCounterMutex
ZonesCounterMutex
ZonesLockedCacheCounterMutex
CTF.LBES.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Compart.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Asm.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.Layouts.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
CTF.TMD.MutexDefaultS-1-5-21-1844237615-1960408961-1801674531-1003
DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
c:!documents and settings!adm!local settings!history!history.ie5!mshist012015011220150113!
_!SHMSFTHISTORY!_

File activity

The process %original file name%.exe:1060 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\button[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\NextButton_Sprite-wide-grey[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\NextButton_Sprite wide[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\icon.png (622 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\manager\scripts\manager.js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\button[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery.dotdotdot.min[1].js (3016 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CancelBG[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\3724833[2].htm (25423 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\webapphost.dll (39329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\X[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\DM_loader.gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[2].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CancelBG[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CancelBGGoogleDialog[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\-[1].png (933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\manager\scripts\gplay.js (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\index[1].html (1255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\FDMClient.dll (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\3724833[1].htm (29613 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\X[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\manager\manager.html (328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\WelcomeScreen.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\BoxBgNew[1].png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\NoneSilentSuccess.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\3724833[2].htm (26894 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\NextButton_Sprite-wide-grey[1].png (2 bytes)
%System%\wbem\Logs\wbemprox.log (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\manager\init.html (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CancelBGGoogleDialog[1].png (83 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\index[1].htm (1889 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\certInlineLB.pfx (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\manager\scripts\jquery-1.10.1.min.js (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\780547[1].htm (23622 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.dotdotdot.min[2].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\adwords_express[1].htm (2159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[1].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\985986[1].htm (31258 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\3724833[1].htm (28444 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SmallLoader[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\985986[1].htm (30015 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\Failed.htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\manager\scripts\WebBrowser_embedded.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\6674bca0-3e48-4131-9b81-5071d5b2c2da[1].jpg (32468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\proxy.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\manager\scripts\sharedWorker.js (296 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\3724833[3].htm (27743 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\customframeapi[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsyB3.tmp (41812 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\SmallLoader[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\NextButton_Sprite-wide-grey[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\64bfde2c-3be5-4981-ab13-3339cc75dd5f[1].png (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\985986[1].htm (25601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\Success.htm (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.dotdotdot.min[1].js (3016 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\-[1].png (933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\adwords_express[1].html (6038 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\InstallationSuccessful[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\3724833[1].htm (31009 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.dotdotdot.min[1].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\System.dll (784 bytes)

The Backdoor deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130218\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[2].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\index[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\adwords_express[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CancelBGGoogleDialog[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013030120130302 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\NextButton_Sprite-wide-grey[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021820130225 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130218 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021820130225\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\X[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\SmallLoader[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CancelBG[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CancelBGGoogleDialog[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\-[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013030120130302\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\button[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\NextButton_Sprite-wide-grey[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp (0 bytes)

Registry activity

The process %original file name%.exe:1060 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"WebBrowser_embedded.exe" = "6000"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015011220150113]
"CacheOptions" = "11"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 14 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015011220150113]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012015011220150113\"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"%original file name%.exe" = "6000"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015011220150113]
"CachePrefix" = ":2015011220150113:"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015011220150113]
"CacheLimit" = "8192"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015011220150113]
"CacheRepair" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1330111199"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C 26 36 AE C0 71 CB BC 82 B2 AF F3 C3 1B 2D 1D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Backdoor deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013030120130302]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021120130218]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021820130225]

The Backdoor deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5 File path
b87a1c92512f3320e907c1534071f4b9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsoB4.tmp\FDMClient.dll
62008374a494afeea2ee2ae9eee4c8c0 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsoB4.tmp\System.dll
07f09c1bf361f757675b77320a08506c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsoB4.tmp\manager\scripts\WebBrowser_embedded.exe
fb2d0b843bf1f8d7150ec2294c983d7d c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsoB4.tmp\webapphost.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: ?? 2014 ClientConnect Ltd.
Product Name: Setup.exe
Product Version: 1.4.0.4.141207.02
Legal Copyright: ?? 2014 ClientConnect Ltd.
Legal Trademarks:
Original Filename: Minecraft.exe
Internal Name:
File Version:
File Description: Setup.exe
Comments:
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 28432 28672 4.50399 f569e353af0ed51bf4c216faa9bed4e7
.rdata 32768 10898 11264 3.04561 91eee43954e068e650f7b73a8b0e6915
.data 45056 425660 512 1.02085 db9f7acbf1c3ddfe255077b699955dfa
.ndata 471040 8130560 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 8601600 7360 7680 3.01562 cbd1c2f25618ac4763be1d130ad20d87
.reloc 8609792 3978 4096 3.67211 0b317a7fb6b762a1feac024cc6713ac7

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 6
3f9c32c5c969cbc52c783018b7b24fbc
6be939c7e5274b05a257ea4036ff230f
297df27b78cf9cae741f82a3e5f7b921
4f6b2cd0177b661a74ee4e0b3ceaf666
802182127e3ab3c609c988aed8d0703a
2588fc9648eae379999ccdb127b149e6

URLs

URL IP
hxxp://199.101.115.225/api/usages/
hxxp://23.9.107.19/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
hxxp://23.9.107.19/Js/jquery.dotdotdot.min.js?fid=1857275GlobalPage
hxxp://23.9.107.19/Js/jquery.dotdotdot.min.js?fid=1857275
hxxp://e8210.g.akamaiedge.net///img/offers/r_ac/r_37/64bfde2c-3be5-4981-ab13-3339cc75dd5f.png
hxxp://e8210.g.akamaiedge.net/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
hxxp://e8210.g.akamaiedge.net///img/offers/r_d1/r_9c/6674bca0-3e48-4131-9b81-5071d5b2c2da.jpg
hxxp://e8210.g.akamaiedge.net/Global/GlobalPage/3724833/?Language=None&Welcome=true
hxxp://e8210.g.akamaiedge.net/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/X.png
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/-.png
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/button.png
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/CancelBG.png
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/InstallationSuccessful.png
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/images/SmallLoader.gif
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/BoxBgNew.png
hxxp://e8210.g.akamaiedge.net/Js/jquery.dotdotdot.min.js?fid=985986
hxxp://e8210.g.akamaiedge.net/Js/jquery.dotdotdot.min.js?fid=1857275
hxxp://e8210.g.akamaiedge.net/Js/jquery.dotdotdot.min.js?fid=1857275GlobalPage
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/CancelBGGoogleDialog.png
hxxp://e6652.g.akamaiedge.net/ps/SearchProtector/SP_UI_AD/prod/adwords_express.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie
hxxp://e8210.g.akamaiedge.net/CmsThemes/Default/Images/NextButton_Sprite wide.png
hxxp://a1128.g1.akamai.net/customoffers/customframeapi.js
hxxp://e6652.g.akamaiedge.net/LMS/PS_searchprotect_express/PS_searchprotect_express.json
hxxp://cms.dmccint.com/CmsThemes/Default/Images/CancelBG.png
hxxp://cms.dmccint.com/CmsThemes/Default/Images/CancelBGGoogleDialog.png
hxxp://cms.dmccint.com/CmsThemes/Default/Images/button.png
hxxp://data.dmccint.com/api/usages/
hxxp://cms.dmccint.com/CmsThemes/Default/Images/-.png
hxxp://cmsstorage.dmccint.com///img/offers/r_d1/r_9c/6674bca0-3e48-4131-9b81-5071d5b2c2da.jpg 23.9.107.19
hxxp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
hxxp://cms.dmccint.com/Js/jquery.dotdotdot.min.js?fid=1857275GlobalPage
hxxp://cms.dmccint.com/Js/jquery.dotdotdot.min.js?fid=1857275
hxxp://cms.dmccint.com/Js/jquery.dotdotdot.min.js?fid=985986
hxxp://cms.dmccint.com/CmsThemes/Default/Images/X.png
hxxp://cms.dmccint.com/CmsThemes/Default/images/SmallLoader.gif
hxxp://cms.dmccint.com/CmsThemes/Default/Images/BoxBgNew.png
hxxp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
hxxp://cms.dmccint.com/CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png
hxxp://cmsstorage.dmccint.com///img/offers/r_ac/r_37/64bfde2c-3be5-4981-ab13-3339cc75dd5f.png 23.9.107.19
hxxp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
hxxp://dehosting.dmccint.com/customoffers/customframeapi.js 184.84.243.32
hxxp://cms.dmccint.com/CmsThemes/Default/Images/InstallationSuccessful.png
hxxp://cms.dmccint.com/CmsThemes/Default/Images/NextButton_Sprite wide.png
hxxp://storage.stgbssint.com/ps/SearchProtector/SP_UI_AD/prod/adwords_express.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie 23.9.102.129


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /customoffers/customframeapi.js HTTP/1.1
Accept: */*
Referer: hXXp://storage.stgbssint.com/ps/SearchProtector/SP_UI_AD/prod/adwords_express.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dehosting.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Wed, 03 Sep 2014 13:26:01 GMT
Accept-Ranges: bytes
ETag: "46a2919a7ac7cf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 798
Cache-Control: private, max-age=31536000
Expires: Tue, 12 Jan 2016 06:36:07 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
Vary: Accept-Encoding
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"....i[T.t.N.....7NRz..:]eu.l...
..4_N.Y.....Y...T.U...[e5..a<...;w...,......;......X.3...Y....G..W.
...(g....`B_..W.....2/.......j......=...\...^d.|..b.Z.............}4r.
.....Wu.UP....H.w........w.|....8O.:..W|.h..m]L.m...,k..I>......N..
~...e.....k.uM8./po\....`]...yu..'Y...?#.4o..a.A..S..j..e<q.}.~...t
.O.....H?z..k?J....f...~I..M~s.M...m.|..c...Y~...6.o..0. Z....We6....9
.......zo.z..w........\..Rk.....K./..1..D........m.8....h:.l...w.t.0o?
J0...h.,..............$=..._.....n.l..... ...F..3.V......U^.Ok]@.....K
..b..>...o;..t`m....jZ..|t...Cj......y.[...v..Z...?.|..?......[..].
.`.i..A.q..4m.....#.F|U,g..X.......I.'.."....z#.......h.......a..b.K.#
L...k.M..-..&...6z..........;....8".F...HTTP/1.1 200 OK..Content-Type:
 application/x-javascript..Content-Encoding: gzip..Last-Modified: Wed,
 03 Sep 2014 13:26:01 GMT..Accept-Ranges: bytes..ETag: "46a2919a7ac7cf
1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Content-Length
: 798..Cache-Control: private, max-age=31536000..Expires: Tue, 12 Jan 
2016 06:36:07 GMT..Date: Mon, 12 Jan 2015 06:36:07 GMT..Connection: ke
ep-alive..Vary: Accept-Encoding...............`.I.%&/m.{.J.J..t...`.$.
[email protected]#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.
?"....i[T.t.N.....7NRz..:]eu.l.....4_N.Y.....Y...T.U...[e5..a<...;w
...,......;......X.3...Y....G..W....(g....`B_..W.....2/.......j......=
...\...^d.|..b.Z.............}4r......Wu.UP....H.w........w.|....8
<<< skipped >>>


GET /ps/SearchProtector/SP_UI_AD/prod/adwords_express.html?Lang=en&UM=-1&CType=-1&DownLoadBrowser=ie HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: storage.stgbssint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 36273
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Thu, 21 Aug 2014 07:42:36 GMT
Accept-Ranges: bytes
ETag: "03ea67913bdcf1:528"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private, max-age=86400
Expires: Tue, 13 Jan 2015 06:36:07 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
Vary: Accept-Encoding
Access-Control-Max-Age: 604800
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: origin, content-type
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: *
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
...............6.(.........n...n..|PAk..L<....L.Q Yl..fL.......^..}
.........8....V....(.3.{..LZ.w.P(....o....|......._>.].u.{..._>{
......>xt|.....w_.....xt.{S.Y..$...............R......jt.`....o^._c
.c..|..W.h...)..I. .%....gk...V:.?o.w"x.gJfj..f#..B.D...:..&..e\.R..Z.
....T.Ry..1...R.....*S..,m..{._....O..l.......1.../...O...|..)O....5?/
x)S.P<.6[...\.<..&....S.U..%WK.L.Q.-Q..$.]..E.E'.M.\&..|.r.r..".
....N..B%.8..ir.E...*H29.......d.p&.....X.".rH.8..g...<M.M.%.....\.
h.V.GP.[........U...../T.N....FU.]....Fk.L..^.;h.W.R]F......=Je\..&.=.
.h..Ur.. %..........2)7i|.hH......@..'..y.&.R/..Rf.j.R&......v~C....$.
"T9eB2.]..........h:..ls.............x.v.i..s....w.Q..&.....Zq.;..Z...
!.b.A.W.Q.....n..Z,x..'u.kq.....I.....E!efjo...k..JG....xs. .4Y.~.\...
.....".fK$..J.n.'._ ..8....uW.*^').[\$q.....J..!.oU.J.M....?.....7Q...
..4..X..#\.~O..?.Zh4.7.5.......5...........b......... .<..^..a.....
.x.h{@.?..e.?.[.._.J...(.].....?...)..B...l.CM.....r.=.?.r.H......b...
P... =...l..{..I .N............pu...........d.'. ......m.o6v.t.6..E.B.
1.-.J.%.NL..'.=...HB....?............I.3-.Z.......>9..^|^..V.3.....
;...wt...H......L.=.......mL.jtl.Xt.>...&i.8...j*p..o.7n...../.....
......|.......F....[Y...C./.E.Q.....].c..p|.o.....'.......P..........(
L.H...Z. .O?c....d!.RB.......X........W_..q..G.j.N..:...7H..j.-..Pr.n.
.E/..O....z..B..|...!......./E\.....R..!.[.....v.7b6. ..>.|)6.E.A..
.>7..._.G...k.J...~..7b1R.kU@W.;.\.....e.od.n..X. q..E.'.T.".e..w=Z
ePa.0..l....l0.O.it..w6...r...|2...V.x.1..........H..0; ..O.<}z
<<< skipped >>>


GET /CmsThemes/Default/Images/-.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "ecdb349252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "ecdb349252bd01:0"
Cache-Control: private, max-age=16729
Expires: Mon, 12 Jan 2015 11:14:55 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/button.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "6e4bd49252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "6e4bd49252bd01:0"
Cache-Control: private, max-age=18000
Expires: Mon, 12 Jan 2015 11:36:06 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/NextButton_Sprite wide.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "402ad449252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 2779
Cache-Control: private, max-age=1110
Expires: Mon, 12 Jan 2015 06:54:37 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
.PNG........IHDR.......}........R....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:72B2EB22C3E111E3AEC3EB
792256C508" xmpMM:DocumentID="xmp.did:72B2EB23C3E111E3AEC3EB792256C508
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72B2EB20C3E111E3
AEC3EB792256C508" stRef:documentID="xmp.did:72B2EB21C3E111E3AEC3EB7922
56C508"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.x.I...MIDATx....k]i...s..i..j....n.bq.2.
c.Zq....("..A......tQ.S..8. h..af1.....f3.XZ.J[.T.i3.Mnnn.9..7..L.].C.
......dw6_....v..y=E=y...P.)........s..........#UU.8_.4A..k.Vk...{....
......b......w....,.E./[email protected]..];z......f....34...v[...H1....g..
....'.......bss.H......699y...^..0...TU....h.V ..x.sOL.?r..@JYX...:4..
.$...?!.@.. .B......t&.H3.KM..d.... ..... ..... .&(..H6..C.H5..C....@.
..T.... ..... ..... .&(..H6..C.H5..C.H...A.. ..............4B0....,g..
..,..n..;......G.|r........r.1..o..b..........mp.)...B.u....l......../
.\..`~~......P...C{.... ..Fh.W/].t....7..N,.1....'..D..z..c.......
<<< skipped >>>

GET /CmsThemes/Default/images/SmallLoader.gif HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "d6cfd949252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/gif
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "d6cfd949252bd01:0"
Cache-Control: private, max-age=17999
Expires: Mon, 12 Jan 2015 11:36:06 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/X.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "7aa0dd49252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "7aa0dd49252bd01:0"
Cache-Control: private, max-age=17307
Expires: Mon, 12 Jan 2015 11:24:34 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/BoxBgNew.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "e0d5ba49252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "e0d5ba49252bd01:0"
Cache-Control: private, max-age=1281
Expires: Mon, 12 Jan 2015 06:57:28 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/button.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "6e4bd49252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "6e4bd49252bd01:0"
Cache-Control: private, max-age=17999
Expires: Mon, 12 Jan 2015 11:36:06 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/X.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "7aa0dd49252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "7aa0dd49252bd01:0"
Cache-Control: private, max-age=17307
Expires: Mon, 12 Jan 2015 11:24:34 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "28ffd549252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "28ffd549252bd01:0"
Cache-Control: private, max-age=17999
Expires: Mon, 12 Jan 2015 11:36:06 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "62dc049252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "62dc049252bd01:0"
Cache-Control: private, max-age=1111
Expires: Mon, 12 Jan 2015 06:54:38 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/X.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "7aa0dd49252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "7aa0dd49252bd01:0"
Cache-Control: private, max-age=17307
Expires: Mon, 12 Jan 2015 11:24:34 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "28ffd549252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "7aa0dd49252bd01:0"
Cache-Control: private, max-age=17307
Expires: Mon, 12 Jan 2015 11:24:34 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....



POST /api/usages/ HTTP/1.1
Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: data.dmccint.com
Content-Length: 2301
Connection: Keep-Alive
Cache-Control: no-cache

{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "32089" , "json_send_time" : "2015-1-12.3:24:11:655" , "phase" : "StartingLoop" , "phase_type" : "technical" , "order" : "" , "result" : "Success" , "error_details" : "" , "phase_duration" : "2422" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "extra_details" : "" , "attempt_number" : "1" , "offer_id" : "" , "offer_suggestion_number" : "" , "installation_session_id" : "61e2d6c4-20da-48df-ace5-9e0978d3a621" , "publisher_id" : "Incredimail / Perion" , "publisher_internal_id" : "198" , "activated_by_stub" : "0" , "stub_version" : "no_stub" , "welcome_screen" : "0", "publisher_account_id" : "A-480753" , "channel_id" : "" , "machine_user_id" : "SYMSEKIOXZBUAJHS1WVTWMFHOKY3NXHGTN4I0LTE/5O9BOIYIVKIMF3CSRVRMX8UX35IMHZ46IKGV8D2XDOQXG" , "bundle_id" : "0b9743f2-3fb2-43e6-b2aa-715431425a3e" , "general_id" : "unknown" , "dm_version" : "1.4.0.4.141207.02" , "build_id" : "00000000" , "mrs_id" : "17" , "mrs_file_version" : "Naive_recommender_Bayesian_adjust_2015-01-12.csv" , "user_operating_sys
HTTP/1.1 202 Accepted
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Mon, 12 Jan 2015 06:35:19 GMT
Content-Length: 0
....


POST /api/usages/ HTTP/1.1


Accept: */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11
Host: data.dmccint.com
Content-Length: 2253
Connection: Keep-Alive
Cache-Control: no-cache

{ "send_attempt" : "1" , "platform" : "Windows" , "slot_max_size" : "1" , "ioa" : "0" , "sln" : "32089" , "json_send_time" : "2015-1-12.3:24:12:249" , "phase" : "ChromeError" , "phase_type" : "regular" , "order" : "" , "result" : "Error" , "error_details" : "error: did not found chrome full path" , "phase_duration" : "0" , "duration_details" : "" , "general_status_code" : "" , "internal_error_number" : "" , "internal_error_description" : "" , "language_format" : "en" , "language_selected" : "None" , "Is_Test" : "0" , "download_url" : "" , "installation_session_id" : "61e2d6c4-20da-48df-ace5-9e0978d3a621" , "publisher_id" : "Incredimail / Perion" , "publisher_internal_id" : "198" , "activated_by_stub" : "0" , "stub_version" : "no_stub" , "welcome_screen" : "0", "publisher_account_id" : "A-480753" , "channel_id" : "" , "machine_user_id" : "SYMSEKIOXZBUAJHS1WVTWMFHOKY3NXHGTN4I0LTE/5O9BOIYIVKIMF3CSRVRMX8UX35IMHZ46IKGV8D2XDOQXG" , "bundle_id" : "0b9743f2-3fb2-43e6-b2aa-715431425a3e" , "general_id" : "unknown" , "dm_version" : "1.4.0.4.141207.02" , "build_id" : "00000000" , "mrs_id" : "17" , "mrs_file_version" : "Naive_recommender_Bayesian_adjust_2015-01-12.csv" , "user_operating_system" : "Microsoft Windows XP" , "user_service_pa
HTTP/1.1 202 Accepted
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Mon, 12 Jan 2015 06:35:19 GMT
Content-Length: 0
HTTP/1.1 202 Accepted..Cache-Control: no-cache..Pragma: no-cache..Expi
res: -1..Server: Microsoft-IIS/8.5..X-AspNet-Version: 4.0.30319..X-Pow
ered-By: ASP.NET..P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND
 UNI COM NAV INT"..Date: Mon, 12 Jan 2015 06:35:20 GMT..Content-Length
: 0..HTTP/1.1 202 Accepted..Cache-Control: no-cache..Pragma: no-cache.
.Expires: -1..Server: Microsoft-IIS/8.5..X-AspNet-Version: 4.0.30319..
X-Powered-By: ASP.NET..P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BU
S IND UNI COM NAV INT"..Date: Mon, 12 Jan 2015 06:35:20 GMT..Content-L
ength: 0..



GET /Js/jquery.dotdotdot.min.js?fid=1857275GlobalPage HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 08 Jan 2015 09:27:15 GMT
Accept-Ranges: bytes
ETag: "946714a252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 6149
Cache-Control: private, max-age=16789
Expires: Mon, 12 Jan 2015 11:15:09 GMT
Date: Mon, 12 Jan 2015 06:35:20 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.ww
w.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dua
l licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/
wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_Li
cense. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.e
mpty();for(var i=0,d=r.length;d>i;i  ){var l=r.eq(i);if(t.append(l)
,n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}f
unction r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, 
colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgro
up, option, textarea, script, style",u="script, .dotdotdot-keep";retur
n e.contents().detach().each(function(){var f=this,h=t(f);if("undefine
d"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is
(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"a
ppend"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.de
tach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];i
f(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o
.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLet
ter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y
);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).joi
n(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g
[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.len
gth&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>

GET /Js/jquery.dotdotdot.min.js?fid=1857275 HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive



n e?"string"==typeof e?(e=t(e,n),e.length?e:!1):e.jquery?e:!1:!1}funct
ion h(t){for(var e=t.innerHeight(),n=["paddingTop","paddingBottom"],r=
0,o=n.length;o>r;r  ){var a=parseInt(t.css(n[r]),10);isNaN(a)&&(a=0
),e-=a}return e}if(!t.fn.dotdotdot){t.fn.dotdotdot=function(e){if(0==t
his.length)return t.fn.dotdotdot.debug('No element found for "' this.s
elector '".'),this;if(this.length>1)return this.each(function(){t(t
his).dotdotdot(e)});var o=this;o.data("dotdotdot")&&o.trigger("destroy
.dot"),o.data("dotdotdot-style",o.attr("style")||""),o.css("word-wrap"
,"break-word"),"nowrap"===o.css("white-space")&&o.css("white-space","n
ormal"),o.bind_events=function(){return o.bind("update.dot",function(e
,d){e.preventDefault(),e.stopPropagation(),l.maxHeight="number"==typeo
f l.height?l.height:h(o),l.maxHeight =l.tolerance,"undefined"!=typeof 
d&&(("string"==typeof d||d instanceof HTMLElement)&&(d=t("<div />
;").append(d).contents()),d instanceof t&&(i=d)),g=o.wrapInner('<di
v class="dotdotdot" />').children(),g.contents().detach().end().app
end(i.clone(!0)).find("br").replaceWith("  <br />  ").end().css(
{height:"auto",width:"auto",border:"none",padding:0,margin:0});var c=!
1,u=!1;return s.afterElement&&(c=s.afterElement.clone(!0),c.show(),s.a
fterElement.detach()),a(g,l)&&(u="children"==l.wrap?n(g,l,c):r(g,o,g,l
,c)),g.replaceWith(g.contents()),g=null,t.isFunction(l.callback)&&l.ca
llback.call(o[0],u,i),s.isTruncated=u,u}).bind("isTruncated.dot",funct
ion(t,e){retur..


GET /Js/jquery.dotdotdot.min.js?fid=1857275 HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 08 Jan 2015 09:27:15 GMT
Accept-Ranges: bytes
ETag: "946714a252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 6149
Cache-Control: private, max-age=16803
Expires: Mon, 12 Jan 2015 11:15:24 GMT
Date: Mon, 12 Jan 2015 06:35:21 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.ww
w.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dua
l licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/
wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_Li
cense. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.e
mpty();for(var i=0,d=r.length;d>i;i  ){var l=r.eq(i);if(t.append(l)
,n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}f
unction r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, 
colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgro
up, option, textarea, script, style",u="script, .dotdotdot-keep";retur
n e.contents().detach().each(function(){var f=this,h=t(f);if("undefine
d"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is
(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"a
ppend"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.de
tach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];i
f(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o
.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLet
ter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y
);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).joi
n(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g
[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.len
gth&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>

GET /MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 168287
Cache-Control: private, max-age=17984
Expires: Mon, 12 Jan 2015 11:35:10 GMT
Date: Mon, 12 Jan 2015 06:35:26 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie
 ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie
 ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie
 ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie
 ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html&
gt; <![endif]-->..<head>.. <meta http-equiv="X-UA-Compa
tible" content="IE=edge" />..    <meta charset="utf-8" />..  
 ..     <title>installation</title>..    <style>./* 
======================================================================
=======..   HTML5 Boilerplate CSS: h5bp.com/css..   ==================
======================================================== */..article, 
aside, details, figcaption, figure, footer, header, hgroup, nav, secti
on { display: block; }..audio, canvas, video { display: inline-block; 
*display: inline; *zoom: 1; }..audio:not([controls]) { display: none; 
}..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-s
ize-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, 
select, textarea { font-family: sans-serif; color: #222; }..body { mar
gin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-s
hadow: none; }..::selection {  text-shadow: none; }..a { color: #00e; 
outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..
a:focus { outline: none ; }..a:hover, a:active { outline: none;border:
 none; }...ie7 a:focus, *:focus {..     noFocusLine: expression(th
<<< skipped >>>

GET /DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 176083
Cache-Control: private, max-age=17986
Expires: Mon, 12 Jan 2015 11:35:36 GMT
Date: Mon, 12 Jan 2015 06:35:50 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie
 ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie
 ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie
 ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie
 ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html&
gt; <![endif]-->..<head>.. <meta http-equiv="X-UA-Compa
tible" content="IE=edge" />..    <meta charset="utf-8" />..  
 ..     <title>installation</title>..    <style>./* 
======================================================================
=======..   HTML5 Boilerplate CSS: h5bp.com/css..   ==================
======================================================== */..article, 
aside, details, figcaption, figure, footer, header, hgroup, nav, secti
on { display: block; }..audio, canvas, video { display: inline-block; 
*display: inline; *zoom: 1; }..audio:not([controls]) { display: none; 
}..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-s
ize-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, 
select, textarea { font-family: sans-serif; color: #222; }..body { mar
gin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-s
hadow: none; }..::selection {  text-shadow: none; }..a { color: #00e; 
outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..
a:focus { outline: none ; }..a:hover, a:active { outline: none;border:
 none; }...ie7 a:focus, *:focus {..     noFocusLine: expression(th
<<< skipped >>>

GET /Global/GlobalPage/3724833/?Language=None&Welcome=true HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 188190
Cache-Control: private, max-age=17944
Expires: Mon, 12 Jan 2015 11:35:10 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie
 ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie
 ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie
 ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie
 ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html&
gt; <![endif]-->..<head>.. <meta http-equiv="X-UA-Compa
tible" content="IE=edge" />..    <meta charset="utf-8" />..  
 ..     <title>installation</title>..    <style>./* 
======================================================================
=======..   HTML5 Boilerplate CSS: h5bp.com/css..   ==================
======================================================== */..article, 
aside, details, figcaption, figure, footer, header, hgroup, nav, secti
on { display: block; }..audio, canvas, video { display: inline-block; 
*display: inline; *zoom: 1; }..audio:not([controls]) { display: none; 
}..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-s
ize-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, 
select, textarea { font-family: sans-serif; color: #222; }..body { mar
gin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-s
hadow: none; }..::selection {  text-shadow: none; }..a { color: #00e; 
outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..
a:focus { outline: none ; }..a:hover, a:active { outline: none;border:
 none; }...ie7 a:focus, *:focus {..     noFocusLine: expression(th
<<< skipped >>>

GET /CmsThemes/Default/Images/X.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "7aa0dd49252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1076
Cache-Control: private, max-age=17309
Expires: Mon, 12 Jan 2015 11:24:35 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e&
lt;... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5 Windows" xmpMM:InstanceID="xmp.iid:CBFD1020532511E199C4D62405
85BDC2" xmpMM:DocumentID="xmp.did:CBFD1021532511E199C4D6240585BDC2">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CBFD101E532511E199C4
D6240585BDC2" stRef:documentID="xmp.did:CBFD101F532511E199C4D6240585BD
C2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>..q<....IDATx.b)--}...p..}.....i...2q u...
2... v..F.$3.Z...@...$..&..%..i. ....@......... g5.[[email protected] ..T..._f@.
.0.L.6 N..EP....v.$..}.v.H;..v [email protected]....`.uP(...@..*..........1.
%>.d....IEND.B`.....


GET /CmsThemes/Default/Images/-.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "ecdb349252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 933
Cache-Control: private, max-age=16770
Expires: Mon, 12 Jan 2015 11:15:36 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
.PNG........IHDR.............e.......tEXtSoftware.Adobe ImageReadyq.e&
lt;... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5 Windows" xmpMM:InstanceID="xmp.iid:C8E631185D6711E1A99F8AF4FF
A87D51" xmpMM:DocumentID="xmp.did:C8E631195D6711E1A99F8AF4FFA87D51">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C8E631165D6711E1A99F
8AF4FFA87D51" stRef:documentID="xmp.did:C8E631175D6711E1A99F8AF4FFA87D
51"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>Z..G....IDATx.b,--.a``8....01.........{f.....
..IEND.B`.....


GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "28ffd549252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 2562
Cache-Control: private, max-age=17309
Expires: Mon, 12 Jan 2015 11:24:35 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
.PNG........IHDR.......}........R....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:72B2EB26C3E111E3AEC3EB
792256C508" xmpMM:DocumentID="xmp.did:72B2EB27C3E111E3AEC3EB792256C508
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72B2EB24C3E111E3
AEC3EB792256C508" stRef:documentID="xmp.did:72B2EB25C3E111E3AEC3EB7922
56C508"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.......tIDATx....o\W...{f.........P.hb..V
DQ..R!..*6f.... ..T.6..."V(...*..Xb.#!;.H...r.R.3q.nR?.^..~h&.....9..2
v.f...|.;.1.(...R..~...N.{6.....[.e.'-..1(..k6[K.V.r.}.^ul...._...3[[.
7..S.|p.....3g.Z./_.... Cxw?...G9...BC...R.....Lmnn^.<^o........b..
.Z...{.`~.....d......x...I0..L..HM...."[email protected]..`.... ..4..... .I07....$
h;..T#...C.H4...v(.iF.v(.IG.v(.)F.....;..0..T#XM.&A...`=.. .)F.(r.....
.<[email protected]...#Xm.... ...:..d#XO."[email protected].`.. ..F...%. .IF.W).
.l.C#...NZ..b.B.8........./..s.............;.^..E.MY"."....?{.'Y}%....
\`....jg...\y.......6a...$~.....s.f~..K/.-.....9...Fu......|.....l
<<< skipped >>>

GET /CmsThemes/Default/Images/button.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "6e4bd49252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 3937
Cache-Control: private, max-age=732
Expires: Mon, 12 Jan 2015 06:48:18 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
.PNG........IHDR...............r.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:E4C0C980D870E111A2F7CE32BC247645" xmpMM:DocumentID="xmp.did:1D12
B49752CE11E4A35AAE9F3918A442" xmpMM:InstanceID="xmp.iid:1D12B49652CE11
E4A35AAE9F3918A442" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> 
<xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4A3B36E671AF11E1BCD6B8
635898C9B3" stRef:documentID="xmp.did:4A3B36E771AF11E1BCD6B8635898C9B3
"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> &l
t;?xpacket end="r"?>o.a*....IDATx...k.e.A......{..........P.K......
....*~.i.....i...V$...E.....Z.TJ.1..:*..m......*i..jn..;3.....]k.s..L.
o".}~.a.9.O.e}.._{....i..,.... ...g...._..-... ..".=....qT.{9..,../..?
}...}...~..=............G...~,[email protected].. u....... ?.H.
."<....Ey......W......,|.?~)....f..^;..W.........w.k7.1...z..^Q\Q..
......l./4...`.B..-....X..Kygy.....F.......u:.n&.....G.g.&...zvo......
.....hz...........hz.....v.y.&...zY.-..,L.......z.7.X...{...izvo..(.WU
..7.....t...._.h..f..^;...,~.....r.......TWg.......k.V.......T..=f
<<< skipped >>>

GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "62dc049252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 2726
Cache-Control: private, max-age=17309
Expires: Mon, 12 Jan 2015 11:24:35 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
.PNG........IHDR...>.........$.=.....sRGB.........gAMA......a.....p
HYs.......... ......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:co
m.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"
?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5
.0-c060 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:
rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Descript
ion rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM=
"hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap
/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows"
 xmpMM:InstanceID="xmp.iid:257C616565E511E1B1E4ACFCC563EDC8" xmpMM:Doc
umentID="xmp.did:257C616665E511E1B1E4ACFCC563EDC8"> <xmpMM:Deriv
edFrom stRef:instanceID="xmp.iid:257C616365E511E1B1E4ACFCC563EDC8" stR
ef:documentID="xmp.did:257C616465E511E1B1E4ACFCC563EDC8"/> </rdf
:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end=
"r"?>...P....IDATx^...N#K.....%[email protected]..$`.3U..j.3.h0..%m..E.i
W.'........ ..?.......<<<.......V..i..d...`....S......v... ..
..S.Y.....r.._677...F..>=~....8z.....yyy)......`~r.>u.s{{.......
........Y.>5z.......!|....l6 [[[-z..x.........j...o{j..............
....EN...O..:..#....2....O......S.Y.?.......S.g.>..]b..X75eV]s....!
|.//...#|........S..........j!|...........j....\u...:'''.....;;;C.....
....UM...O...?OOO..........F...?.W...U....X.............%v....O..!|...
./X.4.....!|.......!|.......!|.......!|.......!|.......!|.......!|
<<< skipped >>>

GET /CmsThemes/Default/Images/X.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "7aa0dd49252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1076
Cache-Control: private, max-age=17309
Expires: Mon, 12 Jan 2015 11:24:35 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e&
lt;... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5 Windows" xmpMM:InstanceID="xmp.iid:CBFD1020532511E199C4D62405
85BDC2" xmpMM:DocumentID="xmp.did:CBFD1021532511E199C4D6240585BDC2">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CBFD101E532511E199C4
D6240585BDC2" stRef:documentID="xmp.did:CBFD101F532511E199C4D6240585BD
C2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>..q<....IDATx.b)--}...p..}.....i...2q u...
2... v..F.$3.Z...@...$..&..%..i. ....@......... g5.[[email protected] ..T..._f@.
.0.L.6 N..EP....v.$..}.v.H;..v [email protected]....`.uP(...@..*..........1.
%>.d....IEND.B`.....


GET /CmsThemes/Default/Images/-.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "ecdb349252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 933
Cache-Control: private, max-age=16770
Expires: Mon, 12 Jan 2015 11:15:36 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
.PNG........IHDR.............e.......tEXtSoftware.Adobe ImageReadyq.e&
lt;... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5 Windows" xmpMM:InstanceID="xmp.iid:C8E631185D6711E1A99F8AF4FF
A87D51" xmpMM:DocumentID="xmp.did:C8E631195D6711E1A99F8AF4FFA87D51">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C8E631165D6711E1A99F
8AF4FFA87D51" stRef:documentID="xmp.did:C8E631175D6711E1A99F8AF4FFA87D
51"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>Z..G....IDATx.b,--.a``8....01.........{f.....
..IEND.B`.....


GET /CmsThemes/Default/Images/BoxBgNew.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "e0d5ba49252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 5182
Cache-Control: private, max-age=17310
Expires: Mon, 12 Jan 2015 11:24:36 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
.PNG........IHDR...[...G......9......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "62dc049252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 2726
Cache-Control: private, max-age=17309
Expires: Mon, 12 Jan 2015 11:24:35 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
.PNG........IHDR...>.........$.=.....sRGB.........gAMA......a.....p
HYs.......... ......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:co
m.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"
?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5
.0-c060 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:
rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Descript
ion rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM=
"hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap
/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows"
 xmpMM:InstanceID="xmp.iid:257C616565E511E1B1E4ACFCC563EDC8" xmpMM:Doc
umentID="xmp.did:257C616665E511E1B1E4ACFCC563EDC8"> <xmpMM:Deriv
edFrom stRef:instanceID="xmp.iid:257C616365E511E1B1E4ACFCC563EDC8" stR
ef:documentID="xmp.did:257C616465E511E1B1E4ACFCC563EDC8"/> </rdf
:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end=
"r"?>...P....IDATx^...N#K.....%[email protected]..$`.3U..j.3.h0..%m..E.i
W.'........ ..?.......<<<.......V..i..d...`....S......v... ..
..S.Y.....r.._677...F..>=~....8z.....yyy)......`~r.>u.s{{.......
........Y.>5z.......!|....l6 [[[-z..x.........j...o{j..............
....EN...O..:..#....2....O......S.Y.?.......S.g.>..]b..X75eV]s....!
|.//...#|........S..........j!|...........j....\u...:'''.....;;;C.....
....UM...O...?OOO..........F...?.W...U....X.............%v....O..!|...
./X.4.....!|.......!|.......!|.......!|.......!|.......!|.......!|
<<< skipped >>>

GET /Js/jquery.dotdotdot.min.js?fid=985986 HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Thu, 08 Jan 2015 09:27:15 GMT
Accept-Ranges: bytes
ETag: "946714a252bd01:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 6149
Cache-Control: private, max-age=5691
Expires: Mon, 12 Jan 2015 08:10:57 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.ww
w.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dua
l licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/
wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_Li
cense. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.e
mpty();for(var i=0,d=r.length;d>i;i  ){var l=r.eq(i);if(t.append(l)
,n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}f
unction r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, 
colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgro
up, option, textarea, script, style",u="script, .dotdotdot-keep";retur
n e.contents().detach().each(function(){var f=this,h=t(f);if("undefine
d"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is
(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"a
ppend"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.de
tach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];i
f(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o
.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLet
ter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y
);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).joi
n(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g
[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.len
gth&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>

GET /Js/jquery.dotdotdot.min.js?fid=1857275GlobalPage HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:15 GMT
If-None-Match: "946714a252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 08 Jan 2015 09:27:15 GMT
ETag: "946714a252bd01:0"
Cache-Control: private, max-age=16743
Expires: Mon, 12 Jan 2015 11:15:09 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
....


GET /Js/jquery.dotdotdot.min.js?fid=1857275 HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:15 GMT
If-None-Match: "946714a252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 08 Jan 2015 09:27:15 GMT
ETag: "946714a252bd01:0"
Cache-Control: private, max-age=16758
Expires: Mon, 12 Jan 2015 11:15:24 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
....


GET /Js/jquery.dotdotdot.min.js?fid=985986 HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Thu, 08 Jan 2015 09:27:15 GMT
Accept-Ranges: bytes
ETag: "946714a252bd01:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 6149
Cache-Control: private, max-age=5691
Expires: Mon, 12 Jan 2015 08:10:57 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.ww
w.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dua
l licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/
wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_Li
cense. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.e
mpty();for(var i=0,d=r.length;d>i;i  ){var l=r.eq(i);if(t.append(l)
,n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}f
unction r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, 
colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgro
up, option, textarea, script, style",u="script, .dotdotdot-keep";retur
n e.contents().detach().each(function(){var f=this,h=t(f);if("undefine
d"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is
(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"a
ppend"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.de
tach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];i
f(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o
.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLet
ter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y
);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).joi
n(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g
[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.len
gth&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>

GET /CmsThemes/Default/Images/X.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "7aa0dd49252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "7aa0dd49252bd01:0"
Cache-Control: private, max-age=17309
Expires: Mon, 12 Jan 2015 11:24:35 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:08 GMT
If-None-Match: "38cde645252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "28ffd549252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 2562
Cache-Control: private, max-age=17309
Expires: Mon, 12 Jan 2015 11:24:35 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
.PNG........IHDR.......}........R....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:72B2EB26C3E111E3AEC3EB
792256C508" xmpMM:DocumentID="xmp.did:72B2EB27C3E111E3AEC3EB792256C508
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72B2EB24C3E111E3
AEC3EB792256C508" stRef:documentID="xmp.did:72B2EB25C3E111E3AEC3EB7922
56C508"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.......tIDATx....o\W...{f.........P.hb..V
DQ..R!..*6f.... ..T.6..."V(...*..Xb.#!;.H...r.R.3q.nR?.^..~h&.....9..2
v.f...|.;.1.(...R..~...N.{6.....[.e.'-..1(..k6[K.V.r.}.^ul...._...3[[.
7..S.|p.....3g.Z./_.... Cxw?...G9...BC...R.....Lmnn^.<^o........b..
.Z...{.`~.....d......x...I0..L..HM...."[email protected]..`.... ..4..... .I07....$
h;..T#...C.H4...v(.iF.v(.IG.v(.)F.....;..0..T#XM.&A...`=.. .)F.(r.....
.<[email protected]...#Xm.... ...:..d#XO."[email protected].`.. ..F...%. .IF.W).
.l.C#...NZ..b.B.8........./..s.............;.^..E.MY"."....?{.'Y}%....
\`....jg...\y.......6a...$~.....s.f~..K/.-.....9...Fu......|.....l
<<< skipped >>>

GET /CmsThemes/Default/Images/CancelBGGoogleDialog.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:07 GMT
Accept-Ranges: bytes
ETag: "b460d145252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 6035
Cache-Control: private, max-age=1131
Expires: Mon, 12 Jan 2015 06:54:58 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
.PNG........IHDR...J...1.............sRGB.........gAMA......a.....pHYs
.......... ......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.a
dobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?&g
t; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-
c060 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf
="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description
 rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="ht
tp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.
0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xm
pMM:InstanceID="xmp.iid:257C616565E511E1B1E4ACFCC563EDC8" xmpMM:Docume
ntID="xmp.did:257C616665E511E1B1E4ACFCC563EDC8"> <xmpMM:DerivedF
rom stRef:instanceID="xmp.iid:257C616365E511E1B1E4ACFCC563EDC8" stRef:
documentID="xmp.did:257C616465E511E1B1E4ACFCC563EDC8"/> </rdf:De
scription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"
?>...P....IDATx^...N....P...L.).A(...A."1...$<rcK...r....] .E. 8
.^..[......o........ @.7.u&... @......(J..... @...'...^z....puu5...c..
......cmmm:.#@.......g......{..u>|.0.....?~.......i..........(JQ^..
. @....,p......pyy9lnn.....1_z./....^;..... @`...x....v:nnn....aooo..(
J..I...SI...W.....F.......u..OBz.(.%i>.....*........ @.............
p}}=lmmMg.......O.9...../&@..............|[email protected]....
. . .8.t||<.A.[.|Vi>.4~}..%g.z.... @...6......J....F..l.........
y".W....\..O.-?t..N..... @`...o..K.|.m,J.1.%..V..!-..... .........
<<< skipped >>>

GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "62dc049252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "62dc049252bd01:0"
Cache-Control: private, max-age=17308
Expires: Mon, 12 Jan 2015 11:24:35 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/BoxBgNew.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "e0d5ba49252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "e0d5ba49252bd01:0"
Cache-Control: private, max-age=17309
Expires: Mon, 12 Jan 2015 11:24:36 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/-.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "ecdb349252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "ecdb349252bd01:0"
Cache-Control: private, max-age=16769
Expires: Mon, 12 Jan 2015 11:15:36 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "28ffd549252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "28ffd549252bd01:0"
Cache-Control: private, max-age=17308
Expires: Mon, 12 Jan 2015 11:24:35 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/CancelBG.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "62dc049252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "62dc049252bd01:0"
Cache-Control: private, max-age=17308
Expires: Mon, 12 Jan 2015 11:24:35 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/-.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "ecdb349252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "ecdb349252bd01:0"
Cache-Control: private, max-age=16769
Expires: Mon, 12 Jan 2015 11:15:36 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/button.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "6e4bd49252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "6e4bd49252bd01:0"
Cache-Control: private, max-age=17999
Expires: Mon, 12 Jan 2015 11:36:06 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/InstallationSuccessful.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "6866ca49252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "6866ca49252bd01:0"
Cache-Control: private, max-age=16770
Expires: Mon, 12 Jan 2015 11:15:37 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET /CmsThemes/Default/Images/-.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:14 GMT
If-None-Match: "ecdb349252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
ETag: "6866ca49252bd01:0"
Cache-Control: private, max-age=16770
Expires: Mon, 12 Jan 2015 11:15:37 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....



GET /DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 176083
Cache-Control: private, max-age=18000
Expires: Mon, 12 Jan 2015 11:35:20 GMT
Date: Mon, 12 Jan 2015 06:35:20 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie
 ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie
 ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie
 ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie
 ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html&
gt; <![endif]-->..<head>.. <meta http-equiv="X-UA-Compa
tible" content="IE=edge" />..    <meta charset="utf-8" />..  
 ..     <title>installation</title>..    <style>./* 
======================================================================
=======..   HTML5 Boilerplate CSS: h5bp.com/css..   ==================
======================================================== */..article, 
aside, details, figcaption, figure, footer, header, hgroup, nav, secti
on { display: block; }..audio, canvas, video { display: inline-block; 
*display: inline; *zoom: 1; }..audio:not([controls]) { display: none; 
}..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-s
ize-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, 
select, textarea { font-family: sans-serif; color: #222; }..body { mar
gin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-s
hadow: none; }..::selection {  text-shadow: none; }..a { color: #00e; 
outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..
a:focus { outline: none ; }..a:hover, a:active { outline: none;border:
 none; }...ie7 a:focus, *:focus {..     noFocusLine: expression(th
<<< skipped >>>

GET /Global/GlobalPage/3724833/?Language=None&Welcome=true HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 188190
Cache-Control: private, max-age=17917
Expires: Mon, 12 Jan 2015 11:34:25 GMT
Date: Mon, 12 Jan 2015 06:35:48 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie
 ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie
 ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie
 ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie
 ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html&
gt; <![endif]-->..<head>.. <meta http-equiv="X-UA-Compa
tible" content="IE=edge" />..    <meta charset="utf-8" />..  
 ..     <title>installation</title>..    <style>./* 
======================================================================
=======..   HTML5 Boilerplate CSS: h5bp.com/css..   ==================
======================================================== */..article, 
aside, details, figcaption, figure, footer, header, hgroup, nav, secti
on { display: block; }..audio, canvas, video { display: inline-block; 
*display: inline; *zoom: 1; }..audio:not([controls]) { display: none; 
}..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-s
ize-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, 
select, textarea { font-family: sans-serif; color: #222; }..body { mar
gin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-s
hadow: none; }..::selection {  text-shadow: none; }..a { color: #00e; 
outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..
a:focus { outline: none ; }..a:hover, a:active { outline: none;border:
 none; }...ie7 a:focus, *:focus {..     noFocusLine: expression(th
<<< skipped >>>

GET /MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 168287
Cache-Control: private, max-age=17945
Expires: Mon, 12 Jan 2015 11:35:10 GMT
Date: Mon, 12 Jan 2015 06:36:05 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie
 ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie
 ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie
 ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie
 ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html&
gt; <![endif]-->..<head>.. <meta http-equiv="X-UA-Compa
tible" content="IE=edge" />..    <meta charset="utf-8" />..  
 ..     <title>installation</title>..    <style>./* 
======================================================================
=======..   HTML5 Boilerplate CSS: h5bp.com/css..   ==================
======================================================== */..article, 
aside, details, figcaption, figure, footer, header, hgroup, nav, secti
on { display: block; }..audio, canvas, video { display: inline-block; 
*display: inline; *zoom: 1; }..audio:not([controls]) { display: none; 
}..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-s
ize-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, 
select, textarea { font-family: sans-serif; color: #222; }..body { mar
gin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-s
hadow: none; }..::selection {  text-shadow: none; }..a { color: #00e; 
outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..
a:focus { outline: none ; }..a:hover, a:active { outline: none;border:
 none; }...ie7 a:focus, *:focus {..     noFocusLine: expression(th
<<< skipped >>>

GET /DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None HTTP/1.1


Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 176083
Cache-Control: private, max-age=17954
Expires: Mon, 12 Jan 2015 11:35:20 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
....<!doctype html>..<!--[if lt IE 7 ]> <html class="ie
 ie6"> <![endif]-->..<!--[if IE 7 ]> <html class="ie
 ie7"> <![endif]-->..<!--[if IE 8 ]> <html class="ie
 ie8"> <![endif]-->..<!--[if IE 9 ]> <html class="ie
 ie9"> <![endif]-->..<!--[if (gt IE 9)|!(IE)]><html&
gt; <![endif]-->..<head>.. <meta http-equiv="X-UA-Compa
tible" content="IE=edge" />..    <meta charset="utf-8" />..  
 ..     <title>installation</title>..    <style>./* 
======================================================================
=======..   HTML5 Boilerplate CSS: h5bp.com/css..   ==================
======================================================== */..article, 
aside, details, figcaption, figure, footer, header, hgroup, nav, secti
on { display: block; }..audio, canvas, video { display: inline-block; 
*display: inline; *zoom: 1; }..audio:not([controls]) { display: none; 
}..[hidden] { display: none; }..html { font-size: 100%; -webkit-text-s
ize-adjust: 100%; -ms-text-size-adjust: 100%; }..html, button, input, 
select, textarea { font-family: sans-serif; color: #222; }..body { mar
gin: 0; font-size: 1em; line-height: 1.4; }..::-moz-selection { text-s
hadow: none; }..::selection {  text-shadow: none; }..a { color: #00e; 
outline:0 }..a:visited { color: #551a8b; }..a:hover { color: #06e; }..
a:focus { outline: none ; }..a:hover, a:active { outline: none;border:
 none; }...ie7 a:focus, *:focus {..     noFocusLine: expression(th
<<< skipped >>>

GET /CmsThemes/Default/Images/InstallationSuccessful.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "6866ca49252bd01:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 2670
Cache-Control: private, max-age=1113
Expires: Mon, 12 Jan 2015 06:54:39 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
.PNG........IHDR...#...".......`.....tEXtSoftware.Adobe ImageReadyq.e&
lt;... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5 Windows" xmpMM:InstanceID="xmp.iid:F1E913D3555911E18CA7F85F75
1BB1C7" xmpMM:DocumentID="xmp.did:F1E913D4555911E18CA7F85F751BB1C7">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F1E913D1555911E18CA7
F85F751BB1C7" stRef:documentID="xmp.did:F1E913D2555911E18CA7F85F751BB1
C7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>~. .....IDATx..W]l.U.>........t...V~.X ...
I@HA.'~.D. .J4....o.V.&...X.B.E...M$}....l...o.P..g........w.eKA.....n
w.....}.9.`.n....r.|?(J..7 .;.....`.,.a.8Op....O..f..*.m..... g..(.../
.f0.E.......L..........Ru.r.....J.....`2..O..*[email protected]...@|..@..,S
..K.....P=.#..n....D.P..Y.x.:T.t.......Qv.n4..P6......x$.\....a.....#0
}.W...y:.*[email protected]..#9s.a...F..a....."P....H........].H....x
4...O/.<.....h:.J<b)..[....y....|f.a.....cy a..#..K2.z~I..ZS....
HM...[,[email protected]..?.sp...6.....g:....2#...X.V.,[email protected].<....).
...%.....p.&......M....$.b.......I.>hI.O.c.6AW'....C<1..F[..
<<< skipped >>>

GET /CmsThemes/Default/images/SmallLoader.gif HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "d6cfd949252bd01:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 1504
Cache-Control: private, max-age=1112
Expires: Mon, 12 Jan 2015 06:54:38 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
GIF89a.........................v.....5..d..e..........................
{......................................!..NETSCAPE2.0.....!..XMP DataX
MP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xm
pmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155
772, 2014/01/13-19:44:00        "> <rdf:RDF xmlns:rdf="hXXp://ww
w.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=
"" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://n
s.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com
/xap/1.0/" xmpMM:OriginalDocumentID="A5EDB964567077337C8E54A0BBE35981"
 xmpMM:DocumentID="xmp.did:861DE9F12C2811E484A994AD54106D49" xmpMM:Ins
tanceID="xmp.iid:861DE9F02C2811E484A994AD54106D49" xmp:CreatorTool="Ad
obe Photoshop CC 2014 (Macintosh)"> <xmpMM:DerivedFrom stRef:ins
tanceID="xmp.iid:df987947-01f7-4167-b08b-2878b7f29ca6" stRef:documentI
D="adobe:docid:photoshop:b746f760-73f3-1177-8ee4-c7825aacab4e"/> &l
t;/rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacke
t end="r"?>........................................................
......................................................................
....~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?&g
t;=<;:9876543210/.-, *)('&%$#"! .................................!.
......,..........D`28Ga\.PA.......e3..L.UU:....Q..XCh.(...-.Z.....v..v
._0\Q.J'.a.z.....!.......,..........4.PA..]h28Ga,.eU.z.T..M,[email protected]. 
J.C.d4.N. .J'.b.2...!.......,..........4.PA..]h28Ga,.eU.z.T..M,K6G
<<< skipped >>>

GET /CmsThemes/Default/Images/NextButton_Sprite-wide-grey.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:08 GMT
Accept-Ranges: bytes
ETag: "38cde645252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 2562
Cache-Control: private, max-age=1113
Expires: Mon, 12 Jan 2015 06:54:39 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
.PNG........IHDR.......}........R....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:72B2EB26C3E111E3AEC3EB
792256C508" xmpMM:DocumentID="xmp.did:72B2EB27C3E111E3AEC3EB792256C508
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72B2EB24C3E111E3
AEC3EB792256C508" stRef:documentID="xmp.did:72B2EB25C3E111E3AEC3EB7922
56C508"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.......tIDATx....o\W...{f.........P.hb..V
DQ..R!..*6f.... ..T.6..."V(...*..Xb.#!;.H...r.R.3q.nR?.^..~h&.....9..2
v.f...|.;.1.(...R..~...N.{6.....[.e.'-..1(..k6[K.V.r.}.^ul...._...3[[.
7..S.|p.....3g.Z./_.... Cxw?...G9...BC...R.....Lmnn^.<^o........b..
.Z...{.`~.....d......x...I0..L..HM...."[email protected]..`.... ..4..... .I07....$
h;..T#...C.H4...v(.iF.v(.IG.v(.)F.....;..0..T#XM.&A...`=.. .)F.(r.....
.<[email protected]...#Xm.... ...:..d#XO."[email protected].`.. ..F...%. .IF.W).
.l.C#...NZ..b.B.8........./..s.............;.^..E.MY"."....?{.'Y}%....
\`....jg...\y.......6a...$~.....s.f~..K/.-.....9...Fu......|.....l
<<< skipped >>>

GET /CmsThemes/Default/Images/button.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "6e4bd49252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 3937
Cache-Control: private, max-age=1112
Expires: Mon, 12 Jan 2015 06:54:38 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
.PNG........IHDR...............r.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:E4C0C980D870E111A2F7CE32BC247645" xmpMM:DocumentID="xmp.did:1D12
B49752CE11E4A35AAE9F3918A442" xmpMM:InstanceID="xmp.iid:1D12B49652CE11
E4A35AAE9F3918A442" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> 
<xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4A3B36E671AF11E1BCD6B8
635898C9B3" stRef:documentID="xmp.did:4A3B36E771AF11E1BCD6B8635898C9B3
"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> &l
t;?xpacket end="r"?>o.a*....IDATx...k.e.A......{..........P.K......
....*~.i.....i...V$...E.....Z.TJ.1..:*..m......*i..jn..;3.....]k.s..L.
o".}~.a.9.O.e}.._{....i..,.... ...g...._..-... ..".=....qT.{9..,../..?
}...}...~..=............G...~,[email protected].. u....... ?.H.
."<....Ey......W......,|.?~)....f..^;..W.........w.k7.1...z..^Q\Q..
......l./4...`.B..-....X..Kygy.....F.......u:.n&.....G.g.&...zvo......
.....hz...........hz.....v.y.&...zY.-..,L.......z.7.X...{...izvo..(.WU
..7.....t...._.h..f..^;...,~.....r.......TWg.......k.V.......T..=f
<<< skipped >>>

GET /CmsThemes/Default/images/SmallLoader.gif HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Thu, 08 Jan 2015 09:27:14 GMT
Accept-Ranges: bytes
ETag: "d6cfd949252bd01:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 1504
Cache-Control: private, max-age=18000
Expires: Mon, 12 Jan 2015 11:36:06 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
GIF89a.........................v.....5..d..e..........................
{......................................!..NETSCAPE2.0.....!..XMP DataX
MP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xm
pmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155
772, 2014/01/13-19:44:00        "> <rdf:RDF xmlns:rdf="hXXp://ww
w.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=
"" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://n
s.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com
/xap/1.0/" xmpMM:OriginalDocumentID="A5EDB964567077337C8E54A0BBE35981"
 xmpMM:DocumentID="xmp.did:861DE9F12C2811E484A994AD54106D49" xmpMM:Ins
tanceID="xmp.iid:861DE9F02C2811E484A994AD54106D49" xmp:CreatorTool="Ad
obe Photoshop CC 2014 (Macintosh)"> <xmpMM:DerivedFrom stRef:ins
tanceID="xmp.iid:df987947-01f7-4167-b08b-2878b7f29ca6" stRef:documentI
D="adobe:docid:photoshop:b746f760-73f3-1177-8ee4-c7825aacab4e"/> &l
t;/rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacke
t end="r"?>........................................................
......................................................................
....~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?&g
t;=<;:9876543210/.-, *)('&%$#"! .................................!.
......,..........D`28Ga\.PA.......e3..L.UU:....Q..XCh.(...-.Z.....v..v
._0\Q.J'.a.z.....!.......,..........4.PA..]h28Ga,.eU.z.T..M,[email protected]. 
J.C.d4.N. .J'.b.2...!.......,..........4.PA..]h28Ga,.eU.z.T..M,K6G
<<< skipped >>>

GET /Js/jquery.dotdotdot.min.js?fid=1857275 HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:15 GMT
If-None-Match: "946714a252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 08 Jan 2015 09:27:15 GMT
ETag: "946714a252bd01:0"
Cache-Control: private, max-age=16770
Expires: Mon, 12 Jan 2015 11:15:36 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
....


GET /Js/jquery.dotdotdot.min.js?fid=985986 HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 08 Jan 2015 09:27:15 GMT
Accept-Ranges: bytes
ETag: "946714a252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 6149
Cache-Control: private, max-age=5691
Expires: Mon, 12 Jan 2015 08:10:57 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.ww
w.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dua
l licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/
wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_Li
cense. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.e
mpty();for(var i=0,d=r.length;d>i;i  ){var l=r.eq(i);if(t.append(l)
,n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}f
unction r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, 
colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgro
up, option, textarea, script, style",u="script, .dotdotdot-keep";retur
n e.contents().detach().each(function(){var f=this,h=t(f);if("undefine
d"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is
(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"a
ppend"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.de
tach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];i
f(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o
.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLet
ter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y
);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).joi
n(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g
[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.len
gth&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>

GET /Js/jquery.dotdotdot.min.js?fid=1857275GlobalPage HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 08 Jan 2015 09:27:15 GMT
If-None-Match: "946714a252bd01:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cms.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 08 Jan 2015 09:27:15 GMT
Accept-Ranges: bytes
ETag: "946714a252bd01:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 6149
Cache-Control: private, max-age=16741
Expires: Mon, 12 Jan 2015 11:15:07 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
/*. *.jQuery dotdotdot 1.6.16. *. *.Copyright (c) Fred Heusschen. *.ww
w.frebsite.nl. *. *.Plugin website:. *.dotdotdot.frebsite.nl. *. *.Dua
l licensed under the MIT and GPL licenses.. *.hXXp://en.wikipedia.org/
wiki/MIT_License. *.hXXp://en.wikipedia.org/wiki/GNU_General_Public_Li
cense. */.!function(t,e){function n(t,e,n){var r=t.children(),o=!1;t.e
mpty();for(var i=0,d=r.length;d>i;i  ){var l=r.eq(i);if(t.append(l)
,n&&t.append(n),a(t,e)){l.remove(),o=!0;break}n&&n.detach()}return o}f
unction r(e,n,i,d,l){var s=!1,c="table, thead, tbody, tfoot, tr, col, 
colgroup, object, embed, param, ol, ul, dl, blockquote, select, optgro
up, option, textarea, script, style",u="script, .dotdotdot-keep";retur
n e.contents().detach().each(function(){var f=this,h=t(f);if("undefine
d"==typeof f||3==f.nodeType&&0==t.trim(f.data).length)return!0;if(h.is
(u))e.append(h);else{if(s)return!0;e.append(h),l&&e[e.is(c)?"after":"a
ppend"](l),a(i,d)&&(s=3==f.nodeType?o(h,n,i,d,l):r(h,n,i,d,l),s||(h.de
tach(),s=!0)),s||l&&l.detach()}}),s}function o(e,n,r,o,d){var c=e[0];i
f(!c)return!1;var f=s(c),h=-1!==f.indexOf(" ")?" ":"...",p="letter"==o
.wrap?"":h,g=f.split(p),v=-1,w=-1,b=0,y=g.length-1;for(o.fallbackToLet
ter&&0==b&&0==y&&(p="",g=f.split(p),y=g.length-1);y>=b&&(0!=b||0!=y
);){var m=Math.floor((b y)/2);if(m==w)break;w=m,l(c,g.slice(0,w 1).joi
n(p) o.ellipsis),a(r,o)?(y=w,o.fallbackToLetter&&0==b&&0==y&&(p="",g=g
[0].split(p),v=-1,w=-1,b=0,y=g.length-1)):(v=w,b=w)}if(-1==v||1==g.len
gth&&0==g[0].length){var x=e.parent();e.detach();var T=d&&d.closes
<<< skipped >>>


GET ///img/offers/r_d1/r_9c/6674bca0-3e48-4131-9b81-5071d5b2c2da.jpg HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Mon, 04 Aug 2014 08:43:34 GMT
Accept-Ranges: bytes
ETag: "32a2672dc0afcf1:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 333236
Cache-Control: private, max-age=5794
Expires: Mon, 12 Jan 2015 08:12:01 GMT
Date: Mon, 12 Jan 2015 06:35:27 GMT
Connection: keep-alive
......Exif..II*.................Ducky.......d.....*hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c02
1 79.154911, 2013/10/29-11:47:16        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:45FCD83A163D11E49FE3CE421
291508F" xmpMM:InstanceID="xmp.iid:45FCD839163D11E49FE3CE421291508F" x
mp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFro
m stRef:instanceID="xmp.iid:6EB8642D163911E48C11D1513B2C29EC" stRef:do
cumentID="xmp.did:6EB8642E163911E48C11D1513B2C29EC"/> </rdf:Desc
ription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&
gt;...&Adobe.d............... ........I...............................
......................................................................
...........................................................]..........
......................................................................
.!.. 1"..02@A#3.B$.P4.`%'.67C&p.D5......................!..1A"..Q2aq.B
Rb#.....r3 [email protected]%.P.D5..&`....TdEUF.7......f...u
.Vp...'....................... !1"[email protected]#3`.q.b.4..R...r...p
.C$....sSc.......................!1AQ.aq... ......0@P`p...............
...@y`...............6"H. .6.$.L.#d@(....lp.. ........ ....AD.....
<<< skipped >>>

GET ///img/offers/r_ac/r_37/64bfde2c-3be5-4981-ab13-3339cc75dd5f.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 04 Aug 2014 08:43:34 GMT
If-None-Match: "b29d692dc0afcf1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Mon, 04 Aug 2014 08:43:34 GMT
ETag: "b29d692dc0afcf1:0"
Cache-Control: private, max-age=5754
Expires: Mon, 12 Jan 2015 08:12:01 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET ///img/offers/r_ac/r_37/64bfde2c-3be5-4981-ab13-3339cc75dd5f.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 04 Aug 2014 08:43:34 GMT
If-None-Match: "b29d692dc0afcf1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Mon, 04 Aug 2014 08:43:34 GMT
ETag: "b29d692dc0afcf1:0"
Cache-Control: private, max-age=5754
Expires: Mon, 12 Jan 2015 08:12:01 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....



GET ///img/offers/r_ac/r_37/64bfde2c-3be5-4981-ab13-3339cc75dd5f.png HTTP/1.1
Accept: */*
Referer: hXXp://cms.dmccint.com/Global/GlobalPage/3724833/?Language=None&Welcome=true
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 04 Aug 2014 08:43:34 GMT
Accept-Ranges: bytes
ETag: "b29d692dc0afcf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 39121
Cache-Control: private, max-age=5810
Expires: Mon, 12 Jan 2015 08:12:16 GMT
Date: Mon, 12 Jan 2015 06:35:26 GMT
Connection: keep-alive
.PNG........IHDR.......l......D.c....tEXtSoftware.Adobe ImageReadyq.e&
lt;...!iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c021 79.154911, 2013/10/29-11:47:16        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC (Windows)" xmpMM:InstanceID="xmp.iid:00B0F7C5163B11E48EE988E2A
06842E4" xmpMM:DocumentID="xmp.did:00B0F7C6163B11E48EE988E2A06842E4"&g
t; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:00B0F7C3163B11E48EE
988E2A06842E4" stRef:documentID="xmp.did:00B0F7C4163B11E48EE988E2A0684
2E4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
 <?xpacket end="r"?>%gO....FIDATx..}..$...Uu.......;..wx......4.
..~H................8.8w.uw...............].$...zG...^.....]3.~8">.
wp.....p.p.p.......tX?................Ajb.F...a...{\d|...h.E..7..3....
...?.h..y...'~..........wI4...........8....d...Xh......g.....A..-..0.b
...G.\........L.....es...9./...... CM.TD #........L0..c.~...<.....o
Z...L.....#[email protected]?....@ C..\B..6.o...aH..8..jWf..]1%..04..l..6
s..*..'....l.....{F.b.0f4...#..B......Y./....f...|..K8.3.>...i..&..
..P...Z.'....4..?.. @...........x?.).F.q#...I..ob......x....M[......].
.a.....Km.p.X....p1z...j.{..-Z8..M.o.8.1T.......R..K.7.p..l.p..p..
<<< skipped >>>

GET ///img/offers/r_ac/r_37/64bfde2c-3be5-4981-ab13-3339cc75dd5f.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 04 Aug 2014 08:43:34 GMT
If-None-Match: "b29d692dc0afcf1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Mon, 04 Aug 2014 08:43:34 GMT
ETag: "b29d692dc0afcf1:0"
Cache-Control: private, max-age=5809
Expires: Mon, 12 Jan 2015 08:12:16 GMT
Date: Mon, 12 Jan 2015 06:35:27 GMT
Connection: keep-alive
....


GET ///img/offers/r_ac/r_37/64bfde2c-3be5-4981-ab13-3339cc75dd5f.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 04 Aug 2014 08:43:34 GMT
If-None-Match: "b29d692dc0afcf1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/png
Last-Modified: Mon, 04 Aug 2014 08:43:34 GMT
ETag: "b29d692dc0afcf1:0"
Cache-Control: private, max-age=5770
Expires: Mon, 12 Jan 2015 08:12:16 GMT
Date: Mon, 12 Jan 2015 06:36:06 GMT
Connection: keep-alive
....


GET ///img/offers/r_d1/r_9c/6674bca0-3e48-4131-9b81-5071d5b2c2da.jpg HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/MainOffer/3724833/?CurrentStep=1&TotalSteps=3&DMVersion=1.4.0.4.141207.02&IsSmartCustomFrame=true&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 04 Aug 2014 08:43:34 GMT
If-None-Match: "32a2672dc0afcf1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/jpeg
Last-Modified: Mon, 04 Aug 2014 08:43:34 GMT
ETag: "32a2672dc0afcf1:0"
Cache-Control: private, max-age=5770
Expires: Mon, 12 Jan 2015 08:12:17 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....


GET ///img/offers/r_ac/r_37/64bfde2c-3be5-4981-ab13-3339cc75dd5f.png HTTP/1.1


Accept: */*
Referer: hXXp://cms.dmccint.com/DynamicOffer/3724833/985986/?mainofferId=1857275&ShowSkipAll=0&DownloadBrowser=IE&CType=-1&SearchProvider=Bing&UserMode=-1&DMVersion=1.4.0.4.141207.02&Language=None
Accept-Language: en-us
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 04 Aug 2014 08:43:34 GMT
If-None-Match: "b29d692dc0afcf1:0"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmsstorage.dmccint.com
Connection: Keep-Alive


HTTP/1.1 304 Not Modified
Content-Type: image/jpeg
Last-Modified: Mon, 04 Aug 2014 08:43:34 GMT
ETag: "32a2672dc0afcf1:0"
Cache-Control: private, max-age=5770
Expires: Mon, 12 Jan 2015 08:12:17 GMT
Date: Mon, 12 Jan 2015 06:36:07 GMT
Connection: keep-alive
....

The Backdoor connects to the servers at the folowing location(s):

%original file name%.exe_1060:

.text
`.rdata
@.data
.ndata
.rsrc
@.reloc
RegDeleteKeyExW
Kernel32.DLL
PSAPI.DLL
%s=%s
GetWindowsDirectoryW
KERNEL32.dll
ExitWindowsEx
GetAsyncKeyState
USER32.dll
GDI32.dll
SHFileOperationW
ShellExecuteW
SHELL32.dll
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
xLm%d
io%x"H
zcÁ
.?AVfsURL@@
.?AVfsInternetURLFile@@
.?AVfsInternetURLFileDownloader@@
.?AVfsHttpFile@@
.?AVfsFtpConnection@@
.?AVfsFtpFile@@
.?AVfsHttpConnection@@
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
6'6,60646]6
2(2F2i2
Thawte Certification1
hXXp://ocsp.thawte.com0
.hXXp://crl.thawte.com/ThawteTimestampingCA.crl0
hXXp://ts-ocsp.ws.symantec.com07
 hXXp://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
 hXXp://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
2Terms of use at hXXps://VVV.verisign.com/rpa (c)101.0,
hXXps://VVV.verisign.com/cps0
/hXXp://csc3-2010-crl.verisign.com/CSC3-2010.crl0q
hXXp://ocsp.verisign.com0;
/hXXp://csc3-2010-aia.verisign.com/CSC3-2010.cer0
<VeriSign Class 3 Public Primary Certification Authority - G50
hXXps://VVV.verisign.com/cps0*
hXXps://VVV.verisign.com/rpa0
#hXXp://logo.verisign.com/vslogo.gif04
#hXXp://crl.verisign.com/pca3-g5.crl04
hXXp://ocsp.verisign.com0
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46.5-Unicode</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>
logging set to %d
settings logging to %d
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack < %d elements
RMDir: "%s"
MessageBox: %d,"%s"
Delete: "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename on reboot: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
Sleep(%d)
detailprint: %s
Call: %d
Aborting: "%s"
Jump: %d
verifying installer: %d%%
unpacking data: %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
install.log
%u.%u%s%s
Skipping section: "%s"
Section: "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
*?|<>/":
invalid registry key
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
LOCALS~1\Temp\nsoB4.tmp\webapphost.dll
n Data\Google\Chrome\User Data\Default
4.0.4.141207.02\14-12-15-02.15.07.589\caf073b9-38e1-4752-8520-49a48fa441df.png
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsoB4.tmp\webapphost.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsoB4.tmp
n\App Paths\IEXPLORE.EXE
1.0.0.1
Download.dll
nsoB4.tmp
File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsoB4.tmp\webapphost.dll" (overwriteflag=1)
\webapphost.dll"
PLORE.EXE
gle\Chrome\User Data\Default
4.0.4.141207.02\14-12-15-02.15.07.589\caf073b9-38e1-4752-8520-49a48fa441df.ico
E~1\"%CurrentUserName%"\LOCALS~1\Temp\nsoB4.tmp
webapp\
2ECB2-F957-4D87-9D5D-2305651F3CB8
c:\%original file name%.exe
%original file name%.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsjB2.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
LORE.EXE
IEXPLORE.EXE
8072ECB2-F957-4D87-9D5D-2305651F3CB8
hXXp://data.dmccint.com/api/usages/
hXXp://engine.drive-c-files.com//DecisionEngine.ashx
\\192.168.17.111\Bundles\1\413\ct4137501\0b9743f23fb243e6b2aa715431425a3e\Downloads\Prod\DDE1.4.0.4.141207.02\14-12-15-02.15.07.589\caf073b9-38e1-4752-8520-49a48fa441df.ico
\\192.168.17.111\Bundles\1\413\ct4137501\0b9743f23fb243e6b2aa715431425a3e\Downloads\Prod\DDE1.4.0.4.141207.02\14-12-15-02.15.07.589\caf073b9-38e1-4752-8520-49a48fa441df.png
0b9743f2-3fb2-43e6-b2aa-715431425a3e
00000000
1857275
hXXp://cms.dmccint.com/MainOffer/3724833/
Setup.exe
hXXp://cms.dmccint.com/Global/GlobalPage/3724833/
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsoB4.tmp\webapp\
1731578
1731593
Naive_recommender_Bayesian_adjust_2015-01-12.csv
Microsoft Windows XP
6.0.2900.5512
%Documents and Settings%\%current user%\Local Settings\Application Data
%Documents and Settings%\%current user%\Local Settings\Application Data\Google\Chrome\User Data\Default
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsoB4.tmp\client_xml.xml
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsoB4.tmp\offer.xml
no_dynamic_main_offer_url_supported_in_this_version
%Program Files%\Internet Explorer\iexplore.exe
Minecraft.exe
1.4.0.4.141207.02

svchost.exe_600:

.text
`.data
.rsrc
ADVAPI32.dll
KERNEL32.dll
NTDLL.DLL
RPCRT4.dll
NETAPI32.dll
ole32.dll
ntdll.dll
RegCloseKey
RegOpenKeyExW
GetProcessHeap
NtOpenKey
svchost.pdb
\PIPE\
Software\Microsoft\Windows NT\CurrentVersion\Svchost
\Registry\Machine\System\CurrentControlSet\Control\SecurePipeServers\
5.1.2600.5512 (xpsp.080413-2111)
svchost.exe
Windows
Operating System
5.1.2600.5512


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
  2. Delete the original Backdoor file.
  3. Delete or disinfect the following files created/modified by the Backdoor:

    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\button[1].png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\NextButton_Sprite-wide-grey[1].png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\NextButton_Sprite wide[1].png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\icon.png (622 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\manager\scripts\manager.js (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\button[1].png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery.dotdotdot.min[1].js (3016 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CancelBG[1].png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\3724833[2].htm (25423 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\webapphost.dll (39329 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\X[1].png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\DM_loader.gif (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[2].js (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CancelBG[1].png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CancelBGGoogleDialog[1].png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\-[1].png (933 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\manager\scripts\gplay.js (784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\index[1].html (1255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\FDMClient.dll (8184 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\3724833[1].htm (29613 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\X[1].png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\manager\manager.html (328 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\WelcomeScreen.htm (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\BoxBgNew[1].png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\NoneSilentSuccess.htm (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\3724833[2].htm (26894 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\NextButton_Sprite-wide-grey[1].png (2 bytes)
    %System%\wbem\Logs\wbemprox.log (76 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\manager\init.html (97 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CancelBGGoogleDialog[1].png (83 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\certInlineLB.pfx (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\manager\scripts\jquery-1.10.1.min.js (3312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\780547[1].htm (23622 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.dotdotdot.min[2].js (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\adwords_express[1].htm (2159 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery.dotdotdot.min[1].js (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\985986[1].htm (31258 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\3724833[1].htm (28444 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\SmallLoader[1].gif (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\985986[1].htm (30015 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\Failed.htm (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\manager\scripts\WebBrowser_embedded.exe (1552 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\6674bca0-3e48-4131-9b81-5071d5b2c2da[1].jpg (32468 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\proxy.html (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\manager\scripts\sharedWorker.js (296 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\3724833[3].htm (27743 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\customframeapi[1].js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsyB3.tmp (41812 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\SmallLoader[1].gif (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\NextButton_Sprite-wide-grey[1].png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\64bfde2c-3be5-4981-ab13-3339cc75dd5f[1].png (2696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\985986[1].htm (25601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\Success.htm (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.dotdotdot.min[1].js (3016 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\-[1].png (933 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\adwords_express[1].html (6038 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\InstallationSuccessful[1].png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\3724833[1].htm (31009 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.dotdotdot.min[1].js (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsoB4.tmp\System.dll (784 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now