MD5: 630c29d005bc4a0ba94417579f822a04
SHA1: c1fd293b53805ade082fbb8bf06adb01d216e447
SHA256: bd7858c66ed5177909bce55f1d43e2e1f04ce90a71388b8bdb65f8375b23e12f
SSDeep: 1536:rpgpHzb9dZVX9fHMvG0D3XJ47zfaOZrinqe1xM5tEjSDmcrspFI4:VgXdZt9P6D3XJiPZ2nLK5ajwbr n
Size: 86944 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-12-06 00:50:52
Analyzed on: Windows7Ada SP1 64-bit

Summary:

Worm. A program that is primarily replicating on networks or removable drives.

Payload

No specific payload has been found.

Process activity

The Worm creates the following process(es):

TPAutoConnSvc.exe:1844
7za.exe:1144
7za.exe:1900
%original file name%.exe:1988
EasyDriverPro.exe:2712

The Worm injects its code into the following process(es):

EasyDriverPro.exe:3108

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process 7za.exe:1144 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Program Files% (x86)\Probit Software\Easy Driver Pro\Base\Drivers64.db (10277 bytes)

The process 7za.exe:1900 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Program Files% (x86)\Probit Software\Easy Driver Pro\DPSmartScan.exe (1071 bytes)
%Program Files% (x86)\Probit Software\Easy Driver Pro\sqlite3.dll (1047 bytes)
%Program Files% (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe (1223 bytes)
%Program Files% (x86)\Probit Software\Easy Driver Pro\EasyDriverPro.exe (70432 bytes)
%Program Files% (x86)\Probit Software\Easy Driver Pro\DPSchedule.exe (1583 bytes)

The process %original file name%.exe:1988 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso933B.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SH2TVRCI\EasyDriverPro[1].app (43984 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso933B.tmp\EasyDriverPro.exe (47088 bytes)

The process EasyDriverPro.exe:2712 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\inetc.dll (44 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Driver Pro on the Web.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\LangDLL.dll (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\temp.txt (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\start_install.txt (16 bytes)
%Program Files% (x86)\Probit Software\Easy Driver Pro\edp.ico (1128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G44ROL1L\easydriverpro803d64[1].data (198536 bytes)
%Program Files% (x86)\Probit Software\Easy Driver Pro\file_id.diz (520 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\nsExec.dll (14 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Easy Driver Pro.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\md5dll.dll (14 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\easydriverpro803d.data (210182 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\7za.exe (15192 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp (4 bytes)
%Program Files% (x86)\Probit Software\Easy Driver Pro\EasyDriverPro.exe (6309 bytes)
%Program Files% (x86)\Probit Software\Easy Driver Pro\English.ini (12 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USU4CORO\log-install[1].htm (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\nsDialogs.dll (21 bytes)
%Program Files% (x86)\Probit Software\Easy Driver Pro\HomePage.url (53 bytes)
%Program Files% (x86)\Probit Software\Easy Driver Pro\scan.gif (4133 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\easydriverpro803.data (72503 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Driver Pro.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Help.lnk (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDUL1PG1\easydriverpro803[1].data (68646 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SH2TVRCI\log-install[1].htm (8 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\System.dll (23 bytes)
%Program Files% (x86)\Probit Software\Easy Driver Pro\uninstall.exe (1382 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\modern-wizard.bmp (5568 bytes)
%Program Files% (x86)\Probit Software\Easy Driver Pro\EasyDriverPro.chm (17 bytes)

The process EasyDriverPro.exe:3108 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

%Program Files% (x86)\Probit Software\Easy Driver Pro\Base\PCInfo.ini (175 bytes)
%Program Files% (x86)\Probit Software\Easy Driver Pro\Base\Devices.ini (33 bytes)
%Program Files% (x86)\Probit Software\Easy Driver Pro\Base\Scan.ini (1669 bytes)

Registry activity

The process TPAutoConnSvc.exe:1844 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\ThinPrint\TPPrnUI\HP LaserJet Professional M1212nf MFP#:3]
"TrayData" = "2,Tray 3, 3,Tray 2, 1,Tray 1, 4,Manual Feed, 7,Auto Select"
"FormData" = "1,2159,2794,Letter¶40,40,2086,2712, 5,2159,3556,Legal¶40,40,2086,3474, 9,2100,2970,A4¶39,39,2032,2890, 7,1842,2667,Executive¶40,40,1761,2585, 258,2159,3302,8.5 x 13 (custom)¶40,40,2086,3220, 11,1480,2100,A5¶39,39,1408,2020, 70,1050,1480,A6¶39,39,975,1399, 13,1820,2570,B5 (JIS)¶39,39,1747,2490, 264,1950,2700,16K 195x270¶39,39,1882,2620, 263,1840,2600,16K 184x260¶39,39,1761,2520, 257,1970,2730,16K 197x273¶39,39,1896,2650, 43,1000,1480,Japanese Postcard¶39,39,921,1399, 82,1480,2000,Double Japan Postcard Rotated¶39,39,1408,1919, 20,1046,2413,Envelope #10¶40,40,975,2331, 37,983,1905,Envelope Monarch¶40,40,907,1823, 34,1760,2500,Envelope B5¶39,39,1693,2420, 28,1620,2290,Envelope C5¶39,39,1544,2209, 27,1100,2200,Envelope DL¶39,39,1029,2120"
"DelAfterCreate" = "1"

[HKU\.DEFAULT\Printers\DevModes2]
"HP LaserJet Professional M1212nf MFP#:3" = "48 00 50 00 20 00 4C 00 61 00 73 00 65 00 72 00"

The Worm deletes the following registry key(s):

[HKLM\SOFTWARE\ThinPrint\TPPrnUI\HP LaserJet Professional M1212nf MFP#:3]

The process %original file name%.exe:1988 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\31ec1c24\PUPautoinsaller_v1.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\31ec1c24\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\6c88b866\python.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\6c88b866\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso933B.tmp\EasyDriverPro.exe,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3D 00 00 00 09 00 00 00 00 00 00 00"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Worm deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process EasyDriverPro.exe:2712 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Easy Driver Pro]
"DisplayIcon" = "%Program Files% (x86)\Probit Software\Easy Driver Pro\EasyDriverPro.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-ef-0d-5d]
"WpadDecision" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3E 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Easy Driver Pro]
"UninstallString" = "%Program Files% (x86)\Probit Software\Easy Driver Pro\uninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{EE1E4E39-627C-4D52-9D86-A515AB38A003}]
"WpadDecision" = "0"

[HKCU\Software\Probit Software\Easy Driver Pro]
"Language" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{17FE9752-0B5A-4665-84CD-569794602F5C} {7F9185B0-CB92-43C5-80A9-92277A4F7B54} 0xFFFF" = "01 00 00 00 00 00 00 00 34 3A D2 8C D0 44 D0 01"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Easy Driver Pro]
"DisplayVersion" = "8.1.2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-ef-0d-5d]
"WpadDecisionReason" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Easy Driver Pro]
"DisplayName" = "Easy Driver Pro"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{EE1E4E39-627C-4D52-9D86-A515AB38A003}]
"WpadDecisionReason" = "1"
"WpadNetworkName" = "Network"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-ef-0d-5d]
"WpadDecisionTime" = "D1 C9 62 88 D0 44 D0 01"

[HKCU\Software\Probit Software\Easy Driver Pro]
"srid" = "524&iid=15379358&umi=B48A115F&sst=7c1d0bc99d0398a455df316a762fe350"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Easy Driver Pro]
"Publisher" = "Probit Software LTD"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{EE1E4E39-627C-4D52-9D86-A515AB38A003}]
"WpadDecisionTime" = "D1 C9 62 88 D0 44 D0 01"

To automatically run itself each time Windows is booted, the Worm adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Easy Driver Pro" = "%Program Files% (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Worm deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{EE1E4E39-627C-4D52-9D86-A515AB38A003}]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-ef-0d-5d]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process EasyDriverPro.exe:3108 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\Probit Software\Easy Driver Pro]
"BackupPath" = "C:\Users\"%CurrentUserName%"\Documents\Probit Software\Easy Driver Pro\Backup\"
"ScanExecuted" = "1"
"OutdatedDrivers" = "2"
"s_SmartScan" = "1"
"ProxyAddress" = ""
"ProxyPort" = ""
"CloseToTray" = "0"
"ScanAtStartup" = "0"
"DownloadPath" = "C:\Users\"%CurrentUserName%"\Documents\Probit Software\Easy Driver Pro\Drivers\"
"nDownloads" = "3"
"InstallStat" = "0"

"DatabaseDate" = "00 00 00 00 00 5E E4 40"
"ShowRebootMessage" = "1"
"InstallDate" = "02-10-2015"
"LastDatabaseCheck" = "BD 2E 4C 95 A4 87 E4 40"
"ShowAlertMessages" = "1"
"ProxyLogin" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 41 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Probit Software\Easy Driver Pro]
"UseProxy" = "0"
"TotalDrivers" = "79"

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers\%Program Files% (x86)\Probit Software\Easy Driver Pro]
"EASYDRIVERPRO.EXE" = "RUNASADMIN ELEVATECREATEPROCESS"

[HKCU\Software\Probit Software\Easy Driver Pro]
"s_Enable" = "0"
"ShowUpdateWindow" = "0"
"ForceUpdate" = "0"
"s_SmartMode" = "2"
"UpdateWindowShown" = "0"
"s_Mode" = "0"
"ShowSRPMessage" = "1"
"LastUpdate" = "BD 2E 4C 95 A4 87 E4 40"
"ProxyPassword" = ""
"LastScan" = "57 06 9A 95 A4 87 E4 40"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Worm deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
"AutoDetect"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version: 8.1.2
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 8.1.2.7
File Description:
Comments:
Language: English (United States)

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://d86zdumh4pwme.cloudfront.net/publishers/3/524/EasyDriverPro.app
hxxp://www.easydriverpro.com/easyinstallprolib/easyinstallprolog/log-install.php?ins=524&ver=8.1.2.7&st=1&umi=B48A115F	54.83.206.183
hxxp://d86zdumh4pwme.cloudfront.net/easydriverpro803.data
hxxp://d86zdumh4pwme.cloudfront.net/easydriverpro803d64.data
hxxp://www.easydriverpro.com/easyinstallprolib/easyinstallprolog/log-install.php?ins=524&ver=8.1.2.7&st=100&umi=B48A115F&iid=15379358&comp=0	54.83.206.183
hxxp://www.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350	54.83.206.183
hxxp://www.easydriverpro.com/css/template.css	54.83.206.183
hxxp://www.easydriverpro.com/css/style.css	54.83.206.183
hxxp://pagead46.l.doubleclick.net/pagead/show_ads.js
hxxp://www.easydriverpro.com/images/header_bkg.gif	54.83.206.183
hxxp://www-google-analytics.l.google.com/ga.js
hxxp://pagead46.l.doubleclick.net/pagead/js/r20150205/r20141212/show_ads_impl.js
hxxp://e3821.dspe1.akamaiedge.net/en_US/all.js
hxxp://www-google-analytics.l.google.com/r/__utm.gif?utmwv=5.6.2&utms=1&utmn=1414896808&utmhn=www.easydriverpro.com&utmcs=utf-8&utmsr=1916x902&utmvp=1900x805&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=Easy Driver Pro - Welcome&utmhid=1303542799&utmr=-&utmp=/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350&utmht=1423531572420&utmac=UA-15244178-1&utmcc=__utma=234048906.299294506.1423531572.1423531572.1423531572.1;+__utmz=234048906.1423531572.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1021910407&utmredir=1&utmu=qhAAAAAAAAAAAAAAAAAAAAAE~
hxxp://www.gstatic.com/pub-config/ca-pub-4844330334866922.js	173.194.113.215
hxxp://pagead46.l.doubleclick.net/pagead/html/r20150205/r20141212/zrt_lookup.html
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-4844330334866922&output=html&h=280&slotname=4127509192&adk=2253242122&w=336&lmt=1423531572&flash=0&url=http://www.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350&dt=1423531572346&bpp=15&bdt=311&shv=r20150205&cbv=r20141212&saldr=sa&correlator=6344100717591&frm=20&ga_vid=299294506.1423531572&ga_sid=1423531572&ga_hid=1303542799&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=14&adx=1078&ady=160&biw=1900&bih=805&eid=317150304&oid=3&rx=0&eae=0&fc=24&docm=10&brdim=0,53,-4,-4,1916,,1924,866,1916,805&vis=1&rsz=0|0||&abl=CS&ppjl=u&srr=1&fu=0&bc=1&ifi=1&xpc=rGf91JyaTN&p=http://www.easydriverpro.com&dtd=423
hxxp://pagead46.l.doubleclick.net/pagead/osd.js
hxxp://pagead46.l.doubleclick.net/pagead/js/r20150205/r20141212/expansion_embed.js
hxxp://a749.dsw4.akamai.net/connect/xd_arbiter/DU1Ia251o0y.js?version=41
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-4844330334866922&output=html&h=280&slotname=4127509192&adk=2253242122&w=336&lmt=1423531573&flash=0&url=http://www.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350&dt=1423531572361&bpp=3&bdt=325&shv=r20150205&cbv=r20141212&saldr=sa&prev_slotnames=4127509192&correlator=6344100717591&frm=20&ga_vid=299294506.1423531572&ga_sid=1423531572&ga_hid=1303542799&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=14&adx=1078&ady=456&biw=1900&bih=805&eid=317150304,828064101&oid=3&rx=0&eae=0&fc=24&docm=10&brdim=0,53,-4,-4,1916,,1924,866,1916,805&vis=1&rsz=0|0||&abl=CS&ppjl=f&pfx=0&fu=0&bc=1&ifi=2&xpc=KXefdQTk8l&p=http://www.easydriverpro.com&dtd=700
hxxp://star.c10r.facebook.com/plugins/like.php?app_id=&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f2ba2ea09592a76&domain=www.easydriverpro.com&origin=http%3A%2F%2Fwww.easydriverpro.com%2Ff1eee2263e06481&relation=parent.parent&container_width=524&href=https://www.facebook.com/EasyDriverPro&locale=en_US&sdk=joey&send=false&show_faces=true&width=450
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0d0f6af77d86ba3d
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs=
hxxp://cs9.wac.edgecastcdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys=
hxxp://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl	64.18.20.10
hxxp://gs1.wac.v2cdn.net/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo=
hxxp://a1158.b.akamai.net/MFUwUzBRME8wTTAJBgUrDgMCGgUABBS856ddZAq5lE7vDJmoUDW1u98SMAQU3WyAfLq1MhelhEFA8NIEZhMvqZACFGozgiJkrf5JafrJHx/pwJ6+De+O
hxxp://www.public-trust.com/CRL/Omniroot2025.crl	64.18.20.10
hxxp://gs1.wac.v2cdn.net/PublicSureServerSV.crl
hxxp://update1.smartpcupdate.com/rpc/sendinstall?partner=ProbitSoftware&build=8.1.2	173.192.91.180
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?924f477917498068
hxxp://hostedocsp.globalsign.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://e6845.ce.akamaiedge.net/pca3.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c=
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl	88.221.132.166
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?924f477917498068	88.221.132.177
hxxp://www.facebook.com/plugins/like.php?app_id=&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f2ba2ea09592a76&domain=www.easydriverpro.com&origin=http%3A%2F%2Fwww.easydriverpro.com%2Ff1eee2263e06481&relation=parent.parent&container_width=524&href=https://www.facebook.com/EasyDriverPro&locale=en_US&sdk=joey&send=false&show_faces=true&width=450	31.13.91.2
hxxp://connect.facebook.net/en_US/all.js	23.64.223.139
hxxp://pagead2.googlesyndication.com/pagead/js/r20150205/r20141212/show_ads_impl.js	173.194.113.217
hxxp://pagead2.googlesyndication.com/pagead/show_ads.js	173.194.113.217
hxxp://download.easydriverpro.com/easydriverpro803.data	54.230.200.240
hxxp://crl.omniroot.com/PublicSureServerSV.crl	93.184.220.20
hxxp://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41	88.221.132.184
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY=	23.43.139.27
hxxp://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68=	108.162.232.207
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk=	23.43.139.27
hxxp://www.google-analytics.com/r/__utm.gif?utmwv=5.6.2&utms=1&utmn=1414896808&utmhn=www.easydriverpro.com&utmcs=utf-8&utmsr=1916x902&utmvp=1900x805&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=Easy Driver Pro - Welcome&utmhid=1303542799&utmr=-&utmp=/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350&utmht=1423531572420&utmac=UA-15244178-1&utmcc=__utma=234048906.299294506.1423531572.1423531572.1423531572.1;+__utmz=234048906.1423531572.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1021910407&utmredir=1&utmu=qhAAAAAAAAAAAAAAAAAAAAAE~	173.194.113.199
hxxp://vassg141.ocsp.omniroot.com/MFUwUzBRME8wTTAJBgUrDgMCGgUABBS856ddZAq5lE7vDJmoUDW1u98SMAQU3WyAfLq1MhelhEFA8NIEZhMvqZACFGozgiJkrf5JafrJHx/pwJ6+De+O	88.221.132.182
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4844330334866922&output=html&h=280&slotname=4127509192&adk=2253242122&w=336&lmt=1423531573&flash=0&url=http://www.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350&dt=1423531572361&bpp=3&bdt=325&shv=r20150205&cbv=r20141212&saldr=sa&prev_slotnames=4127509192&correlator=6344100717591&frm=20&ga_vid=299294506.1423531572&ga_sid=1423531572&ga_hid=1303542799&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=14&adx=1078&ady=456&biw=1900&bih=805&eid=317150304,828064101&oid=3&rx=0&eae=0&fc=24&docm=10&brdim=0,53,-4,-4,1916,,1924,866,1916,805&vis=1&rsz=0|0||&abl=CS&ppjl=f&pfx=0&fu=0&bc=1&ifi=2&xpc=KXefdQTk8l&p=http://www.easydriverpro.com&dtd=700	173.194.113.217
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl	88.221.132.166
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c=	23.43.139.27
hxxp://www.google-analytics.com/ga.js	173.194.113.199
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl	88.221.132.166
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=	23.43.139.27
hxxp://download.easydriverpro.com/publishers/3/524/EasyDriverPro.app	54.230.200.240
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys=	93.184.220.29
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl	88.221.132.166
hxxp://ocsp.omniroot.com/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo=	93.184.220.20
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4844330334866922&output=html&h=280&slotname=4127509192&adk=2253242122&w=336&lmt=1423531572&flash=0&url=http://www.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350&dt=1423531572346&bpp=15&bdt=311&shv=r20150205&cbv=r20141212&saldr=sa&correlator=6344100717591&frm=20&ga_vid=299294506.1423531572&ga_sid=1423531572&ga_hid=1303542799&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=14&adx=1078&ady=160&biw=1900&bih=805&eid=317150304&oid=3&rx=0&eae=0&fc=24&docm=10&brdim=0,53,-4,-4,1916,,1924,866,1916,805&vis=1&rsz=0|0||&abl=CS&ppjl=u&srr=1&fu=0&bc=1&ifi=1&xpc=rGf91JyaTN&p=http://www.easydriverpro.com&dtd=423	173.194.113.217
hxxp://googleads.g.doubleclick.net/pagead/html/r20150205/r20141212/zrt_lookup.html	173.194.113.217
hxxp://pagead2.googlesyndication.com/pagead/js/r20150205/r20141212/expansion_embed.js	173.194.113.217
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0d0f6af77d86ba3d	88.221.132.177
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=	23.43.139.27
hxxp://download.easydriverpro.com/easydriverpro803d64.data	54.230.200.240
hxxp://pagead2.googlesyndication.com/pagead/osd.js	173.194.113.217
hxxp://cdp1.public-trust.com/CRL/Omniroot2025.crl	64.18.20.10
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs=	93.184.220.29
hxxp://crl.verisign.com/pca3.crl	23.43.133.163
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=	23.43.139.27
fbstatic-a.akamaihd.net	88.221.132.169
s-static.ak.facebook.com	23.64.210.110
ieonline.microsoft.com	204.79.197.200

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA UDPv4 invalid checksum
SURICATA IPv4 invalid checksum
ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
ET POLICY Executable served from Amazon S3

Traffic

GET /pub-config/ca-pub-4844330334866922.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.gstatic.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Type: text/javascript

Last-Modified: Fri, 08 Aug 2014 12:20:44 GMT

Date: Tue, 10 Feb 2015 01:26:11 GMT

Expires: Tue, 10 Feb 2015 13:26:11 GMT

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Server: sffe

Content-Length: 109

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=43200

Age: 0

Alternate-Protocol: 80:quic,p=0.02
...........H..O.I.O,..K.O..K.LW.U(..K./..&YS.P]......[P..kbabbll`llbaf
fid....^.T\..........d...S.Zk...t..l...HTTP/1.1 200 OK..Vary: Accept-E
ncoding..Content-Type: text/javascript..Last-Modified: Fri, 08 Aug 201
4 12:20:44 GMT..Date: Tue, 10 Feb 2015 01:26:11 GMT..Expires: Tue, 10 
Feb 2015 13:26:11 GMT..X-Content-Type-Options: nosniff..Content-Encodi
ng: gzip..Server: sffe..Content-Length: 109..X-XSS-Protection: 1; mode
=block..Cache-Control: public, max-age=43200..Age: 0..Alternate-Protoc
ol: 80:quic,p=0.02.............H..O.I.O,..K.O..K.LW.U(..K./..&YS.P]...
...[P..kbabbll`llbaffid....^.T\..........d...S.Zk...t..l.....

GET /pca3.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.verisign.com

HTTP/1.1 200 OK

Server: Apache

ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"

Last-Modified: Fri, 19 Dec 2014 01:00:19 GMT

Date: Tue, 10 Feb 2015 01:31:30 GMT

Content-Length: 933

Connection: keep-alive

Content-Type: application/pkix-crl
0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U
....Class 3 Public Primary Certification Authority..141210000000Z..150
331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y
.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.....
..fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R
.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....
u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2..
..{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N
....* [email protected]!..Y......w
`G........070411175657Z0!..Z`[email protected].*q..080403172017Z0!..l....I..
.Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1
..7<.....e..010207211822Z0...*.H............5..v...V.._)....A... ..
..>.5]....6.(.0uFW.*:T...6$.....R...Y.N.k........%Jn..I.j*.6.3~...r
../[email protected]?....0.A.HTTP/1.1 200 OK..Server: Apache.
.ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"..Last-Modified: F
ri, 19 Dec 2014 01:00:19 GMT..Date: Tue, 10 Feb 2015 01:31:30 GMT..Con
tent-Length: 933..Connection: keep-alive..Content-Type: application/pk
ix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc
.1705..U....Class 3 Public Primary Certification Authority..1412100000
00Z..150331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A..
...{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y
..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!.
<<< skipped >>>

GET /plugins/like.php?app_id=&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f2ba2ea09592a76&domain=VVV.easydriverpro.com&origin=http%3A%2F%2FVVV.easydriverpro.com%2Ff1eee2263e06481&relation=parent.parent&container_width=524&href=https://VVV.facebook.com/EasyDriverPro&locale=en_US&sdk=joey&send=false&show_faces=true&width=450 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.facebook.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 302 Found

Location: hXXps://VVV.facebook.com/plugins/like.php?app_id&channel=http://static.ak.facebook.com/connect/xd_arbiter/DU1Ia251o0y.js?version=41#cb=f2ba2ea09592a76&domain=VVV.easydriverpro.com&origin=http%3A%2F%2FVVV.easydriverpro.com%2Ff1eee2263e06481&relation=parent.parent&container_width=524&href=https://VVV.facebook.com/EasyDriverPro&locale=en_US&sdk=joey&send=false&show_faces=true&width=450

X-Content-Type-Options: nosniff

X-UA-Compatible: IE=edge

Vary: Accept-Encoding

Content-Type: text/html; charset=utf-8

X-FB-Debug: wrvtCBQm7KLPAruvwGwfqaz3POGDygc40VW2R9KL5HV71Dj936bVHG3bwKqd5Xe9NtwGvidHYpgFB4Q4SBhlrg==

Date: Tue, 10 Feb 2015 01:26:12 GMT

Connection: keep-alive

Content-Length: 0
HTTP/1.1 302 Found..Location: hXXps://VVV.facebook.com/plugins/like.ph
p?app_id&channel=http://static.ak.facebook.com/connect/xd_ar
biter/DU1Ia251o0y.js?version=41#cb=f2ba2ea09592a76&domain%
3DVVV.easydriverpro.com&origin=http%3A%2F%2FVVV.easydriverpr
o.com%2Ff1eee2263e06481&relation=parent.parent&container_width=5
24&href=https://VVV.facebook.com/EasyDriverPro&locale=en_US&sd
k=joey&send=false&show_faces=true&width=450..X-Content-Type-Options: n
osniff..X-UA-Compatible: IE=edge..Vary: Accept-Encoding..Content-Type:
 text/html; charset=utf-8..X-FB-Debug: wrvtCBQm7KLPAruvwGwfqaz3POGDygc
40VW2R9KL5HV71Dj936bVHG3bwKqd5Xe9NtwGvidHYpgFB4Q4SBhlrg==..Date: Tue, 
10 Feb 2015 01:26:12 GMT..Connection: keep-alive..Content-Length: 0..
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=454896, public, no-transform, must-revalidate

Last-Modified: Sun, 8 Feb 2015 07:48:42 GMT

Expires: Sun, 15 Feb 2015 07:48:42 GMT

Date: Tue, 10 Feb 2015 01:31:39 GMT

Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015020
8074842Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.A..2.....:...:......20150208074842Z....20150215074842Z0...*.H........
.....B./.h...c....(&....9.-.}......z.....'..T-."6.b..lni`B.....X.M\m.V
....Z...S..:.H7^[email protected]..."o..If=....m..Y.6p.4`*..V..M...H..OL}.]7c..N..
H.........Z.h$c.C.m...Z3.e.. ....\'..4..}.nP...UF.]*I.._.5........|.0.
2..O..j....Tu...h........./....t..N..Sb&...Q.h[..1?...#0...0...0......
....<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriS
ign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at h
ttps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Sign
ing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U..
..VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of u
se at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3
 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{
(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(.......
...p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}..
.r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n.
.i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0
.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.c
om/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by
 reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........
0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H......
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1697

content-transfer-encoding: binary

Cache-Control: max-age=431220, public, no-transform, must-revalidate

Last-Modified: Sun, 8 Feb 2015 01:18:30 GMT

Expires: Sun, 15 Feb 2015 01:18:30 GMT

Date: Tue, 10 Feb 2015 01:31:30 GMT

Connection: keep-alive
0..........0..... .....0......0...0...A0?1=0;..U...4VeriSign Class 3 C
ode Signing 2004 CA OCSP Responder..20150208011830Z0s0q0I0... ........
[email protected].!......Q...==d6|h.[x....7..`..........cV.!.....201502
08011830Z....20150215011830Z0...*.H..............Y.i... .omtQr."......
[*l<Y..1.:...K.3..mR..&M....}......T...........G9..&.....a..s....an
6)|1..q...Ay.7`."..4........7...B.d... [email protected]..\.....O[.c
-k..'[email protected]  ....~.....K....&...'5n..
..Sl.r5.Y|.....Ny...;.!..4B....0...0...0..{.........[..I|.....Zm..0...
*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSig
n Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa
 (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA0...140428000000
Z..150729235959Z0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCS
P Responder0.."0...*.H.............0.........Y....h..@..>.....%.-..
...O...' y.........x..Gw.xF.....?..Z..u,.X.&..........3C..H.l.....f..;
]s!.\"v...|....][email protected]. ..W....n..*..-
f?EY.......UN...r...........-_.%..,P;b.....)(.P.4...,.%....<..6....
.[r^X.EV..S...5#'Y.. .TD...........0...0...U.......0.0...U.%..0... ...
....0...U...........0... .....0......0f..U. ._0]0[..`.H...E....0L0#.. 
.........hXXps://d.symcb.com/cps0%.. .......0...hXXps://d.symcb.com/rp
a0!..U....0...0.1.0...U....TGV-B-1080...U......"...?....`>q..i1o...
0...U.#..0.....Q...==d6|h.[x....70...*.H.............B8@.$..wo......E.
....P52"b*@'C\.y.(...n....h.f..7f.....v...pb<...]..|..........k
<<< skipped >>>

GET /CRL/Omniroot2025.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: cdp1.public-trust.com

HTTP/1.1 200 OK

Server: Apache/2.2.15 (CentOS)

Last-Modified: Wed, 04 Feb 2015 20:30:01 GMT

ETag: "2015b-6ca-50e490d4402ee"

Accept-Ranges: bytes

Content-Type: application/x-pkcs7-crl

Connection: Keep-Alive

Date: Tue, 10 Feb 2015 01:27:54 GMT

Content-Length: 1738
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U..
..CyberTrust1"0 ..U....Baltimore CyberTrust Root..150204200915Z..15050
5201415Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..13
0130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140
212185542Z0....'....141112202254Z0....'....100217174732Z0....'#...1003
03201301Z0....'!...100312202204Z0....''q..100414175202Z0....'L...11022
4181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303
201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..1012081
75749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..11081
5145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...1
20111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....10
0216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100
908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..1012
08175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...11120
7220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012
182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...1301231
62633Z0....'....130904190524Z0....'....131024214319Z0....'....14012917
2435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204
601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...1407091719
30Z0....'/:..141119193302Z0....'k...120111220827Z0....'8...14071619120
3Z0....'....131219195909Z0....'....140219171545Z..0.0...U........0...*
.H.............Xb.F.M4hYy.h~...2.... .. ~.A4...F...gyQ.....:_..g.|
<<< skipped >>>

GET /thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.easydriverpro.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Cache-control: no-cache="set-cookie"

Content-Type: text/html; charset=UTF-8

Date: Tue, 10 Feb 2015 01:27:57 GMT

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Pragma: no-cache

Server: Apache/2.2.15 (CentOS)

Set-Cookie: PHPSESSID=9plslcodkrdkt0b2obpi40tb87; path=/

Set-Cookie: AWSELB=15A7D78B08CC57797F87EA072FDB431CC5F43D7E684950193DFB88BE41987C7E156D7F91AC9932BE17ABC54889040364137740AF66719939B1ACEB47879F9029F784CC65A8;PATH=/

X-Powered-By: PHP/5.3.3

transfer-encoding: chunked

Connection: keep-alive
1ab7...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//E
N" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">...<
;html xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en-GB">...<
head>....<meta http-equiv="Content-Type" content="application/xh
tml xml; charset=utf-8" />....<meta http-equiv="content-type" co
ntent="text/html;charset=utf-8" />....<title>Easy Driver Pro 
- Welcome</title>....<meta name="keywords" content="easy driv
er pro, pc drivers, printer drivers, mouse "/>....<meta name="de
scription" content="Automatically Update PC Drivers with Easy Driver P
ro" />....<link rel="stylesheet" href="./css/style.css" type="te
xt/css" />....<link rel="stylesheet" href="./css/template.css" t
ype="text/css" />..                <link rel="shortcut icon"  hr
ef=".//favicon.ico" />........<script language="javascript" type
="text/javascript">....function GoToDownloadPage(strPageUrl)....{..
...window.location.href='./' strPageUrl;....}....</script>......
                                ....               <script type="te
xt/javascript">..                  var _gaq = _gaq || [];..        
          _gaq.push(['_setAccount', 'UA-15244178-1']);..              
    _gaq.push(['_setDomainName', 'easydriverpro.com']);..             
     _gaq.push(['_setAllowLinker', true]);..                  _gaq.pus
h(['_trackPageview']);..                  (function() {..             
       var ga = document.createElement('script'); ga.type = 'text/
<<< skipped >>>

GET /css/template.css HTTP/1.1

Accept: text/css

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.easydriverpro.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=9plslcodkrdkt0b2obpi40tb87; AWSELB=15A7D78B08CC57797F87EA072FDB431CC5F43D7E684950193DFB88BE41987C7E156D7F91AC9932BE17ABC54889040364137740AF66719939B1ACEB47879F9029F784CC65A8

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: text/css

Date: Tue, 10 Feb 2015 01:27:57 GMT

ETag: "24239-2e2-4f20b0ddd1f80"

Last-Modified: Mon, 10 Feb 2014 10:46:38 GMT

Server: Apache/2.2.15 (CentOS)

Content-Length: 738

Connection: keep-alive
#main_template .{.    margin: 0 auto;.    width: 100%;.    background:
 #fff;.}..#title.{.    background: #fff;.    padding: 20px;.}..#title 
h1.{.    margin: 0;.    color: #003366;.    font-size: 26px;.}..#conte
nt-container.{.    float: left;.    width: 100%;.    background: #fff 
repeat-y 100% 0;.}..#content.{.    clear: left;.    float: left;.    w
idth: 524px;.    padding-left: 19px;.    margin: 0px;.    display: inl
ine;.    color: #333333;.    line-height: 140%;.}..#content h2.{.    c
olor: #003366;.}..#right_column.{.    float: right;.    width: 346px;.
    margin: 0px 6px 0px 50px;.    display: inline;.}..#sub_title h2 .{
.    color: #006600;.}..#sub_title h3 .{.    color: #006600;.}..#submi
t_template.{.    margin-left: 370px;.}HTTP/1.1 200 OK..Accept-Ranges: 
bytes..Content-Type: text/css..Date: Tue, 10 Feb 2015 01:27:57 GMT..ET
ag: "24239-2e2-4f20b0ddd1f80"..Last-Modified: Mon, 10 Feb 2014 10:46:3
8 GMT..Server: Apache/2.2.15 (CentOS)..Content-Length: 738..Connection
: keep-alive..#main_template .{.    margin: 0 auto;.    width: 100%;. 
   background: #fff;.}..#title.{.    background: #fff;.    padding: 20
px;.}..#title h1.{.    margin: 0;.    color: #003366;.    font-size: 2
6px;.}..#content-container.{.    float: left;.    width: 100%;.    bac
kground: #fff repeat-y 100% 0;.}..#content.{.    clear: left;.    floa
t: left;.    width: 524px;.    padding-left: 19px;.    margin: 0px;.  
  display: inline;.    color: #333333;.    line-height: 140%;.}..#cont
ent h2.{.    color: #003366;.}..#right_column.{.    float: right;.
<<< skipped >>>

GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Mon, 05 May 2014 05:04:34 GMT

If-None-Match: "87fbb3811f68cf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Fri, 19 Dec 2014 06:02:00 GMT

Accept-Ranges: bytes

ETag: "9a9a44d511bd01:0"

Server: Microsoft-IIS/8.0

VTag: 43863145100000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 550

Cache-Control: max-age=900

Date: Tue, 10 Feb 2015 01:26:43 GMT

Connection: keep-alive
0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-St
amp PCA..141218221600Z..150319103600Z._0]0...U.#..0...#[email protected].. .
.5..0... .....7.......0...U......10... .....7......150318222600Z0...*.
H............./..0Q~.r.}.E....&\....F.Z.C..#..F.s........<&\..9G..-
....j..N... .C.Fk....;l.....2.K5D.........-.>...(...g.0.S.[?...T4q&
gt;[email protected].('..e...Y..Bo..q..........I....'....i>
..y:.eH@h`..\...UA.m#.~.. ;.3..d..;..<..........p..s..J..N `Az.....
[email protected]....


GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Sat, 24 May 2014 05:04:51 GMT

If-None-Match: "96bfbfb1d77cf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Wed, 07 Jan 2015 06:02:43 GMT

Accept-Ranges: bytes

ETag: "88c4768d3f2ad01:0"

Server: Microsoft-IIS/8.5

VTag: 279245755100000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 813

Cache-Control: max-age=900

Date: Tue, 10 Feb 2015 01:26:43 GMT

Connection: keep-alive
0..)0......0...*.H........0_1.0.....&...,d....com1.0.....&...,d....mic
rosoft1-0 ..U...$Microsoft Root Certificate Authority..150106214825Z..
150407100825Z0.0...a......../..100208014912Z._0]0...U.#..0......`@V'..
%..*..S.Y..0... .....7.......0...U......(0... .....7......150406215825
Z0...*.H..............vQ..r..L.Q.N..=#.......V;..r../\.m..<.."...F/
U....(:.....xm.....P.e.F..BE8......=...G....6t:...?...L..B.v..p.M.....
...z..Q.%J.6..I.......8...U. .g..=T=K....L..$w...^....y~..-a.'...*s#N.
o..Qs.$h..:duV'~....8.6..w..b3.... .~)...|.I.y".>R.nJq.ws...3.....f
}.E)\......EB.d\.2.....h...lMjT.7..lj.'lj.b....".L.Os6{[email protected].|7z
.. ......>..Q...([email protected]\]#..Y.*.......T. .C.....A'..
5FW.ETDvX..tE.....g5.....&..&.....x.^H;...../7..'9.t.I&<[.HX.j....Q
w......}...qy3..q`<.....LB.9w|....;..Qw..a ..=.C.:.........


GET /pki/crl/products/WinPCA.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 07 May 2014 05:04:02 GMT

If-None-Match: "a413fc3b169cf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Sun, 21 Dec 2014 06:03:02 GMT

Accept-Ranges: bytes

ETag: "d2e35dc7e31cd01:0"

Server: Microsoft-IIS/8.0

VTag: 279876544500000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 561

Cache-Control: max-age=854

Date: Tue, 10 Feb 2015 01:26:43 GMT

Connection: keep-alive
0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U
....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Window
s Verification PCA..141220223154Z..150321105154Z._0]0...U.#..0.......p
............<.J0... .....7.......0...U......30... .....7......15032
0224154Z0...*.H.............h.~oH#i.J.vh_.....A'B..g...........F....9c
.{[email protected].^ 4.r..Wv.Q.0.w..j....c9..w....I..%.~.l..F.......xo....
_...o...7BR.;<..\R/ .....b.(....~..]|.v.u.i.X.B....I......./*...P..
A..fi.}& .x.v{TFP[.G......A......L.o...)R.......V.u..V.../.Q..(L.]....
.uki~......


GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 01 Jul 2014 05:04:34 GMT

If-None-Match: "924558f3e994cf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com

HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Wed, 28 Jan 2015 06:05:55 GMT

Accept-Ranges: bytes

ETag: "75565c7ac03ad01:0"

Server: Microsoft-IIS/8.5

VTag: 438743915800000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 554

Cache-Control: max-age=900

Date: Tue, 10 Feb 2015 01:26:44 GMT

Connection: keep-alive
0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Si
gning PCA..150127173215Z..150428055215Z.a0_0...U.#..0..........X..7.3.
..L...0... .....7.........0...U......Y0... .....7......150427174215Z0.
..*.H......................YIw.. ..(..y..O.G].B.."?.@...[1.}.X...]...e
.J....pP.I....!6...%.D.k...>c.|R.?.i..yt.z..B.........b....n..m5...
0....2..I!)v....z....y.#pXz.DO.....mF...e.'e...@.%...6./.bPZ...=....bp
[email protected]..@.. ...M....z....Q...{u. .W..HTT
P/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Wed, 
28 Jan 2015 06:05:55 GMT..Accept-Ranges: bytes..ETag: "75565c7ac03ad01
:0"..Server: Microsoft-IIS/8.5..VTag: 438743915800000000..P3P: CP="ALL
 IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT
 COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Leng
th: 554..Cache-Control: max-age=900..Date: Tue, 10 Feb 2015 01:26:44 G
MT..Connection: keep-alive..0..&0......0...*.H........0y1.0...U....US1
.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation
1#0!..U....Microsoft Code Signing PCA..150127173215Z..150428055215Z.a0
_0...U.#..0..........X..7.3...L...0... .....7.........0...U......Y0...
 .....7......150427174215Z0...*.H......................YIw.. ..(..y..O
.G].B.."?.@...[1.}.X...]...e.J....pP.I....!6...%.D.k...>c.|R.?.i..y
t.z..B.........b....n..m5...0....2..I!)v....z....y.#pXz.DO.....mF...e.
'e...@.%...6./[email protected]..
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1762

content-transfer-encoding: binary

Cache-Control: max-age=472229, public, no-transform, must-revalidate

Last-Modified: Sun, 8 Feb 2015 12:38:43 GMT

Expires: Sun, 15 Feb 2015 12:38:43 GMT

Date: Tue, 10 Feb 2015 01:31:42 GMT

Connection: keep-alive
0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..2015020
8123843Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...3
13..R...%V.......K3.....20150208123843Z....20150215123843Z0...*.H.....
........f...%/.`vA..Xt.U!._..f.1.~.'.7H..S.. *...VS.i.^.Oy..8.p....X..
..83c...>.s|.:...(.i!......9..n 1.. p....$1s.....(Wq.<...*V.r.*.
.(..S.8...y.4.A3..'.gQ..f..n..">.h.....}`...t.TP...n4..q"...,..6o.X
.0Ojs.]....`.e.*D..j;.w-:m.N...)X.....A.1T5z.d?...y.`.0.......K....0..
.0...0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0...U
....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006
 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Class 
3 Public Primary Certification Authority - G50...141202000000Z..151216
235959Z0..1.0...

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEApfEU0DWxeRF9Lv1AOMPzs= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=508936

Content-Type: application/ocsp-response

Date: Tue, 10 Feb 2015 01:26:13 GMT

Etag: "54d9366f-1d7"

Expires: Mon, 16 Feb 2015 13:26:13 GMT

Last-Modified: Mon, 09 Feb 2015 22:36:31 GMT

Server: ECS (ams/D1DC)

X-Cache: HIT

Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...2015
0209200000Z0s0q0I0... ............([email protected]....>.i...G...&...
.cd ...._.M.[........?;....20150209200000Z....20150216200000Z0...*.H..
...........?rk..!N....ow.E.R........AX%..G.`..'..U..&.[NQ.\.......S...
....3>w7}E.s.`.fj.Y.t..B,........x....D.m.R.........a9....X....B...
........w..S...7....OC.[._.....(....(.I......6.H..&.8L..p16 ..lT.W....
...c..A.O...xTd..#.(..........4............*(.rW.9...E.H.......
.


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTtSK3dy3sA4g6EKqm0CfGsMDTPlgQUUOpzidsp+xCPnuUBINTeeZlIg/cCEAJwu3i4ZpYdN6xM1SVvBys= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.digicert.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=511264

Content-Type: application/ocsp-response

Date: Tue, 10 Feb 2015 01:26:13 GMT

Etag: "54d92efa-1d7"

Expires: Mon, 16 Feb 2015 13:26:13 GMT

Last-Modified: Mon, 09 Feb 2015 22:04:42 GMT

Server: ECS (ams/49CA)

X-Cache: HIT

Content-Length: 471
0..........0..... .....0......0...0......P.s..)...... ..y.H....2015020
9215000Z0s0q0I0... .........H...{....*.....04....P.s..)...... ..y.H...
..p.x.f..7.L.%o. ....20150209215000Z....20150216220500Z0...*.H........
.....N.j.0.L\Q.4R.....O..y.b..3....`...q... ...t..b...t2."...C8..fM...
A..9..P..5.-...i...q..ac.cL.....u.......9.....g.....@......A...Sf...g.
w.n..$...e...l.>M$.......p.Yt....7.F6..@D...(.....\uQ.P7CK.'&.....1
dkx\.nIj...BQ?\......Y.~..(X...:..........6dN.X...Z..xHTTP/1.1 200 OK.
.Accept-Ranges: bytes..Cache-Control: max-age=511264..Content-Type: ap
plication/ocsp-response..Date: Tue, 10 Feb 2015 01:26:13 GMT..Etag: "5
4d92efa-1d7"..Expires: Mon, 16 Feb 2015 13:26:13 GMT..Last-Modified: M
on, 09 Feb 2015 22:04:42 GMT..Server: ECS (ams/49CA)..X-Cache: HIT..Co
ntent-Length: 471..0..........0..... .....0......0...0......P.s..)....
.. ..y.H....20150209215000Z0s0q0I0... .........H...{....*.....04....P.
s..)...... ..y.H.....p.x.f..7.L.%o. ....20150209215000Z....20150216220
500Z0...*.H.............N.j.0.L\Q.4R.....O..y.b..3....`...q... ...t..b
...t2."...C8..fM...A..9..P..5.-...i...q..ac.cL.....u.......9.....g....
[email protected]..$...e...l.>M$.......p.Yt....7.F6..@D...(...
..\uQ.P7CK.'&.....1dkx\.nIj...BQ?\......Y.~..(X...:..........6dN.X...Z
..x..
<<< skipped >>>

GET /easyinstallprolib/easyinstallprolog/log-install.php?ins=524&ver=8.1.2.7&st=1&umi=B48A115F HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.easydriverpro.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Cache-control: no-cache="set-cookie"

Content-Type: text/html; charset=UTF-8

Date: Tue, 10 Feb 2015 01:25:14 GMT

Server: Apache/2.2.15 (CentOS)

Set-Cookie: AWSELB=15A7D78B08CC57797F87EA072FDB431CC5F43D7E684DABEB6E5563F6C10267F9816C2F56470E7BD4FF83069C4D7AAFD9C8A214D03F955F611B22F1DA928EC16720AAFB46A0;PATH=/

X-Powered-By: PHP/5.3.3

Content-Length: 16

Connection: keep-alive
15379358....HTTP/1.1 200 OK..Cache-control: no-cache="set-cookie"..Con
tent-Type: text/html; charset=UTF-8..Date: Tue, 10 Feb 2015 01:25:14 G
MT..Server: Apache/2.2.15 (CentOS)..Set-Cookie: AWSELB=15A7D78B08CC577
97F87EA072FDB431CC5F43D7E684DABEB6E5563F6C10267F9816C2F56470E7BD4FF830
69C4D7AAFD9C8A214D03F955F611B22F1DA928EC16720AAFB46A0;PATH=/..X-Powere
d-By: PHP/5.3.3..Content-Length: 16..Connection: keep-alive..15379358.
.......


GET /easyinstallprolib/easyinstallprolog/log-install.php?ins=524&ver=8.1.2.7&st=100&umi=B48A115F&iid=15379358&comp=0 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: VVV.easydriverpro.com

Connection: Keep-Alive

Cache-Control: no-cache

Cookie: AWSELB=15A7D78B08CC57797F87EA072FDB431CC5F43D7E684DABEB6E5563F6C10267F9816C2F56470E7BD4FF83069C4D7AAFD9C8A214D03F955F611B22F1DA928EC16720AAFB46A0

HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 10 Feb 2015 01:25:24 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Content-Length: 8

Connection: keep-alive
....HTTP/1.1 200 OK..Content-Type: text/html; charset=UTF-8..Date: Tue
, 10 Feb 2015 01:25:24 GMT..Server: Apache/2.2.15 (CentOS)..X-Powered-
By: PHP/5.3.3..Content-Length: 8..Connection: keep-alive..

GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0d0f6af77d86ba3d HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 05 Dec 2013 22:47:50 GMT

If-None-Match: "0af536cf2ce1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com

HTTP/1.1 200 OK

Cache-Control: max-age=86400

Content-Type: application/octet-stream

Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT

Accept-Ranges: bytes

ETag: "0b2464b1797cf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 6408

Date: Tue, 10 Feb 2015 01:26:12 GMT

Connection: keep-alive
MSCF............,...................O.......'#.........D.z .disallowed
cert.stl....2..'#CK...8T...g........g.k..".....mlI."d..m...P$"....e.J.
.......z.....\..........9g.9....~.........Q.Q......Q..DL.8.C.PS.K0.!P.
0........#.DY.8.....V.....$.C....a.0...........`......;.S.....0#...m..
. ..`0...?.!vR?.....d....`......_@..}....$...i..OR'..$....K..'Z....o.g
..*.Vc.....[nY e./.EJ...B.Y.......Ag......!....9......u..!..1Yy.......
r...Ss^@...M.Dtl\....i.k....3...B.Z.:.p.N....*......x,...ah/..].[....G
B..T..$A....SY..t.E5R..R...9!....*.*68V....1... ...Q{..."[email protected];
xd{.C.u?..e.U.=f.nx.........y.G..0.......\L .'.^....$......N=..m...Ujr
Zs...J.I.C....;......q_..e......?.T..2..bw....E.L.{...S...~.<......
...-.Q..|.l. .1..6r....[}!J..,...naPk.U.... ..{@LH..W....>.Sq...8.5
.,.z..0.jL.S..........]...yW_...Y.1..h.7...9{.....I......g.Y.,1...i8n.
6..........4.]...........=........^..n.K7...c.g).Z. .0..$7.ys.p...B.5.
].f...|(3!.|..P...j..^..j....#([email protected]..*.O..i..u....9..S.Y.n..HXW..
.F ..i...:.......!.] r......D..*ld.b.>>:Pp.....5:1 o=..5.'..4...
....hO....{.V.rx..V...%.}..u...6Wv-..".iV.b..B0.Q..,...E.Dy...x..5....
?Z.$L..1.....4...=.....g!....%..:..c..j..v~....._R.6.......;.#.Y*p..J.
4.#'..Vo...g^K...J....._.^..u...)....&/.....q....o......4.....S...,q..
...p.8IIe.....d|.3{)...M.0.X...4.."..P.......Hk.... ]!.!... ..#.x..<
;..X.........'.E(<b[.......#.. ....XiLl|[email protected] 
[email protected][email protected]..;.......mm....>~............j%..>
;.X.,V...J...C ....*..Z.8- RKGW...0./Z.__..)7g_'{.......pr......;.
<<< skipped >>>

GET /PublicSureServerSV.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.omniroot.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=864000

Content-Type: application/x-pkcs7-crl

Date: Tue, 10 Feb 2015 01:26:14 GMT

Etag: "2b002b-472b3-21577a40"

Expires: Fri, 20 Feb 2015 01:26:14 GMT

Last-Modified: Mon, 09 Feb 2015 22:17:05 GMT

Server: ECS (ams/D1C3)

X-Cache: HIT

X-Cntnt-Length: 291507

Content-Length: 291507
0..r.0..q....0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybe
rtrust Public SureServer SV CA..150209214805Z..150219214805Z0..p.0....
..... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I
..101116165848Z0.........,U./...101116173007Z0.........,U.h...10111617
2944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0....
.....,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z
..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..10111619
5619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0....
.....-..4...110315204303Z0........../P....120206141831Z0..........I..@
..120124180322Z0..........JP....110222182509Z0..........Jf/Y..12021314
2815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0....
......YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu.
..120220131416Z0..........^..^..111007192320Z0..........`.w...12021314
4727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0....
......hlG...120213145015Z0..........h.....120130140408Z0............j.
..120110213653Z0...........}....110406160143Z0............$...11040100
5006Z0................110401005536Z0............W...120308151704Z0....
.........h..120228141105Z0................110314145902Z0............`.
..110322142311Z0................110322142551Z0............lb..12011021
3802Z0.............0..130201130700Z0............OB..110321165802Z0....
.........o..110321172720Z0...........g.:..120221183148Z0...........Ud.
..110516131110Z0............h5..120229174140Z0................1202
<<< skipped >>>

GET /rpc/sendinstall?partner=ProbitSoftware&build=8.1.2 HTTP/1.1

Content-Type: text/html

Host: update1.smartpcupdate.com

Accept: text/html, */*

User-Agent: Mozilla/3.0 (compatible; Indy Library)

HTTP/1.1 200 OK

Server: nginx/1.5.5

Date: Tue, 10 Feb 2015 01:26:17 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.5.20
12..{"ok":1,"error":0}..0..

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=587666, public, no-transform, must-revalidate

Last-Modified: Mon, 9 Feb 2015 20:44:25 GMT

Expires: Mon, 16 Feb 2015 20:44:25 GMT

Date: Tue, 10 Feb 2015 01:31:32 GMT

Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015020
9204425Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.l$.%t...............20150209204425Z....20150216204425Z0...*.H........
......'.^.M......_.(.~....b^:.[&...z.^.W.<'g.[..N..Y.k...i....U.Kc-
.:B....]#...l.^..S0K.OV.. ..D/&.E?./...~.z....~.E.YA....c.4...~.t.$..X
[email protected]......... .^.....7.t...*T.=1.3..I...n..m.i9.6l.....
!..r..;..8..V...._......t..YE.^9.7...*&_.a......dM.......#0...0...0...
.......<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
..{(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(....
......p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.
}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....
(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U..
..0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisig
n.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp.
 by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U.....
...0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...
<<< skipped >>>

GET /pagead/html/r20150205/r20141212/zrt_lookup.html HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: googleads.g.doubleclick.net

DNT: 1

Connection: Keep-Alive

Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4

HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Content-Type: text/html; charset=UTF-8

ETag: 8281997907193036559

Date: Thu, 05 Feb 2015 13:37:32 GMT

Expires: Thu, 19 Feb 2015 13:37:32 GMT

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Server: cafe

Content-Length: 5099

X-XSS-Protection: 1; mode=block

Age: 388119

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=1209600
...........;.w...... z}.UT..~..(.n.~l.6.t..^`sd[....mB....f$..@.{?.9..
....f<..q{...?....Yc....#..S.z.)..^[.yIp....Hr......2..<.q....s.
H.(..'....^LS..<]J....2?....#k...|......ic...4c.^......v!.qC...E...
.s..Ga.0.oc.g..}.{.....2_.1.8 ...{u..jx.......i.'.....<.....(.\....
...4....(..l...."GA..$^.=...x$;.q.O.M....i,.r.]...............38X.....
...E.a....$...}A.A.....Ix......FF.l..x.0...BZK(.....N......a. 2.<-e
>W.U....en>...8.X.......}....g/.....Etky..]..fMI.G7.%.iM...i...]
.i..9^A.w...yz.I......h6.....-.....T.i.(....8I.p~.q.T.Y#...?.|....M.&g
t;=...j..4.... J....;.s..G].9..G....T......'N......e......P.UL*m.A....
...4:....x.(.........p.u.Ij!x..c..4...A.\D...mY.<_d}g.....6..1l;...
0hY}.^.c...O..<..dle.0n<[email protected][& j.y..Jt.....Q.7.....J..~M
|.I...n...%M.....FtF.u.....$...})......#N.~..h.........6......._...8.m
cx!....21.G.g.hyZ...x..V j......x.IWro..Z#...lP.\^.}...S..H...).[F..&.
.2......=0........v[..z.8.c... ......k....6..."[email protected].&..*g.J=.K
[email protected]`..)..P1.NP7......1p.....2@..*"...N....GTQ...
...g.Y<[email protected] ...=...$..M....3..Y..X1#ZI...V..B.-......4...
.1w7..@..=...)(y.....l...ka.M...pohU.:CZa..!:..s..6...*[z...........#.
....n...1.........i..._>....N.Ac.....4..>.'.:......s.w6...^..?..
...-H.F.,o..;]ZxD.^.=.A;[email protected]@.4....D};..W['...O.>!...
...6g..a....n.`j..d...........=..........T~^.,..k.....Z.$.TXR......H..
".y....}.s.>.....k...0O..x.5...K.vTa9.8..._..h.....I..*|^..E.p.....
a...h._..V3...\P./.... ....Q.E..$..E8^r%.2....$..|x.,./..h..O.BGf.
<<< skipped >>>

GET /pagead/ads?client=ca-pub-4844330334866922&output=html&h=280&slotname=4127509192&adk=2253242122&w=336&lmt=1423531572&flash=0&url=http://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350&dt=1423531572346&bpp=15&bdt=311&shv=r20150205&cbv=r20141212&saldr=sa&correlator=6344100717591&frm=20&ga_vid=299294506.1423531572&ga_sid=1423531572&ga_hid=1303542799&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=14&adx=1078&ady=160&biw=1900&bih=805&eid=317150304&oid=3&rx=0&eae=0&fc=24&docm=10&brdim=0,53,-4,-4,1916,,1924,866,1916,805&vis=1&rsz=0|0||&abl=CS&ppjl=u&srr=1&fu=0&bc=1&ifi=1&xpc=rGf91JyaTN&p=http://VVV.easydriverpro.com&dtd=423 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: googleads.g.doubleclick.net

DNT: 1

Connection: Keep-Alive

Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4

HTTP/1.1 403 Forbidden

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Date: Tue, 10 Feb 2015 01:26:12 GMT

Server: cafe

Cache-Control: private

Content-Length: 82

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic,p=0.02
............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`...`
......\.[...HTTP/1.1 403 Forbidden..P3P: policyref="hXXp://googleads.g
.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PS
Do OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Content-T
ype: text/html; charset=UTF-8..X-Content-Type-Options: nosniff..Conten
t-Encoding: gzip..Date: Tue, 10 Feb 2015 01:26:12 GMT..Server: cafe..C
ache-Control: private..Content-Length: 82..X-XSS-Protection: 1; mode=b
lock..Alternate-Protocol: 80:quic,p=0.02..............(....I.O.T(...I.
UJJL.N/./.K.M.../.*)J. .H,J. Q......R`...`......\.[.......


GET /pagead/ads?client=ca-pub-4844330334866922&output=html&h=280&slotname=4127509192&adk=2253242122&w=336&lmt=1423531573&flash=0&url=http://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350&dt=1423531572361&bpp=3&bdt=325&shv=r20150205&cbv=r20141212&saldr=sa&prev_slotnames=4127509192&correlator=6344100717591&frm=20&ga_vid=299294506.1423531572&ga_sid=1423531572&ga_hid=1303542799&ga_fc=1&u_tz=120&u_his=1&u_java=1&u_h=902&u_w=1916&u_ah=858&u_aw=1916&u_cd=24&u_nplug=0&u_nmime=0&dff=times new roman&dfs=14&adx=1078&ady=456&biw=1900&bih=805&eid=317150304,828064101&oid=3&rx=0&eae=0&fc=24&docm=10&brdim=0,53,-4,-4,1916,,1924,866,1916,805&vis=1&rsz=0|0||&abl=CS&ppjl=f&pfx=0&fu=0&bc=1&ifi=2&xpc=KXefdQTk8l&p=http://VVV.easydriverpro.com&dtd=700 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: googleads.g.doubleclick.net

DNT: 1

Connection: Keep-Alive

Cookie: id=caebd6253000002||t=1384780400|et=730|cs=002213fd480c4c2631f7c541a4

HTTP/1.1 403 Forbidden

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Date: Tue, 10 Feb 2015 01:26:12 GMT

Server: cafe

Cache-Control: private

Content-Length: 82

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic,p=0.02
............(....I.O.T(...I.UJJL.N/./.K.M.../.*)J. .H,J. Q......R`...`
......\.[...HTTP/1.1 403 Forbidden..P3P: policyref="hXXp://googleads.g
.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PS
Do OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Content-T
ype: text/html; charset=UTF-8..X-Content-Type-Options: nosniff..Conten
t-Encoding: gzip..Date: Tue, 10 Feb 2015 01:26:12 GMT..Server: cafe..C
ache-Control: private..Content-Length: 82..X-XSS-Protection: 1; mode=b
lock..Alternate-Protocol: 80:quic,p=0.02..............(....I.O.T(...I.
UJJL.N/./.K.M.../.*)J. .H,J. Q......R`...`......\.[.....

GET /easydriverpro803.data HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: download.easydriverpro.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 1367400

Connection: keep-alive

Date: Sat, 27 Dec 2014 03:35:05 GMT

x-amz-meta-cb-modifiedtime: Tue, 07 Jan 2014 06:53:47 GMT

Last-Modified: Wed, 26 Feb 2014 07:45:19 GMT

ETag: "9ac344cb3c8cb7f422f00aeed040ed46"

Accept-Ranges: bytes

Server: AmazonS3

Age: 20660

X-Cache: Hit from cloudfront

Via: 1.1 8813babdd85ca691e150294142d51c61.cloudfront.net (CloudFront)

X-Amz-Cf-Id: 8XpmQh4Mxc8adKiUdXW5dTnt6A10GQfJpLe7wja6oaKRtin7Z6CNTQ==
7z..'......m$.......$.......<(...&......k.u....{.:.....Rd....<-W
G.-.....o%..P..[.R..|=LuM...s....q/p_.%o.......j.....['.a.a.!=#/.._...
.D..<e.Q%(....0...W...2......!....2...aN.t......>....1.2Y.....S.
[email protected]<.7.^..^.%\rX...6.8c.o..d#.7L.4).....t.^...XN....l.$.
....J.5a$.L......qIc.@[email protected]....}!.......w......JU.....`....*7.
..h.P....R_.]l....D.'.n...u,1M8P.|..}%..Hv/...g...SS....1..([email protected]....
..j..:!......Z.j3'.*\.8C.u.S.!...{......}.$r\Z.....bG.}v92.4..Z...f...
...9.B..E......b.l.... <.1.$|......)..Y!.'.....T.3.y.#.O.z...vJ.44.
m..&A.NP.s...".......9...........q]G1....nm...Z....-....2.d.........A.
.........Q....~.2>>=:Q.Z.-......9.//W.......V...5...0T.a.G/eId.^
..=A\V.....0%[email protected]..*.x,........tJ.,E..i....a.[.]D.  .....t...
OOB......X....q...'...B..qY..#%P.....R.....B.0...h.0......G.D..~'bj...
..t.......v(.....=............[..wE ..K.Ir,.]....<........`b.......
4#.#.....&.@../.H....F...........e..0....s..J...{.V).V!pOc........N..i
..h....E...^.v5..Y.Rn....>x.].|......L..9..02S...e&...m...A..F..E..
_.p.}>W.!.`.d{....3z..@b~. ....H......W..;..9..J.L....ze..C!...R...
..8|..6.N.-.......aB....*...{|.#R.L.._psDu.%.yPp....5.._O.2aOt..1g.W].
.i..0..L_z....L....y.]%m.....o..S..g....Im~...0.z\.......S..m M...).J'
..[...o.X.w....Y.....T..?.wY;p...M(.........C...sN.j.:#$.(..p.q.......
F.VzG...N..>......."CX..W.....x.y-......RL'}X.IM..C..?.>=...#X..
.....P.D.mG..~bE...u...S0z.(..s..#.6.9Ro...6.........~.D?..$.96...(...
.]....7,.x..L6..P*[email protected]{.'(.;=.IWi.......1.?.uN.#.&2... .H7
<<< skipped >>>

GET /easydriverpro803d64.data HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: download.easydriverpro.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 3503276

Connection: keep-alive

Date: Sat, 07 Feb 2015 22:28:58 GMT

x-amz-meta-cb-modifiedtime: Thu, 22 May 2014 08:09:25 GMT

Last-Modified: Thu, 22 May 2014 08:25:30 GMT

ETag: "88fcbdd2f3d077dc38facd8d44e7713d"

Accept-Ranges: bytes

Server: AmazonS3

Age: 7082

X-Cache: Hit from cloudfront

Via: 1.1 8813babdd85ca691e150294142d51c61.cloudfront.net (CloudFront)

X-Amz-Cf-Id: Y-gvm4VqI7AkKIyHF-nZePvsh6ZjJxI04g5l1PXlc4Ook7UGvQ7T-w==
7z..'.....k~.t5.....~............).E.`...&d..&.1...!..m....9F..O....0.
.M.c.9h... ..F.....U...-....j.2Kd....D...oU...e.. ...u.>..*.6%.j..P
d<...l.....=.....&......o..t2..Lp.XUy[.P.....J.4E.....<.S&`..|Jb
.;...EO....Z..FZr.k,`.4wtoO.0Qp...KSj...3'T...B;..F .t.I.....c{8...t..
8..~.n.@O!...uv8m.K..\&nw...!.(.*.].a....p ...^......w.X...1..oW^S1...
.E...6..^...........1.54..;.C7'.(.>.j.."[,ux(K_)..\u7..a.s.;.C...2[
J..z24.%..Pvz......r.(.8.XY..8..o/...'U..h......m.o.?>...........*W
..C@q....]....dU..% ...*[email protected]..%.n....N!..|.*8..c\4.r.:...G
t.4.d..\9.. jn.j.......x.....LRO.K$e.D..:&Jf....6`.~......9..v......_.
.\...7%....6...q.......~..e'.8.m.'.p...`....n........!.QL>. 5...!..
.._\R..*.d..L..T.....Y]B].<.b.H.u.`.........}...F..9W........:.]gn0
W.....S7 .K....#..f.4..R..;.w....=IrWf9^w..N....)....c.3.y.>...1...
VW5./.....'.r.g>..l..........,.....a..].|H1..D....*F.n.-.......-...
Ht....~.O.,.Mt..S.D..#...J...i.r.vo.....'d{ t.....:..f{:...f{...7J..G?
...[B$....e..1;^I"..z..B>v-K.S.z...~....V..U.... ...m.f2..Z .......
k,x.&...R....^i.............#[email protected]..>..k..4.J...Jn.Y.9.}.l.>2.
..)./..b.7....=.......4.{F.<,.#D.m.O...7.[.)q<..8.s.x.......~8..
.n.x.R.F.'$........6'.DQ.....)^K,.~!b..m(3zh.....]...4.0...N...#..B...
o.\B..A.oH......e1b8..F..&B.= .2%i[.q.<..i....Z...B...........s..a.
...wp.b.z.<..!.......).*...vw..*rO..D;........G2..F\.o=.?.S.7....L.
/r^.........=..........iY..N..=...V...C[y..$..S.u.:b.}.>4..`'......
...6=..6.......p..Wq1.4. N..]P..K.C.o.&;.vW.....!'$b..M....x3.....
<<< skipped >>>

GET /pagead/show_ads.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: pagead2.googlesyndication.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 17196149217972916362

Date: Tue, 10 Feb 2015 01:08:40 GMT

Expires: Tue, 10 Feb 2015 02:08:40 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 7552

X-XSS-Protection: 1; mode=block

Age: 1051

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=3600
...........\ys.F.._...KQ.....5...v..I|.g.......".P...".....N..f_.....\
===}.....,.#....I d.,HM.Y..U.........._.b.B....c..}.o ...G.u{.$..HD.J"
...fo.y''.;....q..v.I...f7.?fI.M...C.%.. .Z_....'..-V.qkt...^......H.R
l...h...mm.y..".i.Uk...W...D.".n_...X$....p.....4c.6%..r....]......MU!
T....a*Z94Z..} A.k..,[email protected].>...7.Sg2.1]..oT#.|[email protected]..#.
.!7.Y._.N.$Nt.&..r\~......Qc..N%..b.94.|........v.U...?.....\..0..f...
N..A6.b. .VpQmy.d..ppx_cy.t..Wq..G..,..-7......[./.^...{.Q.w9az$.[?.L.
...>...s..UC.p..I*^.1.......[...........>.[|c^7v[...w.....n&R.et
..z....[..,...Y.o}|v.p.9...........5.?|6....z..[k)F..Y....;...ww.....%
....t...<..s....x../.-h.].oC<.9..5..f....C..;.p`..-....A.oc..MjD
..[.X......#..Vi..X.;<..6..!......4K.o.....w..c.F...$..[......n..lJ
y...8M4m..{...N.>>y..Y7.....0.K......S!..q.. ..O...A.k.?.nr..bb.
.r....D.tl...d...'...Hz...Z.6.X..0..r......W.(....S..v.m...B....-.....
..t.f..N.A..HS>.3$oh.*.R1w..%.4...1../..-7V,WI. }.DA&t......8...T..
9...P....4...U.a.$y......l..}.Iq:.a...tJC5.:.*....0}... .'......D...C.
[email protected]...).|..v.|.o......
.-....*..z.N.....:jIi..............ZO>...\.U..w.6.%wm...y.HSo.1..iQ
r............q..Z{[od....0.E ....}...}[W.e\...0.?@...]^3...7....<=q
F..I......U.......,.....2..TF..).G. !.n.GV...L.y..Hf<.D..V-.m.R..D0
.5.q...gb....@ ........J[.J..H..]j.TH......T^.W.T..\.....k....f.;.U...
.5..X...Gs.s..$".D.'....a..`...Y....Ay.....m\q.........C0y....B.Wc.NEp
X.....v.J..AV.E.x.L.....I.FF..d........C..6.`..SD...61..'..|.4.3..
<<< skipped >>>

GET /pagead/js/r20150205/r20141212/show_ads_impl.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: pagead2.googlesyndication.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 8853379017671385099

Date: Tue, 10 Feb 2015 01:26:11 GMT

Expires: Tue, 10 Feb 2015 01:26:11 GMT

Cache-Control: private, max-age=1209600

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 54705

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic,p=0.02
............g[...(.._!f.b....p.a. @6.....d=....5"..........|.=.~x..B..
:WWWW(vnG..?...?w..0tf.~.\.Q...g..n.......*.......`...?......? .e..}..
...{Ui.G..^...C.7.i.2...P.....f6..xZ.p`..A8..zkk......Y.4ms5Nq..g.....
x.T....(..b.|........s..pv8.f.......n.....,.......P.$.l....'..Sp.~.h..
..?3..3!.y.o./j.l...}4y5....N.9% "S.........t<.c....9..G.....P.5...
...?...-h./k.m.W.|...6......N! ..F....a.?..c5N....e...I8.=.F...N]o.yW.
....f...Q.}/._.7.Z....&!..Ar..E8......B..b..*.,.D .d..."'{.F9.P.....D.
X'o!R..*..0.E..MZ6..6..9.5.e_.n....]....%9.4^8....m..q..Y..v*.f..L..E.
...g...s8.E0R?.%a.V]s........0.m...UN..oq....6^..U.:Y.m../....W.M;..vD
.Ot.g....q..."[k&..6".. 3"......q(.........*.e......G......q.[..w..r..
.D{p..st.........a.............C...P.I.. .\g......~>..m.O.L_.if4=W|
.^.92..../.,.g.*.x`.q../....}/..g.F.zL....2..g....B..F.^..:P.8|.|...}.
.i...i.2;...Jf..r...v.k)t....o.]..0.t...N...F..........N...o.......w~.
...../..q8...Z...E'..<.......Fy.F...j....q....U.../...Q..._o.......
g.-...uUY..*..g.l...c........................m... ....l&...M&..`.J.{..
.........,....8e7.... ....Pc`.j.F..}...q..L.).q.G.....M9.A^.8..$..r.,z
.:c.[..0.....,}..6U..0L.~.f.Dc.Y...lB-.v..N.....L..L..L..L..D...ZY.g.l
.J...e.4.Fw<..B7...r0......xS..3.0.....n...](.Y....Q..]:........s.|
..|...#.W........PJ.\X...p2p..o.......J.4W_.6.........L.......5w8..S.u
0n0.....MD.0...8.....l...~R\...X....It"..k.......a.MhI[.t..L......2...
.3?7..3.=..~...c.".%.....f.D<b.$r...=gc.f...;....w..._.~....~../...
.......w......-.....`...f.uvX.z...._h.0..8..#f...b.-..1.....7.....
<<< skipped >>>

GET /pagead/osd.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: pagead2.googlesyndication.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 5172368612601503256

Date: Tue, 10 Feb 2015 00:55:46 GMT

Expires: Tue, 10 Feb 2015 01:55:46 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 18390

X-XSS-Protection: 1; mode=block

Age: 1826

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=3600
...........}gw.J.....D..#..c'.#e... @..P.?..4.M.......w.=E#Y....K...u.
..g.A2...~..R.W.....0!...,Vq........^..X........V..|-..k..'..h:.._....
.L.D.p.....ZO....../yR.t.....(0........9.q3...l5.'...{.....ns....P[c..
Y.Q/TUQ......[..i..bzD.7..c9.......w.()V.J....0[......_2.z.b,....jw0..
A....cq.."=..^TNsD....H...........M...qw..%.........._..tx...$.6..B2j.
.ZI.so0..r._.Ov... .Yw So-..QN.].....Oo.&.P.....i..#|O.....c[.R.>u.
.[Y-...Q....Af....D<\".Z4.T...@.........,.Zd......T.C./8....[.A.L].
...N.I.`...K....*..yj...?....P..~..3w$., .$..J.x..h...E-.......8.N....
.0Qk".v.........m..].O..jq.i.8[o.KU.;..m..Z-A.._...r... ..Z.R[..a...b.
..d..,..;  4"...-.~.......]....A.>.......v/.j2La373...D.^...$...[.p
...7..........k...S1...%...(...*!...O...PL.........{>o....?..z(T...
...F.........C.......ob..c.?.1....9.]...pX.X...L.3yo.6...}....3.V....f
".1.\#..........a..?X...c9........M..E..1.o.....`[email protected]..&.u.
..@. 27.......(..\N.....S..U...%.......y...?....ae..-........U......./
(C....Y....u..[x..s..O.....<.../x..'.....z....O..Z[l.Uy...(.u .....
.&........2~(..Z_\....L............w......f...v....z\....$...#........
...x.kC=.?DF.....#.<....S(........^!..>4..(SK...M...c).../.J.01.
......>..F=`..2..N.....M:..~.$..04X\u.@..(...'...<.f.....F(...FX
_....,../......o..M.Tl...X8.....?..Lz.&.S........Wt{.t.....t...N.Z....
..{g.....v....j...^...v]...px...^&^.....j....x.~..`[email protected]
 .~n.....|S...q..z-........q..m1.t|....`.....}j.a"..v.2..!%~..U-......
zD.r....I..........*<5....{W^1............x.......Plh...MO9....
<<< skipped >>>

GET /pagead/js/r20150205/r20141212/expansion_embed.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: pagead2.googlesyndication.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 11869618118241093315

Date: Thu, 05 Feb 2015 13:37:29 GMT

Expires: Thu, 19 Feb 2015 13:37:29 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 51404

X-XSS-Protection: 1; mode=block

Age: 388123

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=1209600
...........}iW....w~...2R.........[..-,!.0..f....fK........gr.y.......
....N....3.....>..X...;cv.........Q..0.D.....).<S...6..:...Y...F
6...=.z!f.;..v<.....^o.... '.?^.......z.w0e....c..l.....0.$..A.. ..
.....v.e..J.?..~..VG#....,..../[email protected].....".6..&...6..OF.~...^....\..T.
:.h.x.#.Uorl.b4.*..b..o.x..jJ.^.oM....}[email protected]
v.<..Dc..[.9s............iL.T:"[email protected]...#.oJ.t.........
8eQ. R.....2.@.#...S6,.xL f.....r.f.lRV.X.9..l.s.Te... .0....=em^.9.E.
.^^l..W.-.4.......Q|}.......|.z.O.....sk;.>|.;...:..-...i...5>..
.m^...1>j...'c...X..d.;..h.X....]..]~...-....tH..?.."O......Wrx5...
../u.'.)...Hw.e..f:-.Z(f,.......W....Wraan.1? W#@...g.t....'.....".%..
wo..U..x.|2{......l.1k..<....Amx?n.,G~E....J..............~.X..){,.
.I.Y.....~..W......?..q8..'//..mam...S:.{...v.......|.sk.N3......|.A_.
%...=....*!..0]g?H.{s.v.I.FA\..L.......p2...r..f.!K._9..._;.........n.
8z.j.i_t...|.w....;.....%.6l'..^.=...U..R..8...~...m.2'.gu.z.>/. ..
..!..m...<....e...^........[|.!....A.T,....{..p.O;.I....p.........d
Pk..#.........#..._-......r...#...'..%'..lX.:P8.Jc.<.b...h..~.U_...
....,.....B.........cgF.8..."$.r.$........J.O...\....1o...R.q...=..Zp.
...}~.....x2..|..0..pWF......_>....WK.I<..A.q... .:..2.H9..ni.(.
.p..../......,..{a...\.G...CT.SL.`9.P...^&.Y..v..../..P..K.&e.?..?`.VY
................m?a..V....|......B.....&._Z.%...........?.............
b..s.?/.......WKl-.0.........S`4iDld...D..[.dG...X.F...^.x......k...S.
............g.(nm>.m....^;...k.bV..Y.I.....o.3. ....\@... .....
<<< skipped >>>

GET /connect/xd_arbiter/DU1Ia251o0y.js?version=41 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: static.ak.facebook.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8

X-Content-Type-Options: nosniff

X-XSS-Protection: 0

Content-Encoding: gzip

X-FB-Debug: xjz1VMVpl/qb1OpGI1MMiqBhmjEREqYWadEbi0BhC7laBxWyw0R08APcuW /X8AhtbiXk36kn8W8gyJPQ1I64Q==

Vary: Accept-Encoding

Content-Length: 9954

Cache-Control: public, max-age=30374239

Expires: Wed, 27 Jan 2016 14:43:31 GMT

Date: Tue, 10 Feb 2015 01:26:12 GMT

Connection: keep-alive
...........}y..F....)T...F...g.*...........g../..$..%.*(.}...CJqT.w..v
..$.....W.T.g/?....... .G....3.."..._.f..%..z.&Y.|..Y.[.x..I.O..G..^.e
....;J...E..."....[.y..|..Z.X.........s.<M..5N.9)o.x.{y...#.h.(..QD
. M....Y_...*M...?.....0......2..8..o..-K..e.D......g<>..>..0
s9.......0~2.>...$....".J.....,O......{.....J'7...?.V.B.q.......f..
..Yq..C...XRDq ....].F.9s.4j.|.;...cN63:o..h.q....Q.cQ.x...Io.....m...
n..x<....R./....v8SL...Q..={..d../:$........7....../b.....U.z.*.'..
.T.*<..I...i.'.u O>.)0....XA?..$...8S..q...........v....1'......
..E.z..%.%[email protected]....?>.".~...[.e.[#n1.."x....1n.M....
No..`...|r1.M... x.u.....;q9!...M.&..$.....5t.;..h..........W.a.....j9
l.....bM....v.!&......IvtG..5V# .F.....C.`0....iCln.. .;...2n..N......
!..)......l..s..;...q..:.-.e0v.......9RVR..cI.%...........:.{ .K......
..^.1A..X.]........0cW.@0......"G.*I_1/ '[email protected]#..(.r.._.(@...)..P
"(<D.F...".Fc*.8"..b.....!k.-...tM.....&h^.F..h5.%.(.^.l.JI..*.z...
M@...;)..............K... ..^.....T.y|i!...cr.|o..d..z.-.6v.`...t"`../
.F.;..V..f.../(`....F,..H`.[..q..f..q.....YB..j.C.bL.z..R..}M {)v.. ..
l.. zk.[!...M...OH....(.wh.j.S.8'...u..N...i....hpI;WAw.,...w=....&"7@
..A..N..`.....V0...!S....*L.5...[..I~hQ.M.A..Rh.c...HX.dR1....\<...
[email protected].,.p..L..Br..b. J...Fr,....R.r..'.;R.A.@".B..Q#......./......]...
n H..,...m.zf. .>.. '........,...f..?.Hs.I....V...}C..M..Y..!.....s
.C..4...LS....R.hs..0.=F....{....i.G0......a......2P...&........6.W,..
......`...3TR#..u....uF.... .awm...cw...Q...x.Y.z..\.Q.>...K.I.
<<< skipped >>>

GET /PublicSureServerSV.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.omniroot.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=864000

Content-Type: application/x-pkcs7-crl

Date: Tue, 10 Feb 2015 01:26:14 GMT

Etag: "2b002b-472b3-21577a40"

Expires: Fri, 20 Feb 2015 01:26:14 GMT

Last-Modified: Mon, 09 Feb 2015 22:17:05 GMT

Server: ECS (ams/D1C3)

X-Cache: HIT

X-Cntnt-Length: 291507

Content-Length: 291507
0..r.0..q....0...*.H........0F1.0...U....Cybertrust Inc1 0)..U..."Cybe
rtrust Public SureServer SV CA..150209214805Z..150219214805Z0..p.0....
..... .Lz...101018164835Z0.........,.)5...101116173409Z0.........,U..I
..101116165848Z0.........,U./...101116173007Z0.........,U.h...10111617
2944Z0.........,V.bC..101116193600Z0.........,V.[H..101116193534Z0....
.....,V3Y)..101116193648Z0.........,V5._..101116193745Z0.........,Vg.z
..101116194901Z0.........,Vh....101116194922Z0.........,Vn.4..10111619
5619Z0.........,Vqvg..101116195553Z0.........,_..(..101118145747Z0....
.....-..4...110315204303Z0........../P....120206141831Z0..........I..@
..120124180322Z0..........JP....110222182509Z0..........Jf/Y..12021314
2815Z0..........Jf.P..120213142915Z0..........OT....120221131614Z0....
......YQ.1..120220131256Z0..........Y`?W..120220131507Z0..........Yuu.
..120220131416Z0..........^..^..111007192320Z0..........`.w...12021314
4727Z0..........`.y...120213145412Z0..........`.&...120130163851Z0....
......hlG...120213145015Z0..........h.....120130140408Z0............j.
..120110213653Z0...........}....110406160143Z0............$...11040100
5006Z0................110401005536Z0............W...120308151704Z0....
.........h..120228141105Z0................110314145902Z0............`.
..110322142311Z0................110322142551Z0............lb..12011021
3802Z0.............0..130201130700Z0............OB..110321165802Z0....
.........o..110321172720Z0...........g.:..120221183148Z0...........Ud.
..110516131110Z0............h5..120229174140Z0................1202
<<< skipped >>>

GET /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGo= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.omniroot.com

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/ocsp-response

Date: Tue, 10 Feb 2015 01:26:13 GMT

Last-Modified: Thu, 05 Feb 2015 09:08:42 GMT

Server: ECS (ams/D1C4)

X-Cache: HIT

Content-Length: 1406
0..z......s0..o.. .....0.....`0..\0......`;.l.uZ..k.F..^|A.Tb..2015020
4214606Z0g0e0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M..
..'.j....20150204200915Z....20150505201415Z0...*.H.............AZ..f..
....\i.../e....5.........%...j........<A.J.K0....|.!.z./jn.....>
.i.g...3....^yjS...h.T......w..(..k.Z.5.xe..."oW|..3*..$......4G...E..
C......t..-`.a.kFF.~.;.^.2.........n..p....p.FE.z...w.J.<.c.....L.w
..;s.....-v...,.-.=...h.$..%.99..p).i.t 8...U.......0...0...0.........
..'..0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....Cybe
rTrust1"0 ..U....Baltimore CyberTrust Root0...150114195242Z..160114195
229Z0G1.0...U....US1.0...U....Cybertrust1#0!..U....Cybertrust-Validati
on-20110.."0...*.H.............0.........?....(Fb....G... ..=..(L..wK.
..04..I......C...1.Z......U.$b.f..Pa.....S...#..B.........^T..IP8.....
.....h8GM..*.4.MP..../[email protected].
..2.x....$..@@....q2...Uby.e......D....lf...C....ZP}O......7...mM..c.g
..j.\.>.O....G.A........0..0... .....0......0...U.......0.0...U....
.......0...U.%..0... .......0...U.#..0.....Y0.GX....T6.{:..M.0...U....
..`;.l.uZ..k.F..^|A.Tb0...*.H.............n.h\Ch*G.c..yr..."._....J.-.
...j.t%..e.....([email protected]!m...sZH.N..>.S....K..........7wi3..x.D..l
..ud.....CC......<.&.2. ..d...T.......;.S....\... ......m.6......#(
.&....q.[z.........r..T....W...7ea.}..B.1........al.]i.F...-.0c...y.=?
....E...........'>..O.._..
<<< skipped >>>

GET /CRL/Omniroot2025.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: cdp1.public-trust.com

HTTP/1.1 200 OK

Server: Apache/2.2.15 (CentOS)

Last-Modified: Wed, 04 Feb 2015 20:30:01 GMT

ETag: "2015b-6ca-50e490d4402ee"

Accept-Ranges: bytes

Content-Type: application/x-pkcs7-crl

Connection: Keep-Alive

Date: Tue, 10 Feb 2015 01:27:54 GMT

Content-Length: 1738
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U..
..CyberTrust1"0 ..U....Baltimore CyberTrust Root..150204200915Z..15050
5201415Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..13
0130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140
212185542Z0....'....141112202254Z0....'....100217174732Z0....'#...1003
03201301Z0....'!...100312202204Z0....''q..100414175202Z0....'L...11022
4181251Z0....'Pn..110309142119Z0....'....100216203312Z0....'#...100303
201213Z0....'3#..100908172555Z0....''n..101208175627Z0....''m..1012081
75749Z0....''p..101208175916Z0....'H...110114162156Z0#...'X>..11081
5145134Z0.0...U.......0#...'Z2..110818184101Z0.0...U.......0....'g...1
20111164333Z0....'g...120111164409Z0....'g...120111164519Z0....'....10
0216213519Z0....''s..100414175225Z0....''k..100414181839Z0....'3"..100
908172705Z0....'3$..100908172728Z0....''o..101208175645Z0....''l..1012
08175727Z0....'H...110119195142Z0....'Nz..110302154045Z0....'c...11120
7220933Z0....'g...120111164445Z0....''r..100414175143Z0....'8...101012
182723Z0....'e...120111163041Z0....'VJ..110714160903Z0....'s...1301231
62633Z0....'....130904190524Z0....'....131024214319Z0....'....14012917
2435Z0....'....140129172453Z0....'....131024214310Z0....'....131101204
601Z0....'....140219171632Z0....'.^..140409155638Z0....'i...1407091719
30Z0....'/:..141119193302Z0....'k...120111220827Z0....'8...14071619120
3Z0....'....131219195909Z0....'....140219171545Z..0.0...U........0...*
.H.............Xb.F.M4hYy.h~...2.... .. ~.A4...F...gyQ.....:_..g.|
<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?924f477917498068 HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 12 Mar 2014 20:20:10 GMT

If-None-Match: "0b96c77303ecf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com

HTTP/1.1 200 OK

Cache-Control: max-age=604800

Content-Type: application/octet-stream

Last-Modified: Fri, 23 Jan 2015 02:29:11 GMT

Accept-Ranges: bytes

ETag: "803565fb436d01:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 57591

Date: Tue, 10 Feb 2015 01:26:44 GMT

Connection: keep-alive
MSCF............,...................I.................6Fm. .authroot.s
tl......8..CK...<T...g.v!M.d..f.%d..}K..5......dM*K..J.,%K"...!..=.
k..........{=/....{g.~...............'....6..N....w......(.$.>.7...
........'.....`.bx....^..$.'.^.K.C......<[email protected]
.....usXq.d.i.jF$.4.........KI.Q........A2m:..E.P|...(.^p..=G|.....m..
....  .6...H.e.....X'...%$r.Y.(..)........|...;...V^r.VM.._*X.I. ..4..
...*.....Y..`.0w.u...c.i.[..-...x..<.8.<.p..,..y.[v.Yn`......!.s
...4e......B...$.,..........w.Pd.)....,..#.%..h...8...`.A...8.i(.!.$/.
=.....i.\X.H......"...a...k...y6....F.._?\*.&..3.AJo.!..`....9....=.p.
u..u....f.f....w...?..S..I.;.....5._...F.f..G?$......."..kq.y'.6tJ.e%.
.G.n.....z<.pX"....1..g."........V:.H.-...!}LM..t..-.y.j&...n{..-.]
H. .....A.O.Xg..B...#[email protected]..*.....T...}o._./S..h@$
[email protected]..#.:?."....1..v.....&G...?O1x6"5.@..$.U...n.J...w
.Y.{..........E.N.&...&.rC..W.....M.........,.e.....&eI(/eSO.B..K...R.
 [email protected].....(..Y./;-..M5.0.H2.y....:...........a.U....%.S.).^.
...1.B..a..=...q...X .B....F.../..../.Z...'..t....C....,.^...N=..t%N|I
C.#.)6...q.E.J.i.E.>....".L........>...Vy.7.jxx......G........._
q.1^..H&.4Z......^.E.K 9.Xg...qO.6%>..T....;n..s.'u.-...=.........p
..p.Rn.........=.......F........d. d.AR.0U..........9b...=N..#....c.Ic
z......u.0............Y.q..b.wYE.......R...s..W....r].....hT....k.g..[
...s.....X..`=zb.>..../..=........J.N.h...(}.5.7. .;..=F..F...'.?..
2...3...=...B..`....{...f.`Kb..@..`Z.0!^8.t..<l.j..lI.P.q.>k
<<< skipped >>>

GET /publishers/3/524/EasyDriverPro.app HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: download.easydriverpro.com

Connection: Keep-Alive

Cache-Control: no-cache

HTTP/1.1 200 OK

Content-Type: application/octet-stream

Content-Length: 720864

Connection: keep-alive

Date: Thu, 05 Feb 2015 00:49:33 GMT

Last-Modified: Thu, 05 Feb 2015 00:21:46 GMT

ETag: "19746a029c39d9d1c3ce2b7976dbd107"

Accept-Ranges: bytes

Server: AmazonS3

Age: 15330

X-Cache: Hit from cloudfront

Via: 1.1 1f8a17c41295fac39556a328869a62bd.cloudfront.net (CloudFront)

X-Amz-Cf-Id: Q3j5Dh02UWR1ikauAXNfv7Mlp5ShwMS1WdpCiv0LOCY-2xAKnWZRSg==
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................^...........0.......p....@.........
.................................................................t....
...P..@...............................................................
.............p...............................text...L\.......^........
.......... ..`.rdata.......p.......b..............@[email protected]\......
[email protected]...`...............................rsrc.
[email protected]..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected]@..e...E..E.P.u...Pr@
..}[email protected]... M.......M....3.....FQ.....NU..M.....
.....VT..U.....FP..E...............E.P.M...Hp@[email protected]
....E..9}[email protected].}[email protected]..
[email protected]@.W...E..E.h ...Pj.h`[email protected]...\r@._^3.
[.....L$....B...Si.....VW.T.....tO.q.3.;5..B.sB..i......D.......t.G...
..t...O..t .....u...3....3...F.....;5..B.r._^[...U..QQ.U.SV..i....
<<< skipped >>>

GET /en_US/all.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: connect.facebook.net

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

ETag: "a7753d52056f88160de1b42f583ea64b"

Content-Type: application/x-javascript; charset=utf-8

Timing-Allow-Origin: *

Vary: Accept-Encoding

Content-Encoding: gzip

Content-MD5:  ndCHfHKV3D5/ScKX/a6nA==

X-FB-Debug: n6C5MaH2G5Ie8Fvsw4X2hweW6jy7 /HkoZLsxFnM/3kmZcf6fugZxGKPuLeBjexF1SpTq5Be9hVPL0r 9dXBYA==

Content-Length: 52552

Cache-Control: public, max-age=1200

Expires: Tue, 10 Feb 2015 01:46:11 GMT

Date: Tue, 10 Feb 2015 01:26:11 GMT

Connection: keep-alive
............{..../...^..$.1.(J..4...%.....=.l(....H... %Q..k..[..h. %'
.s~.l.......U.U.G?.?99}z..E.........x..g..<.'......O.>.....o.~:.
_......W.'*6]..^.^..t.v..K.'.*e!....N..[ZL...4...7..C.T.W.k8K...I.....
|Z?:.....\...zG#).......O...J...5.-K..h..o..~......b...K.[Z...`VJ..e./
I.W....8..MRU.4.8.|.Mh.~.:.....'..{4...U3M...q2.g..(S@'z.Q..6..S..f ..
...j.{..V......K.x:_~.P.....[-.w.E...|...]...b6)...E..A..s...Yx..f..ju
.).. 2.........tz......Qu..w.I0.:i./...~...b.r..4........c..Kw.].;.~.|
..|...p6_.C.U..4.....k..A.K]r......,.)M.....,..._y.%..V...P...R;.'%...
...|{~....~........e....eu.Nz..7..~..qI.....5F....RqW.M4.......]u...T.
...^[email protected]?2...)?..k.S..,.........a.I>.$X..i.j'...(.......t..
...L..L..e9..n..eMJ.L....f...y}^..r.........w.5.W..z......N<..sZ{O.
\_...M........i..../#.....y?J\l.ny....of.`I.5.1.}.y....k{...1....n.U..
4.N..............;]..@ .E...G).M.`.t....^.........hR......./..<$Q.!
.LM....P...D.s..)H}...(........hB...z...F..Z.<h&..zvC=/w,hH..WS....
.p..............-.@.?........F...3.....F......PP....!.:...M..3..c.af..
1.A..~...[.b-v#ZS..~...F...#iD...H...U?8.5..h..u........5.........A...
7p.fb...=.. ......x..T)[email protected]=.j..H...z..$.1.{U.4,..;R.
.."M.....2..F.t.,?..oN;&...T....^G...u.g..}X.....h.3P*....f.|.h.T.....
..p...8])Y(...GX..H?.p...H.Y.-..14s..,$.i..R...<.....x.........&.{4
....#..Qu..3.O[.`............b..g)j4./..l..S...v.t......._.G..|....Ws.
H5g..izPV3..DA|[email protected]...&...s.h(.R(.\.......4....7...CC./....EG
..,HH.......n...M>..I.A.~.P..G.*.,...F;.c.g......K..'.(..3.....
<<< skipped >>>

GET /cgi-bin/CRL/2018/cdp.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: VVV.public-trust.com

HTTP/1.1 200 OK

Server: Apache/2.2.15 (CentOS)

Last-Modified: Wed, 04 Feb 2015 20:30:01 GMT

ETag: "200c0-420-50e490d42fd35"

Accept-Ranges: bytes

Content-Type: application/x-pkcs7-crl

Connection: Keep-Alive

Date: Tue, 10 Feb 2015 01:27:53 GMT

Content-Length: 1056
0...0......0...*.H........0u1.0...U....US1.0...U....GTE Corporation1'0
%..U....GTE CyberTrust Solutions, Inc.1#0!..U....GTE CyberTrust Global
 Root..150204203344Z..150510203844Z0...0....'.x..110110211653Z0....'..
..141119195306Z0....'B...141119195752Z0....'....141119200006Z0....'1-.
.150204203232Z0....'.:..071121154528Z0....'.v..080219183346Z0....'....
080514142515Z0....'....080515170349Z0....'....080924143337Z0....'#...0
81203144336Z0....''j..090209174351Z0....'b...100414181148Z0....'....08
0917150432Z0....'#...081203144209Z0....'#...081203144241Z0....'#...081
203144304Z0....'%u..081203144409Z0....'/9..090318130930Z0....'8...0907
15181853Z0....'TU..100113191852Z0....'k...101130163724Z0....'.B..11110
7193907Z0....'@...141119200409Z0....'....080917150312Z0....'....140709
175318Z0....'....141210173900Z0....'-E..141119195854Z0....'....1411192
00037Z0....'F...141217193909Z0....'F...141217193956Z..0.0...U........0
...*.H............&O......@<[email protected]%~Uy.A.u.F...........?..a.wqf?...
..U......m^....%..4.>....}.). ..%...GD....S...Y.L.D~....t{..@....^N
..q..&EXR.p,HTTP/1.1 200 OK..Server: Apache/2.2.15 (CentOS)..Last-Modi
fied: Wed, 04 Feb 2015 20:30:01 GMT..ETag: "200c0-420-50e490d42fd35"..
Accept-Ranges: bytes..Content-Type: application/x-pkcs7-crl..Connectio
n: Keep-Alive..Date: Tue, 10 Feb 2015 01:27:53 GMT..Content-Length: 10
56..0...0......0...*.H........0u1.0...U....US1.0...U....GTE Corporatio
n1'0%..U....GTE CyberTrust Solutions, Inc.1#0!..U....GTE CyberTrust Gl
obal Root..150204203344Z..150510203844Z0...0....'.x..110110211653Z
<<< skipped >>>

GET /MFUwUzBRME8wTTAJBgUrDgMCGgUABBS856ddZAq5lE7vDJmoUDW1u98SMAQU3WyAfLq1MhelhEFA8NIEZhMvqZACFGozgiJkrf5JafrJHx/pwJ6+De+O HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: vassg141.ocsp.omniroot.com

HTTP/1.1 200 OK

Server: nginx

Content-Type: application/ocsp-response

Content-Length: 1765

Last-Modified: Tue, 10 Feb 2015 01:14:33 GMT

ETag: "b35a82ba5004878b337e0aa43271815578f62296"

Cache-Control: public, no-transform, must-revalidate, max-age=339753

Expires: Fri, 13 Feb 2015 23:48:46 GMT

Date: Tue, 10 Feb 2015 01:26:13 GMT

Connection: keep-alive
0..........0..... .....0......0...0..........[us..Ni......f....2015021
0011433Z0w0u0M0... ...........]d...N....P5....0...l.|[email protected]./...
.j3."d..Ii...............20150210011433Z....20150214011433Z0...*.H....
.........#.7#..... .?....,...=8..g..........O.wD`...mT.Z..k.A..X..2...
..e........$5&.Z~B.$[{hYoeV..j...).Q.....8..lj....Y.{[email protected]
hS..C......A..S..Tw-5K...e..........g.....d..D.'\E.WT.d.B.........\...
.1q.?.......c.$|.F......e.......a....'.....r.b3$.G. .d.....0...0...0..
.........=......Ri..\..(.{..0...*.H........0..1.0...U....NL1.0...U....
Amsterdam1%0#..U....Verizon Enterprise Solutions1.0...U....Cybertrust1
.0,..U...%Verizon Akamai SureServer CA G14-SHA10...140410115548Z..1504
10115548Z0..1.0...U....NL1.0...U....Amsterdam1%0#..U....Verizon Enterp
rise Solutions1.0...U....Cybertrust1806..U.../Verizon Akamai SureServe
r CA G14-SHA1 Responder0.."0...*.H.............0.........f..).1.......
......Z.45..l. IB..r`...f....h.....h..._i'...J....|.c....E.D0bg.b.v...
.......:Q....W._U.w..3....i...k........t.....m.CO$..j@.....>..Q.m..
....1/Z.r......L..a.n..;..KoIY.......fk{..c..d...IU.......zy.X...zp...
F.1..F......b...Z...=9.o...N.fL.%Z.........H0..D0... .....0......0L..U
. .E0C0A.. .....>..0402.. ........&hXXps://secure.omniroot.com/repo
sitory0~.. ........r0p06.. .....0..*hXXps://cacert.a.omniroot.com/vass
g141.crt06.. .....0..*hXXps://cacert.a.omniroot.com/vassg141.der0...U.
..........0...U.%..0... .......0...U.#..0....l.|[email protected]./..0...U.
.........[us..Ni......f..0...*.H.............Fk:..%..H.:.|P.;..-3.
<<< skipped >>>

GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.msocsp.com

HTTP/1.1 200 OK

Date: Tue, 10 Feb 2015 01:27:16 GMT

Content-Type: application/ocsp-response

Content-Length: 1757

Connection: keep-alive

Set-Cookie: __cfduid=d805ab16eb5eddc9ccdcb26c49110f6d81423531636; expires=Wed, 10-Feb-16 01:27:16 GMT; path=/; domain=.msocsp.com; HttpOnly

Last-Modified: Fri, 06 Feb 2015 23:51:50 GMT

Expires: Tue, 10 Feb 2015 23:51:50 GMT

ETag: "9006297540e316688484ed9e4b46a0dce7b0d372"

Cache-Control: max-age=345599,public,no-transform,must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 1b6485f8184d05d5-WAW
0..........0..... .....0......0...0..........<.|[email protected]|..2015
0206235150Z0..0..0L0... ........&."f........{5.....t..Q.$&..h"W.& ;Fb.
{.....Z..w...d..\.-....w.....20150206235150Z....20150210235150Z."0 0..
. .....0......20140206235150Z0...*.H.............Q."...T1..ý.Rs.(..%
l..<.....qN.jm\f...x3g...&.R.qQaH^....X.#{O G.....8K....(........f.
.&.%..m}.hU......9.......psNO.c;.Dz._....... ^..oQa48..6.......s.o..#.
]{D..nQL.2.;.i0.$Vp....6...:f.....h.O..#......8..!g<q...d.tl.....h(
..E.]-...................y.2.......0...0...0..........Z..~..M..<ZYJ
....~.0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....R
edmond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0...U..
..Microsoft IT SSL SHA20...141229205745Z..150314205745Z0!1.0...U....Sh
ould be ignore by CA0.."0...*.H.............0...........&!(..$.K...."=
f....x.d.._s.....j....9`..l.Z..............^f..u......-e.&.bG.(i.Q....
.......bEy...^7A...A..c....CF-&...e.7..7F....."..w...y.:..`.w{~..D.x*.
......x3Os......q...... S.fB .ig.....L..3......4E..}..7...M....e ...6.
M.O.....<5:......r.....]..A.5........0..0...U..........<.|7...@N
6p.I.e|0...U.#..0...Q.$&..h"W.& ;Fb.{...0...U...........0...U.%..0... 
.......0... .....7....0.0... .......0... .....0......0...*.H..........
........sa....^`.U.h.....(c[..j.|. ..#....3.5.?..L.....Z....J......*.w
...w.$.z..Y.d.....l.....G#.....o.\t.......(.B =..P..T....0./P.....z.3.
...L.O3....z...Wxo..~.OeH....c.i.@."..?d.......=v(.....m..LN..PP....&l
t;.}T.X......K.&e.S...|....% ...(F.=k..~.j..C......4.....c...._p..
<<< skipped >>>

GET /css/style.css HTTP/1.1

Accept: text/css

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.easydriverpro.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=9plslcodkrdkt0b2obpi40tb87; AWSELB=15A7D78B08CC57797F87EA072FDB431CC5F43D7E684950193DFB88BE41987C7E156D7F91AC9932BE17ABC54889040364137740AF66719939B1ACEB47879F9029F784CC65A8

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: text/css

Date: Tue, 10 Feb 2015 01:27:57 GMT

ETag: "24236-1cb7-4f20b0ddd1f80"

Last-Modified: Mon, 10 Feb 2014 10:46:38 GMT

Server: Apache/2.2.15 (CentOS)

Content-Length: 7351

Connection: keep-alive
body ..{...margin:0;...padding:0;...border:0;.../* This removes the bo
rder around the viewport in old versions of IE */...width:100%;...back
ground:#cccccc;...font-family:Sans Serif, Arial, Tahoma;...font-size:9
0%;..}..h1, h2, h3, h4 ..{...margin:0px 0px;...padding:0px;.....}..h1.
.{...margin:10px 0px;...font-size:22px;..}..h4 ..{...margin:0px 0px;..
.margin-bottom:5px;...margin-top:20px;...font-size:15px;...color:#6e6e
6e;..}..p ..{...margin:0px;...padding:0px;..}..img ..{...margin:0px;..
}..a..{...color:blue;..}...body_wrapper..{...position:relative;....cle
ar:both;...width:960px;...background:#FFFFFF;...margin:0px auto;...pad
ding-top:5px;;..}../* Header styles */..#header ..{...position:relativ
e;....clear:both;...margin:0px auto;...width:928px;...height:55px;...b
ackground:#FFFFFF;...background-image:url(../images/header_bkg.gif);..
.background-repeat:no-repeat;..}..#edp_secure_site..{...position:absol
ute;...left:265px;...top:5px;..}../* Footer styles */..#footer ..{...c
lear:both;...margin:0px auto;...padding-top:30px;...background:#FFFFFF
;...text-align:center;..}..#footer p ..{...padding:5px;...margin:0px;.
..text-align:center;..}../* Top Menu */..#top_menu..{...position:absol
ute;...top:11px;...right:10px;....width:520px;...height:31px;..}...men
u_item..{...border-left:1px solid #0c4374;...min-width:72px;...padding
:2px;...text-align:center;...vertical-align:middle;...color:#FFFFFF;..
.white-space: nowrap;..}...menu_item a..{...color:#FFFFFF;...text-deco
ration:none;..}...menu_item a:hover..{...text-decoration:underline
<<< skipped >>>

GET /images/header_bkg.gif HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.easydriverpro.com

DNT: 1

Connection: Keep-Alive

Cookie: PHPSESSID=9plslcodkrdkt0b2obpi40tb87; AWSELB=15A7D78B08CC57797F87EA072FDB431CC5F43D7E684950193DFB88BE41987C7E156D7F91AC9932BE17ABC54889040364137740AF66719939B1ACEB47879F9029F784CC65A8

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: image/gif

Date: Tue, 10 Feb 2015 01:27:57 GMT

ETag: "24abc-1fff-4f20b0e6673c0"

Last-Modified: Mon, 10 Feb 2014 10:46:47 GMT

Server: Apache/2.2.15 (CentOS)

Content-Length: 8191

Connection: keep-alive
GIF89a..7.......Xy....z.......F.{d..F.........Nq....^~.'P.ly...5...Hl.
....................<...Kn......h..\Af....Qft..YEi......x..J.......
....JUv...RDb.8_...e.....G..:Xk...e...<b.t..Vv....zyyQt.:`...-..w..
....}vi8[......4..Z..g^s.......oru........Bs..s.x..=Z{...=..J|....X"L.
..8.N.Ku.j..6].....P..V...f.K.Z..u.....4[.2Z.`{.f..s....5.....f%Z.....
..m.. S.akl?d....6Z}So....!R.Ch.h....g......j..........tNj.co|Ee.:b.)T
.R|....Pr...e.....J...o...........6\....e....FDh.-a...\...Mo.a....{...
6d.........Bi....]o..Z..c..Dl....Mt....@^|d..Vt.l.......8f..=g.b..3f.f
..U..9j...u..S.U.......(Y.Jj...rAn...N<j.&R.c..$M.St.Mg.Gk.c..Mm.Fo
.2^.c..4Z.c..`..h..$N.%O.-U.)R.0X....0W......./X.f..;m....}.....@h.\x.
2Y.<`.@_.,^....c..(V.&U.......,T..U.......&Q............q..f~..oph3
k.5h.Hp....[{..........!..XMP DataXMP<?xpacket begin="..." id="W5M0
MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xm
ptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "&g
t; <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"
> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com
/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceR
ef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID
="xmp.did:7E45C53AF2E7DE11B465A20C290F2B7A" xmpMM:DocumentID="xmp.did:
30407F2DB98511DF849FC9FFCEEDF3AF" xmpMM:InstanceID="xmp.iid:30407F2CB9
8511DF849FC9FFCEEDF3AF" xmp:CreatorTool="Adobe Photoshop CS4 Windows"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:961985C0E7FADE
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1453

content-transfer-encoding: binary

Cache-Control: max-age=547920, public, no-transform, must-revalidate

Last-Modified: Mon, 9 Feb 2015 09:39:15 GMT

Expires: Mon, 16 Feb 2015 09:39:15 GMT

Date: Tue, 10 Feb 2015 01:31:29 GMT

Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....2015020
9093915Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a.
.eR&.....Y.)..".\....20150209093915Z....20150216093915Z0...*.H........
.....~0...hO6...:&.O........D......Bnr.s.PL.....a.......|..]'[>...`
......I...P<I.$.T.....s..zF....... R...39...<.. J........~..{.g.
...W#..............|.r.l..<4.b.....er.kw.3.....P[.........Q.....Z?.
Sa.........6.F......8.{E.[......mQ/[email protected]."O.\....3.S.....0..
.0...0..3......./...b.v..-....l}0...*.H........0_1.0...U....US1.0...U.
...VeriSign, Inc.1705..U....Class 3 Public Primary Certification Autho
rity0...141202000000Z..151216235959Z0..1.0...U....US1.0...U....Symante
c Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec Clas
s 3 PCA - G1 OCSP Responder Certificate 30.."0...*.H.............0....
......'......Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....
H..3-; ).....0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M..
.T..pS.p..^|o....S..v.).)[email protected]#qh...u1T.].G0.]
E...=._...... ........TE...Sa.s4........r...3.............0..0...U....
0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps
0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U..
......0... .....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.....
........$..H......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e....
...a..D...........e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :
,....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com

HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=587659, public, no-transform, must-revalidate

Last-Modified: Mon, 9 Feb 2015 20:44:24 GMT

Expires: Mon, 16 Feb 2015 20:44:24 GMT

Date: Tue, 10 Feb 2015 01:31:29 GMT

Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015020
9204424Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
..M.s.Q~...@?j.......20150209204424Z....20150216204424Z0...*.H........
......2..T.U...=..C.V....Bo9..e..2.....S.'.#../Y].k.....n..1.8J\..PM.x
Y.P6H.....Q9...]...Z..d...Bl...!..7W.P*..-.a.-...q.f'k.d.Z...o.. D.q.8
w.!.:..8...C0.j.%V.#&.d..n..Q.,..kE.s...*....p..7....~..MI.LFE....e../
.....\..,Z.clG...v.R....Q....o.w..`...@^...%...K..,...#0...0...0......
....<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriS
ign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at h
ttps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Sign
ing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U..
..VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of u
se at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3
 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{
(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(.......
...p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}..
.r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n.
.i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0
.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.c
om/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by
 reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........
0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H......
<<< skipped >>>

GET /ga.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.google-analytics.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Tue, 10 Feb 2015 01:04:32 GMT

Expires: Tue, 10 Feb 2015 03:04:32 GMT

Last-Modified: Fri, 16 Jan 2015 00:55:08 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 16151

Age: 1299

Alternate-Protocol: 80:quic,p=0.02

Cache-Control: public, max-age=7200
............yW...8.?..|{.....S..7.(m.....Ms.dY.iB....%.g..A..$...y.z..
%..<mm.I~2...3....k9Z.2.}5....G.........dx.O:.Nz'...:.....I*b.v.o..
q....Bh..z6..V.|.})[email protected]....'...`....3i..RC.%..0.Fz..J{.'C
/...#O\BP]..^..../e..<1..p0...&.i......f{..zm..'&.w1...:...Y:......
.....p....`.n4....vz.W....|\c.-GX...:...5.y..".F:.. $....'..b2......k.
...:.....e.. t-{..^.^.....P....3........d..6.nM...."...^..|..1z......d
q.t.}.....I46..Kb....1..A...t...q.N.7zt .P.a......o:0.>..$Y..x:=.$.
....r./..0........n.%.vA.Ke.*....P/.....My..\..t...J(WW....,.A..<Q.
.........E..e.(.K.$......uBa ..1..yN.v..E....D=...:..[...>..zX.l^..
_..z C..o.......Mk.............^\.G.I?.7.[...l.l=..@.......;...e./y,.c
R.w`.d_...0.L/..F.q` j......y.5L....Zp*....#w0.%....]..:T..W...l.4.1U.
,.W~.q0.=XO.z'..f.,/e..K..P".F.e..^..9..S...1..1..J.. .4....WW....K..I
..x......\[email protected]]...tj..3w$...cA... XD..F.a.......3...?..41.!.w}..T 
8...vj..(.....q.P...........S^r.......A..X.e.K=J.5,o..0..Q.|=.v..l....
....j..';...B..$..-....$Z.R.L.OB.tL/:....t..g[..:A......i..4o[e8..3grr
..SJI...2...\YW..j3.^J%.................x.?.6...){...o..V.c.........@h
i.8.=..jR....]....x^.`.<..7........y1..8...YT...iLm}..Ye7T. X..d..T
 L Ui.....q}........#....elF.........m.6-..[./.-.x[{5 ....,.<....b.
e..aK\].VWMZ....{.x(....O........p..[[email protected].)..x...Fk......4.Z.i p.
7..`>.o.Z..O*<.c.....i.f...fk.g....J..a..y.....c_.X..%..4.Gz.M$.
...j5oe.0......$T~..}....0FtC].`-...Z.O..V.:Z..54o.4...oI...... .) ..6
*...Y.1......B..-._..{r..1]F.....f..|8..u.OY...38..}5.c.`.. ....`.
<<< skipped >>>

GET /r/__utm.gif?utmwv=5.6.2&utms=1&utmn=1414896808&utmhn=VVV.easydriverpro.com&utmcs=utf-8&utmsr=1916x902&utmvp=1900x805&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=-&utmdt=Easy Driver Pro - Welcome&utmhid=1303542799&utmr=-&utmp=/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350&utmht=1423531572420&utmac=UA-15244178-1&utmcc=__utma=234048906.299294506.1423531572.1423531572.1423531572.1;+__utmz=234048906.1423531572.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmjid=1021910407&utmredir=1&utmu=qhAAAAAAAAAAAAAAAAAAAAAE~ HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://VVV.easydriverpro.com/thank-you.php?ins=524&umi=B48A115F&iid=15379358&sst=7c1d0bc99d0398a455df316a762fe350

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)

Accept-Encoding: gzip, deflate

Host: VVV.google-analytics.com

DNT: 1

Connection: Keep-Alive

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Date: Tue, 10 Feb 2015 01:26:11 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, no-store, must-revalidate

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Server: Golfe2

Content-Length: 35

Alternate-Protocol: 80:quic,p=0.02
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Tue, 10 Feb 2015 01:26:11 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..Alternate-Protocol: 80:quic,p=0.02..GIF89a.......
......,...........D..;..

GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAHevvgBk+xJc0C0AAQAAd68= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.msocsp.com

HTTP/1.1 200 OK

Date: Tue, 10 Feb 2015 01:27:16 GMT

Content-Type: application/ocsp-response

Content-Length: 1757

Connection: keep-alive

Set-Cookie: __cfduid=d8eedd0800ce70630ff3ce165c58a514e1423531636; expires=Wed, 10-Feb-16 01:27:16 GMT; path=/; domain=.msocsp.com; HttpOnly

Last-Modified: Fri, 06 Feb 2015 23:51:50 GMT

Expires: Tue, 10 Feb 2015 23:51:50 GMT

ETag: "9006297540e316688484ed9e4b46a0dce7b0d372"

Cache-Control: max-age=345599,public,no-transform,must-revalidate

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 1b6485f7fef805e1-WAW
0..........0..... .....0......0...0..........<.|[email protected]|..2015
0206235150Z0..0..0L0... ........&."f........{5.....t..Q.$&..h"W.& ;Fb.
{.....Z..w...d..\.-....w.....20150206235150Z....20150210235150Z."0 0..
. .....0......20140206235150Z0...*.H.............Q."...T1..ý.Rs.(..%
l..<.....qN.jm\f...x3g...&.R.qQaH^....X.#{O G.....8K....(........f.
.&.%..m}.hU......9.......psNO.c;.Dz._....... ^..oQa48..6.......s.o..#.
]{D..nQL.2.;.i0.$Vp....6...:f.....h.O..#......8..!g<q...d.tl.....h(
..E.]-...................y.2.......0...0...0..........Z..~..M..<ZYJ
....~.0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....R
edmond1.0...U....Microsoft Corporation1.0...U....Microsoft IT1.0...U..
..Microsoft IT SSL SHA20...141229205745Z..150314205745Z0!1.0...U....Sh
ould be ignore by CA0.."0...*.H.............0...........&!(..$.K...."=
f....x.d.._s.....j....9`..l.Z..............^f..u......-e.&.bG.(i.Q....
.......bEy...^7A...A..c....CF-&...e.7..7F....."..w...y.:..`.w{~..D.x*.
......x3Os......q...... S.fB .ig.....L..3......4E..}..7...M....e ...6.
M.O.....<5:......r.....]..A.5........0..0...U..........<.|7...@N
6p.I.e|0...U.#..0...Q.$&..h"W.& ;Fb.{...0...U...........0...U.%..0... 
.......0... .....7....0.0... .......0... .....0......0...*.H..........
........sa....^`.U.h.....(c[..j.|. ..#....3.5.?..L.....Z....J......*.w
...w.$.z..Y.d.....l.....G#.....o.\t.......(.B =..P..T....0./P.....z.3.
...L.O3....z...Wxo..~.OeH....c.i.@."..?d.......=v(.....m..LN..PP....&l
t;.}T.X......K.&e.S...|....% ...(F.=k..~.j..C......4.....c...._p..
<<< skipped >>>

The Worm connects to the servers at the folowing location(s):

.text

`.data

.idata

.rsrc

@.reloc

u\j.Xf9

j.Xf9

USER32.dll

api-ms-win-downlevel-shell32-l1-1-0.dll

IEFRAME.dll

SHELL32.dll

iexplore.pdb

api-ms-win-downlevel-shlwapi-l1-1-0.dll

iertutil.dll

api-ms-win-downlevel-advapi32-l1-1-0.dll

KERNEL32.dll

msvcrt.dll

_wcmdln

_amsg_exit

RegOpenKeyExW

RegCloseKey

<!-- Note: This manifest needs to be kept in sync with iexplore.exe.manifest -->

<assemblyIdentity version="5.1.0.0"

name="Microsoft.InternetExplorer"

<windowsSettings>

<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>

</windowsSettings>

<!--The ID below indicates application support for Windows 8 -->

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

KEYW

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... )) 

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

imm32.dll

Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}

Kernel32.dll

"%s" %s

kernel32.dll

IEXPLORE.EXE

{00000000-0000-0000-0000-000000000000}

\\?\Volume

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Browseui_Tabs_Tearoff_BetweenWindows_TabProc

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

Shdocvw_BaseBrowser_FireEvent_BeforeScriptExecute

IMTravelLogMVC_TravelURL

10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

Windows

10.00.9200.16521

EasyDriverPro.exe_3108:

.idata

.rdata

P.reloc

P.rsrc

kernel32.dll

Windows

HKEY

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

EVariantBadIndexError

ssShift

htKeyword

EInvalidOperation

u%CNu

%s[%d]

%s_%d

.Owner

EInvalidGraphicOperation

comctl32.dll

USER32.DLL

uxtheme.dll

Proportional

MAPI32.DLL

vsReport

OnKeyDown

OnKeyPress

OnKeyUp

TComboBoxExEnumerator

ole32.dll

PasswordChar

ssHorizontal

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

TKeyEvent

TKeyPressEvent

HelpKeyword

crSQLWait

%s (%s)

imm32.dll

OnExecuteh

AutoHotkeys

AutoHotkeysT

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreview

WindowState8

tagMSG

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

OnActionExecute,

WNNC_NET_FTP_NFS

olepro32.dll

TCommonShellExecuteThreadU

%Program Files%\Borland\Common Library\Source\MPThreadManager.pas

TExtractImageXeH

shell32.dll

\\.\vwin32

shlwapi.dll

Mpr.dll

%Program Files%\Borland\Common Library\Source\MPShellUtilities.pas

To show a Context Menu using TNamespace you must pass a valid Owner TWinControl

THKeyArray

TCommonKeyState

cksShift

TCommonKeyStates

%Program Files%\Borland\Common Library\Source\MPCommonUtilities.pas

user32.dll

gdi32.dll

advapi32.dll

Userenv.dll

ShellExecuteExW

ShellExecuteW

GetWindowsDirectoryW

RegOpenKeyW

RegOpenKeyExW

SHFileOperationW

%Program Files%\Borland\EasyListview\Source\EasyListviewAccessible.pas

TEasyAccessibleManager.Create not a TCustomEasyListview type

TEasyGroupAccessibleManager.Create not a TEasyGroup type

TEasyItemAccessibleManager.Create not a TEasyItem type

TEasyColumnAccessibleManager.Create not a TEasyColumn type

TEasyHeaderAccessibleManager.Create not a TEasyHeader type

elsReport

elsReportThumb

TAutoGroupGetKeyEvent

TColumnGetImageIndexEvent

TColumnSetImageIndexEvent

KeyState

KeyStates

TGroupGetImageIndexEvent

TGroupSetImageIndexEvent

HintWindowShown

TItemGetGroupKeyEvent

GroupKey

TItemGetImageIndexEvent

TItemSetGroupKeyEvent

TItemSetImageIndexEvent

MouseMsg

TEasyKeyActionEvent

EscapeKeyPressed

TEasyViewReportItem

TEasyViewReportThumbItem

TEasyViewReportThumbItemH

TEasyGridReportGroup

TEasyGridReportGroupd

TEasyGridReportThumbGroup

TEasyGridReportThumbGroup@

TEasyCellSizeReport

TEasyCellSizeReportThumb

ReportThumb

ReportD

AlwaysShow

OnAutoGroupGetKey0

OnItemGetGroupKey

OnItemSetGroupKey

OnKeyAction$XJ

%Program Files%\Borland\EasyListview\Source\EasyListview.pas

FTPf

Can not find TEasyGroups.AdjacentItem of an Invisible Item

EasyListview.Header

LeftPopup

!"#$%&*;<=>@[]^_`{|}

TNT Internal Error: TWideComponentHelper.Create should never be encountered.

%Program Files%\TntWare\Delphi Unicode Controls\Source\TntClasses.pas

%Program Files%\TntWare\Delphi Unicode Controls\Source\TntActnList.pas

%Program Files%\TntWare\Delphi Unicode Controls\Source\TntForms.pas

%Program Files%\TntWare\Delphi Unicode Controls\Source\TntMenus.pas

Internal Error: SyncHotKeyPosition Failed ("%s" <> "%s").

%Program Files%\TntWare\Delphi Unicode Controls\Source\TntControls.pas

Internal Error: SubClassUnicodeControl.Control is not Unicode.

.UnicodeClass

TntUnicodeVcl.DestroyWindow

%Program Files%\TntWare\Delphi Unicode Controls\Source\TntStdCtrls.pas

TMonochromeLookup

ESQLiteException

TSQLiteDatabase

TSQLiteTable

Failed to open database "%s" : %s

Failed to open database "%s" : unknown error

"%s" : %s

Error executing SQL

Could not prepare SQL statement

Error executing SQL statement

SQLite is Busy

<%s> invalid zipfile

Shell.Application

<%s> invalid source

<%s> invalid target folder

getservbyport

WSAAsyncGetServByPort

WSAJoinLeaf

WS2_32.DLL

127.0.0.1

TIdSocketListWindows

TIdStackWindowsU

IdStackWindows

%s, %d %s %d %s %s

ftpTransfer

ftpReady

ftpAborted

ClientPortMinT

ClientPortMax

Port

EIdCanNotBindPortInRange

EIdInvalidPortRangeSVW

saUsernamePassword

PasswordT

0.0.0.1

TIdTCPStream

End of stream: %s at %d

TIdTCPConnection

TIdTCPConnectionxfP

IdTCPConnection

EIdTCPConnectionError

EIdObjectTypeNotSupported

Uh.yP

password

Password

IdHTTPHeaderInfo

ProxyPasswordT

ProxyPort

Mozilla/3.0 (compatible; Indy Library)

libeay32.dll

ssleay32.dll

SSL_CTX_use_PrivateKey_file

SSL_CTX_use_certificate_file

SSL_get_peer_certificate

SSL_CTX_set_default_passwd_cb

SSL_CTX_set_default_passwd_cb_userdata

SSL_CTX_check_private_key

X509_STORE_CTX_get_current_cert

des_set_key

sslvrfFailIfNoPeerCert

TPasswordEvent

Certificate

RootCertFile|

CertFile|

KeyFile

OnGetPassword

EIdOSSLLoadingRootCertError

EIdOSSLLoadingCertError(

EIdOSSLLoadingKeyError

TIdTCPClient

TIdTCPClientd

IdTCPClient

BoundPort

PortU

CommentURL

TIdHTTPMethod

IdHTTP

TIdHTTPOption

TIdHTTPOptions

TIdHTTPProtocolVersion

IdHTTPd)Q

TIdHTTPOnRedirectEvent

TIdHTTPResponse

TIdHTTPResponse, Q

TIdHTTPRequest

TIdHTTPProtocol

TIdCustomHTTP

TIdHTTP

TIdHTTP(.Q

HTTPOptions`)Q

EIdHTTPProtocolException

HTTPS

https

This request method is supported in HTTP 1.1

HTTP/1.0 200 OK

HTTP/

EInvalidGridOperation

goAlwaysShowEditor

doKeyColFixed

TKeyOption

keyEdit

keyAdd

keyDelete

keyUnique

TKeyOptions

KeyName

KeyValue

KeyOptions

KeyDesc

%s=%s

FormKeyDown

IdHTTP1

Do you have a License Key?

If you already have a License Key, please enter it in the form below and click "Activate Now".

License key

Do you need a License Key?

To purchase Easy Driver Pro and obtain a license key click

service.smartpcupdate.com

ProxyLogin

ProxyPassword

hXXp://service.smartpcupdate.com/rpc/sendpurchase?partner=ProbitSoftware&build=8.1.2&key=

Licensing key has reached its usage limit!

LicenseKey

Current Windows version

Backuped driver Windows version

We NOT reccomend your use this driver for current Windows version.

5 (Windows XP)

6 (Windows Vista)

7 (Windows 7)

8 (Windows 8)

IdHTTP1<

HTTPWorkBegin

HTTPWork

HTTPWorkEnd

hXXp://service.smartpcupdate.com/rpc/getdatabasex32

hXXp://service.smartpcupdate.com/rpc/getdatabasex64

Drivers.zip

Drivers32.db

Drivers32prev.db

Drivers64.db

Drivers64prev.db

SetupFiles.txt

%s <%s>

=?WINDOWS

Uh^%S

Indy 9.00.10

atLogin

IdSMTP

TIdSMTP

AUTH LOGIN

LOGIN

IdSMTP1<

Report a problem with a new driver!

mail.smartpctools.com

[email protected]

[email protected]

IdHTTP0

HTTP1Start

HTTP2Start

HTTP3Start

HTTP4Start

HTTP5Start

HTTP1Work

HTTP2Work

HTTP3Work

HTTP4Work

HTTP5Work

InstallExeDriver

Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

PCInfo.ini

English.ini

French.ini

German.ini

Spanish.ini

Italian.ini

Portuguese.ini

Danish.ini

Dutch.ini

Swedish.ini

Polish.ini

Russian.ini

Brazilian.ini

Finnish.ini

Norwegian.ini

Czech.ini

hXXp://VVV.easydriverpro.com/

hXXp://VVV.easydriverpro.com/go-register.php?srid=

hXXp://support.easydriverpro.com/

Login

Product information and support link

Support

: 8.1.2

Scan.ini

InstallLog.ini

Backups.ini

UpdateWindowShown

\DPSchedule.exe

Devices.ini

\Easy Driver Pro.chm

CERTANCE

Keyboard

Ports

MultiPortSerial

Vendors.txt

ClassKey

EnumKey

ScanExecuted

\Scan.gif

Exclusions.txt

1.0.0.0

update1.smartpcupdate.com

hXXp://update1.smartpcupdate.com/rpc/getlastupdate

hXXp://service.smartpcupdate.com/rpc/getstatus?exedate=

hXXp://service.smartpcupdate.com/rpc/candownloadfiles?partner=ProbitSoftware&version=3.1&key=

hXXp://update1.smartpcupdate.com/rpc/sendinstall?partner=ProbitSoftware&build=8.1.2

hXXp://update1.smartpcupdate.com/rpc/sendstats?partner=ProbitSoftware&build=3.1&files=

hXXp://update1.smartpcupdate.com/rpc/sendreport?filename=

UpdateList.txt

This version is no longer supported!

SrClient.dll

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore

hXXp://VVV.google.com/search?hl=en&q=

.SYS.DLL.INF.CAT.NFO.EXE.REG.AX.DRV.CPL

RUNDLL32.EXE

LAYOUT.INF

regedit.exe

\Enum.reg" "HKEY_LOCAL_MACHINE\

\Classes.reg" "HKEY_LOCAL_MACHINE\

\*.inf

\Log.txt

/s zipfldr.dll

regsvr32.exe

\.zip\CompressedFolder\ShellNew

\Classes.reg

\Classes.reg"

\Enum.reg

\Enum.reg"

*.exe

AUTORUN.EXE

32.EXE

64.EXE

*.inf

msiexec.exe

newdev.dll

advpack.dll,LaunchINFSectionEx "

rundll32.exe

01-01-2013

RunExe

hXXp://service.smartpcupdate.com/downloads/

s_Exec

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

\DPLauncher.exe

\DPSmartScan.exe

#!V!W!"!&!r%!%#%%%'%)%c%e%g%C%<!"%$%&%(%*% %-%/%1%3%5%7%9%;$=%?%A%D%F%H%J%K%L%M%N%O%R%U%X%[%^%_%`%a%b%d%f%h%i%j%k%l%m%o%s% !,!

P%S%V%Y%\%

?456789:;<=

!"#$%&'()* ,-./0123

!"#$%&'()* ,-./0123456789:;<=>?

&'()* ,-./0123456789:;<=>?

GetKeyboardType

RegOpenKeyExA

RegCloseKey

RegQueryInfoKeyA

RegFlushKey

RegEnumKeyExA

RegCreateKeyExA

GetWindowsDirectoryA

GetCPInfo

version.dll

SetViewportOrgEx

SetViewportExtEx

UnhookWindowsHookEx

SetWindowsHookExW

SetWindowsHookExA

SetKeyboardState

MsgWaitForMultipleObjects

MapVirtualKeyW

MapVirtualKeyA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextW

GetKeyNameTextA

GetAsyncKeyState

ExitWindowsEx

EnumWindows

EnumThreadWindows

ActivateKeyboardLayout

ShellExecuteExA

ShellExecuteA

SHFileOperationA

wininet.dll

SHFolder.dll

oleacc.dll

winmm.dll

sqlite3.dll

sqlite3_finalize

sqlite3_column_type

sqlite3_column_text

sqlite3_column_int

sqlite3_column_double

sqlite3_column_bytes

sqlite3_column_blob

sqlite3_step

sqlite3_column_decltype

sqlite3_column_name

sqlite3_column_count

sqlite3_prepare

sqlite3_free

sqlite3_errcode

sqlite3_errmsg

sqlite3_close

sqlite3_open

0 0$0(0,0004080<0@0\0|0

2 2$2(2,2024282<2@2\2|2

5!5%5)5-5155595=5

3(4,4044484<4~4

1 1$1(1,1014181<1@1

1 1$1(1,1014181

1-15191L1u1}1

= =$=(= >

? ?$?2?:?

3"3&353=3

7(757<7[7

2 2$252_2

0%1S1

>!>%>)>0>

5!5%5)505

62767:7@7

; ;$;(;,;

0*1.161<1

3_3}3"4/4{4

8(8:8@8\8

2 2$2(2,202>2

2'2X2c2u2

: ;$;(;,;0;

>%>)>7>?>\>

9!9Ÿ9Q9Y9`9

;#; ;9;~;

6*64696\6

< <$<(<,<0<6<

9 9%9s9

7(71787=7

6 6-626P6U6}6

6"6(60666

74888<8@8

333333333333333333

33333833

3333339

3333333333333338

:*"*"$3338

3333333

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

KWindows

UrlMon

0IdHTTPHeaderInfo

 IdTCPServer

IdTCPStream

#IdSMTP

TntWindows

SQLiteTable3

SQLite3

Font.Charset

Font.Color

Font.Height

Font.Name

Font.Style

Picture.Data

X9}V9zT9vR8rP8nN7jL6eI5aG4\D3XB1T?0O<.QA6md]

^8~Q1uK-zP2}R2

c=|R2%d

Z;ü)^>&

_9wM.Bt

.7b%%%%%%%%	cG[

\%tV%YW0WU/[S0WJ6UJ6\M2mR%oT%uS"

_I&]I*bM-aM.aM.aM-aM-aM-aM-aM-aM.aK,[R3g

%Select the drivers you wish to backup

EditManager.Font.Charset

EditManager.Font.Color

EditManager.Font.Height

EditManager.Font.Name

EditManager.Font.Style

GroupFont.Charset

GroupFont.Color

GroupFont.Height

GroupFont.Name

GroupFont.Style

Header.Columns.Items

Header.Font.Charset

Header.Font.Color

Header.Font.Height

Header.Font.Name

Header.Font.Style

ImageList1)PaintInfoGroup.MarginBottom.CaptionIndent

Selection.FullRowSelect

%Select name, location and backup type

Items.Strings

%Driver backup successfully completed!

,,,888555

%Save downloded drivers to this folder

$Product information and support link

"!## "#!##"##"##"##"$#!#$!#$!##"$%"$$#$%#%%#%%$%%$%%$%%$%%$%%$%%$&%$%%$&&$%&$%%$%%$%'$%%#%%#%%#$$###"""

/;~/<|-8yYi}ds

/<}.;~/:

*u)6u 9w 9w 8y,9z-;z-;z-:x,7{-9}.:~/<~/;~/;~.:~/:

/<~/;~/;~/9

#p .}/=p"-y,7z-8}.9}/:|-8|.9}.9}.9}.:}/;~/;~/:

/;~/:}.:z-8{-8{-9|-9}.:|.:}cs

/;}.9~/;

/9~.8~.8

/:~.8}.8}.8}.9}.8

/:~/9~/9

/:~/:}.8~.:}.9z-7}.9}.9}.:

/:~/:}.9}.9}.9}.9}.9}.9}.9

|.8{-7}.8}.9~/:~/9~/9~/9}.8~/9

/:~/9}.8~/9}.9}.9}.8|.8|.8

~/9}.8~.8~/9

/9~/9~/9}.8}.8}.9}.9

/:~/9~/9~/9}.9}.8~.9}3>

/8~/9~/9~/:~/9~/:}.9

/9~/9~/9|.7|/8

/9}/8|.8

.5}& |#)

/9}.7}2;

0:}.9}.8

17~.5}.6

3@{%1~,6

:Gq"1s%1x 8z-:w 8s*7q)6o'4o

hXXp://support.easydriverpro.com

Support:

hXXp://VVV.easydriverpro.com

Version: 8.1.2

Webcam drivers

Windows system drivers

Keyboard drivers

Icon.Data

@000///1111*$&

ProxyParams.BasicAuthentication

ProxyParams.ProxyPort

Request.ContentLength

Request.ContentRangeEnd

Request.ContentRangeStart

Request.ContentType

Request.Accept

Request.BasicAuthentication

Request.UserAgent

&Mozilla/3.0 (compatible; Indy Library)

HTTPOptions

)))222666===

"""***333000

$$$"""^^^

93-81-3-)$

gA{R4lH.oJ/wP2

fK:nJ.yQ3

.NN outdated drivers have been found on your PC

If you purchased Easy Driver Pro a license key will have been emailed to you. Please enter the license key below and click Activate Now.

;To purchase Easy Driver Pro and obtain a license key click

.7b%%%%%%%%	cFX

YCheck the email you received after you purchased the product for the correct license key.

&Your license key will look like this:

BWe NOT reccomend your use this driver for current Windows version.

Current Windows version:

Backuped driver Windows version:

"Report a problem with a new driver

IdSMTP1

<assemblyIdentity version="1.0.0.0"

name="EasyDriverPro.exe"

<requestedExecutionLevel

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

PIDLs to operate on are not siblings of the Namespace doing the operation.

Unable to find RegSvr32.exe executable.

RegSvr32.exe

Unspecified error (%d) from %s.

miranda32.exe

SSL status: "%s"

Command not supported.

Address type not supported.$Error accepting connection with SSL.

Error creating SSL context. Could not load root certificate.

Could not load certificate.#Could not load key, check password.

Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.

"Operation not supported on socket.

Protocol family not supported.0Address family not supported by protocol family.

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Operation would block.

Operation now in progress.

Operation already in progress.

Socket operation on non-socket.

Protocol not supported.

Socket type not supported.

&Error on loading Winsock2 library (%s)

Resolving hostname %s.

Connecting to %s.

Chunk StartedDThis authentication method is already registered with class name %s.

%s is not a valid service.

Socket Error # %d

File "%s" not found1Only one TIdAntiFreeze can exist per application.

Object type not supported.

No data to read.$Can not bind in port range (%d - %d)

Invalid Port Range (%d - %d)

@ Outside address*Error on call Winsock2 library function %s

Invalid stream operation

Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.

Invalid Image trailerAInternal error: Extension Instance does not match Extension Label,Unsupported Application Extension block size

Unknown GIF block type'Object type not supported for operation

Unsupported PixelFormat

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

Unsupported GIF version7Invalid number of colors specified in Screen Descriptor6Invalid number of colors specified in Image Descriptor

Invalid extension introducerúiled to allocate memory for GIF DIB

RichEdit line insertion error=This control requires version 4.70 or greater of COMCTL32.DLL

Date exceeds maximum of %s

Date is less than minimum of %s4You must be in ShowCheckbox mode to set to this date#Failed to set calendar date or timeúiled to set maximum selection range$Failed to set calendar min/max rangeúiled to set calendar selected range

No help keyword specified.

8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned"Unable to find a Table of Contents

No help found for %s#No context-sensitive help installed$No topic-based help system installed

Invalid clipboard format Clipboard does not support Icons

Text exceeds memo capacity/Menu '%s' is already being used by another form

Value*A key with the name of "%s" already exists

Key "%s" not found%goColMoving is not a supported option%Key may not contain equals sign ("=")

Error setting %s.Count

Value must be between %d and %d

Invalid input value7Invalid input value. Use escape key to abandon changes

Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic

Unsupported clipboard format

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

Failed to get data for '%s'

Failed to set data for '%s'

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list Too many rows or columns deleted$%s not in a class registration group

Property %s does not exist

Thread creation error: %s

Thread Error: %s (%d)

Cannot open file "%s". %s

Grid too large for operation

Unable to write to %s

Invalid stream format$''%s'' is not a valid component name

Invalid data type for '%s' List capacity out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Ancestor for '%s' not found

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s1Fixed column count must be less than column count Fixed row count must be less than row count

Operation not supported

External exception %x

Interface not supported

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

Invalid variant operation

Invalid NULL variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

!'%s' is not a valid integer value('%s' is not a valid floating point value

'%s' is not a valid date

'%s' is not a valid time!'%s' is not a valid date and time

I/O error %d

8.1.2.0

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   TPAutoConnSvc.exe:1844
   7za.exe:1144
   7za.exe:1900
   %original file name%.exe:1988
   EasyDriverPro.exe:2712
   

2. Delete the original Worm file.
   
3. Delete or disinfect the following files created/modified by the Worm:
   

   %Program Files% (x86)\Probit Software\Easy Driver Pro\Base\Drivers64.db (10277 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\DPSmartScan.exe (1071 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\sqlite3.dll (1047 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe (1223 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\EasyDriverPro.exe (70432 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\DPSchedule.exe (1583 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso933B.tmp\inetc.dll (44 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SH2TVRCI\EasyDriverPro[1].app (43984 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nso933B.tmp\EasyDriverPro.exe (47088 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\inetc.dll (44 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Driver Pro on the Web.lnk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\LangDLL.dll (13 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\temp.txt (8 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\start_install.txt (16 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\edp.ico (1128 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G44ROL1L\easydriverpro803d64[1].data (198536 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\file_id.diz (520 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\nsExec.dll (14 bytes)
   C:\Users\"%CurrentUserName%"\Desktop\Easy Driver Pro.lnk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\md5dll.dll (14 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\easydriverpro803d.data (210182 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\7za.exe (15192 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\English.ini (12 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USU4CORO\log-install[1].htm (16 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\nsDialogs.dll (21 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\HomePage.url (53 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\scan.gif (4133 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\easydriverpro803.data (72503 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy Driver Pro.lnk (2 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Help.lnk (1 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDUL1PG1\easydriverpro803[1].data (68646 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SH2TVRCI\log-install[1].htm (8 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\System.dll (23 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\uninstall.exe (1382 bytes)
   C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nsj9BA4.tmp\modern-wizard.bmp (5568 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\EasyDriverPro.chm (17 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\Base\PCInfo.ini (175 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\Base\Devices.ini (33 bytes)
   %Program Files% (x86)\Probit Software\Easy Driver Pro\Base\Scan.ini (1669 bytes)

4. Delete the following value(s) in the autorun key (How to Work with System Registry):
   

   [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   "Easy Driver Pro" = "%Program Files% (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe"

5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
6. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.